[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FINAL] ACCEPT 350 Candidates



I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  The
resulting CVE entries will be published in the near future in a new
version of CVE.  Voting details and comments are provided at the end
of this report.

- Steve


Candidate	CVE Name
---------	----------
CAN-1999-1337	CVE-1999-1337
CAN-1999-1468	CVE-1999-1468
CAN-1999-1490	CVE-1999-1490
CAN-2000-0502	CVE-2000-0502
CAN-2000-0590	CVE-2000-0590
CAN-2000-1210	CVE-2000-1210
CAN-2000-1211	CVE-2000-1211
CAN-2000-1212	CVE-2000-1212
CAN-2001-0724	CVE-2001-0724
CAN-2001-0748	CVE-2001-0748
CAN-2001-0763	CVE-2001-0763
CAN-2001-0873	CVE-2001-0873
CAN-2001-0891	CVE-2001-0891
CAN-2001-0921	CVE-2001-0921
CAN-2001-0959	CVE-2001-0959
CAN-2001-0960	CVE-2001-0960
CAN-2001-0978	CVE-2001-0978
CAN-2001-1008	CVE-2001-1008
CAN-2001-1028	CVE-2001-1028
CAN-2001-1036	CVE-2001-1036
CAN-2001-1059	CVE-2001-1059
CAN-2001-1106	CVE-2001-1106
CAN-2001-1145	CVE-2001-1145
CAN-2001-1251	CVE-2001-1251
CAN-2001-1291	CVE-2001-1291
CAN-2001-1296	CVE-2001-1296
CAN-2001-1301	CVE-2001-1301
CAN-2001-1303	CVE-2001-1303
CAN-2001-1327	CVE-2001-1327
CAN-2001-1334	CVE-2001-1334
CAN-2001-1349	CVE-2001-1349
CAN-2001-1359	CVE-2001-1359
CAN-2001-1369	CVE-2001-1369
CAN-2001-1370	CVE-2001-1370
CAN-2001-1371	CVE-2001-1371
CAN-2001-1372	CVE-2001-1372
CAN-2001-1373	CVE-2001-1373
CAN-2001-1374	CVE-2001-1374
CAN-2001-1375	CVE-2001-1375
CAN-2001-1378	CVE-2001-1378
CAN-2001-1380	CVE-2001-1380
CAN-2001-1382	CVE-2001-1382
CAN-2001-1383	CVE-2001-1383
CAN-2001-1385	CVE-2001-1385
CAN-2001-1406	CVE-2001-1406
CAN-2001-1407	CVE-2001-1407
CAN-2002-0006	CVE-2002-0006
CAN-2002-0009	CVE-2002-0009
CAN-2002-0011	CVE-2002-0011
CAN-2002-0014	CVE-2002-0014
CAN-2002-0017	CVE-2002-0017
CAN-2002-0024	CVE-2002-0024
CAN-2002-0032	CVE-2002-0032
CAN-2002-0033	CVE-2002-0033
CAN-2002-0042	CVE-2002-0042
CAN-2002-0054	CVE-2002-0054
CAN-2002-0061	CVE-2002-0061
CAN-2002-0062	CVE-2002-0062
CAN-2002-0067	CVE-2002-0067
CAN-2002-0068	CVE-2002-0068
CAN-2002-0069	CVE-2002-0069
CAN-2002-0071	CVE-2002-0071
CAN-2002-0072	CVE-2002-0072
CAN-2002-0073	CVE-2002-0073
CAN-2002-0074	CVE-2002-0074
CAN-2002-0075	CVE-2002-0075
CAN-2002-0076	CVE-2002-0076
CAN-2002-0079	CVE-2002-0079
CAN-2002-0094	CVE-2002-0094
CAN-2002-0095	CVE-2002-0095
CAN-2002-0120	CVE-2002-0120
CAN-2002-0123	CVE-2002-0123
CAN-2002-0146	CVE-2002-0146
CAN-2002-0147	CVE-2002-0147
CAN-2002-0148	CVE-2002-0148
CAN-2002-0149	CVE-2002-0149
CAN-2002-0150	CVE-2002-0150
CAN-2002-0155	CVE-2002-0155
CAN-2002-0157	CVE-2002-0157
CAN-2002-0163	CVE-2002-0163
CAN-2002-0169	CVE-2002-0169
CAN-2002-0170	CVE-2002-0170
CAN-2002-0171	CVE-2002-0171
CAN-2002-0172	CVE-2002-0172
CAN-2002-0173	CVE-2002-0173
CAN-2002-0174	CVE-2002-0174
CAN-2002-0178	CVE-2002-0178
CAN-2002-0181	CVE-2002-0181
CAN-2002-0184	CVE-2002-0184
CAN-2002-0185	CVE-2002-0185
CAN-2002-0186	CVE-2002-0186
CAN-2002-0187	CVE-2002-0187
CAN-2002-0190	CVE-2002-0190
CAN-2002-0191	CVE-2002-0191
CAN-2002-0213	CVE-2002-0213
CAN-2002-0241	CVE-2002-0241
CAN-2002-0246	CVE-2002-0246
CAN-2002-0250	CVE-2002-0250
CAN-2002-0267	CVE-2002-0267
CAN-2002-0274	CVE-2002-0274
CAN-2002-0276	CVE-2002-0276
CAN-2002-0287	CVE-2002-0287
CAN-2002-0290	CVE-2002-0290
CAN-2002-0292	CVE-2002-0292
CAN-2002-0299	CVE-2002-0299
CAN-2002-0300	CVE-2002-0300
CAN-2002-0302	CVE-2002-0302
CAN-2002-0309	CVE-2002-0309
CAN-2002-0318	CVE-2002-0318
CAN-2002-0329	CVE-2002-0329
CAN-2002-0330	CVE-2002-0330
CAN-2002-0339	CVE-2002-0339
CAN-2002-0355	CVE-2002-0355
CAN-2002-0356	CVE-2002-0356
CAN-2002-0358	CVE-2002-0358
CAN-2002-0359	CVE-2002-0359
CAN-2002-0363	CVE-2002-0363
CAN-2002-0364	CVE-2002-0364
CAN-2002-0366	CVE-2002-0366
CAN-2002-0367	CVE-2002-0367
CAN-2002-0368	CVE-2002-0368
CAN-2002-0369	CVE-2002-0369
CAN-2002-0372	CVE-2002-0372
CAN-2002-0373	CVE-2002-0373
CAN-2002-0374	CVE-2002-0374
CAN-2002-0377	CVE-2002-0377
CAN-2002-0379	CVE-2002-0379
CAN-2002-0381	CVE-2002-0381
CAN-2002-0382	CVE-2002-0382
CAN-2002-0389	CVE-2002-0389
CAN-2002-0391	CVE-2002-0391
CAN-2002-0392	CVE-2002-0392
CAN-2002-0394	CVE-2002-0394
CAN-2002-0401	CVE-2002-0401
CAN-2002-0402	CVE-2002-0402
CAN-2002-0403	CVE-2002-0403
CAN-2002-0404	CVE-2002-0404
CAN-2002-0406	CVE-2002-0406
CAN-2002-0412	CVE-2002-0412
CAN-2002-0414	CVE-2002-0414
CAN-2002-0423	CVE-2002-0423
CAN-2002-0424	CVE-2002-0424
CAN-2002-0425	CVE-2002-0425
CAN-2002-0429	CVE-2002-0429
CAN-2002-0431	CVE-2002-0431
CAN-2002-0435	CVE-2002-0435
CAN-2002-0437	CVE-2002-0437
CAN-2002-0441	CVE-2002-0441
CAN-2002-0442	CVE-2002-0442
CAN-2002-0451	CVE-2002-0451
CAN-2002-0454	CVE-2002-0454
CAN-2002-0462	CVE-2002-0462
CAN-2002-0463	CVE-2002-0463
CAN-2002-0464	CVE-2002-0464
CAN-2002-0473	CVE-2002-0473
CAN-2002-0484	CVE-2002-0484
CAN-2002-0488	CVE-2002-0488
CAN-2002-0490	CVE-2002-0490
CAN-2002-0493	CVE-2002-0493
CAN-2002-0494	CVE-2002-0494
CAN-2002-0495	CVE-2002-0495
CAN-2002-0497	CVE-2002-0497
CAN-2002-0501	CVE-2002-0501
CAN-2002-0505	CVE-2002-0505
CAN-2002-0506	CVE-2002-0506
CAN-2002-0511	CVE-2002-0511
CAN-2002-0512	CVE-2002-0512
CAN-2002-0513	CVE-2002-0513
CAN-2002-0516	CVE-2002-0516
CAN-2002-0531	CVE-2002-0531
CAN-2002-0532	CVE-2002-0532
CAN-2002-0536	CVE-2002-0536
CAN-2002-0538	CVE-2002-0538
CAN-2002-0539	CVE-2002-0539
CAN-2002-0542	CVE-2002-0542
CAN-2002-0543	CVE-2002-0543
CAN-2002-0545	CVE-2002-0545
CAN-2002-0553	CVE-2002-0553
CAN-2002-0567	CVE-2002-0567
CAN-2002-0569	CVE-2002-0569
CAN-2002-0571	CVE-2002-0571
CAN-2002-0573	CVE-2002-0573
CAN-2002-0574	CVE-2002-0574
CAN-2002-0575	CVE-2002-0575
CAN-2002-0576	CVE-2002-0576
CAN-2002-0594	CVE-2002-0594
CAN-2002-0597	CVE-2002-0597
CAN-2002-0598	CVE-2002-0598
CAN-2002-0599	CVE-2002-0599
CAN-2002-0601	CVE-2002-0601
CAN-2002-0605	CVE-2002-0605
CAN-2002-0613	CVE-2002-0613
CAN-2002-0616	CVE-2002-0616
CAN-2002-0617	CVE-2002-0617
CAN-2002-0618	CVE-2002-0618
CAN-2002-0619	CVE-2002-0619
CAN-2002-0621	CVE-2002-0621
CAN-2002-0622	CVE-2002-0622
CAN-2002-0623	CVE-2002-0623
CAN-2002-0631	CVE-2002-0631
CAN-2002-0638	CVE-2002-0638
CAN-2002-0639	CVE-2002-0639
CAN-2002-0640	CVE-2002-0640
CAN-2002-0642	CVE-2002-0642
CAN-2002-0647	CVE-2002-0647
CAN-2002-0648	CVE-2002-0648
CAN-2002-0650	CVE-2002-0650
CAN-2002-0653	CVE-2002-0653
CAN-2002-0658	CVE-2002-0658
CAN-2002-0663	CVE-2002-0663
CAN-2002-0665	CVE-2002-0665
CAN-2002-0671	CVE-2002-0671
CAN-2002-0676	CVE-2002-0676
CAN-2002-0678	CVE-2002-0678
CAN-2002-0679	CVE-2002-0679
CAN-2002-0685	CVE-2002-0685
CAN-2002-0687	CVE-2002-0687
CAN-2002-0688	CVE-2002-0688
CAN-2002-0691	CVE-2002-0691
CAN-2002-0695	CVE-2002-0695
CAN-2002-0697	CVE-2002-0697
CAN-2002-0698	CVE-2002-0698
CAN-2002-0700	CVE-2002-0700
CAN-2002-0701	CVE-2002-0701
CAN-2002-0703	CVE-2002-0703
CAN-2002-0704	CVE-2002-0704
CAN-2002-0710	CVE-2002-0710
CAN-2002-0714	CVE-2002-0714
CAN-2002-0716	CVE-2002-0716
CAN-2002-0718	CVE-2002-0718
CAN-2002-0719	CVE-2002-0719
CAN-2002-0720	CVE-2002-0720
CAN-2002-0722	CVE-2002-0722
CAN-2002-0726	CVE-2002-0726
CAN-2002-0727	CVE-2002-0727
CAN-2002-0733	CVE-2002-0733
CAN-2002-0734	CVE-2002-0734
CAN-2002-0736	CVE-2002-0736
CAN-2002-0737	CVE-2002-0737
CAN-2002-0738	CVE-2002-0738
CAN-2002-0741	CVE-2002-0741
CAN-2002-0748	CVE-2002-0748
CAN-2002-0754	CVE-2002-0754
CAN-2002-0755	CVE-2002-0755
CAN-2002-0758	CVE-2002-0758
CAN-2002-0759	CVE-2002-0759
CAN-2002-0760	CVE-2002-0760
CAN-2002-0761	CVE-2002-0761
CAN-2002-0762	CVE-2002-0762
CAN-2002-0765	CVE-2002-0765
CAN-2002-0766	CVE-2002-0766
CAN-2002-0768	CVE-2002-0768
CAN-2002-0776	CVE-2002-0776
CAN-2002-0777	CVE-2002-0777
CAN-2002-0778	CVE-2002-0778
CAN-2002-0785	CVE-2002-0785
CAN-2002-0788	CVE-2002-0788
CAN-2002-0789	CVE-2002-0789
CAN-2002-0790	CVE-2002-0790
CAN-2002-0794	CVE-2002-0794
CAN-2002-0795	CVE-2002-0795
CAN-2002-0801	CVE-2002-0801
CAN-2002-0802	CVE-2002-0802
CAN-2002-0804	CVE-2002-0804
CAN-2002-0805	CVE-2002-0805
CAN-2002-0806	CVE-2002-0806
CAN-2002-0808	CVE-2002-0808
CAN-2002-0809	CVE-2002-0809
CAN-2002-0810	CVE-2002-0810
CAN-2002-0813	CVE-2002-0813
CAN-2002-0814	CVE-2002-0814
CAN-2002-0816	CVE-2002-0816
CAN-2002-0817	CVE-2002-0817
CAN-2002-0818	CVE-2002-0818
CAN-2002-0823	CVE-2002-0823
CAN-2002-0824	CVE-2002-0824
CAN-2002-0826	CVE-2002-0826
CAN-2002-0829	CVE-2002-0829
CAN-2002-0830	CVE-2002-0830
CAN-2002-0831	CVE-2002-0831
CAN-2002-0845	CVE-2002-0845
CAN-2002-0846	CVE-2002-0846
CAN-2002-0847	CVE-2002-0847
CAN-2002-0848	CVE-2002-0848
CAN-2002-0851	CVE-2002-0851
CAN-2002-0853	CVE-2002-0853
CAN-2002-0856	CVE-2002-0856
CAN-2002-0859	CVE-2002-0859
CAN-2002-0860	CVE-2002-0860
CAN-2002-0871	CVE-2002-0871
CAN-2002-0872	CVE-2002-0872
CAN-2002-0873	CVE-2002-0873
CAN-2002-0875	CVE-2002-0875
CAN-2002-0887	CVE-2002-0887
CAN-2002-0889	CVE-2002-0889
CAN-2002-0891	CVE-2002-0891
CAN-2002-0892	CVE-2002-0892
CAN-2002-0897	CVE-2002-0897
CAN-2002-0898	CVE-2002-0898
CAN-2002-0900	CVE-2002-0900
CAN-2002-0904	CVE-2002-0904
CAN-2002-0906	CVE-2002-0906
CAN-2002-0911	CVE-2002-0911
CAN-2002-0914	CVE-2002-0914
CAN-2002-0916	CVE-2002-0916
CAN-2002-0935	CVE-2002-0935
CAN-2002-0938	CVE-2002-0938
CAN-2002-0941	CVE-2002-0941
CAN-2002-0945	CVE-2002-0945
CAN-2002-0946	CVE-2002-0946
CAN-2002-0947	CVE-2002-0947
CAN-2002-0952	CVE-2002-0952
CAN-2002-0953	CVE-2002-0953
CAN-2002-0958	CVE-2002-0958
CAN-2002-0964	CVE-2002-0964
CAN-2002-0965	CVE-2002-0965
CAN-2002-0967	CVE-2002-0967
CAN-2002-0968	CVE-2002-0968
CAN-2002-0981	CVE-2002-0981
CAN-2002-0984	CVE-2002-0984
CAN-2002-0987	CVE-2002-0987
CAN-2002-0988	CVE-2002-0988
CAN-2002-0989	CVE-2002-0989
CAN-2002-0995	CVE-2002-0995
CAN-2002-1000	CVE-2002-1000
CAN-2002-1002	CVE-2002-1002
CAN-2002-1004	CVE-2002-1004
CAN-2002-1006	CVE-2002-1006
CAN-2002-1013	CVE-2002-1013
CAN-2002-1014	CVE-2002-1014
CAN-2002-1015	CVE-2002-1015
CAN-2002-1024	CVE-2002-1024
CAN-2002-1025	CVE-2002-1025
CAN-2002-1030	CVE-2002-1030
CAN-2002-1031	CVE-2002-1031
CAN-2002-1035	CVE-2002-1035
CAN-2002-1039	CVE-2002-1039
CAN-2002-1046	CVE-2002-1046
CAN-2002-1049	CVE-2002-1049
CAN-2002-1050	CVE-2002-1050
CAN-2002-1051	CVE-2002-1051
CAN-2002-1053	CVE-2002-1053
CAN-2002-1054	CVE-2002-1054
CAN-2002-1057	CVE-2002-1057
CAN-2002-1059	CVE-2002-1059
CAN-2002-1060	CVE-2002-1060
CAN-2002-1076	CVE-2002-1076
CAN-2002-1079	CVE-2002-1079
CAN-2002-1081	CVE-2002-1081
CAN-2002-1088	CVE-2002-1088


======================================================
Candidate: CAN-1999-1337
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1337
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030318-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990801 midnight commander vulnerability(?) (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93370073207984&w=2
Reference: XF:midnight-commander-data-disclosure(9873)
Reference: URL:http://www.iss.net/security_center/static/9873.php

FTP client in Midnight Commander (mc) before 4.5.11 stores usernames
and passwords for visited sites in plaintext in the world-readable
history file, which allows other local users to gain privileges.


Modifications:
  ADDREF XF:midnight-commander-data-disclosure(9873)

INFERRED ACTION: CAN-1999-1337 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> (Task 1765)
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:midnight-commander-data-disclosure(9873)


======================================================
Candidate: CAN-1999-1468
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1468
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html
Reference: CERT:CA-91.20
Reference: URL:http://www.cert.org/advisories/CA-91.20.rdist.vulnerability
Reference: BID:31
Reference: URL:http://www.securityfocus.com/bid/31
Reference: XF:rdist-popen-gain-privileges(7160)
Reference: URL:http://www.iss.net/security_center/static/7160.php

rdist in various UNIX systems uses popen to execute sendmail, which
allows local users to gain root privileges by modifying the IFS
(Internal Field Separator) variable.


Modifications:
  ADDREF XF:rdist-popen-gain-privileges(7160)
  CHANGEREF MISC [change url]

INFERRED ACTION: CAN-1999-1468 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Frech> XF:rdist-popen-gain-privileges(7160)
   MISC reference is dead. Alternative:
   http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html
 Christey> It is unclear whether this is addressed by SUN:00115,
   SUN:00110, both, or neither.


======================================================
Candidate: CAN-1999-1490
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1490
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030318-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980528 ALERT: Tiresome security hole in "xosview", RedHat5.1?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926021&w=2
Reference: BUGTRAQ:19980529 Re: Tiresome security hole in "xosview" (xosexp.c)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926034&w=2
Reference: BID:362
Reference: URL:http://www.securityfocus.com/bid/362
Reference: XF:linux-xosview-bo(8787)
Reference: URL:http://www.iss.net/security_center/static/8787.php

xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access
via a long HOME environmental variable.


Modifications:
  ADDREF XF:linux-xosview-bo(8787)

INFERRED ACTION: CAN-1999-1490 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> (ACCEPT; Task 2354)
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:linux-xosview-bo(8787)


======================================================
Candidate: CAN-2000-0502
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0502
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020222-01
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000607 Mcafee Alerting DOS vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html
Reference: BID:1326
Reference: URL:http://www.securityfocus.com/bid/1326
Reference: XF:mcafee-alerting-dos(4641)
Reference: URL:http://xforce.iss.net/static/4641.php

Mcafee VirusScan 4.03 does not properly restrict access to the alert
text file before it is sent to the Central Alert Server, which allows
local users to modify alerts in an arbitrary fashion.


Modifications:
  ADDREF XF:mcafee-alerting-dos(4641)

INFERRED ACTION: CAN-2000-0502 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Ozancin, Levy, Wall
   MODIFY(1) Frech
   NOOP(1) LeBlanc

Voter Comments:
 Frech> XF:mcafee-alerting-dos(4641)
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0590
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0590
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20010910-01
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000706 Vulnerability in Poll_It cgi v2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0076.html
Reference: BID:1431
Reference: URL:http://www.securityfocus.com/bid/1431
Reference: XF:http-cgi-pollit-variable-overwrite(4878)
Reference: URL:http://xforce.iss.net/static/4878.php

Poll It 2.0 CGI script allows remote attackers to read arbitrary files
by specifying the file name in the data_dir parameter.


Modifications:
  ADDREF XF:http-cgi-pollit-variable-overwrite(4878)

INFERRED ACTION: CAN-2000-0590 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(4) Magdych, LeBlanc, Wall, Christey

Voter Comments:
 Frech> XF;http-cgi-pollit-variable-overwrite(4878)
 CHANGE> [Magdych changed vote from REVIEWING to NOOP]
 Christey> MISC:http://www.cgi-world.com/download/pollit.html
   An item on October 24, 2000 says "Updated to Version 2.05 from
   2.0 to Fix Security Issues" but it's not clear whether it's
   related to *this* security issue; it's probably talking
   about CVE-2000-1068/1069/1070.
   Inquiry sent to http://www.cgi-world.com/cgi-bin/forms/forms.cgi
   on 2/22/2002.  Confirmed by vendor on 2/22/2002.


======================================================
Candidate: CAN-2000-1210
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1210
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20000322 Security bug in Apache project: Jakarta Tomcat
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95371672300045&w=2
Reference: XF:apache-tomcat-file-contents(4205)
Reference: URL:http://www.iss.net/security_center/static/4205.php

Directory traversal vulnerability in source.jsp of Apache Tomcat
before 3.1 allows remote attackers to read arbitrary files via a ..
(dot dot) in the argument to source.jsp.

INFERRED ACTION: CAN-2000-1210 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(6) Baker, Frech, Cox, Cole, Armstrong, Green
   NOOP(2) Wall, Foat

Voter Comments:
 Green> APPEARS TO BE ACKNOWLEDGED IN APACHE'S BUGZILLA (#93 SEEMS CLOSE)


======================================================
Candidate: CAN-2000-1211
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1211
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030318-01
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20001222 Zope DTML Role Issue
Reference: REDHAT:RHSA-2000:125
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert
Reference: MANDRAKE:MDKSA-2000:083
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3
Reference: XF:zope-legacy-names(5824)
Reference: URL:http://www.iss.net/security_center/static/5824.php

Zope 2.2.0 through 2.2.4 does not properly perform security
registration for legacy names of object constructors such as DTML
method objects, which could allow attackers to perform unauthorized
activities.


Modifications:
  ADDREF XF:zope-legacy-names(5824)

INFERRED ACTION: CAN-2000-1211 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Cox, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Cox> ADDREF:REDHAT:RHSA-2000:125
 Frech> XF:zope-legacy-names(5824)


======================================================
Candidate: CAN-2000-1212
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1212
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: MANDRAKE:MDKSA-2000:086
Reference: CONECTIVA:CLA-2000:365
Reference: DEBIAN:DSA-007
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert
Reference: REDHAT:RHSA-2000:135
Reference: XF:zope-image-file(5778)

Zope 2.2.0 through 2.2.4 does not properly protect a data updating
method on Image and File objects, which allows attackers with DTML
editing privileges to modify the raw data of these objects.

INFERRED ACTION: CAN-2000-1212 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(6) Baker, Frech, Cox, Cole, Armstrong, Green
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0724
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0724
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030318-02
Proposed: 20020131
Assigned: 20010927
Category: SF
Reference: MS:MS01-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp
Reference: XF:ie-incorrect-security-zone-variant(8471)

Internet Explorer 5.5 allows remote attackers to bypass security
restrictions via malformed URLs that contain dotless IP addresses,
which causes Internet Explorer to process the page in the Intranet
Zone, which may have fewer security restrictions, aka the "Zone
Spoofing Vulnerability variant" of CVE-2001-0664.


Modifications:
  ADDREF XF:ie-incorrect-security-zone-variant(8471)
  DESC Change "CAN" to "CVE" in description.

INFERRED ACTION: CAN-2001-0724 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Foat, Cole, Armstrong, Baker
   MODIFY(1) Frech

Voter Comments:
 Frech> (ACCEPT)
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:ie-incorrect-security-zone-variant(8471)


======================================================
Candidate: CAN-2001-0748
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0748
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030318-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010531 Acme.Server v1.7 of 13nov96 Directory Browsing
Reference: URL:http://www.securityfocus.com/archive/1/188141
Reference: XF:acme-serve-directory-traversal(6634)
Reference: URL:http://www.iss.net/security_center/static/6634.php
Reference: CISCO:20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml
Reference: BID:2809
Reference: URL:http://www.securityfocus.com/bid/2809

Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other
products, allows remote attackers to read arbitrary files by
prepending several / (slash) characters to the URI.


Modifications:
  ADDREF XF:acme-serve-directory-traversal(6634)
  ADDREF CISCO:20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability
  DESC replace "." with "/"; change spelling
  ADDREF BID:2809

INFERRED ACTION: CAN-2001-0748 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(1) Armstrong
   MODIFY(1) Frech
   NOOP(4) Wall, Foat, Cole, Christey

Voter Comments:
 Frech> XF:acme-serve-directory-traversal(6634)
 Christey> Change description to say "Acme.Serve".  The original
   discloser spelled it 2 different ways.
 Christey> Description: Is it . or slash?
 Christey> Acknowledged by Cisco (!):
   CISCO:20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability
   URL:http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml
   This affects Cisco Secure ACS Unix installation, and Cisco
   reports that it's due to multiple / at the end.


======================================================
Candidate: CAN-2001-0763
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0763
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020821-03
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0064.html
Reference: CONECTIVA:CLA-2001:404
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000404
Reference: DEBIAN:DSA-063
Reference: URL:http://www.debian.org/security/2001/dsa-063
Reference: SUSE:SA:2001:022
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Jun/0002.html
Reference: IMMUNIX:IMNX-2001-70-024-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-024-01
Reference: ENGARDE:ESA-20010621-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1469.html
Reference: CIAC:L-104
Reference: URL:http://www.ciac.org/ciac/bulletins/l-104.shtml
Reference: REDHAT:RHSA-2001:075
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-075.html
Reference: FREEBSD:FreeBSD-SA-01:47
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:47.xinetd.asc
Reference: XF:xinetd-identd-bo(6670)
Reference: URL:http://xforce.iss.net/static/6670.php
Reference: BID:2840
Reference: URL:http://www.securityfocus.com/bid/2840

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow
remote attackers to execute arbitrary code via a long ident response,
which is not properly handled by the svc_logprint function.


Modifications:
  ADDREF XF:xinetd-identd-bo(6670)
  ADDREF BID:2840
  ADDREF IMMUNIX:IMNX-2001-70-029-01
  ADDREF ENGARDE:ESA-20010621-01
  ADDREF CIAC:L-104
  ADDREF REDHAT:RHSA-2001:075
  ADDREF FREEBSD:FreeBSD-SA-01:47
  ADDREF CONECTIVA:CLA-2001:404
  DELREF CONECTIVA:CLA-2001:406
  CHANGEREF IMMUNIX:IMNX-2001-70-024-01

INFERRED ACTION: CAN-2001-0763 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Baker
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:xinetd-identd-bo(6670)
 Christey> Need to sift through the references to make sure they're
   correct and appropriately distinguish from CAN-2001-0825.
 Christey> ADDREF CONECTIVA:CLA-2001:404
 Christey> ADDREF FREEBSD:FreeBSD-SA-01:47
   URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:47.xinetd.asc
   DELREF CONECTIVA:CLA-2001:406 (that's for CAN-2001-0825)
   ADDREF CONECTIVA:CLA-2001:404
   DELREF IMMUNIX:IMNX-2001-70-029-01 (that's for CAN-2001-0825)
   ADDREF IMMUNIX:IMNX-2001-70-024-01


======================================================
Candidate: CAN-2001-0873
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0873
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020818-01
Proposed: 20020131
Assigned: 20011206
Category: SF
Reference: BUGTRAQ:20010908 Multiple vendor 'Taylor UUCP' problems.
Reference: URL:http://www.securityfocus.com/archive/1/212892
Reference: BUGTRAQ:20011130 Redhat 7.0 local root (via uucp) (attempt 2)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715446131820
Reference: CALDERA:CSSA-2001-033.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-033.0.txt
Reference: CONECTIVA:CLA-2001:425
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425
Reference: SUSE:SuSE-SA:2001:38
Reference: URL:http://www.suse.de/de/support/security/2001_038_uucp_txt.txt
Reference: BID:3312
Reference: URL:http://www.securityfocus.com/bid/3312
Reference: XF:uucp-argument-gain-privileges(7099)
Reference: URL:http://xforce.iss.net/static/7099.php
Reference: REDHAT:RHSA-2001:165
Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-165.html

uuxqt in Taylor UUCP package does not properly remove dangerous long
options, which allows local users to gain privileges by calling uux
and specifying an alternate configuration file with the --config
option.


Modifications:
  ADDREF REDHAT:RHSA-2001:165

INFERRED ACTION: CAN-2001-0873 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Green, Baker
   NOOP(3) Wall, Foat, Christey

Voter Comments:
 Christey> ADDREF CONECTIVA:CLA-2002:463
 Christey> No wait, scratch CONECTIVA:CLA-2002:463...  It only mentions this
   older vulnerability.
 Christey> REDHAT:RHSA-2001:165 (per Mark Cox)


======================================================
Candidate: CAN-2001-0891
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0891
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020616-01
Proposed: 20020131
Assigned: 20020116
Category: SF
Reference: BUGTRAQ:20011127 UNICOS LOCAL HOLE ALL VERSIONS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100695627423924&w=2
Reference: SGI:20020101-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020101-01-I
Reference: XF:unicos-nqsd-format-string(7618)

Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16
for CRAY UNICOS and SGI IRIX allows a local user to gain root
privileges by using qsub to submit a batch job whose name contains
formatting characters.


Modifications:
  ADDREF XF:unicos-nqsd-format-string(7618)
  DESC Add SGI IRIX versions

INFERRED ACTION: CAN-2001-0891 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Baker
   MODIFY(1) Frech
   NOOP(3) Wall, Foat, Christey

Voter Comments:
 Frech> XF:unicos-nqsd-format-string(7618)
 Christey> Change desc to include SGI versions


======================================================
Candidate: CAN-2001-0921
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0921
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011121 Mac Netscape password fields
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638816318705&w=2
Reference: XF:macos-netscape-print-passwords(7593)
Reference: URL:http://xforce.iss.net/static/7593.php
Reference: BID:3565
Reference: URL:http://www.securityfocus.com/bid/3565

Netscape 4.79 and earlier for MacOS allows an attacker with access to
the browser to obtain passwords from form fields by printing the
document into which the password has been typed, which is printed in
cleartext.

INFERRED ACTION: CAN-2001-0921 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Foat, Cole, Frech
   NOOP(2) Wall, Armstrong


======================================================
Candidate: CAN-2001-0959
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0959
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html
Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html
Reference: BID:3342
Reference: URL:http://www.securityfocus.com/bid/3342
Reference: XF:arcserve-aremote-plaintext(7122)
Reference: URL:http://www.iss.net/security_center/static/7122.php

Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0
creates a hidden share named ARCSERVE$, which allows remote attackers
to obtain sensitive information and overwrite critical files.


Modifications:
  ADDREF XF:arcserve-aremote-plaintext(7122)

INFERRED ACTION: CAN-2001-0959 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(2) Green, Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Green> VENDOR ACKNOWLEDGEMENT VAGUE
 Frech> XF:arcserve-aremote-plaintext(7122)


======================================================
Candidate: CAN-2001-0960
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0960
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020131
Assigned: 20020131
Category: CF
Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html
Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html
Reference: XF:arcserve-aremote-plaintext(7122)
Reference: URL:http://xforce.iss.net/static/7122.php
Reference: BID:3343
Reference: URL:http://www.securityfocus.com/bid/3343

Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0
stores the backup agent user name and password in cleartext in the
aremote.dmp file in the ARCSERVE$ hidden share, which allows local and
remote attackers to gain privileges.

INFERRED ACTION: CAN-2001-0960 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Cole, Frech
   MODIFY(1) Green
   NOOP(2) Wall, Foat

Voter Comments:
 Green> VENDOR ACKNOWLEDGEMENT MISSING


======================================================
Candidate: CAN-2001-0978
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0978
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030318-01
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: HPBUG:PHCO_17719
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0052.html
Reference: HPBUG:PHCO_24454
Reference: BID:3289
Reference: URL:http://www.securityfocus.com/bid/3289
Reference: XF:hpux-login-btmp(8632)
Reference: URL:http://www.iss.net/security_center/static/8632.php

login in HP-UX 10.26 does not record failed login attempts in
/var/adm/btmp, which could allow attackers to conduct brute force
password guessing attacks without being detected or observed using the
lastb program.


Modifications:
  ADDREF XF:hpux-login-btmp(8632)

INFERRED ACTION: CAN-2001-0978 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Green, Baker
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:hpux-login-btmp(8632)


======================================================
Candidate: CAN-2001-1008
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1008
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010824 Java Plugin 1.4 with JRE 1.3 -> Ignores certificates.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.html
Reference: BID:3245
Reference: URL:http://www.securityfocus.com/bid/3245
Reference: XF:javaplugin-jre-expired-certificate(7048)
Reference: URL:http://www.iss.net/security_center/static/7048.php

Java Plugin 1.4 for JRE 1.3 executes signed applets even if the
certificate is expired, which could allow remote attackers to conduct
unauthorized activities via an applet that has been signed by an
expired certificate.


Modifications:
  ADDREF XF:javaplugin-jre-expired-certificate(7048)

INFERRED ACTION: CAN-2001-1008 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Cole, Green
   MODIFY(1) Frech
   NOOP(3) Wall, Foat, Armstrong

Voter Comments:
 Frech> XF:javaplugin-jre-expired-certificate(7048)


======================================================
Candidate: CAN-2001-1028
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1028
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020817-01
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: REDHAT:RHSA-2001:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-072.html
Reference: XF:man-ultimate-source-bo(8622)
Reference: URL:http://www.iss.net/security_center/static/8622.php

Buffer overflow in ultimate_source function of man 1.5 and earlier
allows local users to gain privileges.


Modifications:
  ADDREF XF:man-ultimate-source-bo(8622)

INFERRED ACTION: CAN-2001-1028 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Green, Baker
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:man-ultimate-source-bo(8622)


======================================================
Candidate: CAN-2001-1036
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1036
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate
Reference: URL:http://www.securityfocus.com/archive/1/200991
Reference: XF:locate-command-execution(6932)
Reference: URL:http://xforce.iss.net/static/6932.php
Reference: BID:3127
Reference: URL:http://www.securityfocus.com/bid/3127

GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local
users to gain privileges via an old formatted filename database
(locatedb) that contains an entry with an out-of-range offset, which
causes locate to write to arbitrary process memory.

INFERRED ACTION: CAN-2001-1036 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Green, Frech
   NOOP(3) Wall, Foat, Armstrong


======================================================
Candidate: CAN-2001-1059
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1059
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020131
Assigned: 20020131
Category: CF
Reference: BUGTRAQ:20010730 vmware bug?
Reference: URL:http://www.securityfocus.com/archive/1/200455
Reference: BID:3119
Reference: URL:http://www.securityfocus.com/bid/3119
Reference: XF:vmware-obtain-license-info(6925)
Reference: URL:http://xforce.iss.net/static/6925.php

VMWare creates a temporary file vmware-log.USERNAME with insecure
permissions, which allows local users to read or modify license
information.

INFERRED ACTION: CAN-2001-1059 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Foat, Cole, Green, Frech
   NOOP(2) Wall, Armstrong


======================================================
Candidate: CAN-2001-1106
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1106
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010725 Sambar Server password decryption
Reference: URL:http://www.securityfocus.com/archive/1/199418
Reference: BID:3095
Reference: URL:http://www.securityfocus.com/bid/3095
Reference: XF:sambar-insecure-passwords(6909)
Reference: URL:http://xforce.iss.net/static/6909.php

The default configuration of Sambar Server 5 and earlier uses a
symmetric key that is compiled into the binary program for encrypting
passwords, which could allow local users to break all user passwords
by cracking the key or modifying a copy of the sambar program to call
the decryption procedure.

INFERRED ACTION: CAN-2001-1106 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Green, Baker, Frech, Ziese
   NOOP(5) Wall, Foat, Cole, Armstrong, Christey

Voter Comments:
 Green> There is vendor acknowledgement in http://www.security.nnov.ru/advisories/sambarpass.asp
 Christey> For CVE's purposes, I do not count a vendor quote or excerpt
   from a third party as acknowledgement.


======================================================
Candidate: CAN-2001-1145
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1145
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030318-01
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: NETBSD:NetBSD-SA2001-016
Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html
Reference: FREEBSD:FreeBSD-SA-01:40
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc
Reference: OPENBSD:20010530 029: SECURITY FIX: May 30, 2001
Reference: URL:http://www.openbsd.org/errata28.html
Reference: BID:3205
Reference: URL:http://online.securityfocus.com/bid/3205
Reference: XF:bsd-fts-race-condition(8715)
Reference: URL:http://www.iss.net/security_center/static/8715.php

fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and
OpenBSD 2.9 and earlier can be forced to change (chdir) into a
different directory than intended when the directory above the current
directory is moved, which could cause scripts to perform dangerous
actions on the wrong directories.


Modifications:
  ADDREF XF:bsd-fts-race-condition(8715)

INFERRED ACTION: CAN-2001-1145 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Armstrong, Green, Baker, Ziese
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:bsd-fts-race-condition(8715)


======================================================
Candidate: CAN-2001-1251
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1251
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP
Reference: URL:http://online.securityfocus.com/archive/1/194418
Reference: BID:2980
Reference: URL:http://online.securityfocus.com/bid/2980
Reference: XF:vwebserver-long-url-dos(6771)
Reference: URL:http://www.iss.net/security_center/static/6771.php

SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a
denial of service via multiple long URL requests.

INFERRED ACTION: CAN-2001-1251 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Green, Frech
   NOOP(3) Wall, Foat, Cox


======================================================
Candidate: CAN-2001-1291
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1291
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010712 3Com TelnetD
Reference: URL:http://www.securityfocus.com/archive/1/196957
Reference: XF:3com-telnetd-brute-force(6855)
Reference: URL:http://xforce.iss.net/static/6855.php
Reference: BID:3034
Reference: URL:http://www.securityfocus.com/bid/3034

The telnet server for 3Com hardware such as PS40 SuperStack II does
not delay or disconnect remote attackers who provide an incorrect
username or password, which makes it easier to break into the server
via brute force password guessing.

INFERRED ACTION: CAN-2001-1291 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Green, Frech
   NOOP(3) Wall, Foat, Cox


======================================================
Candidate: CAN-2001-1296
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1296
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://www.securityfocus.com/archive/1/218000
Reference: MISC:http://www.moregroupware.org/index.php?action=detail&news_id=24
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php
Reference: BID:3383
Reference: URL:http://www.securityfocus.com/bid/3383

More.groupware PHP script allows remote attackers to include arbitrary
files from remote web sites via an HTTP request that sets the
includedir variable.

INFERRED ACTION: CAN-2001-1296 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Green, Frech
   NOOP(3) Wall, Foat, Cox


======================================================
Candidate: CAN-2001-1301
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1301
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010807 rcs2log
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0093.html
Reference: CONFIRM:http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95
Reference: XF:rcs2log-tmp-symlink(11210)
Reference: URL:http://www.iss.net/security_center/static/11210.php

rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions
before 21.4, and possibly other packages, allows local users to modify
files of other users via a symlink attack on a temporary file.


Modifications:
  ADDREF CONFIRM:http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95
  ADDREF XF:rcs2log-tmp-symlink(11210)
  DESC change versions

INFERRED ACTION: CAN-2001-1301 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(1) Green
   MODIFY(2) Frech, Cox
   NOOP(3) Wall, Foat, Cole

Voter Comments:
 Frech> Task xxxx.
 CHANGE> [Cox changed vote from REVIEWING to MODIFY]
 Cox> Addref:
   http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95

   This was public at least as far back as 28 September 1998, this is the
   date that the Red Hat emacs package was given a patch for this issue.
 Cox> Description currently says "xemacs 21.1.10" and it would be
   more correct to say "xemacs before version 21.4"
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:rcs2log-tmp-symlink(11210)


======================================================
Candidate: CAN-2001-1303
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1303
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20010718 Firewall-1 Information leak
Reference: URL:http://www.securityfocus.com/archive/1/197566
Reference: BID:3058
Reference: URL:http://online.securityfocus.com/bid/3058
Reference: XF:fw1-securemote-gain-information(6857)
Reference: URL:http://xforce.iss.net/static/6857.php

The default configuration of SecuRemote for Check Point Firewall-1
allows remote attackers to obtain sensitive configuration information
for the protected network without authentication.

INFERRED ACTION: CAN-2001-1303 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Green, Frech
   NOOP(3) Wall, Foat, Cox


======================================================
Candidate: CAN-2001-1327
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1327
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030318-01
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: TURBO:TLSA2001024
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-May/000313.html
Reference: XF:pmake-binary-gain-privileges(9988)
Reference: URL:http://www.iss.net/security_center/static/9988.php

pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with
setuid root privileges, which could allow local users to gain
privileges by exploiting vulnerabilities in pmake or programs that are
used by pmake.


Modifications:
  ADDREF XF:pmake-binary-gain-privileges(9988)

INFERRED ACTION: CAN-2001-1327 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Cole, Green
   MODIFY(1) Frech
   NOOP(3) Wall, Foat, Cox

Voter Comments:
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:pmake-binary-gain-privileges(9988)


======================================================
Candidate: CAN-2001-1334
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1334
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030318-01
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010515 PHPSlash : potential vulnerability in URL blocks
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0126.html
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=phpslash&m=99029398904419&w=2
Reference: BID:2724
Reference: URL:http://online.securityfocus.com/bid/2724
Reference: XF:phpslash-block-read-files(9990)
Reference: URL:http://www.iss.net/security_center/static/9990.php

Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with
PHPSlash administrator privileges to read arbitrary files by creating
a block and specifying the target file as the source URL.


Modifications:
  ADDREF XF:phpslash-block-read-files(9990)

INFERRED ACTION: CAN-2001-1334 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Cole, Green
   MODIFY(1) Frech
   NOOP(3) Wall, Foat, Cox

Voter Comments:
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:phpslash-block-read-files(9990)


======================================================
Candidate: CAN-2001-1349
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1349
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030318-01
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BINDVIEW:20010528 Unsafe Signal Handling in Sendmail
Reference: URL:http://razor.bindview.com/publish/advisories/adv_sm8120.html
Reference: BUGTRAQ:20010529 sendmail 8.11.4 and 8.12.0.Beta10 available (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/187127
Reference: REDHAT:RHSA-2001:106
Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-106.html
Reference: CONFIRM:http://archives.neohapsis.com/archives/sendmail/2001-q2/0001.html
Reference: BID:2794
Reference: URL:http://www.securityfocus.com/bid/2794
Reference: XF:sendmail-signal-handling(6633)
Reference: URL:http://www.iss.net/security_center/static/6633.php

Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local
users to cause a denial of service and possibly corrupt the heap and
gain privileges via race conditions in signal handlers.


Modifications:
  ADDREF REDHAT:RHSA-2001:106
  ADDREF XF:sendmail-signal-handling(6633)

INFERRED ACTION: CAN-2001-1349 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Wall, Cole, Green, Cox
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
 Cox> ADDREF: RHSA-2001:106
 Frech> XF:sendmail-signal-handling(6633)


======================================================
Candidate: CAN-2001-1359
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1359
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: CF
Reference: CALDERA:CSSA-2001-021.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-021.0.txt
Reference: BID:2850
Reference: URL:http://www.securityfocus.com/bid/2850
Reference: XF:volution-authentication-failure-access(6672)
Reference: URL:http://xforce.iss.net/static/6672.php

Volution clients 1.0.7 and earlier attempt to contact the computer
creation daemon (CCD) when an LDAP authentication failure occurs,
which allows remote attackers to fully control clients via a Trojan
horse Volution server.

INFERRED ACTION: CAN-2001-1359 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Cole, Alderson, Green, Frech
   NOOP(2) Foat, Cox


======================================================
Candidate: CAN-2001-1369
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1369
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:14
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:14.pam-pgsql.asc
Reference: BID:3319
Reference: URL:http://online.securityfocus.com/bid/3319
Reference: XF:postgresql-pam-authentication-module(7110)
Reference: URL:http://www.iss.net/security_center/static/7110.php

Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to
execute arbitrary SQL code and bypass authentication or modify user
account records by injecting SQL statements into user or password
fields.

INFERRED ACTION: CAN-2001-1369 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Alderson, Green, Frech
   NOOP(3) Wall, Foat, Cox


======================================================
Candidate: CAN-2001-1370
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1370
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20010722 [SEC] Hole in PHPLib 7.2 prepend.php3
Reference: URL:http://www.securityfocus.com/archive/1/198768
Reference: BUGTRAQ:20010726 TSLSA-2001-0014 - PHPLib
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99616122712122&w=2
Reference: BUGTRAQ:20010721 IMP 2.2.6 (SECURITY) released
Reference: URL:http://online.securityfocus.com/archive/1/198495
Reference: CONECTIVA:CLA-2001:410
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
Reference: CALDERA:CSSA-2001-027.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-027.0.txt
Reference: DEBIAN:DSA-073
Reference: URL:http://www.debian.org/security/2001/dsa-073
Reference: BID:3079
Reference: URL:http://www.securityfocus.com/bid/3079
Reference: XF:phplib-script-execution(6892)
Reference: URL:http://www.iss.net/security_center/static/6892.php

prepend.php3 in PHPLib before 7.2d, when register_globals is enabled
for PHP, allows remote attackers to execute arbitrary scripts via an
HTTP request that modifies $_PHPLIB[libdir] to point to malicious code
on another server, as seen in Horde 1.2.5 and earlier, IMP before
2.2.6, and other packages that use PHPLib.

INFERRED ACTION: CAN-2001-1370 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Alderson, Green, Frech
   NOOP(3) Wall, Foat, Cox


======================================================
Candidate: CAN-2001-1371
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1371
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030318-01
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020206 Hackproofing Oracle Application Server paper
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301813117562&w=2
Reference: MISC:http://www.nextgenss.com/papers/hpoas.pdf
Reference: CERT-VN:VU#736923
Reference: URL:http://www.kb.cert.org/vuls/id/736923
Reference: CERT:CA-2002-08
Reference: URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf
Reference: BID:4289
Reference: URL:http://www.securityfocus.com/bid/4289
Reference: XF:oracle-appserver-soap-components(8449)
Reference: URL:http://www.iss.net/security_center/static/8449.php

The default configuration of Oracle Application Server 9iAS 1.0.2.2
enables SOAP and allows anonymous users to deploy applications by
default via urn:soap-service-manager and urn:soap-provider-manager.


Modifications:
  ADDREF XF:oracle-appserver-soap-components(8449)

INFERRED ACTION: CAN-2001-1371 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Foat, Cole, Alderson, Green
   MODIFY(1) Frech
   NOOP(1) Cox

Voter Comments:
 Frech> XF:oracle-appserver-soap-components(8449)


======================================================
Candidate: CAN-2001-1372
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1372
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20021116-01
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20010917 Yet another path disclosure vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100074087824021&w=2
Reference: BUGTRAQ:20010921 Response to "Path disclosure vulnerability in Oracle 9i and 8i
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100119633925473&w=2
Reference: MISC:http://www.nii.co.in/research.html
Reference: CERT:CA-2002-08
Reference: URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: CERT-VN:VU#278971
Reference: URL:http://www.kb.cert.org/vuls/id/278971
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf
Reference: BID:3341
Reference: URL:http://www.securityfocus.com/bid/3341
Reference: XF:oracle-jsp-reveal-path(7135)
Reference: URL:http://xforce.iss.net/static/7135.php

Oracle 9i Application Server 1.0.2 allows remote attackers to obtain
the physical path of a file under the server root via a request for a
non-existent .JSP file, which leaks the pathname in an error message.

INFERRED ACTION: CAN-2001-1372 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Cole, Alderson, Green, Frech
   NOOP(3) Foat, Christey, Cox

Voter Comments:
 Christey> ADDREF MISC:http://www.nii.co.in/research.html


======================================================
Candidate: CAN-2001-1373
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1373
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20010718 ZoneAlarm Pro
Reference: URL:http://www.securityfocus.com/archive/1/197681
Reference: CONFIRM:http://www.zonelabs.com/products/zap/rel_history.html#2.6.362
Reference: XF:zonealarm-bypass-mailsafe(6877)
Reference: URL:http://xforce.iss.net/static/6877.php
Reference: BID:3055
Reference: URL:http://www.securityfocus.com/bid/3055

MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6
and 2.4 does not block prohibited file types with long file names,
which allows remote attackers to send potentially dangerous
attachments.

INFERRED ACTION: CAN-2001-1373 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Cole, Alderson, Green, Frech
   NOOP(2) Foat, Cox


======================================================
Candidate: CAN-2001-1374
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1374
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030318-02
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=22187
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224
Reference: CONECTIVA:CLA-2001:409
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409
Reference: XF:expect-insecure-library-search(6870)
Reference: URL:http://xforce.iss.net/static/6870.php
Reference: BID:3074
Reference: URL:http://www.securityfocus.com/bid/3074
Reference: REDHAT:RHSA-2002:148
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-148.html
Reference: MANDRAKE:MDKSA-2002:060
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:060

expect before 5.32 searches for its libraries in /var/tmp before other
directories, which could allow local users to gain root privileges via
a Trojan horse library that is accessed by mkpasswd.


Modifications:
  ADDREF REDHAT:RHSA-2002:148
  ADDREF MANDRAKE:MDKSA-2002:060

INFERRED ACTION: CAN-2001-1374 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(6) Wall, Cole, Alderson, Green, Frech, Cox
   NOOP(2) Foat, Christey

Voter Comments:
 CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
 Christey> REDHAT:RHSA-2002:148
 Christey> MANDRAKE:MDKSA-2002:060


======================================================
Candidate: CAN-2001-1375
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1375
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030318-02
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28226
Reference: CONECTIVA:CLA-2001:409
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409
Reference: XF:tcltk-insecure-library-search(6869)
Reference: URL:http://www.iss.net/security_center/static/6869.php
Reference: BID:3073
Reference: URL:http://www.securityfocus.com/bid/3073
Reference: REDHAT:RHSA-2002:148
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-148.html
Reference: MANDRAKE:MDKSA-2002:060
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:060

tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current
working directory before other directories, which could allow local
users to execute arbitrary code via a Trojan horse library that is
under a user-controlled directory.


Modifications:
  ADDREF REDHAT:RHSA-2002:148
  ADDREF MANDRAKE:MDKSA-2002:060

INFERRED ACTION: CAN-2001-1375 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(6) Foat, Cole, Alderson, Green, Frech, Cox
   NOOP(2) Wall, Christey

Voter Comments:
 CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
 Christey> REDHAT:RHSA-2002:148
 Christey> MANDRAKE:MDKSA-2002:060


======================================================
Candidate: CAN-2001-1378
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1378
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020715
Category: SF
Reference: MISC:http://lists.ccil.org/pipermail/fetchmail-announce/2001-March/000015.html
Reference: REDHAT:RHSA-2001:103
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-103.html

fetchmailconf in fetchmail before 5.7.4 allows local users to
overwrite files of other users via a symlink attack on temporary
files.

INFERRED ACTION: CAN-2001-1378 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Armstrong, Baker, Cox
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1380
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1380
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20011018 Immunix OS update for OpenSSH
Reference: BUGTRAQ:20011017 TSLSA-2001-0023 - OpenSSH
Reference: BUGTRAQ:20010926 OpenSSH Security Advisory (adv.option)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100154541809940&w=2
Reference: BUGTRAQ:20011019 TSLSA-2001-0026 - OpenSSH
Reference: REDHAT:RHSA-2001:114
Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-114.html
Reference: MANDRAKE:MDKSA-2001:081
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-081.php

OpenSSH before 2.9.9, while using keypairs and multiple keys of
different types in the ~/.ssh/authorized_keys2 file, may not properly
handle the "from" option associated with a key, which could allow
remote attackers to login from unauthorized IP addresses.

INFERRED ACTION: CAN-2001-1380 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Armstrong, Baker, Cox
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1382
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1382
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: CONFIRM:http://www.openwall.com/Owl/CHANGES-stable.shtml

The "echo simulation" traffic analysis countermeasure in OpenSSH
before 2.9.9p2 sends an additional echo packet after the password and
carriage return is entered, which could allow remote attackers to
determine that the countermeasure is being used.

INFERRED ACTION: CAN-2001-1382 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Armstrong, Baker, Cox
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1383
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1383
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: REDHAT:RHSA-2001:110
Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-110.html
Reference: XF:linux-setserial-initscript-symlink(7177)
Reference: URL:http://www.iss.net/security_center/static/7177.php
Reference: BID:3367
Reference: URL:http://online.securityfocus.com/bid/3367

initscript in setserial 2.17-4 and earlier uses predictable temporary
file names, which could allow local users to conduct unauthorized
operations on files.

INFERRED ACTION: CAN-2001-1383 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Cole, Armstrong, Baker, Cox
   NOOP(1) Foat


======================================================
Candidate: CAN-2001-1385
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1385
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97957961212852
Reference: REDHAT:RHSA-2000:136
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-136.html
Reference: MANDRAKE:MDKSA-2001:013
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3
Reference: CONECTIVA:CLA-2001:373
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373
Reference: DEBIAN:DSA-020
Reference: URL:http://www.debian.org/security/2001/dsa-020
Reference: BID:2205
Reference: URL:http://online.securityfocus.com/bid/2205
Reference: XF:php-view-source-code(5939)
Reference: URL:http://www.iss.net/security_center/static/5939.php

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with
the 'engine = off' option for a virtual host, may disable PHP for
other virtual hosts, which could cause Apache to serve the source code
of PHP scripts.

INFERRED ACTION: CAN-2001-1385 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(7) Wall, Cole, Armstrong, Green, Baker, Frech, Cox
   NOOP(1) Foat


======================================================
Candidate: CAN-2001-1406
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1406
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030318-01
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=66235
Reference: REDHAT:RHSA-2001:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html
Reference: XF:bugzilla-processbug-old-restrictions(10478)
Reference: URL:http://www.iss.net/security_center/static/10478.php

process_bug.cgi in Bugzilla before 2.14 does not set the "groupset"
bit when a bug is moved between product groups, which will cause the
bug to have the old group's restrictions, which might not be as
stringent.


Modifications:
  ADDREF XF:bugzilla-processbug-old-restrictions(10478)

INFERRED ACTION: CAN-2001-1406 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Armstrong, Green, Baker, Cox
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:bugzilla-processbug-old-restrictions(10478)


======================================================
Candidate: CAN-2001-1407
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1407
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030318-01
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=96085
Reference: REDHAT:RHSA-2001:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html
Reference: XF:bugzilla-duplicate-view-restricted(10479)
Reference: URL:http://www.iss.net/security_center/static/10479.php

Bugzilla before 2.14 allows Bugzilla users to bypass group security
checks by marking a bug as the duplicate of a restricted bug, which
adds the user to the CC list of the restricted bug and allows the user
to view the bug.


Modifications:
  ADDREF XF:bugzilla-duplicate-view-restricted(10479)

INFERRED ACTION: CAN-2001-1407 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Armstrong, Green, Baker, Cox
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:bugzilla-duplicate-view-restricted(10479)


======================================================
Candidate: CAN-2002-0006
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0006
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020108
Category: SF
Reference: BUGTRAQ:20020109 xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101060676210255&w=2
Reference: DEBIAN:DSA-099
Reference: URL:http://www.debian.org/security/2002/dsa-099
Reference: REDHAT:RHSA-2002:005
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-005.html
Reference: HP:HPSBTL0201-016
Reference: URL:http://online.securityfocus.com/advisories/3806
Reference: CONECTIVA:CLA-2002:453
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000453
Reference: XF:xchat-ctcp-ping-command(7856)
Reference: URL:http://xforce.iss.net/static/7856.php
Reference: BID:3830
Reference: URL:http://www.securityfocus.com/bid/3830

XChat 1.8.7 and earlier, including default configurations of 1.4.2 and
1.4.3, allows remote attackers to execute arbitrary IRC commands as
other clients via encoded characters in a PRIVMSG command that calls
CTCP PING, which expands the characters in the client response when
the percascii variable is set.

INFERRED ACTION: CAN-2002-0006 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(6) Baker, Frech, Cox, Wall, Cole, Alderson
   NOOP(2) Foat, Christey

Voter Comments:
 Christey> Consider adding BID:3830


======================================================
Candidate: CAN-2002-0009
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0009
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030319-01
Proposed: 20020131
Assigned: 20020109
Category: SF
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=102141
Reference: XF:bugzilla-showbug-reveal-bugs(7802)
Reference: URL:http://www.iss.net/security_center/static/7802.php
Reference: BID:3798
Reference: URL:http://www.securityfocus.com/bid/3798

show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs
Access" privileges to see other products that are not accessible to
the user, by submitting a bug and reading the resulting Product
pulldown menu.


Modifications:
  ADDREF XF:bugzilla-showbug-reveal-bugs(7802)
  ADDREF BID:3798

INFERRED ACTION: CAN-2002-0009 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Green
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:bugzilla-showbug-reveal-bugs(7802)


======================================================
Candidate: CAN-2002-0011
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0011
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030319-01
Proposed: 20020131
Assigned: 20020109
Category: SF
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=98146
Reference: XF:bugzilla-doeditvotes-login-information(7803)
Reference: URL:http://www.iss.net/security_center/static/7803.php
Reference: BID:3800
Reference: URL:http://www.securityfocus.com/bid/3800

Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may
allow remote attackers to more easily conduct attacks on the login.


Modifications:
  ADDREF XF:bugzilla-doeditvotes-login-information(7803)
  ADDREF BID:3800

INFERRED ACTION: CAN-2002-0011 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Green
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:bugzilla-doeditvotes-login-information(7803)


======================================================
Candidate: CAN-2002-0014
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0014
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020110
Category: SF
Reference: BUGTRAQ:20020105 Pine 4.33 (at least) URL handler allows embedded commands.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101027841605918&w=2
Reference: REDHAT:RHSA-2002:009
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-009.html
Reference: ENGARDE:ESA-20020114-002
Reference: CONECTIVA:CLA-2002:460
Reference: FREEBSD:FreeBSD-SA-02:05
Reference: HP:HPSBTL0201-015
Reference: BID:3815
Reference: URL:http://online.securityfocus.com/bid/3815

URL-handling code in Pine 4.43 and earlier allows remote attackers to
execute arbitrary commands via a URL enclosed in single quotes and
containing shell metacharacters (&).

INFERRED ACTION: CAN-2002-0014 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong
   NOOP(2) Foat, Christey

Voter Comments:
 Christey> Consider adding BID:3815


======================================================
Candidate: CAN-2002-0017
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0017
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030319-01
Proposed: 20020502
Assigned: 20020111
Category: SF
Reference: ISS:20020403 Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon
Reference: URL:http://www.iss.net/security_center/alerts/advise113.php
Reference: SGI:20020201-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-P
Reference: BID:4421
Reference: URL:http://www.securityfocus.com/bid/4421
Reference: XF:irix-snmp-bo(7846)
Reference: URL:http://www.iss.net/security_center/static/7846.php

Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m
allows remote attackers to execute arbitrary code via an SNMP request.


Modifications:
  ADDREF BID:4421
  ADDREF XF:irix-snmp-bo(7846)

INFERRED ACTION: CAN-2002-0017 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Levy, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(4) Cox, Wall, Foat, Christey

Voter Comments:
 Christey> Consider adding BID:4421
 Levy> BID 4421
 Frech> XF:irix-snmp-bo(7846)


======================================================
Candidate: CAN-2002-0024
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0024
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030319-01
Proposed: 20020315
Assigned: 20020114
Category: SF
Reference: MS:MS02-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp
Reference: BID:4087
Reference: URL:http://www.securityfocus.com/bid/4087

File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an
attacker to use the Content-Disposition and Content-Type HTML header
fields to modify how the name of the file is displayed, which could
trick a user into believing that a file is safe to download.


Modifications:
  ADDREF BID:4087

INFERRED ACTION: CAN-2002-0024 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Ziese, Wall, Foat, Cole, Green
   NOOP(1) Christey

Voter Comments:
 Christey> Consider adding BID:4087


======================================================
Candidate: CAN-2002-0032
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0032
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030319-01
Proposed: 20020611
Assigned: 20020116
Category: SF
Reference: BUGTRAQ:20020527 Yahoo Messenger - Multiple Vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/274223
Reference: CERT:CA-2002-16
Reference: URL:http://www.cert.org/advisories/CA-2002-16.html
Reference: CERT-VN:VU#172315
Reference: URL:http://www.kb.cert.org/vuls/id/172315
Reference: BID:4838
Reference: URL:http://www.securityfocus.com/bid/4838
Reference: XF:yahoo-messenger-script-injection(9184)
Reference: URL:http://www.iss.net/security_center/static/9184.php

Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to
execute arbitrary script as other users via the addview parameter of a
ymsgr URI.


Modifications:
  ADDREF XF:yahoo-messenger-script-injection(9184)

INFERRED ACTION: CAN-2002-0032 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(3) Cox, Foat, Christey

Voter Comments:
 Christey> XF:yahoo-messenger-script-injection(9184)
   URL:http://www.iss.net/security_center/static/9184.php
 Frech> XF:yahoo-messenger-script-injection(9184)


======================================================
Candidate: CAN-2002-0033
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0033
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030319-01
Proposed: 20020611
Assigned: 20020116
Category: SF
Reference: BUGTRAQ:20020505 [LSD] Solaris cachefsd remote buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0026.html
Reference: CERT:CA-2002-11
Reference: URL:http://www.cert.org/advisories/CA-2002-11.html
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309
Reference: CERT-VN:VU#635811
Reference: URL:http://www.kb.cert.org/vuls/id/635811
Reference: BID:4674
Reference: URL:http://www.securityfocus.com/bid/4674
Reference: XF:solaris-cachefsd-name-bo(8999)
Reference: URL:http://www.iss.net/security_center/static/8999.php

Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd
allows remote attackers to execute arbitrary code via a request with a
long directory and cache name.


Modifications:
  ADDREF XF:solaris-cachefsd-name-bo(8999)
  DESC change "heap overflow" to "heap-based buffer overflow"

INFERRED ACTION: CAN-2002-0033 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(2) Cox, Christey

Voter Comments:
 Christey> Note: this is a different vulnerability than CAN-2002-0084.
   However, if there are different patches for the 2 issues, then
   they may need to be merged per CD:SF-LOC.
 Frech> XF:solaris-cachefsd-name-bo(8999)


======================================================
Candidate: CAN-2002-0042
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0042
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020116
Category: SF
Reference: SGI:20020402-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020402-01-P
Reference: XF:irix-xfs-dos(8839)
Reference: URL:http://www.iss.net/security_center/static/8839.php
Reference: BID:4511
Reference: URL:http://www.securityfocus.com/bid/4511

Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows
local users to cause a denial of service (hang) by creating a file
that is not properly processed by XFS.

INFERRED ACTION: CAN-2002-0042 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0054
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030319-01
Proposed: 20020315
Assigned: 20020202
Category: SF
Reference: MS:MS02-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-011.asp
Reference: BID:4205
Reference: URL:http://www.securityfocus.com/bid/4205
Reference: BUGTRAQ:20020301 IIS SMTP component allows mail relaying via Null Session
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101501580409373&w=2

SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail
Connector (IMC) in Exchange Server 5.5 does not properly handle
responses to NTLM authentication, which allows remote attackers to
perform mail relaying via an SMTP AUTH command using null session
credentials.


Modifications:
  ADDREF BID:4205
  ADDREF BUGTRAQ:20020301 IIS SMTP component allows mail relaying via Null Session
  DESC add "SMTP AUTH" and null session info to desc

INFERRED ACTION: CAN-2002-0054 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Ziese, Wall, Foat, Cole, Green
   NOOP(1) Christey

Voter Comments:
 Christey> Consider adding BID:4205
 Christey> BUGTRAQ:20020301 IIS SMTP component allows mail relaying via Null Session
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101501580409373&w=2

   Add details to desc, specifically that the issue is related
   to null sessions and SMTP AUTH.


======================================================
Candidate: CAN-2002-0061
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0061
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030319-01
Proposed: 20020611
Assigned: 20020213
Category: SF
Reference: BUGTRAQ:20020321 Vulnerability in Apache for Win32 batch file processing - Remote command execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101674082427358&w=2
Reference: BUGTRAQ:20020325 Apache 1.3.24 Released! (fwd)
Reference: URL:http://online.securityfocus.com/archive/1/263927
Reference: XF:apache-dos-batch-command-execution(8589)
Reference: URL:http://www.iss.net/security_center/static/8589.php
Reference: BID:4335
Reference: URL:http://www.securityfocus.com/bid/4335
Reference: CONFIRM:http://www.apacheweek.com/issues/02-03-29#apache1324

Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows
remote attackers to execute arbitrary commands via shell
metacharacters (a | pipe character) provided as arguments to batch
(.bat) or .cmd scripts, which are sent unfiltered to the shell
interpreter, typically cmd.exe.


Modifications:
  ADDREF CONFIRM:http://www.apacheweek.com/issues/02-03-29#apache1324

INFERRED ACTION: CAN-2002-0061 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Green
   MODIFY(1) Cox
   NOOP(1) Christey

Voter Comments:
 Christey> Consider adding BID:4335
 Christey> XF:apache-dos-batch-command-execution(8589)
   URL:http://www.iss.net/security_center/static/8589.php
 Cox> ADDREF: http://www.apacheweek.com/issues/02-03-29#apache1324


======================================================
Candidate: CAN-2002-0062
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0062
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030319-02
Proposed: 20020315
Assigned: 20020213
Category: SF
Reference: REDHAT:RHSA-2002:020
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-020.html
Reference: DEBIAN:DSA-113
Reference: URL:http://www.debian.org/security/2002/dsa-113
Reference: BID:2116
Reference: URL:http://online.securityfocus.com/bid/2116
Reference: XF:gnu-ncurses-window-bo(8222)
Reference: URL:http://www.iss.net/security_center/static/8222.php

Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package
as used in Red Hat Linux, allows local users to gain privileges,
related to "routines for moving the physical cursor and scrolling."


Modifications:
  ADDREF BID:2116
  DESC clarify ncurses4 package
  ADDREF XF:gnu-ncurses-window-bo(8222)

INFERRED ACTION: CAN-2002-0062 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Ziese, Wall, Cole, Green
   NOOP(3) Jones, Foat, Christey

Voter Comments:
 Christey> BID:2116
   URL:http://online.securityfocus.com/bid/2116
   Also need to add other vendor advisories.
 Christey> Consider adding BID:2116
 Christey> Specifically state that the ncurses4 compatibility package
   is Red Hat's.  Also say that the problem is in the
   "routines for moving the physical cursor and scrolling"
   as stated by Daniel Jacobowitz.


======================================================
Candidate: CAN-2002-0067
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0067
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020817-01
Proposed: 20020315
Assigned: 20020219
Category: SF
Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: REDHAT:RHSA-2002:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html
Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2
Reference: MANDRAKE:MDKSA-2002:016
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
Reference: CALDERA:CSSA-2002-SCO.7
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
Reference: CONECTIVA:CLA-2002:464
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
Reference: FREEBSD:FreeBSD-SA-02:12
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
Reference: XF:squid-htcp-enabled(8261)
Reference: URL:http://www.iss.net/security_center/static/8261.php
Reference: BID:4150
Reference: URL:http://www.securityfocus.com/bid/4150

Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even
when "htcp_port 0" is specified in squid.conf, which could allow
remote attackers to bypass intended access restrictions.


Modifications:
  ADDREF BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
  ADDREF BUGTRAQ:20020222 TSLSA-2002-0031 - squid
  ADDREF MANDRAKE:MDKSA-2002:016
  CHANGEREF REDHAT [normalize]
  ADDREF CALDERA:CSSA-2002-SCO.7
  ADDREF CONECTIVA:CLA-2002:464
  ADDREF FREEBSD:FreeBSD-SA-02:12
  ADDREF XF:squid-htcp-enabled(8261)
  ADDREF BID:4150
  DESC change version from STABLE2 to STABLE3

INFERRED ACTION: CAN-2002-0067 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Ziese, Wall, Cole, Green
   MODIFY(2) Cox, Jones
   NOOP(2) Foat, Christey

Voter Comments:
 Christey> BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2
 Christey> BUGTRAQ:20020222 TSLSA-2002-0031 - squid
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2
 Christey> MANDRAKE:MDKSA-2002:016
 Christey> Fix ref: REDHAT:REDHAT:RHSA-2002:029
 Jones> Change description to "Squid 2.4 STABLE3 and earlier" (vice
   STABLE2).  Change description from "...which could allow
   remote attackers to bypass intended access restrictions" to
   "...which could allow remote attackers to access and/or modify
   cached data".
 Christey> CALDERA:CSSA-2002-SCO.7
   URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
   CONECTIVA:CLA-2002:464
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
   BUGTRAQ:20020222 TSLSA-2002-0031 - squid
   URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0257.html
   MANDRAKE:MDKSA-2002:016
   URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php3
   FREEBSD:FreeBSD-SA-02:12
   URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
   XF:squid-htcp-enabled(8261)
   URL:http://www.iss.net/security_center/static/8261.php
   BID:4150
   URL:http://www.securityfocus.com/bid/4150
 Cox> This references REDHAT:REDHAT:RHSA-2002:029 instead of
   REDHAT:RHSA-2002:029


======================================================
Candidate: CAN-2002-0068
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0068
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030319-02
Proposed: 20020315
Assigned: 20020219
Category: SF
Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: BUGTRAQ:20020222 Squid buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440163111826&w=2
Reference: REDHAT:RHSA-2002:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html
Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2
Reference: MANDRAKE:MDKSA-2002:016
Reference: CALDERA:CSSA-2002-010.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt
Reference: CALDERA:CSSA-2002-SCO.7
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
Reference: CONECTIVA:CLA-2002:464
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
Reference: SUSE:SuSE-SA:2002:008
Reference: URL:http://www.suse.com/de/support/security/2002_008_squid_txt.html
Reference: FREEBSD:FreeBSD-SA-02:12
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
Reference: BID:4148
Reference: URL:http://www.securityfocus.com/bid/4148
Reference: XF:squid-ftpbuildtitleurl-bo(8258)
Reference: URL:http://www.iss.net/security_center/static/8258.php

Squid 2.4 STABLE3 and earlier allows remote attackers to cause a
denial of service (core dump) and possibly execute arbitrary code with
an ftp:// URL with a larger number of special characters, which exceed
the buffer when Squid URL-escapes the characters.


Modifications:
  ADDREF BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
  ADDREF BUGTRAQ:20020222 TSLSA-2002-0031 - squid
  ADDREF MANDRAKE:MDKSA-2002:016
  CHANGEREF REDHAT [normalize]
  ADDREF CALDERA:CSSA-2002-010.0
  ADDREF CALDERA:CSSA-2002-SCO.7
  ADDREF CONECTIVA:CLA-2002:464
  ADDREF SUSE:SuSE-SA:2002:008
  ADDREF BUGTRAQ:20020222 Squid buffer overflow
  ADDREF FREEBSD:FreeBSD-SA-02:12
  ADDREF BID:4148
  ADDREF XF:squid-ftpbuildtitleurl-bo(8258)
  DESC add that the problem occurs during escape processing

INFERRED ACTION: CAN-2002-0068 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Ziese, Wall, Cole, Green
   MODIFY(2) Cox, Jones
   NOOP(2) Foat, Christey

Voter Comments:
 Christey> BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2
 Christey> BUGTRAQ:20020222 TSLSA-2002-0031 - squid
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2
 Christey> MANDRAKE:MDKSA-2002:016
 Christey> Fix ref: REDHAT:REDHAT:RHSA-2002:029
 Jones> Drop "malformed" from description; legitimate FTP URL with
   reasonable userid and password may cause crash.  Add enough detail
   to distinguish this vulnerability (i.e., the flaw is in
   authenticated FTP URL handling).
   Reference: BUGTRAQ:20020222 - Squid buffer overflow.
   Suggest: "Squid 2.4 STABLE3 and earlier contains a flaw in
   handling authenticated FTP URLs (FTP URLs with userID and
   passwords) which allows remote attackers to cause a denial of
   service (core dump) and possibly execute arbitrary code via
   ftp:// URLs."
 Christey> fix typo: "possible" should be "possibly"
   CALDERA:CSSA-2002-010.0
   URL:http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt
   CALDERA:CSSA-2002-SCO.7
   URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
   CONECTIVA:CLA-2002:464
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
   SUSE:SuSE-SA:2002:008
   URL:http://www.suse.com/de/support/security/2002_008_squid_txt.html
   BUGTRAQ:20020222 TSLSA-2002-0031 - squid
   URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0257.html
   MANDRAKE:MDKSA-2002:016
   URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php3
   BUGTRAQ:20020222 Squid buffer overflow
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440163111826&w=2
   FREEBSD:FreeBSD-SA-02:12
   URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
   BID:4148
   URL:http://www.securityfocus.com/bid/4148
   XF:squid-ftpbuildtitleurl-bo(8258)
   URL:http://www.iss.net/security_center/static/8258.php
 Cox> This references REDHAT:REDHAT:RHSA-2002:029 instead of
   REDHAT:RHSA-2002:029
 Christey> See Bugtraq post for more information... the problem isn't
   a malformed URL, it's that the string exceeds the buffer
   size when it is URL-escaped.


======================================================
Candidate: CAN-2002-0069
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0069
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020817-01
Proposed: 20020315
Assigned: 20020219
Category: SF
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: REDHAT:RHSA-2002:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html
Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2
Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2
Reference: MANDRAKE:MDKSA-2002:016
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
Reference: CALDERA:CSSA-2002-SCO.7
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
Reference: CONECTIVA:CLA-2002:464
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
Reference: FREEBSD:FreeBSD-SA-02:12
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
Reference: XF:squid-snmp-dos(8260)
Reference: URL:http://www.iss.net/security_center/static/8260.php
Reference: BID:4146
Reference: URL:http://www.securityfocus.com/bid/4146

Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote
attackers to cause a denial of service.


Modifications:
  DESC change STABLE2 to STABLE3
  ADDREF BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
  ADDREF BUGTRAQ:20020222 TSLSA-2002-0031 - squid
  ADDREF MANDRAKE:MDKSA-2002:016
  CHANGEREF REDHAT [normalize]
  ADDREF CALDERA:CSSA-2002-SCO.7
  ADDREF CONECTIVA:CLA-2002:464
  ADDREF FREEBSD:FreeBSD-SA-02:12
  ADDREF XF:squid-snmp-dos(8260)
  ADDREF BID:4146

INFERRED ACTION: CAN-2002-0069 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Ziese, Wall, Cole, Green
   MODIFY(2) Cox, Jones
   NOOP(2) Foat, Christey

Voter Comments:
 Christey> BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2
   Need to add version number to description (2.4)
 Christey> BUGTRAQ:20020222 TSLSA-2002-0031 - squid
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2
 Christey> MANDRAKE:MDKSA-2002:016
 Christey> Fix ref: REDHAT:REDHAT:RHSA-2002:029
 Jones> Add version info to description (like 2002-0068): Squid 2.4
   STABLE3 and earlier.
 Christey> CALDERA:CSSA-2002-SCO.7
   URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
   CONECTIVA:CLA-2002:464
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
   BUGTRAQ:20020222 TSLSA-2002-0031 - squid
   URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0257.html
   MANDRAKE:MDKSA-2002:016
   URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php3
   FREEBSD:FreeBSD-SA-02:12
   URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
   XF:squid-snmp-dos(8260)
   URL:http://www.iss.net/security_center/static/8260.php
   BID:4146
   URL:http://www.securityfocus.com/bid/4146
 Cox> This references REDHAT:REDHAT:RHSA-2002:029 instead of
   REDHAT:RHSA-2002:029


======================================================
Candidate: CAN-2002-0071
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0071
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030319-03
Proposed: 20020502
Assigned: 20020221
Category: SF
Reference: ATSTAKE:A041002-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a041002-1.txt
Reference: BUGTRAQ:20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101854087828265&w=2
Reference: VULNWATCH:20020411 [VulnWatch] KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: CERT-VN:VU#363715
Reference: URL:http://www.kb.cert.org/vuls/id/363715
Reference: XF:iis-htr-isapi-bo(8799)
Reference: URL:http://www.iss.net/security_center/static/8799.php
Reference: BID:4474
Reference: URL:http://www.securityfocus.com/bid/4474

Buffer overflow in the ism.dll ISAPI extension that implements HTR
scripting in Internet Information Server (IIS) 4.0 and 5.0 allows
attackers to cause a denial of service or execute arbitrary code via
HTR requests with long variable names.


Modifications:
  ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
  ADDREF XF:iis-htr-isapi-bo(8799)
  ADDREF BID:4474
  ADDREF CERT-VN:VU#363715

INFERRED ACTION: CAN-2002-0071 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Foat, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(2) Cox, Christey

Voter Comments:
 Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
   URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
 Frech> XF:iis-htr-isapi-bo(8799)


======================================================
Candidate: CAN-2002-0072
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0072
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030319-01
Proposed: 20020502
Assigned: 20020221
Category: SF
Reference: BUGTRAQ:20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101853851025208&w=2
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CERT-VN:VU#521059
Reference: URL:http://www.kb.cert.org/vuls/id/521059
Reference: XF:iis-isapi-filter-error-dos(8800)
Reference: URL:http://www.iss.net/security_center/static/8800.php
Reference: BID:4479
Reference: URL:http://www.securityfocus.com/bid/4479

The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET
for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not
properly handle the error condition when a long URL is provided, which
allows remote attackers to cause a denial of service (crash) when the
URL parser accesses a null pointer.


Modifications:
  ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
  ADDREF CERT-VN:VU#521059
  ADDREF XF:iis-isapi-filter-error-dos(8800)
  ADDREF BID:4479

INFERRED ACTION: CAN-2002-0072 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Foat, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(2) Cox, Christey

Voter Comments:
 Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
   URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
 Christey> CERT-VN:VU#521059
   URL:http://www.kb.cert.org/vuls/id/521059
   XF:iis-isapi-filter-error-dos(8800)
   URL:http://www.iss.net/security_center/static/8800.php
   BID:4479
   URL:http://www.securityfocus.com/bid/4479
 Frech> XF:iis-isapi-filter-error-dos(8800)


======================================================
Candidate: CAN-2002-0073
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0073
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030319-02
Proposed: 20020502
Assigned: 20020221
Category: SF
Reference: VULNWATCH:20020416 [VulnWatch] Microsoft FTP Service STAT Globbing DoS
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html
Reference: BUGTRAQ:20020417 Microsoft FTP Service STAT Globbing DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101901273810598&w=2
Reference: MISC:http://www.digitaloffense.net/msftpd/advisory.txt
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: XF:iis-ftp-session-status-dos(8801)
Reference: URL:http://www.iss.net/security_center/static/8801.php

The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1
allows attackers who have established an FTP session to cause a denial
of service via a specially crafted status request containing glob
characters.


Modifications:
  ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
  ADDREF VULNWATCH:20020416 [VulnWatch] Microsoft FTP Service STAT Globbing DoS
  ADDREF XF:iis-ftp-session-status-dos(8801)
  DESC add details as given in Vulnwatch post
  ADDREF BUGTRAQ:20020417 Microsoft FTP Service STAT Globbing DoS
  ADDREF MISC:http://www.digitaloffense.net/msftpd/advisory.txt

INFERRED ACTION: CAN-2002-0073 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Foat, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(2) Cox, Christey

Voter Comments:
 Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
   URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
 Christey> Looks like this might be related to:
   VULNWATCH:20020416 [VulnWatch] Microsoft FTP Service STAT Globbing DoS
   URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html
 Christey> Yep, confirmed by MS.
 Frech> XF:iis-ftp-session-status-dos(8801)


======================================================
Candidate: CAN-2002-0074
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0074
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-02
Proposed: 20020502
Assigned: 20020221
Category: SF
Reference: BUGTRAQ:20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues
Reference: URL:http://online.securityfocus.com/archive/1/266888
Reference: MISC:http://www.cgisecurity.com/advisory/9.txt
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CERT-VN:VU#883091
Reference: URL:http://www.kb.cert.org/vuls/id/883091
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: XF:iis-help-file-css(8802)
Reference: URL:http://www.iss.net/security_center/static/8802.php
Reference: BID:4483
Reference: URL:http://www.securityfocus.com/bid/4483

Cross-site scripting vulnerability in Help File search facility for
Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote
attackers to embed scripts into another user's session.


Modifications:
  ADDREF MISC:http://www.cgisecurity.com/advisory/9.txt
  ADDREF BUGTRAQ:20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues
  ADDREF CERT-VN:VU#883091
  ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
  ADDREF XF:iis-help-file-css(8802)
  ADDREF BID:4483

INFERRED ACTION: CAN-2002-0074 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Foat, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(2) Cox, Christey

Voter Comments:
 Christey> MISC:http://www.cgisecurity.com/advisory/9.txt
   BUGTRAQ:20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues
   URL:http://online.securityfocus.com/archive/1/266888
   CERT-VN:VU#883091
   URL:http://www.kb.cert.org/vuls/id/883091
 Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
   URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
 Frech> XF:iis-help-file-css(8802)


======================================================
Candidate: CAN-2002-0075
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0075
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-02
Proposed: 20020502
Assigned: 20020221
Category: SF
Reference: BUGTRAQ:20020411 [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101854677802990&w=2
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: CERT-VN:VU#520707
Reference: URL:http://www.kb.cert.org/vuls/id/520707
Reference: XF:iis-redirected-url-error-css(8804)
Reference: URL:http://www.iss.net/security_center/static/8804.php
Reference: BID:4487
Reference: URL:http://www.securityfocus.com/bid/4487

Cross-site scripting vulnerability for Internet Information Server
(IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary
script as other web users via the error message used in a URL redirect
(""302 Object Moved") message.


Modifications:
  ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
  ADDREF XF:iis-redirected-url-error-css(8804)
  ADDREF CERT-VN:VU#520707
  ADDREF BID:4487

INFERRED ACTION: CAN-2002-0075 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Foat, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(2) Cox, Christey

Voter Comments:
 Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
   URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
 Frech> XF:iis-redirected-url-error-css(8804)


======================================================
Candidate: CAN-2002-0076
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0076
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-02
Proposed: 20020502
Assigned: 20020221
Category: SF
Reference: MS:MS02-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-013.asp
Reference: SUN:00218
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218
Reference: COMPAQ:SSRT0822
Reference: BID:4313
Reference: XF:java-vm-verifier-variant(8480)
Reference: URL:http://www.iss.net/security_center/static/8480.php

Java Runtime Environment (JRE) Bytecode Verifier allows remote
attackers to escape the Java sandbox and execute commands via an
applet containing an illegal cast operation, as seen in (1) Microsoft
VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x,
(2) Netscape 6.2.1 and earlier, and possibly other implementations
that use vulnerable versions of SDK or JDK, aka a variant of the
"Virtual Machine Verifier" vulnerability.


Modifications:
  ADDREF BID:4313
  ADDREF COMPAQ:SSRT0822
  ADDREF XF:java-vm-verifier-variant(8480)

INFERRED ACTION: CAN-2002-0076 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Wall, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(3) Cox, Foat, Christey

Voter Comments:
 Christey> Consider adding BID:4313
 Christey> ADDREF COMPAQ:SSRT0822
 Christey> COMPAQ:SSRT0822
 Frech> XF:java-vm-verifier-variant(8480)


======================================================
Candidate: CAN-2002-0079
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0079
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-02
Proposed: 20020502
Assigned: 20020221
Category: SF
Reference: BUGTRAQ:20020410 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101846993304518&w=2
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: CERT-VN:VU#610291
Reference: URL:http://www.kb.cert.org/vuls/id/610291
Reference: XF:iis-asp-chunked-encoding-bo(8795)
Reference: URL:http://www.iss.net/security_center/static/8795.php
Reference: BID:4485
Reference: URL:http://www.securityfocus.com/bid/4485

Buffer overflow in the chunked encoding transfer mechanism in Internet
Information Server (IIS) 4.0 and 5.0 Active Server Pages allows
attackers to cause a denial of service or execute arbitrary code.


Modifications:
  ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
  ADDREF CERT-VN:VU#610291
  ADDREF BID:4485
  ADDREF XF:iis-asp-chunked-encoding-bo(8795)

INFERRED ACTION: CAN-2002-0079 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Foat, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(2) Cox, Christey

Voter Comments:
 Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
   URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
 Christey> XF:iis-asp-chunked-encoding-bo(8795)
   URL:http://www.iss.net/security_center/static/8795.php
   BID:4485
   URL:http://www.securityfocus.com/bid/4485
   CERT-VN:VU#610291
   URL:http://www.kb.cert.org/vuls/id/610291
 Frech> XF:iis-asp-chunked-encoding-bo(8795)


======================================================
Candidate: CAN-2002-0094
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0094
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020102 BSCW: Vulnerabilities and Problems
Reference: URL:http://www.securityfocus.com/archive/1/248000
Reference: MISC:http://bscw.gmd.de/WhatsNew.html
Reference: BID:3776
Reference: URL:http://www.securityfocus.com/bid/3776
Reference: XF:bscw-remote-shell-execution(7774)
Reference: URL:http://www.iss.net/security_center/static/7774.php

config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x
and versions before 4.06 allows remote attackers to execute arbitrary
commands via shell metacharacters in the file name during filename
conversion.

INFERRED ACTION: CAN-2002-0094 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Frech, Cole, Green
   NOOP(3) Ziese, Wall, Foat


======================================================
Candidate: CAN-2002-0095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0095
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020102 BSCW: Vulnerabilities and Problems
Reference: URL:http://www.securityfocus.com/archive/1/248000
Reference: BID:3777
Reference: URL:http://www.securityfocus.com/bid/3777
Reference: XF:bscw-default-installation-registration(7775)
Reference: URL:http://www.iss.net/security_center/static/7775.php

The default configuration of BSCW (Basic Support for Cooperative Work)
3.x and possibly version 4 enables user self registration, which could
allow remote attackers to upload files and possibly join a user
community that was intended to be closed.

INFERRED ACTION: CAN-2002-0095 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Frech, Cole, Green
   NOOP(3) Ziese, Wall, Foat


======================================================
Candidate: CAN-2002-0120
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0120
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020112 Palm Desktop 4.0b76-77 for Mac OS X
Reference: URL:http://online.securityfocus.com/archive/1/250093
Reference: BID:3863
Reference: URL:http://online.securityfocus.com/bid/3863
Reference: XF:palm-macos-backup-permissions(7937)
Reference: URL:http://www.iss.net/security_center/static/7937.php

Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup
files and folders when a hotsync is performed, which could allow a
local user to obtain sensitive information.

INFERRED ACTION: CAN-2002-0120 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Frech, Foat, Green
   NOOP(2) Wall, Cole


======================================================
Candidate: CAN-2002-0123
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0123
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020114 Web Server 4D/eCommerce 3.5.3 DoS Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/250242
Reference: BID:3874
Reference: URL:http://online.securityfocus.com/bid/3874
Reference: XF:ws4d-long-url-dos(7879)
Reference: URL:http://www.iss.net/security_center/static/7879.php

MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier,
and possibly 3.5.3, allows remote attackers to cause a denial of
service and possibly execute arbitrary commands via a long HTTP
request.

INFERRED ACTION: CAN-2002-0123 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Frech, Cole, Green
   NOOP(4) Ziese, Balinsky, Wall, Foat

Voter Comments:
 Green> website is very vague regarding vulnerabilities, but the upgrade message is clear enough.


======================================================
Candidate: CAN-2002-0146
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0146
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020817-01
Proposed: 20020611
Assigned: 20020318
Category: SF
Reference: REDHAT:RHSA-2002:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-047.html
Reference: CALDERA:CSSA-2002-027.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-027.0.txt
Reference: HP:HPSBTL0205-042
Reference: URL:http://online.securityfocus.com/advisories/4145
Reference: MANDRAKE:MDKSA-2002:036
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-036.php
Reference: BID:4788
Reference: URL:http://www.securityfocus.com/bid/4788
Reference: XF:fetchmail-imap-msgnum-bo(9133)
Reference: URL:http://www.iss.net/security_center/static/9133.php

fetchmail email client before 5.9.10 does not properly limit the
maximum number of messages available, which allows a remote IMAP
server to overwrite memory via a message count that exceeds the
boundaries of an array.


Modifications:
  ADDREF CALDERA:CSSA-2002-027.0
  ADDREF HP:HPSBTL0205-042
  ADDREF MANDRAKE:MDKSA-2002:036
  ADDREF BID:4788
  ADDREF XF:fetchmail-imap-msgnum-bo(9133)

INFERRED ACTION: CAN-2002-0146 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(2) Christey, Foat

Voter Comments:
 Christey> CALDERA:CSSA-2002-027.0
   URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-027.0.txt
   HP:HPSBTL0205-042
   URL:http://online.securityfocus.com/advisories/4145
   MANDRAKE:MDKSA-2002:036
   URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-036.php
   BID:4788
   URL:http://www.securityfocus.com/bid/4788
   XF:fetchmail-imap-msgnum-bo(9133)
   URL:http://www.iss.net/security_center/static/9133.php
 Frech> XF:fetchmail-imap-msgnum-bo(9133)


======================================================
Candidate: CAN-2002-0147
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0147
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-02
Proposed: 20020502
Assigned: 20020319
Category: SF
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: CERT-VN:VU#669779
Reference: URL:http://www.kb.cert.org/vuls/id/669779
Reference: BID:4490
Reference: URL:http://www.securityfocus.com/bid/4490
Reference: XF:iis-asp-data-transfer-bo(8796)
Reference: URL:http://www.iss.net/security_center/static/8796.php

Buffer overflow in the ASP data transfer mechanism in Internet
Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to
cause a denial of service or execute code, aka "Microsoft-discovered
variant of Chunked Encoding buffer overrun."


Modifications:
  ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
  ADDREF CERT-VN:VU#669779
  ADDREF BID:4490
  ADDREF XF:iis-asp-data-transfer-bo(8796)

INFERRED ACTION: CAN-2002-0147 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Foat, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
   URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
 Christey> CERT-VN:VU#669779
   URL:http://www.kb.cert.org/vuls/id/669779
   BID:4490
   URL:http://www.securityfocus.com/bid/4490
 Frech> XF:iis-asp-data-transfer-bo(8796)


======================================================
Candidate: CAN-2002-0148
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0148
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-02
Proposed: 20020502
Assigned: 20020319
Category: SF
Reference: BUGTRAQ:20020410 IIS allows universal CrossSiteScripting
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: XF:iis-http-error-page-css(8803)
Reference: URL:http://www.iss.net/security_center/static/8803.php
Reference: CERT-VN:VU#886699
Reference: URL:http://www.kb.cert.org/vuls/id/886699
Reference: BID:4486
Reference: URL:http://www.securityfocus.com/bid/4486

Cross-site scripting vulnerability in Internet Information Server
(IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary
script as other users via an HTTP error page.


Modifications:
  ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
  ADDREF XF:iis-http-error-page-css(8803)
  ADDREF CERT-VN:VU#886699
  ADDREF BID:4486

INFERRED ACTION: CAN-2002-0148 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Foat, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
   URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
 Frech> XF:iis-http-error-page-css(8803)


======================================================
Candidate: CAN-2002-0149
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0149
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-02
Proposed: 20020502
Assigned: 20020319
Category: SF
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: CERT-VN:VU#721963
Reference: URL:http://www.kb.cert.org/vuls/id/721963
Reference: XF:iis-ssi-safety-check-bo(8798)
Reference: URL:http://www.iss.net/security_center/static/8798.php
Reference: BID:4478
Reference: URL:http://www.securityfocus.com/bid/4478

Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0
and 5.1 allows remote attackers to cause a denial of service and
possibly execute arbitrary code via long file names.


Modifications:
  ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
  ADDREF XF:iis-ssi-safety-check-bo(8798)
  ADDREF CERT-VN:VU#721963
  ADDREF BID:4478

INFERRED ACTION: CAN-2002-0149 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Foat, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
   URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
 Frech> XF:iis-ssi-safety-check-bo(8798)


======================================================
Candidate: CAN-2002-0150
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0150
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-02
Proposed: 20020502
Assigned: 20020319
Category: SF
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: CERT-VN:VU#454091
Reference: URL:http://www.kb.cert.org/vuls/id/454091
Reference: XF:iis-asp-http-header-bo(8797)
Reference: URL:http://www.iss.net/security_center/static/8797.php
Reference: BID:4476
Reference: URL:http://www.securityfocus.com/bid/4476

Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1
allows remote attackers to spoof the safety check for HTTP headers and
cause a denial of service or execute arbitrary code via HTTP header
field values.


Modifications:
  ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
  ADDREF XF:iis-asp-http-header-bo(8797)
  ADDREF CERT-VN:VU#454091

INFERRED ACTION: CAN-2002-0150 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Wall, Foat, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
   URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
 Frech> XF:iis-asp-http-header-bo(8797)


======================================================
Candidate: CAN-2002-0155
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0155
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020611
Assigned: 20020319
Category: SF
Reference: BUGTRAQ:20020508 ADVISORY: MSN Messenger OCX Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102089960531919&w=2
Reference: VULNWATCH:20020508 [VulnWatch] ADVISORY: MSN Messenger OCX Buffer Overflow
Reference: MS:MS02-022
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-022.asp
Reference: CERT:CA-2002-13
Reference: URL:http://www.cert.org/advisories/CA-2002-13.html
Reference: XF:msn-chatcontrol-resdll-bo(9041)
Reference: URL:http://www.iss.net/security_center/static/9041.php
Reference: BID:4707
Reference: URL:http://www.securityfocus.com/bid/4707

Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN
Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6,
allows remote attackers to execute arbitrary code via a long ResDLL
parameter in the MSNChat OCX.


Modifications:
  ADDREF XF:msn-chatcontrol-resdll-bo(9041)
  ADDREF BID:4707

INFERRED ACTION: CAN-2002-0155 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> XF:msn-chatcontrol-resdll-bo(9041)
   URL:http://www.iss.net/security_center/static/9041.php
   BID:4707
   URL:http://www.securityfocus.com/bid/4707
 Frech> XF:msn-chatcontrol-resdll-bo(9041)


======================================================
Candidate: CAN-2002-0157
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0157
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020325
Category: SF
Reference: BUGTRAQ:20020502 R7-0003: Nautilus Symlink Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/270691/2002-04-29/2002-05-05/0
Reference: REDHAT:RHSA-2002:064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-064.html
Reference: XF:nautilus-metafile-xml-symlink(8995)
Reference: URL:http://www.iss.net/security_center/static/8995.php
Reference: BID:4373
Reference: URL:http://www.securityfocus.com/bid/4373

Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary
files via a symlink attack on the .nautilus-metafile.xml metadata
file.


Modifications:
  ADDREF XF:nautilus-metafile-xml-symlink(8995)

INFERRED ACTION: CAN-2002-0157 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 Frech> XF:nautilus-metafile-xml-symlink(8995)


======================================================
Candidate: CAN-2002-0163
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0163
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-02
Proposed: 20020502
Assigned: 20020328
Category: SF
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_2.txt
Reference: FREEBSD:FreeBSD-SA-02:19
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc
Reference: MANDRAKE:MDKSA-2002:027
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php
Reference: BUGTRAQ:20020326 updated squid advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101716495023226&w=2
Reference: CALDERA:CSSA-2002-017.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt
Reference: CALDERA:CSSA-2002-SCO.26
Reference: REDHAT:RHSA-2002:051
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-051.html
Reference: BID:4363
Reference: URL:http://www.securityfocus.com/bid/4363
Reference: XF:squid-dns-reply-dos(8628)
Reference: URL:http://www.iss.net/security_center/static/8628.php

Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5
and 2.6 until March 12, 2002 distributions, allows remote attackers to
cause a denial of service, and possibly execute arbitrary code, via
compressed DNS responses.


Modifications:
  ADDREF BID:4363
  ADDREF XF:squid-dns-reply-dos(8628)
  ADDREF BUGTRAQ:20020326 updated squid advisory
  ADDREF CALDERA:CSSA-2002-017.0
  ADDREF FREEBSD:FreeBSD-SA-02:19
  ADDREF CALDERA:CSSA-2002-SCO.26
  ADDREF REDHAT:RHSA-2002:051
  DESC change "heap overflow" to "heap-based buffer overflow"

INFERRED ACTION: CAN-2002-0163 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cox, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(3) Christey, Wall, Foat

Voter Comments:
 Christey> BID:4363
   URL:http://www.securityfocus.com/bid/4363
   XF:squid-dns-reply-dos(8628)
   URL:http://www.iss.net/security_center/static/8628.php
   BUGTRAQ:20020326 updated squid advisory
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101716495023226&w=2
   CALDERA:CSSA-2002-017.0
   MANDRAKE:MDKSA-2002:027
   FREEBSD:FreeBSD-SA-02:19
 Christey> CALDERA:CSSA-2002-017.1
   URL:http://www.caldera.com/support/security/advisories/CSSA-2002-017.1.txt
   BID:4363
   URL:http://www.securityfocus.com/bid/4363
 Christey> CALDERA:CSSA-2002-SCO.26
 Christey> REDHAT:RHSA-2002:051 (per Mark Cox)
 Frech> XF:squid-dns-reply-dos(8628)


======================================================
Candidate: CAN-2002-0169
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0169
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020817-01
Proposed: 20020611
Assigned: 20020411
Category: CF
Reference: REDHAT:RHSA-2002:062
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-062.html
Reference: HP:HPSBTL0205-038
Reference: URL:http://online.securityfocus.com/advisories/4095
Reference: XF:linux-docbook-stylesheet-insecure(8983)
Reference: URL:http://www.iss.net/security_center/static/8983.php
Reference: BID:4654
Reference: URL:http://online.securityfocus.com/bid/4654

The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is
installed with an insecure option enabled, which could allow users to
overwrite files outside of the current directory from an untrusted
document by using a full pathname as an element identifier.


Modifications:
  ADDREF HP:HPSBTL0205-038
  ADDREF XF:linux-docbook-stylesheet-insecure(8983)
  ADDREF BID:4654

INFERRED ACTION: CAN-2002-0169 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 Frech> XF:linux-docbook-stylesheet-insecure(8983)


======================================================
Candidate: CAN-2002-0170
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0170
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020411
Category: SF
Reference: BUGTRAQ:20020301 [matt@zope.com: [Zope-Annce] Zope Hotfix 2002-03-01 (Ownership Roles Enforcement)]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101503023511996&w=2
Reference: CONFIRM:http://www.zope.org/Products/Zope/hotfixes/
Reference: REDHAT:RHSA-2002:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-060.html
Reference: XF:zope-proxy-role-privileges(8334)
Reference: URL:http://www.iss.net/security_center/static/8334.php
Reference: BID:4229
Reference: URL:http://www.securityfocus.com/bid/4229

Zope 2.2.0 through 2.5.1 does not properly verify the access for
objects with proxy roles, which could allow some users to access
documents in violation of the intended configuration.


Modifications:
  ADDREF REDHAT:RHSA-2002:060
  ADDREF XF:zope-proxy-role-privileges(8334)
  ADDREF BID:4229

INFERRED ACTION: CAN-2002-0170 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cox, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(3) Christey, Wall, Foat

Voter Comments:
 Frech> XF:zope-proxy-role-privileges(8334)
 Christey> REDHAT:RHSA-2002:060
   URL:http://www.redhat.com/support/errata/RHSA-2002-060.html


======================================================
Candidate: CAN-2002-0171
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0171
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020411
Category: SF
Reference: SGI:20020406-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020406-01-P
Reference: XF:irix-irisconsole-icadmin-access(8933)
Reference: URL:http://www.iss.net/security_center/static/8933.php
Reference: BID:4588
Reference: URL:http://www.securityfocus.com/bid/4588

IRISconsole 2.0 may allow users to log into the icadmin account with
an incorrect password in some circumstances, which could allow users
to gain privileges.


Modifications:
  ADDREF XF:irix-irisconsole-icadmin-access(8933)
  ADDREF BID:4588

INFERRED ACTION: CAN-2002-0171 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(3) Cox, Wall, Foat

Voter Comments:
 Frech> XF:irix-irisconsole-icadmin-access(8933)


======================================================
Candidate: CAN-2002-0172
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0172
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020411
Category: CF
Reference: SGI:20020408-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020408-01-I
Reference: XF:irix-ipfilter-dos(8960)
Reference: URL:http://www.iss.net/security_center/static/8960.php
Reference: BID:4648
Reference: URL:http://online.securityfocus.com/bid/4648

/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with
insecure default permissions (644), which could allow a local user to
cause a denial of service (traffic disruption).


Modifications:
  ADDREF XF:irix-ipfilter-dos(8960)
  ADDREF BID:4648

INFERRED ACTION: CAN-2002-0172 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> BID:4648
   URL:http://online.securityfocus.com/bid/4648
 Frech> XF:irix-ipfilter-dos(8960)


======================================================
Candidate: CAN-2002-0173
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0173
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020411
Category: SF
Reference: SGI:20020409-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020409-01-I
Reference: BID:4644
Reference: URL:http://www.securityfocus.com/bid/4644
Reference: XF:irix-cpr-bo(8959)
Reference: URL:http://www.iss.net/security_center/static/8959.php

Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart
Software package on SGI IRIX 6.5.10 and earlier may allow local users
to gain root privileges.


Modifications:
  ADDREF BID:4644
  ADDREF XF:irix-cpr-bo(8959)

INFERRED ACTION: CAN-2002-0173 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> BID:4644
   URL:http://www.securityfocus.com/bid/4644
 Frech> XF:irix-cpr-bo(8959)


======================================================
Candidate: CAN-2002-0174
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0174
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020611
Assigned: 20020411
Category: SF
Reference: SGI:20020501-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020501-01-I
Reference: XF:irix-nsd-symlink(8981)
Reference: URL:http://www.iss.net/security_center/static/8981.php
Reference: BID:4655
Reference: URL:http://www.securityfocus.com/bid/4655

nsd on SGI IRIX before 6.5.11 allows local users to overwrite
arbitrary files and gain root privileges via a symlink attack on the
nsd.dump file.


Modifications:
  ADDREF XF:irix-nsd-symlink(8981)
  ADDREF BID:4655

INFERRED ACTION: CAN-2002-0174 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(3) Cox, Wall, Foat

Voter Comments:
 Frech> XF:irix-nsd-symlink(8981)


======================================================
Candidate: CAN-2002-0178
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0178
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-02
Proposed: 20020611
Assigned: 20020417
Category: SF
Reference: MISC:http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en
Reference: REDHAT:RHSA-2002:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-065.html
Reference: HP:HPSBTL0205-040
Reference: URL:http://online.securityfocus.com/advisories/4132
Reference: MANDRAKE:MDKSA-2002:052
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php
Reference: XF:sharutils-uudecode-symlink(9075)
Reference: URL:http://www.iss.net/security_center/static/9075.php
Reference: BID:4742
Reference: URL:http://www.securityfocus.com/bid/4742
Reference: BUGTRAQ:20021030 GLSA: sharutils
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103599320902432&w=2
Reference: CERT-VN:VU#336083
Reference: URL:http://www.kb.cert.org/vuls/id/336083
Reference: CALDERA:CSSA-2002-040.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt
Reference: COMPAQ:SSRT2301

uudecode, as available in the sharutils package before 4.2.1, does not
check whether the filename of the uudecoded file is a pipe or symbolic
link, which could allow attackers to overwrite files or execute
commands.


Modifications:
  ADDREF HP:HPSBTL0205-040
  ADDREF MANDRAKE:MDKSA-2002:052
  ADDREF XF:sharutils-uudecode-symlink(9075)
  ADDREF BID:4742
  ADDREF MISC:http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en
  ADDREF BUGTRAQ:20021030 GLSA: sharutils
  ADDREF CERT-VN:VU#336083
  ADDREF CALDERA:CSSA-2002-040.0
  ADDREF COMPAQ:SSRT2301

INFERRED ACTION: CAN-2002-0178 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Green
   MODIFY(1) Cox
   NOOP(1) Christey

Voter Comments:
 Cox> ADDREF: http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en
 Christey> HP:HPSBTL0205-040
   URL:http://online.securityfocus.com/advisories/4132
   XF:sharutils-uudecode-symlink(9075)
   URL:http://www.iss.net/security_center/static/9075.php
   BID:4742
   URL:http://www.securityfocus.com/bid/4742
 Christey> MANDRAKE:MDKSA-2002:052
 Christey> BUGTRAQ:20021030 GLSA: sharutils
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103599320902432&w=2
   CERT-VN:VU#336083
   URL:http://www.kb.cert.org/vuls/id/336083
 Christey> CALDERA:CSSA-2002-040.0
 Christey> COMPAQ:SSRT2301
   CERT-VN:VU#336083
   URL:http://www.kb.cert.org/vuls/id/336083


======================================================
Candidate: CAN-2002-0181
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0181
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020817-01
Proposed: 20020502
Assigned: 20020417
Category: SF
Reference: BUGTRAQ:20020406 IMP 2.2.8 (SECURITY) released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101828033830744&w=2
Reference: DEBIAN:DSA-126
Reference: URL:http://www.debian.org/security/2002/dsa-126
Reference: CALDERA:CSSA-2002-016.1
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-016.1.txt
Reference: CONECTIVA:CLA-2001:473
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000473
Reference: MISC:http://bugs.horde.org/show_bug.cgi?id=916
Reference: XF:imp-status-php3-css(8769)
Reference: URL:http://www.iss.net/security_center/static/8769.php
Reference: BID:4444
Reference: URL:http://www.securityfocus.com/bid/4444

Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and
HORDE 1.2.7 allows remote attackers to execute arbitrary web script
and steal cookies of other IMP/HORDE users via the script parameter.


Modifications:
  DESC rephrase
  CHANGEREF CALDERA [new version number]
  ADDREF CONECTIVA:CLA-2001:473
  ADDREF MISC:http://bugs.horde.org/show_bug.cgi?id=916
  ADDREF XF:imp-status-php3-css(8769)
  ADDREF BID:4444

INFERRED ACTION: CAN-2002-0181 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Green
   MODIFY(2) Frech, Cox
   NOOP(3) Christey, Wall, Foat

Voter Comments:
 Cox> "execute script" sounds like local execution - it's just cross
   site scripting
 Christey> Try this desc: "Cross-site scripting vulnerability in
   status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to
   execute arbitrary script and steal cookies of other IMP/HORDE users
   via the script parameter."
   CONECTIVA:CLA-2001:473
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000473
   MISC:http://bugs.horde.org/show_bug.cgi?id=916
   XF:imp-status-php3-css(8769)
   URL:http://www.iss.net/security_center/static/8769.php
   BID:4444
   URL:http://www.securityfocus.com/bid/4444
   CHANGEREF CALDERA:CSSA-2002-016.1  (new version #)
 Frech> XF:imp-status-php3-css(8769)


======================================================
Candidate: CAN-2002-0184
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0184
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-02
Proposed: 20020502
Assigned: 20020419
Category: SF
Reference: BUGTRAQ:20020425 [Global InterSec 2002041701] Sudo Password Prompt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101974610509912&w=2
Reference: BUGTRAQ:20020425 Sudo version 1.6.6 now available (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101975443619600&w=2
Reference: MANDRAKE:MDKSA-2002:028
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-028.php3
Reference: DEBIAN:DSA-128
Reference: URL:http://www.debian.org/security/2002/dsa-128
Reference: REDHAT:RHSA-2002:071
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-071.html
Reference: REDHAT:RHSA-2002:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-072.html
Reference: ENGARDE:ESA-20020429-010
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2040.html
Reference: BUGTRAQ:20020425 [slackware-security] sudo upgrade fixes a potential vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101979472822196&w=2
Reference: CONECTIVA:CLA-2002:475
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000475
Reference: TRUSTIX:TSLSA-2002-0046
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102010164413135&w=2
Reference: BUGTRAQ:20020429 TSLSA-2002-0046 - sudo
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102010164413135&w=2
Reference: SUSE:SuSE-SA:2002:014
Reference: URL:http://www.suse.de/de/security/2002_014_sudo_txt.html
Reference: CERT-VN:VU#820083
Reference: URL:http://www.kb.cert.org/vuls/id/820083
Reference: XF:sudo-password-expansion-overflow(8936)
Reference: URL:http://www.iss.net/security_center/static/8936.php
Reference: BID:4593
Reference: URL:http://www.securityfocus.com/bid/4593

Heap-based buffer overflow in sudo before 1.6.6 may allow local users
to gain root privileges via special characters in the -p (prompt)
argument, which are not properly expanded.


Modifications:
  ADDREF BUGTRAQ:20020429 TSLSA-2002-0046 - sudo
  ADDREF SUSE:SuSE-SA:2002:014
  ADDREF XF:sudo-password-expansion-overflow(8936)
  DESC change terms to "heap-based buffer overflow"
  ADDREF BID:4593
  ADDREF CERT-VN:VU#820083

INFERRED ACTION: CAN-2002-0184 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(6) Cox, Wall, Foat, Cole, Armstrong, Green
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> BUGTRAQ:20020429 TSLSA-2002-0046 - sudo
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102010164413135&w=2
   SUSE:SuSE-SA:2002:014
 Frech> XF:sudo-password-expansion-overflow(8936)


======================================================
Candidate: CAN-2002-0185
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0185
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020419
Category: SF
Reference: MISC:http://www.modpython.org/pipermail/mod_python/2002-April/001991.html
Reference: MISC:http://www.modpython.org/pipermail/mod_python/2002-April/002003.html
Reference: REDHAT:RHSA-2002:070
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-070.html
Reference: CONECTIVA:CLA-2002:477
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000477
Reference: XF:modpython-imported-module-access(8997)
Reference: URL:http://www.iss.net/security_center/static/8997.php
Reference: BID:4656
Reference: URL:http://www.securityfocus.com/bid/4656

mod_python version 2.7.6 and earlier allows a module indirectly
imported by a published module to then be accessed via the publisher,
which allows remote attackers to call possibly dangerous functions
from the imported module.


Modifications:
  ADDREF REDHAT:RHSA-2002:070
  ADDREF CONECTIVA:CLA-2002:477
  ADDREF XF:modpython-imported-module-access(8997)
  ADDREF BID:4656

INFERRED ACTION: CAN-2002-0185 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cox
   MODIFY(1) Frech
   NOOP(6) Christey, Wall, Foat, Cole, Armstrong, Green

Voter Comments:
 Cox> ADDREF: RHSA-2002:070
 Christey> ADDREF REDHAT:RHSA-2002:070
 Christey> CONECTIVA:CLA-2002:477
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000477
 Frech> XF:modpython-imported-module-access(8997)


======================================================
Candidate: CAN-2002-0186
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0186
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020726
Assigned: 20020420
Category: SF
Reference: BUGTRAQ:20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102397345410856&w=2
Reference: VULNWATCH:20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html
Reference: MS:MS02-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-030.asp
Reference: CERT-VN:VU#811371
Reference: URL:http://www.kb.cert.org/vuls/id/811371
Reference: BID:5004
Reference: URL:http://www.securityfocus.com/bid/5004
Reference: XF:mssql-sqlxml-isapi-bo(9328)
Reference: URL:http://www.iss.net/security_center/static/9328.php

Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server
2000 allows remote attackers to execute arbitrary code via data
queries with a long content-type parameter, aka "Unchecked Buffer in
SQLXML ISAPI Extension."


Modifications:
  ADDREF CERT-VN:VU#811371
  ADDREF BID:5004
  ADDREF XF:mssql-sqlxml-isapi-bo(9328)

INFERRED ACTION: CAN-2002-0186 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Foat, Cole
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> CERT-VN:VU#811371
   URL:http://www.kb.cert.org/vuls/id/811371
   BID:5004
   URL:http://www.securityfocus.com/bid/5004
   XF:mssql-sqlxml-isapi-bo(9328)
   URL:http://www.iss.net/security_center/static/9328.php


======================================================
Candidate: CAN-2002-0187
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0187
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020420
Category: SF
Reference: BUGTRAQ:20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102397345410856&w=2
Reference: VULNWATCH:20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html
Reference: MS:MS02-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-030.asp

Cross-site scripting vulnerability in the SQLXML component of
Microsoft SQL Server 2000 allows an attacker to execute arbitrary
script via the root parameter as part of an XML SQL query, aka "Script
Injection via XML Tag."

INFERRED ACTION: CAN-2002-0187 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Foat, Cole
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> CERT-VN:VU#139931
   URL:http://www.kb.cert.org/vuls/id/139931
   XF:mssql-sqlxml-script-injection(9329)
   URL:http://www.iss.net/security_center/static/9329.php
   BID:5005
   URL:http://www.securityfocus.com/bid/5005


======================================================
Candidate: CAN-2002-0190
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0190
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020611
Assigned: 20020420
Category: SF
Reference: MS:MS02-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp
Reference: CERT-VN:VU#242891
Reference: URL:http://www.kb.cert.org/vuls/id/242891
Reference: XF:ie-netbios-incorrect-security-zone(9084)
Reference: URL:http://www.iss.net/security_center/static/9084.php
Reference: BID:4753
Reference: URL:http://www.securityfocus.com/bid/4753

Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers
to execute arbitrary code under fewer security restrictions via a
malformed web page that requires NetBIOS connectivity, aka "Zone
Spoofing through Malformed Web Page" vulnerability.


Modifications:
  ADDREF XF:ie-netbios-incorrect-security-zone(9084)
  ADDREF BID:4753
  ADDREF CERT-VN:VU#242891

INFERRED ACTION: CAN-2002-0190 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(1) Cox

Voter Comments:
 Frech> XF:ie-netbios-incorrect-security-zone(9084)


======================================================
Candidate: CAN-2002-0191
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0191
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020420
Category: SF
Reference: BUGTRAQ:20020402 Reading portions of local files in IE, depending on structure (GM#004-IE)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101778302030981&w=2
Reference: MS:MS02-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp
Reference: XF:ie-css-read-files (8740)
Reference: URL:http://www.iss.net/security_center/static/8740.php
Reference: BID:4411
Reference: URL:http://online.securityfocus.com/bid/4411

Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers
to view arbitrary files that contain the "{" character via script
containing the cssText property of the stylesheet object, aka "Local
Information Disclosure through HTML Object" vulnerability.

INFERRED ACTION: CAN-2002-0191 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(6) Baker, Frech, Wall, Foat, Cole, Armstrong
   NOOP(1) Cox


======================================================
Candidate: CAN-2002-0213
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0213
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20020128 [ Hackerslab bug_paper ] Xkas application vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101223525118717&w=2
Reference: SGI:20020604-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020604-01-I
Reference: BID:3969
Reference: URL:http://online.securityfocus.com/bid/3969
Reference: XF:kashare-xkas-icon-symlink(8002)
Reference: URL:http://www.iss.net/security_center/static/8002.php

xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read
arbitrary files via a symlink attack on the VOLICON file, which copied
to the .HSicon file in a shared directory.


Modifications:
  ADDREF SGI:20020604-01-I

INFERRED ACTION: CAN-2002-0213 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Green
   NOOP(4) Christey, Wall, Foat, Cole

Voter Comments:
 Christey> SGI:20020604-01-I


======================================================
Candidate: CAN-2002-0241
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0241
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CISCO:20020207 Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml
Reference: XF:ciscosecure-nds-authentication(8106)
Reference: URL:http://www.iss.net/security_center/static/8106.php
Reference: BID:4048
Reference: URL:http://www.securityfocus.com/bid/4048

NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1
does not check the Expired or Disabled state of users in the Novell
Directory Services (NDS), which could allow those users to
authenticate to the server.

INFERRED ACTION: CAN-2002-0241 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Frech, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0246
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0246
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020210 Unixware Message catalog exploit code
Reference: URL:http://online.securityfocus.com/archive/1/255414
Reference: CALDERA:CSSA-2002-SCO.3
Reference: URL:ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.3/CSSA-2002-SCO.3.txt
Reference: BID:4060
Reference: URL:http://online.securityfocus.com/bid/4060
Reference: XF:unixware-msg-catalog-format-string(8113)
Reference: URL:http://www.iss.net/security_center/static/8113.php

Format string vulnerability in the message catalog library functions
in UnixWare 7.1.1 allows local users to gain privileges by modifying
the LC_MESSAGE environment variable to read other message catalogs
containing format strings from setuid programs such as vxprint.

INFERRED ACTION: CAN-2002-0246 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Frech, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0250
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0250
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101318469216213&w=2
Reference: HP:HPSBUX0202-185
Reference: URL:http://online.securityfocus.com/advisories/3870
Reference: BID:4062
Reference: URL:http://www.securityfocus.com/bid/4062
Reference: XF:hp-advancestack-bypass-auth(8124)
Reference: URL:http://www.iss.net/security_center/static/8124.php

Web configuration utility in HP AdvanceStack hubs J3200A through
J3210A with firmware version A.03.07 and earlier, allows unauthorized
users to bypass authentication via a direct HTTP request to the
web_access.html file, which allows the user to change the switch's
configuration and modify the administrator password.

INFERRED ACTION: CAN-2002-0250 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Frech, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0267
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0267
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020212 SIPS - vulnerable to anyone gaining admin access.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363233905645&w=2
Reference: CONFIRM:http://sips.sourceforge.net/adminvul.html
Reference: BID:4097
Reference: URL:http://online.securityfocus.com/bid/4097
Reference: XF:sips-theme-admin-access(8193)
Reference: URL:http://www.iss.net/security_center/static/8193.php

preferences.php in Simple Internet Publishing System (SIPS) before
0.3.1 allows remote attackers to gain administrative privileges via a
linebreak in the "theme" field followed by the Status::admin command,
which causes the Status line to be entered into the password file.


Modifications:
  ADDREF XF:sips-theme-admin-access(8193)

INFERRED ACTION: CAN-2002-0267 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Cole, Armstrong
   MODIFY(1) Frech
   NOOP(3) Cox, Wall, Foat

Voter Comments:
 Frech> XF:sips-theme-admin-access(8193)


======================================================
Candidate: CAN-2002-0274
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0274
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020213 Exim 3.34 and lower (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101362618118598&w=2
Reference: CONFIRM:http://www.exim.org/pipermail/exim-announce/2002q1/000053.html
Reference: XF:exim-config-arg-bo(8194)
Reference: URL:http://www.iss.net/security_center/static/8194.php
Reference: BID:4096
Reference: URL:http://www.securityfocus.com/bid/4096

Exim 3.34 and earlier may allow local users to gain privileges via a
buffer overflow in long -C (configuration file) and other command line
arguments.


Modifications:
  ADDREF XF:exim-config-arg-bo(8194)

INFERRED ACTION: CAN-2002-0274 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Cox, Cole
   MODIFY(1) Frech
   NOOP(3) Wall, Foat, Armstrong

Voter Comments:
 Frech> XF:exim-config-arg-bo(8194)
 CHANGE> [Cox changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2002-0276
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0276
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020213 [NGSEC-2002-1] Ettercap, remote root compromise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101370874219511&w=2
Reference: CONFIRM:http://ettercap.sourceforge.net/index.php?s=history
Reference: BID:4104
Reference: URL:http://online.securityfocus.com/bid/4104
Reference: XF:ettercap-memcpy-bo(8200)
Reference: URL:http://www.iss.net/security_center/static/8200.php

Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier,
when running on networks with an MTU greater than 2000, allows remote
attackers to execute arbitrary code via large packets.


Modifications:
  ADDREF XF:ettercap-memcpy-bo(8200)

INFERRED ACTION: CAN-2002-0276 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Cole, Armstrong
   MODIFY(1) Frech
   NOOP(3) Cox, Wall, Foat

Voter Comments:
 Frech> XF:ettercap-memcpy-bo(8200)


======================================================
Candidate: CAN-2002-0287
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0287
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20020216 pforum: mysql-injection-bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101389284625019&w=2
Reference: CONFIRM:http://www.powie.de/news/index.php
Reference: BID:4114
Reference: URL:http://online.securityfocus.com/bid/4114
Reference: XF:pforum-quotes-sql-injection(8203)
Reference: URL:http://www.iss.net/security_center/static/8203.php

pforum 1.14 and earlier does no explicitly enable PHP magic quotes,
which allows remote attackers to bypass authentication and gain
administrator privileges via an SQL injection attack when the PHP
server is not configured to use magic quotes by default.


Modifications:
  ADDREF XF:pforum-quotes-sql-injection(8203)

INFERRED ACTION: CAN-2002-0287 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Cole, Armstrong
   MODIFY(1) Frech
   NOOP(3) Cox, Wall, Foat

Voter Comments:
 Frech> XF:pforum-quotes-sql-injection(8203)


======================================================
Candidate: CAN-2002-0290
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0290
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020218 Netwin Webnews Buffer Overflow Vulnerability (#NISR18022002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101413521417638&w=2
Reference: CONFIRM:ftp://netwinsite.com/pub/webnews/beta/webnews11m_solaris.tar.Z
Reference: BID:4124
Reference: URL:http://online.securityfocus.com/bid/4124
Reference: XF:webnews-cgi-group-bo(8220)
Reference: URL:http://www.iss.net/security_center/static/8220.php

Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows
remote attackers to execute arbitrary code via a long group argument.


Modifications:
  ADDREF XF:webnews-cgi-group-bo(8220)

INFERRED ACTION: CAN-2002-0290 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Cole, Armstrong
   MODIFY(1) Frech
   NOOP(3) Cox, Wall, Foat

Voter Comments:
 Frech> XF:webnews-cgi-group-bo(8220)


======================================================
Candidate: CAN-2002-0292
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0292
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020219 [SA-2002:01] Slashcode login vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101414005501708&w=2
Reference: BID:4116
Reference: URL:http://online.securityfocus.com/bid/4116
Reference: XF:slashcode-site-xss(8221)
Reference: URL:http://www.iss.net/security_center/static/8221.php

Cross-site scripting vulnerability in Slash before 2.2.5, as used in
Slashcode and elsewhere, allows remote attackers to steal cookies and
authentication information from other users via Javascript in a URL,
possibly in the formkey field.


Modifications:
  ADDREF XF:slashcode-site-xss(8221)

INFERRED ACTION: CAN-2002-0292 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(3) Cox, Wall, Foat

Voter Comments:
 Frech> XF:slashcode-site-xss(8221)


======================================================
Candidate: CAN-2002-0299
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0299
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020220 CNet CatchUp arbitrary code execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101438631921749&w=2
Reference: BID:3975
Reference: URL:http://online.securityfocus.com/bid/3975
Reference: XF:cnet-catchup-gain-privileges(8035)
Reference: URL:http://www.iss.net/security_center/static/8035.php

CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code
via a .RVP file that creates a file with an arbitrary extension (such
as .BAT), which is executed during a scan.


Modifications:
  ADDREF XF:cnet-catchup-gain-privileges(8035)

INFERRED ACTION: CAN-2002-0299 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(3) Cox, Wall, Foat

Voter Comments:
 Frech> XF:cnet-catchup-gain-privileges(8035)


======================================================
Candidate: CAN-2002-0300
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0300
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020817-01
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020219 gnujsp: dir- and script-disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101415804625292&w=2
Reference: BUGTRAQ:20020220 Re: gnujsp: dir- and script-disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101422432123898&w=2
Reference: DEBIAN:DSA-114
Reference: URL:http://www.debian.org/security/2002/dsa-114
Reference: BID:4125
Reference: URL:http://online.securityfocus.com/bid/4125
Reference: XF:gnujsp-jserv-information-disclosure(8240)
Reference: URL:http://www.iss.net/security_center/static/8240.php

gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories,
read source code of certain scripts, and bypass access restrictions by
directly requesting the target file from the gnujsp servlet, which
does not work around a limitation of JServ and does not process the
requested file.


Modifications:
  ADDREF XF:gnujsp-jserv-information-disclosure(8240)

INFERRED ACTION: CAN-2002-0300 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(3) Cox, Wall, Foat

Voter Comments:
 Frech> XF:gnujsp-jserv-information-disclosure(8240)


======================================================
Candidate: CAN-2002-0302
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0302
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020220 Symantec Enterprise Firewall (SEF) Notify Daemon data loss via SN MP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424225814604&w=2
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20a.html
Reference: BID:4139
Reference: URL:http://online.securityfocus.com/bid/4139
Reference: XF:sef-smtp-proxy-information(8251)
Reference: URL:http://www.iss.net/security_center/static/8251.php

The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops
large alerts when SNMP is used as the transport, which could prevent
some alerts from being sent in the event of an attack.


Modifications:
  ADDREF XF:sef-smtp-proxy-information(8251)

INFERRED ACTION: CAN-2002-0302 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Prosser, Baker, Cole
   MODIFY(1) Frech
   NOOP(3) Cox, Wall, Foat

Voter Comments:
 Frech> XF:sef-smtp-proxy-information(8251)
 Prosser> http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20a.html


======================================================
Candidate: CAN-2002-0309
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0309
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020221 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101430810813853&w=2
Reference: BUGTRAQ:20020220 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424307617060&w=2
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20.html
Reference: BID:4141
Reference: URL:http://online.securityfocus.com/bid/4141
Reference: XF:sef-smtp-proxy-information(8251)
Reference: URL:http://www.iss.net/security_center/static/8251.php

SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the
firewall's physical interface name and address in an SMTP protocol
exchange when NAT translation is made to an address other than the
firewall, which could allow remote attackers to determine certain
firewall configuration information.


Modifications:
  ADDREF CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20.html
  ADDREF XF:sef-smtp-proxy-information(8251)

INFERRED ACTION: CAN-2002-0309 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Prosser, Baker, Cole
   MODIFY(1) Frech
   NOOP(3) Cox, Wall, Foat

Voter Comments:
 Frech> XF:sef-smtp-proxy-information(8251)
 Prosser> http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20.html


======================================================
Candidate: CAN-2002-0318
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0318
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020221 DoS Attack against many RADIUS servers
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440113410083&w=2
Reference: XF:freeradius-access-request-dos(9968)
Reference: URL:http://www.iss.net/security_center/static/9968.php

FreeRADIUS RADIUS server allows remote attackers to cause a denial of
service (CPU consumption) via a flood of Access-Request packets.


Modifications:
  ADDREF XF:freeradius-access-request-dos(9968)

INFERRED ACTION: CAN-2002-0318 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(3) Cox, Wall, Foat

Voter Comments:
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:freeradius-access-request-dos(9968)
   http://www.freeradius.org/radiusd/doc/ChangeLog
   Possibly: Fix a bug which would hang the server when many SQL
   connections were open.


======================================================
Candidate: CAN-2002-0329
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0329
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020227 RE: Open Bulletin Board javascript bug.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101485184605149&w=2
Reference: BUGTRAQ:20020227 Snitz 2000 Code Patch (was RE: Open Bulletin Board javascript bug.)
Reference: URL:http://online.securityfocus.com/archive/1/258981
Reference: CONFIRM:http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660
Reference: BID:4192
Reference: URL:http://www.securityfocus.com/bid/4192
Reference: XF:snitz-img-css(8309)
Reference: URL:http://www.iss.net/security_center/static/8309.php

Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and
earlier allows remote attackers to execute arbitrary script as other
Forums 2000 users via Javascript in an IMG tag.

INFERRED ACTION: CAN-2002-0329 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> DELREF one BID:4192 (mentioned twice)


======================================================
Candidate: CAN-2002-0330
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0330
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020225 Open Bulletin Board  javascript bug.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101466092601554&w=2
Reference: CONFIRM:http://community.iansoft.net/read.php?TID=5159
Reference: BID:4171
Reference: URL:http://online.securityfocus.com/bid/4171
Reference: XF:openbb-img-css(8278)
Reference: URL:http://www.iss.net/security_center/static/8278.php

Cross-site scripting vulnerability in codeparse.php of Open Bulletin
Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary
script and steal cookies via Javascript in the IMG tag.

INFERRED ACTION: CAN-2002-0330 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0339
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0339
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CISCO:20020227 Cisco Security Advisory: Data Leak with Cisco Express Forwarding
Reference: URL:http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml
Reference: XF:ios-cef-information-leak(8296)
Reference: URL:http://www.iss.net/security_center/static/8296.php
Reference: BID:4191
Reference: URL:http://www.securityfocus.com/bid/4191

Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF)
enabled includes portions of previous packets in the padding of a MAC
level packet when the MAC packet's length is less than the IP level
packet length.

INFERRED ACTION: CAN-2002-0339 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0355
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0355
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020502
Category: SF
Reference: SGI:20020503-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020503-01-I
Reference: BID:4682
Reference: URL:http://www.securityfocus.com/bid/4682
Reference: XF:irix-netstat-file-existence(9023)
Reference: URL:http://www.iss.net/security_center/static/9023.php

netstat in SGI IRIX before 6.5.12 allows local users to determine the
existence of files on the system, even if the users do not have the
appropriate permissions.

INFERRED ACTION: CAN-2002-0355 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0356
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0356
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020611
Assigned: 20020502
Category: SF
Reference: SGI:20020504-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020504-01-I
Reference: XF:irix-fsrxfs-gain-privileges(9042)
Reference: URL:http://www.iss.net/security_center/static/9042.php
Reference: BID:4706
Reference: URL:http://www.securityfocus.com/bid/4706

Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX
6.5.10 and earlier allows local users to gain root privileges by
overwriting critical system files.


Modifications:
  ADDREF XF:irix-fsrxfs-gain-privileges(9042)
  ADDREF BID:4706

INFERRED ACTION: CAN-2002-0356 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> NOTE: CAN-2002-0356 was mistakenly referenced in a report
   for the sgdynamo product.  The correct identifier for the
   sgdynamo vulnerability is CAN-2002-0375.
 Christey> XF:irix-fsrxfs-gain-privileges(9042)
   URL:http://www.iss.net/security_center/static/9042.php
   BID:4706
   URL:http://www.securityfocus.com/bid/4706
 Frech> XF:irix-fsrxfs-gain-privileges(9042)


======================================================
Candidate: CAN-2002-0358
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0358
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020611
Assigned: 20020502
Category: SF
Reference: SGI:20020602-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020602-01-I
Reference: XF:irix-mediamail-core-dump(9292)
Reference: URL:http://www.iss.net/security_center/static/9292.php
Reference: BID:4959
Reference: URL:http://www.securityfocus.com/bid/4959

MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows
local users to force the program to dump core via certain arguments,
which could allow the users to read sensitive data or gain privileges.


Modifications:
  DESC Fix typo: "Medial" Mail
  ADDREF BID:4959
  ADDREF XF:irix-mediamail-core-dump(9292)

INFERRED ACTION: CAN-2002-0358 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> Fix typo: "Medial" Mail
   XF:irix-mediamail-core-dump(9292)
   URL:http://www.iss.net/security_center/static/9292.php
   BID:4959
   URL:http://www.securityfocus.com/bid/4959
 Frech> XF:irix-mediamail-core-dump(9292)


======================================================
Candidate: CAN-2002-0359
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0359
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020726
Assigned: 20020502
Category: SF
Reference: BUGTRAQ:20020620 [LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102459162909825&w=2
Reference: SGI:20020606-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I
Reference: CERT-VN:VU#521147
Reference: URL:http://www.kb.cert.org/vuls/id/521147
Reference: XF:irix-xfsmd-bypass-authentication(9401)
Reference: URL:http://www.iss.net/security_center/static/9401.php
Reference: BID:5072
Reference: URL:http://www.securityfocus.com/bid/5072

xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which
allows remote attackers to call dangerous RPC functions, including
those that can mount or unmount xfs file systems, to gain root
privileges.


Modifications:
  ADDREF XF:irix-xfsmd-bypass-authentication(9401)
  ADDREF BID:5072
  ADDREF CERT-VN:VU#521147
  DELREF SGI:20020605-01-I

INFERRED ACTION: CAN-2002-0359 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> XF:irix-xfsmd-bypass-authentication(9401)
   URL:http://www.iss.net/security_center/static/9401.php
   BID:5072
   URL:http://www.securityfocus.com/bid/5072
 Christey> DELREF SGI:20020605-01-I (that one is for CAN-2003-0392)


======================================================
Candidate: CAN-2002-0363
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0363
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020817-01
Proposed: 20020611
Assigned: 20020507
Category: SF
Reference: MISC:http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html
Reference: MISC:http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html
Reference: REDHAT:RHSA-2002:083
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-083.html
Reference: CALDERA:CSSA-2002-026.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt
Reference: XF:ghostscript-postscript-command-execution(9254)
Reference: URL:http://www.iss.net/security_center/static/9254.php
Reference: BID:4937
Reference: URL:http://www.securityfocus.com/bid/4937

ghostscript before 6.53 allows attackers to execute arbitrary commands
by using .locksafe or .setsafe to reset the current pagedevice.


Modifications:
  ADDREF CALDERA:CSSA-2002-026.0
  ADDREF XF:ghostscript-postscript-command-execution(9254)
  ADDREF BID:4937

INFERRED ACTION: CAN-2002-0363 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Cox, Cole, Alderson
   MODIFY(1) Frech
   NOOP(3) Christey, Wall, Foat

Voter Comments:
 Christey> CALDERA:CSSA-2002-026.0
 Christey> XF:ghostscript-postscript-command-execution(9254)
   URL:http://www.iss.net/security_center/static/9254.php
   BID:4937
   URL:http://www.securityfocus.com/bid/4937
 Frech> XF:ghostscript-postscript-command-execution(9254)


======================================================
Candidate: CAN-2002-0364
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0364
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020726
Assigned: 20020508
Category: SF
Reference: BUGTRAQ:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102392069305962&w=2
Reference: NTBUGTRAQ:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102392308608100&w=2
Reference: VULNWATCH:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612]
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html
Reference: BUGTRAQ:20020613 VNA - .HTR HEAP OVERFLOW
Reference: URL:http://online.securityfocus.com/archive/1/276767
Reference: CERT-VN:VU#313819
Reference: URL:http://www.kb.cert.org/vuls/id/313819
Reference: MS:MS02-028
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-028.asp
Reference: BID:4855
Reference: URL:http://www.securityfocus.com/bid/4855
Reference: XF:iis-htr-chunked-encoding-bo(9327)
Reference: URL:http://www.iss.net/security_center/static/9327.php

Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0
and 5.0 allows attackers to execute arbitrary code via the processing
of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding
Could Enable Web Server Compromise."


Modifications:
  ADDREF BID:4855
  ADDREF BUGTRAQ:20020613 VNA - .HTR HEAP OVERFLOW
  ADDREF CERT-VN:VU#313819
  ADDREF XF:iis-htr-chunked-encoding-bo(9327)

INFERRED ACTION: CAN-2002-0364 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Foat, Cole
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> BID:4855
   URL:http://www.securityfocus.com/bid/4855
   BUGTRAQ:20020613 VNA - .HTR HEAP OVERFLOW
   URL:http://online.securityfocus.com/archive/1/276767
   CERT-VN:VU#313819
   URL:http://www.kb.cert.org/vuls/id/313819
   XF:iis-htr-chunked-encoding-bo(9327)
   URL:http://www.iss.net/security_center/static/9327.php


======================================================
Candidate: CAN-2002-0366
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0366
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020726
Assigned: 20020508
Category: SF
Reference: BUGTRAQ:20020613 Microsoft RASAPI32.DLL
Reference: URL:http://online.securityfocus.com/archive/1/276776
Reference: BUGTRAQ:20020620 VPN and Q318138
Reference: URL:http://online.securityfocus.com/archive/1/278145
Reference: MISC:http://www.nextgenss.com/vna/ms-ras.txt
Reference: MS:MS02-029
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-029.asp
Reference: BID:4852
Reference: URL:http://www.securityfocus.com/bid/4852

Buffer overflow in Remote Access Service (RAS) phonebook for Windows
NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows
local users to execute arbitrary code by modifying the rasphone.pbk
file to use a long dial-up entry.


Modifications:
  ADDREF BUGTRAQ:20020613 Microsoft RASAPI32.DLL
  ADDREF BUGTRAQ:20020620 VPN and Q318138

INFERRED ACTION: CAN-2002-0366 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Foat, Cole
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> Add: a long script name is the issue.
   BUGTRAQ:20020613 Microsoft RASAPI32.DLL
   URL:http://online.securityfocus.com/archive/1/276776
   BUGTRAQ:20020620 VPN and Q318138
   URL:http://online.securityfocus.com/archive/1/278145


======================================================
Candidate: CAN-2002-0367
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0367
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020508
Category: SF
Reference: BUGTRAQ:20020314 Fwd: DebPloit (exploit)
Reference: URL:http://www.securityfocus.com/archive/1/262074
Reference: BUGTRAQ:20020326 Re: DebPloit (exploit)
Reference: URL:http://www.securityfocus.com/archive/1/264441
Reference: BUGTRAQ:20020327 Local Security Vulnerability in Windows NT and Windows 2000
Reference: URL:http://www.securityfocus.com/archive/1/264927
Reference: NTBUGTRAQ:20020314 DebPloit (exploit)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101614320402695&w=2
Reference: BID:4287
Reference: URL:http://www.securityfocus.com/bid/4287
Reference: XF:win-debug-duplicate-handles(8462)
Reference: URL:http://www.iss.net/security_center/static/8462.php
Reference: MS:MS02-024
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-024.asp

smss.exe debugging subsystem in Windows NT and Windows 2000 does not
properly authenticate programs that connect to other programs, which
allows local users to gain administrator or SYSTEM privileges by
duplicating a handle to a privileged process, as demonstrated by
DebPloit.

INFERRED ACTION: CAN-2002-0367 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Green
   NOOP(1) Cox


======================================================
Candidate: CAN-2002-0368
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0368
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020611
Assigned: 20020508
Category: SF
Reference: MS:MS02-025
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-025.asp
Reference: XF:exchange-msg-attribute-dos(9195)
Reference: URL:http://www.iss.net/security_center/static/9195.php
Reference: BID:4881
Reference: URL:http://www.securityfocus.com/bid/4881

The Store Service in Microsoft Exchange 2000 allows remote attackers
to cause a denial of service (CPU consumption) via a mail message with
a malformed RFC message attribute, aka "Malformed Mail Attribute can
Cause Exchange 2000 to Exhaust CPU Resources."


Modifications:
  ADDREF XF:exchange-msg-attribute-dos(9195)
  ADDREF BID:4881

INFERRED ACTION: CAN-2002-0368 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(3) Christey, Cox, Foat

Voter Comments:
 Christey> XF:exchange-msg-attribute-dos(9195)
   URL:http://www.iss.net/security_center/static/9195.php
   BID:4881
   URL:http://www.securityfocus.com/bid/4881
 Frech> XF:exchange-msg-attribute-dos(9195)


======================================================
Candidate: CAN-2002-0369
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0369
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020611
Assigned: 20020508
Category: SF
Reference: MS:MS02-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-026.asp
Reference: XF:ms-aspdotnet-stateserver-bo(9276)
Reference: URL:http://www.iss.net/security_center/static/9276.php
Reference: BID:4958
Reference: URL:http://www.securityfocus.com/bid/4958

Buffer overflow in ASP.NET Worker Process allows remote attackers to
cause a denial of service (restart) and possibly execute arbitrary
code via a routine that processes cookies while in StateServer mode.


Modifications:
  ADDREF XF:ms-aspdotnet-stateserver-bo(9276)
  ADDREF BID:4958

INFERRED ACTION: CAN-2002-0369 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(3) Christey, Cox, Foat

Voter Comments:
 Christey> XF:ms-aspdotnet-stateserver-bo(9276)
   http://www.iss.net/security_center/static/9276.php
   BID:4958
   URL:http://www.securityfocus.com/bid/4958
 Frech> XF:ms-aspdotnet-stateserver-bo(9276)


======================================================
Candidate: CAN-2002-0372
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0372
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020726
Assigned: 20020508
Category: SF
Reference: MS:MS02-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp
Reference: XF:mediaplayer-cache-code-execution(9420)
Reference: URL:http://www.iss.net/security_center/static/9420.php
Reference: BID:5107
Reference: URL:http://www.securityfocus.com/bid/5107

Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player
for Windows XP allow remote attackers to bypass Internet Explorer's
(IE) security mechanisms and run code via an executable .wma media
file with a license installation requirement stored in the IE cache,
aka the "Cache Path Disclosure via Windows Media Player".


Modifications:
  ADDREF XF:mediaplayer-cache-code-execution(9420)
  ADDREF BID:5107

INFERRED ACTION: CAN-2002-0372 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Foat, Cole
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> XF:mediaplayer-cache-code-execution(9420)
   URL:http://www.iss.net/security_center/static/9420.php
   BID:5107
   URL:http://www.securityfocus.com/bid/5107


======================================================
Candidate: CAN-2002-0373
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0373
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020726
Assigned: 20020508
Category: SF
Reference: MS:MS02-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp
Reference: XF:mediaplayer-wmdm-privilege-elevation(9421)
Reference: URL:http://www.iss.net/security_center/static/9421.php
Reference: BID:5109
Reference: URL:http://www.securityfocus.com/bid/5109

The Windows Media Device Manager (WMDM) Service in Microsoft Windows
Media Player 7.1 on Windows 2000 systems allows local users to obtain
LocalSystem rights via a program that calls the WMDM service to
connect to an invalid local storage device, aka "Privilege Elevation
through Windows Media Device Manager Service".


Modifications:
  ADDREF XF:mediaplayer-wmdm-privilege-elevation(9421)
  ADDREF BID:5109

INFERRED ACTION: CAN-2002-0373 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Wall, Cole
   NOOP(3) Christey, Cox, Foat

Voter Comments:
 Christey> XF:mediaplayer-wmdm-privilege-elevation(9421)
   URL:http://www.iss.net/security_center/static/9421.php
   BID:5109
   URL:http://www.securityfocus.com/bid/5109


======================================================
Candidate: CAN-2002-0374
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0374
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020817-01
Proposed: 20020611
Assigned: 20020508
Category: SF
Reference: BUGTRAQ:20020506 ldap vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102070762606525&w=2
Reference: VULNWATCH:20020506 ldap vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html
Reference: CALDERA:CSSA-2002-041.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-041.0.txt
Reference: MANDRAKE:MDKSA-2002:075
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:075
Reference: REDHAT:RHSA-2002:084
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-084.html
Reference: REDHAT:RHSA-2002:175
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-175.html
Reference: BUGTRAQ:20021030 GLSA: pam_ldap
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103601912505261&w=2
Reference: XF:pamldap-config-format-string(9018)
Reference: URL:http://www.iss.net/security_center/static/9018.php
Reference: BID:4679
Reference: URL:http://online.securityfocus.com/bid/4679

Format string vulnerability in the logging function for the pam_ldap
PAM LDAP module before version 144 allows attackers to execute
arbitrary code via format strings in the configuration file name.


Modifications:
  ADDREF XF:pamldap-config-format-string(9018)
  ADDREF BID:4679
  ADDREF BUGTRAQ:20021030 GLSA: pam_ldap
  ADDREF CALDERA:CSSA-2002-041.0
  ADDREF MANDRAKE:MDKSA-2002:075
  ADDREF REDHAT:RHSA-2002:175

INFERRED ACTION: CAN-2002-0374 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(2) Christey, Foat

Voter Comments:
 Christey> XF:pamldap-config-format-string(9018)
   URL:http://www.iss.net/security_center/static/9018.php
   BID:4679
   URL:http://online.securityfocus.com/bid/4679
 Frech> XF:pamldap-config-format-string(9018)
 Christey> REDHAT:RHSA-2002:084
 Christey> BUGTRAQ:20021030 GLSA: pam_ldap
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103601912505261&w=2
   CALDERA:CSSA-2002-041.0
 Christey> MANDRAKE:MDKSA-2002:075
 Christey> REDHAT:RHSA-2002:175
   URL:http://www.redhat.com/support/errata/RHSA-2002-175.html
   CALDERA:CSSA-2002-041.0
   URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-041.0.txt


======================================================
Candidate: CAN-2002-0377
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0377
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020611
Assigned: 20020514
Category: SF
Reference: BUGTRAQ:20020512 Gaim abritary Email Reading
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102130733815285&w=2
Reference: VULN-DEV:20020511 Gaim abritary Email Reading
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0584.html
Reference: CONFIRM:http://gaim.sourceforge.net/ChangeLog
Reference: XF:gaim-email-access(9061)
Reference: URL:http://www.iss.net/security_center/static/9061.php
Reference: BID:4730
Reference: URL:http://www.securityfocus.com/bid/4730

Gaim 0.57 stores sensitive information in world-readable and
group-writable files in the /tmp directory, which allows local users
to access MSN web email accounts of other users who run Gaim by
reading authentication information from the files.


Modifications:
  ADDREF VULN-DEV:20020511 Gaim abritary Email Reading
  ADDREF XF:gaim-email-access(9061)
  ADDREF BID:4730

INFERRED ACTION: CAN-2002-0377 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Cox, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(3) Christey, Wall, Foat

Voter Comments:
 Christey> VULN-DEV:20020511 Gaim abritary Email Reading
   URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0584.html
 Frech> XF:gaim-email-access(9061)
 Christey> XF:gaim-email-access(9061)
   URL:http://www.iss.net/security_center/static/9061.php
   BID:4730
   URL:http://www.securityfocus.com/bid/4730


======================================================
Candidate: CAN-2002-0379
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0379
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020817-01
Proposed: 20020611
Assigned: 20020517
Category: SF
Reference: BUGTRAQ:20020510 wu-imap buffer overflow condition
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102107222100529&w=2
Reference: REDHAT:RHSA-2002:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-092.html
Reference: CONECTIVA:CLA-2002:487
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000487
Reference: HP:HPSBTL0205-043
Reference: URL:http://online.securityfocus.com/advisories/4167
Reference: CALDERA:CSSA-2002-021.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-021.0.txt
Reference: MANDRAKE:MDKSA-2002:034
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-034.php
Reference: ENGARDE:ESA-20020607-013
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2120.html
Reference: BID:4713
Reference: URL:http://www.securityfocus.com/bid/4713
Reference: XF:wuimapd-partial-mailbox-bo(9055)
Reference: URL:http://www.iss.net/security_center/static/9055.php

Buffer overflow in University of Washington imap server (uw-imapd)
imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy
RFC 1730 support, and imapd 2000.287 and earlier, allows remote
authenticated users to execute arbitrary code via a long BODY request.


Modifications:
  ADDREF CONECTIVA:CLA-2002:487
  ADDREF HP:HPSBTL0205-043
  ADDREF CALDERA:CSSA-2002-021.0
  ADDREF MANDRAKE:MDKSA-2002:034
  ADDREF ENGARDE:ESA-20020607-013
  ADDREF BID:4713
  ADDREF XF:wuimapd-partial-mailbox-bo(9055)

INFERRED ACTION: CAN-2002-0379 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(2) Christey, Foat

Voter Comments:
 Christey> Add "long BODY request" to desc.
   CONECTIVA:CLA-2002:487
   URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000487
   HP:HPSBTL0205-043
   URL:http://online.securityfocus.com/advisories/4167
   CALDERA:CSSA-2002-021.0
   URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-021.0.txt
   MANDRAKE:MDKSA-2002:034
   URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-034.php
   ENGARDE:ESA-20020607-013
   URL:http://www.linuxsecurity.com/advisories/other_advisory-2120.html
   BID:4713
   URL:http://www.securityfocus.com/bid/4713
   XF:wuimapd-partial-mailbox-bo(9055)
   URL:http://www.iss.net/security_center/static/9055.php
 Frech> XF:wuimapd-partial-mailbox-bo(9055)


======================================================
Candidate: CAN-2002-0381
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0381
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020517
Category: SF
Reference: MISC:http://www.FreeBSD.org/cgi/query-pr.cgi?pr=35022
Reference: BUGTRAQ:20020317 TCP Connections to a Broadcast Address on BSD-Based Systems
Reference: URL:http://online.securityfocus.com/archive/1/262733
Reference: CONFIRM:http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110
Reference: CONFIRM:http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137
Reference: BID:4309
Reference: URL:http://online.securityfocus.com/bid/4309
Reference: XF:bsd-broadcast-address(8485)
Reference: URL:http://www.iss.net/security_center/static/8485.php

The TCP implementation in various BSD operating systems (tcp_input.c)
does not properly block connections to broadcast addresses, which
could allow remote attackers to bypass intended filters via packets
with a unicast link layer address and an IP broadcast address.

INFERRED ACTION: CAN-2002-0381 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Green
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0382
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0382
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-02
Proposed: 20020611
Assigned: 20020521
Category: SF
Reference: BUGTRAQ:20020327 Xchat /dns command execution vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101725430425490&w=2
Reference: REDHAT:RHSA-2002:097
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-097.html
Reference: MANDRAKE:MDKSA-2002:051
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-051.php
Reference: CONECTIVA:CLA-2002:526
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000526
Reference: XF:xchat-dns-execute-commands(8704)
Reference: URL:http://www.iss.net/security_center/static/8704.php
Reference: BID:4376
Reference: URL:http://www.securityfocus.com/bid/4376

XChat IRC client allows remote attackers to execute arbitrary commands
via a /dns command on a host whose DNS reverse lookup contains shell
metacharacters.


Modifications:
  DESC capitalize XChat properly
  ADDREF MANDRAKE:MDKSA-2002:051
  ADDREF CONECTIVA:CLA-2002:526

INFERRED ACTION: CAN-2002-0382 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Armstrong
   MODIFY(2) Cox, Foat
   NOOP(3) Christey, Wall, Cole

Voter Comments:
 Cox> Xchat should be XChat
 Foat> Agree with Cox modification
 Christey> MANDRAKE:MDKSA-2002:051
 Christey> CONECTIVA:CLA-2002:526


======================================================
Candidate: CAN-2002-0389
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0389
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020611
Assigned: 20020523
Category: SF
Reference: BUGTRAQ:20020417 Mailman/Pipermail private mailing list/local user vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101902003314968&w=2
Reference: MISC:http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103
Reference: XF:pipermail-view-archives(8874)
Reference: URL:http://www.iss.net/security_center/static/8874.php
Reference: BID:4538
Reference: URL:http://www.securityfocus.com/bid/4538

Pipermail in Mailman stores private mail messages with predictable
filenames in a world-executable directory, which allows local users to
read private mailing list archives.


Modifications:
  DESC fix typo
  ADDREF XF:pipermail-view-archives(8874)
  ADDREF BID:4538

INFERRED ACTION: CAN-2002-0389 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cox
   MODIFY(1) Frech
   NOOP(4) Christey, Wall, Foat, Cole

Voter Comments:
 Frech> XF: pipermail-view-archives(8874)
 Christey> Add period to the end of the description.


======================================================
Candidate: CAN-2002-0391
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0391
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030320-01
Proposed: 20020830
Assigned: 20020528
Category: SF
Reference: ISS:20020731 Remote Buffer Overflow Vulnerability in Sun RPC
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823
Reference: BUGTRAQ:20020731 Remote Buffer Overflow Vulnerability in Sun RPC
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102813809232532&w=2
Reference: BUGTRAQ:20020801 RPC analysis
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102821785316087&w=2
Reference: BUGTRAQ:20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102831443208382&w=2
Reference: CERT:CA-2002-25
Reference: URL:http://www.cert.org/advisories/CA-2002-25.html
Reference: CERT-VN:VU#192995
Reference: URL:http://www.kb.cert.org/vuls/id/192995
Reference: AIXAPAR:IY34194
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
Reference: CALDERA:CSSA-2002-055.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt
Reference: CONECTIVA:CLA-2002:515
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515
Reference: CONECTIVA:CLA-2002:535
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535
Reference: DEBIAN:DSA-142
Reference: URL:http://www.debian.org/security/2002/dsa-142
Reference: DEBIAN:DSA-143
Reference: URL:http://www.debian.org/security/2002/dsa-143
Reference: DEBIAN:DSA-146
Reference: URL:http://www.debian.org/security/2002/dsa-146
Reference: DEBIAN:DSA-149
Reference: URL:http://www.debian.org/security/2002/dsa-149
Reference: ENGARDE:ESA-20021003-021
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2399.html
Reference: FREEBSD:FreeBSD-SA-02:34.rpc
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102821928418261&w=2
Reference: HP:HPSBTL0208-061
Reference: URL:http://online.securityfocus.com/advisories/4402
Reference: HP:HPSBUX0209-215
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0077.html
Reference: MANDRAKE:MDKSA-2002:057
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:057
Reference: MS:MS02-057
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-057.asp
Reference: NETBSD:NetBSD-SA2002-011
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc
Reference: REDHAT:RHSA-2002:166
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-166.html
Reference: REDHAT:RHSA-2002:172
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-172.html
Reference: REDHAT:RHSA-2002:167
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-167.html
Reference: SGI:20020801-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A
Reference: SGI:20020801-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A
Reference: SUSE:SuSE-SA:2002:031
Reference: BUGTRAQ:20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html
Reference: BUGTRAQ:20020802 kerberos rpc xdr_array
Reference: URL:http://online.securityfocus.com/archive/1/285740
Reference: BUGTRAQ:20020909 GLSA: glibc
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103158632831416&w=2
Reference: XF:sunrpc-xdr-array-bo(9170)
Reference: URL:http://www.iss.net/security_center/static/9170.php
Reference: BID:5356
Reference: URL:http://www.securityfocus.com/bid/5356

Integer overflow in xdr_array function in RPC servers for operating
systems that use libc, glibc, or other code based on SunRPC including
dietlibc, allows remote attackers to execute arbitrary code by passing
a large number of arguments to xdr_array through RPC services such as
rpc.cmsd and dmispd.


Modifications:
  ADDREF REDHAT:RHSA-2002:167
  ADDREF XF:sunrpc-xdr-array-bo(9170)
  ADDREF BID:5356
  ADDREF BUGTRAQ:20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers
  ADDREF CONECTIVA:CLA-2002:515
  ADDREF HP:HPSBTL0208-061
  ADDREF BUGTRAQ:20020802 kerberos rpc xdr_array
  ADDREF BUGTRAQ:20020909 GLSA: glibc
  ADDREF SUSE:SuSE-SA:2002:031
  ADDREF MS:MS02-057
  ADDREF HP:HPSBUX0209-215
  ADDREF MANDRAKE:MDKSA-2002:057
  ADDREF ENGARDE:ESA-20021003-021
  ADDREF CALDERA:CSSA-2002-055.0
  ADDREF AIXAPAR:IY34194
  ADDREF CONECTIVA:CLA-2002:535

INFERRED ACTION: CAN-2002-0391 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Wall, Cole
   MODIFY(1) Cox
   NOOP(2) Christey, Foat

Voter Comments:
 Cox> ADDREF: RHSA-2002:167
 Christey> XF:sunrpc-xdr-array-bo(9170)
   URL:http://www.iss.net/security_center/static/9170.php
   BID:5356
   URL:http://www.securityfocus.com/bid/5356
   BUGTRAQ:20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers
   URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html
   CONECTIVA:CLA-2002:515
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515
   HP:HPSBTL0208-061
   URL:http://online.securityfocus.com/advisories/4402
   BUGTRAQ:20020802 kerberos rpc xdr_array
   URL:http://online.securityfocus.com/archive/1/285740
 Christey> BUGTRAQ:20020909 GLSA: glibc
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103158632831416&w=2
 Christey> SUSE:SuSE-SA:2002:031
 Christey> MS:MS02-057
 Christey> HP:HPSBUX0209-215
   URL:http://archives.neohapsis.com/archives/hp/2002-q3/0077.html
   MANDRAKE:MDKSA-2002:057
   ENGARDE:ESA-20021003-021
 Christey> CALDERA:CSSA-2002-055.0
 Christey> AIXAPAR:IY34194
   URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
   CONECTIVA:CLA-2002:535
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535


======================================================
Candidate: CAN-2002-0392
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0392
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020817-01
Proposed: 20020726
Assigned: 20020530
Category: SF
Reference: CONFIRM:http://httpd.apache.org/info/security_bulletin_20020617.txt
Reference: VULNWATCH:20020617 [VulnWatch] Apache httpd: vulnerability with chunked encoding
Reference: ISS:20020617 Remote Compromise Vulnerability in Apache HTTP Server
Reference: BUGTRAQ:20020617 Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server
Reference: BUGTRAQ:20020617 Re: Remote Compromise Vulnerability in Apache HTTP Server
Reference: BUGTRAQ:20020618 Fixed version of Apache 1.3 available
Reference: BUGTRAQ:20020619 Implications of Apache vuln for Oracle
Reference: BUGTRAQ:20020619 Remote Apache 1.3.x Exploit
Reference: BUGTRAQ:20020620 Apache Exploit
Reference: BUGTRAQ:20020620 TSLSA-2002-0056 - apache
Reference: BUGTRAQ:20020621 [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
Reference: URL:http://online.securityfocus.com/archive/1/278149
Reference: BUGTRAQ:20020622 Ending a few arguments with one simple attachment.
Reference: BUGTRAQ:20020622 blowchunks - protecting existing apache servers until upgrades arrive
Reference: CERT:CA-2002-17
Reference: URL:http://www.cert.org/advisories/CA-2002-17.html
Reference: SGI:20020605-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A
Reference: SGI:20020605-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I
Reference: REDHAT:RHSA-2002:103
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-103.html
Reference: MANDRAKE:MDKSA-2002:039
Reference: CALDERA:CSSA-2002-029.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt
Reference: CALDERA:CSSA-2002-SCO.31
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31
Reference: CALDERA:CSSA-2002-SCO.32
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32
Reference: COMPAQ:SSRT2253
Reference: CONECTIVA:CLSA-2002:498
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498
Reference: DEBIAN:DSA-131
Reference: URL:http://www.debian.org/security/2002/dsa-131
Reference: DEBIAN:DSA-132
Reference: URL:http://www.debian.org/security/2002/dsa-132
Reference: DEBIAN:DSA-133
Reference: URL:http://www.debian.org/security/2002/dsa-133
Reference: ENGARDE:ESA-20020619-014
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2137.html
Reference: REDHAT:RHSA-2002:118
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-118.html
Reference: REDHAT:RHSA-2002:117
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-117.html
Reference: BUGTRAQ:20020619 [OpenPKG-SA-2002.004] OpenPKG Security Advisory (apache)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0235.html
Reference: BUGTRAQ:20020621 [slackware-security] new apache/mod_ssl packages available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0266.html
Reference: SUSE:SuSE-SA:2002:022
Reference: URL:http://www.suse.com/de/security/2002_22_apache.html
Reference: CERT-VN:VU#944335
Reference: URL:http://www.kb.cert.org/vuls/id/944335
Reference: HP:HPSBTL0206-049
Reference: URL:http://online.securityfocus.com/advisories/4240
Reference: HP:HPSBUX0207-197
Reference: URL:http://online.securityfocus.com/advisories/4257
Reference: BID:5033
Reference: URL:http://online.securityfocus.com/bid/5033
Reference: XF:apache-chunked-encoding-bo(9249)
Reference: URL:http://www.iss.net/security_center/static/9249.php

Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a chunk-encoded HTTP request that causes Apache to use an
incorrect size.


Modifications:
  ADDREF CALDERA:CSSA-2002-029.0
  ADDREF CALDERA:CSSA-2002-SCO.31
  ADDREF CALDERA:CSSA-2002-SCO.32
  ADDREF COMPAQ:SSRT2253
  ADDREF CONECTIVA:CLSA-2002:498
  ADDREF DEBIAN:DSA-131
  ADDREF DEBIAN:DSA-132
  ADDREF DEBIAN:DSA-133
  ADDREF ENGARDE:ESA-20020619-014
  ADDREF REDHAT:RHSA-2002:118
  ADDREF REDHAT:RHSA-2002:117
  ADDREF BUGTRAQ:20020619 [OpenPKG-SA-2002.004] OpenPKG Security Advisory (apache)
  ADDREF BUGTRAQ:20020621 [slackware-security] new apache/mod_ssl packages available
  ADDREF SUSE:SuSE-SA:2002:022
  ADDREF CERT-VN:VU#944335
  ADDREF HP:HPSBTL0206-049
  ADDREF HP:HPSBUX0207-197
  ADDREF BID:5033
  ADDREF XF:apache-chunked-encoding-bo(9249)

INFERRED ACTION: CAN-2002-0392 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Cox, Wall, Foat, Cole
   NOOP(1) Christey

Voter Comments:
 Christey> CALDERA:CSSA-2002-029.0
   URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt
   CALDERA:CSSA-2002-SCO.31
   URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31
   CALDERA:CSSA-2002-SCO.32
   URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32
   COMPAQ:SSRT2253
   CONECTIVA:CLSA-2002:498
   URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498
   DEBIAN:DSA-131
   URL:http://www.debian.org/security/2002/dsa-131
   DEBIAN:DSA-132
   URL:http://www.debian.org/security/2002/dsa-132
   DEBIAN:DSA-133
   URL:http://www.debian.org/security/2002/dsa-133
   ENGARDE:ESA-20020619-014
   URL:http://www.linuxsecurity.com/advisories/other_advisory-2137.html
   REDHAT:RHSA-2002:118
   URL:http://rhn.redhat.com/errata/RHSA-2002-118.html
   REDHAT:RHSA-2002:117
   URL:http://rhn.redhat.com/errata/RHSA-2002-117.html
   BUGTRAQ:20020619 [OpenPKG-SA-2002.004] OpenPKG Security Advisory (apache)
   URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0235.html
   BUGTRAQ:20020621 [slackware-security] new apache/mod_ssl packages available
   URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0266.html
   SUSE:SuSE-SA:2002:022
   URL:http://www.suse.com/de/security/2002_22_apache.html
   CERT-VN:VU#944335
   URL:http://www.kb.cert.org/vuls/id/944335
   BID:5033
   URL:http://online.securityfocus.com/bid/5033
   XF:apache-chunked-encoding-bo(9249)
   URL:http://www.iss.net/security_center/static/9249.php
   HP:HPSBTL0206-049
   URL:http://online.securityfocus.com/advisories/4240
   HP:HPSBUX0207-197
   URL:http://online.securityfocus.com/advisories/4257


======================================================
Candidate: CAN-2002-0394
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0394
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020611
Assigned: 20020530
Category: SF
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: XF:redm-1050ap-insecure-passwords(9263)
Reference: URL:http://www.iss.net/security_center/static/9263.php

Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords,
which makes it easier for attackers to conduct a brute force guessing
attack due to the smaller space of possible passwords.


Modifications:
  ADDREF XF:redm-1050ap-insecure-passwords(9263)

INFERRED ACTION: CAN-2002-0394 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Foat
   MODIFY(1) Frech
   NOOP(4) Cox, Wall, Cole, Armstrong

Voter Comments:
 Frech> XF:redm-1050ap-insecure-passwords(9263)
 Baker> The vendor response does not dispute any of the issues, stating the remaining issues will be resolved in a future firmware update.  Sounds like confirmation to me.


======================================================
Candidate: CAN-2002-0401
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0401
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-02
Proposed: 20020611
Assigned: 20020603
Category: SF
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: REDHAT:RHSA-2002:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html
Reference: CONECTIVA:CLSA-2002:505
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
Reference: CALDERA:CSSA-2002-037.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
Reference: BID:4806
Reference: URL:http://online.securityfocus.com/bid/4806
Reference: XF:ethereal-smb-dissector-dos(9204)
Reference: URL:http://www.iss.net/security_center/static/9204.php

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to
cause a denial of service (crash) or execute arbitrary code via
malformed packets that cause Ethereal to dereference a NULL pointer.


Modifications:
  ADDREF REDHAT:RHSA-2002:088
  ADDREF XF:ethereal-smb-dissector-dos(9204)
  ADDREF CONECTIVA:CLSA-2002:505
  ADDREF CALDERA:CSSA-2002-037.0

INFERRED ACTION: CAN-2002-0401 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Armstrong
   MODIFY(2) Frech, Cox
   NOOP(2) Christey, Wall

Voter Comments:
 Cox> ADDREF: RHSA-2002:088
 Christey> Fix version: 0.9.3 is also affected (thanks to Mark Cox for
   noticing this)
 Christey> XF:ethereal-smb-dissector-dos(9204)
   URL:http://www.iss.net/security_center/static/9204.php
   CONECTIVA:CLSA-2002:505
   URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
 Frech> XF:ethereal-smb-dissector-dos(9204)
 Christey> CALDERA:CSSA-2002-037.0
   URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt


======================================================
Candidate: CAN-2002-0402
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0402
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-02
Proposed: 20020611
Assigned: 20020603
Category: SF
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2
Reference: REDHAT:RHSA-2002:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html
Reference: CONECTIVA:CLSA-2002:505
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
Reference: CALDERA:CSSA-2002-037.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
Reference: XF:ethereal-x11-dissector-bo(9203)
Reference: URL:http://www.iss.net/security_center/static/9203.php
Reference: BID:4805
Reference: URL:http://online.securityfocus.com/bid/4805

Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code while Ethereal is parsing keysyms.


Modifications:
  ADDREF REDHAT:RHSA-2002:088
  ADDREF CONECTIVA:CLSA-2002:505
  ADDREF XF:ethereal-x11-dissector-bo(9203)
  ADDREF CALDERA:CSSA-2002-037.0

INFERRED ACTION: CAN-2002-0402 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Armstrong
   MODIFY(2) Frech, Cox
   NOOP(2) Christey, Wall

Voter Comments:
 Cox> ADDREF: RHSA-2002:088
 Christey> Fix version: 0.9.3 is also affected (thanks to Mark Cox for
   noticing this)
 Christey> XF:ethereal-x11-dissector-bo(9203)
   URL:http://www.iss.net/security_center/static/9203.php
   CONECTIVA:CLSA-2002:505
   URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
 Frech> XF:ethereal-x11-dissector-bo(9203)
 Christey> CALDERA:CSSA-2002-037.0
   URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt


======================================================
Candidate: CAN-2002-0403
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0403
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-02
Proposed: 20020611
Assigned: 20020603
Category: SF
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2
Reference: REDHAT:RHSA-2002:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html
Reference: CONECTIVA:CLSA-2002:505
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
Reference: CALDERA:CSSA-2002-037.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
Reference: BID:4807
Reference: URL:http://online.securityfocus.com/bid/4807
Reference: XF:ethereal-dns-dissector-dos(9205)
Reference: URL:http://www.iss.net/security_center/static/9205.php

DNS dissector in Ethereal before 0.9.3 allows remote attackers to
cause a denial of service (CPU consumption) via a malformed packet
that causes Ethereal to enter an infinite loop.


Modifications:
  ADDREF REDHAT:RHSA-2002:088
  ADDREF CONECTIVA:CLSA-2002:505
  ADDREF XF:ethereal-dns-dissector-dos(9205)
  ADDREF CALDERA:CSSA-2002-037.0

INFERRED ACTION: CAN-2002-0403 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Armstrong
   MODIFY(2) Frech, Cox
   NOOP(2) Christey, Wall

Voter Comments:
 Cox> ADDREF: RHSA-2002:088
 Christey> Fix version: 0.9.3 is also affected (thanks to Mark Cox for
   noticing this)
 Christey> XF:ethereal-dns-dissector-dos(9205)
   URL:http://www.iss.net/security_center/static/9205.php
   CONECTIVA:CLSA-2002:505
   URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
 Frech> XF:ethereal-dns-dissector-dos(9205)
 Christey> CALDERA:CSSA-2002-037.0
   URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt


======================================================
Candidate: CAN-2002-0404
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0404
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-02
Proposed: 20020611
Assigned: 20020603
Category: SF
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2
Reference: REDHAT:RHSA-2002:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html
Reference: CONECTIVA:CLSA-2002:505
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
Reference: CALDERA:CSSA-2002-037.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
Reference: BID:4808
Reference: URL:http://online.securityfocus.com/bid/4808
Reference: XF:ethereal-giop-dissector-dos(9206)
Reference: URL:http://www.iss.net/security_center/static/9206.php

Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote
attackers to cause a denial of service (memory consumption).


Modifications:
  ADDREF REDHAT:RHSA-2002:088
  ADDREF CONECTIVA:CLSA-2002:505
  ADDREF XF:ethereal-giop-dissector-dos(9206)
  ADDREF CALDERA:CSSA-2002-037.0

INFERRED ACTION: CAN-2002-0404 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Armstrong
   MODIFY(2) Frech, Cox
   NOOP(2) Christey, Wall

Voter Comments:
 Cox> ADDREF: RHSA-2002:088
 Christey> Fix version: 0.9.3 is also affected (thanks to Mark Cox for
   noticing this)
 Christey> XF:ethereal-giop-dissector-dos(9206)
   URL:http://www.iss.net/security_center/static/9206.php
 Frech> XF:ethereal-giop-dissector-dos(9206)
 Christey> CALDERA:CSSA-2002-037.0
   URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt


======================================================
Candidate: CAN-2002-0406
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0406
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020302 Denial of Service in Sphereserver
Reference: URL:http://online.securityfocus.com/archive/1/259334
Reference: XF:sphereserver-connections-dos(8338)
Reference: URL:http://www.iss.net/security_center/static/8338.php
Reference: BID:4258
Reference: URL:http://www.securityfocus.com/bid/4258

Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause
a denial of service by establishing a large number of connections to
the server without providing login credentials, which prevents other
users from being able to log in.

INFERRED ACTION: CAN-2002-0406 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Frech, Cole, Alderson
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0412
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0412
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020304 [H20020304]: Remotely exploitable format string vulnerability in ntop
Reference: URL:http://online.securityfocus.com/archive/1/259642
Reference: BUGTRAQ:20020411 ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101854261030453&w=2
Reference: BUGTRAQ:20020411 re: gobbles ntop alert
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101856541322245&w=2
Reference: BUGTRAQ:20020417 segfault in ntop
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101908224609740&w=2
Reference: VULNWATCH:20020304 [VulnWatch] [H20020304]: Remotely exploitable format string vulnerability in ntop
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0056.html
Reference: CONFIRM:http://snapshot.ntop.org/
Reference: MISC:http://listmanager.unipi.it/pipermail/ntop-dev/2002-February/000489.html
Reference: XF:ntop-traceevent-format-string(8347)
Reference: URL:http://www.iss.net/security_center/static/8347.php
Reference: BID:4225
Reference: URL:http://www.securityfocus.com/bid/4225

Format string vulnerability in TraceEvent function for ntop before 2.1
allows remote attackers to execute arbitrary code by causing format
strings to be injected into calls to the syslog function, via (1) an
HTTP GET request, (2) a user name in HTTP authentication, or (3) a
password in HTTP authentication.

INFERRED ACTION: CAN-2002-0412 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Frech, Wall, Cole, Alderson
   MODIFY(1) Cox
   NOOP(1) Foat

Voter Comments:
 Cox> I believe this only apples to ntop version 2 not version 1


======================================================
Candidate: CAN-2002-0414
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0414
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020304 BSD: IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec
Reference: URL:http://www.securityfocus.com/archive/1/259598
Reference: CONFIRM:http://orange.kame.net/dev/cvsweb.cgi/kame/CHANGELOG
Reference: BID:4224
Reference: URL:http://www.securityfocus.com/bid/4224
Reference: XF:kame-forged-packet-forwarding(8416)
Reference: URL:http://www.iss.net/security_center/static/8416.php
Reference: VULNWATCH:20020304 [VulnWatch] BSD: IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0057.html

KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5,
and other operating systems, does not properly consult the Security
Policy Database (SPD), which could cause a Security Gateway (SG) that
does not use Encapsulating Security Payload (ESP) to forward forged
IPv4 packets.

INFERRED ACTION: CAN-2002-0414 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Cole, Alderson
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0423
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0423
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020306 efingerd remote buffer overflow and a dangerous feature
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html
Reference: CONFIRM:http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.5.tar.gz
Reference: BID:4239
Reference: URL:http://www.securityfocus.com/bid/4239
Reference: XF:efingerd-reverse-lookup-bo(8380)
Reference: URL:http://www.iss.net/security_center/static/8380.php

Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61,
allows remote attackers to cause a denial of service and possibly
execute arbitrary code via a finger request from an IP address with a
long hostname that is obtained via a reverse DNS lookup.

INFERRED ACTION: CAN-2002-0423 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Cole, Alderson
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0424
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0424
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020306 efingerd remote buffer overflow and a dangerous feature
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html
Reference: CONFIRM:http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz
Reference: BID:4240
Reference: URL:http://www.securityfocus.com/bid/4240
Reference: XF:efingerd-file-execution(8381)
Reference: URL:http://www.iss.net/security_center/static/8381.php

efingerd 1.61 and earlier, when configured without the -u option,
executes .efingerd files as the efingerd user (typically "nobody"),
which allows local users to gain privileges as the efingerd user by
modifying their own .efingerd file and running finger.

INFERRED ACTION: CAN-2002-0424 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Cole, Alderson
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0425
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0425
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020306 mIRC DCC Server Security Flaw
Reference: URL:http://online.securityfocus.com/archive/1/260244
Reference: XF:mirc-dcc-reveal-info(8393)
Reference: URL:http://www.iss.net/security_center/static/8393.php
Reference: BID:4247
Reference: URL:http://www.securityfocus.com/bid/4247

mIRC DCC server protocol allows remote attackers to gain sensitive
information such as alternate IRC nicknames via a "100 testing"
message in a DCC connection request that cannot be ignored or canceled
by the user, which may leak the alternate nickname in a response
message.

INFERRED ACTION: CAN-2002-0425 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Frech, Cole, Alderson
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0429
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0429
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020308 linux <=2.4.18 x86 traps.c problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101561298818888&w=2
Reference: CONFIRM:http://www.openwall.com/linux/
Reference: REDHAT:RHSA-2002:158
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-158.html
Reference: BID:4259
Reference: URL:http://online.securityfocus.com/bid/4259
Reference: XF:linux-ibcs-lcall-process(8420)
Reference: URL:http://www.iss.net/security_center/static/8420.php

The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18
and earlier on x86 systems allow local users to kill arbitrary
processes via a a binary compatibility interface (lcall).


Modifications:
  ADDREF REDHAT:RHSA-2002:158
  ADDREF XF:linux-ibcs-lcall-process(8420)

INFERRED ACTION: CAN-2002-0429 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Cox, Cole, Alderson
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:linux-ibcs-lcall-process(8420)
 CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
 Cox> Addref: RHSA-2002:158


======================================================
Candidate: CAN-2002-0431
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0431
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020309 xtux server DoS.
Reference: URL:http://online.securityfocus.com/archive/1/260912
Reference: MISC:https://sourceforge.net/tracker/index.php?func=detail&aid=529046&group_id=206&atid=100206
Reference: BID:4260
Reference: URL:http://www.securityfocus.com/bid/4260
Reference: XF:xtux-server-dos(8422)
Reference: URL:http://www.iss.net/security_center/static/8422.php

XTux allows remote attackers to cause a denial of service (CPU
consumption) via random inputs in the initial connection.

INFERRED ACTION: CAN-2002-0431 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Frech, Cole, Alderson
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0435
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0435
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-02
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020310 GNU fileutils - recursive directory removal race condition
Reference: URL:http://www.securityfocus.com/archive/1/260936
Reference: CONFIRM:http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html
Reference: CALDERA:CSSA-2002-018.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt
Reference: XF:gnu-fileutils-race-condition(8432)
Reference: URL:http://www.iss.net/security_center/static/8432.php
Reference: BID:4266
Reference: URL:http://www.securityfocus.com/bid/4266
Reference: MANDRAKE:MDKSA-2002:031
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php

Race condition in the recursive (1) directory deletion and (2)
directory move in GNU File Utilities (fileutils) 4.1 and earlier
allows local users to delete directories as the user running fileutils
by moving a low-level directory to a higher level as it is being
deleted, which causes fileutils to chdir to a ".." directory that is
higher than expected, possibly up to the root file system.


Modifications:
  ADDREF MANDRAKE:MDKSA-2002:032
  CHANGEREF CONFIRM [URL changed]
  CHANGEREF MANDRAKE [wrong number]

INFERRED ACTION: CAN-2002-0435 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Green, Baker, Cox, Foat, Cole
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> MANDRAKE:MDKSA-2002:032
 CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
 Cox> CONFIRM:http://mail.gnu.org/pipermail/bug-fileutils/2002-March/002440.html
   is a dead link, I traced the message to the new live link here
   http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html
 Christey> Mandrake reference should be MANDRAKE:MDKSA-2002:031 (032
   is for tcpdump)


======================================================
Candidate: CAN-2002-0437
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0437
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020311 SMStools vulnerabilities in release before 1.4.8
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0103.html
Reference: CONFIRM:http://www.isis.de/members/~s.frings/smstools/history.html
Reference: BID:4268
Reference: URL:http://www.securityfocus.com/bid/4268
Reference: XF:sms-tools-format-string(8433)
Reference: URL:http://www.iss.net/security_center/static/8433.php

Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote
attackers to execute arbitrary commands via shell metacharacters
(backquotes) in message text, as described with the term "string
format vulnerability" by some sources.

INFERRED ACTION: CAN-2002-0437 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Green, Baker, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0441
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0441
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020311 Directory traversal vulnerability in phpimglist
Reference: URL:http://www.securityfocus.com/archive/1/261221
Reference: CONFIRM:http://www.liquidpulse.net/get.lp?id=17
Reference: XF:phpimglist-dot-directory-traversal(8441)
Reference: URL:http://www.iss.net/security_center/static/8441.php
Reference: BID:4276
Reference: URL:http://www.securityfocus.com/bid/4276

Directory traversal vulnerability in imlist.php for Php Imglist allows
remote attackers to read arbitrary code via a .. (dot dot) in the cwd
parameter.

INFERRED ACTION: CAN-2002-0441 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Green, Baker, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0442
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0442
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category:
Reference: CALDERA:CSSA-2002-SCO.8
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.8/CSSA-2002-SCO.8.txt
Reference: XF:openserver-dlvraudit-bo(8442)
Reference: URL:http://www.iss.net/security_center/static/8442.php
Reference: BID:4273
Reference: URL:http://www.securityfocus.com/bid/4273

Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6
allows local users to gain root privileges.

INFERRED ACTION: CAN-2002-0442 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Green, Baker, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0451
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0451
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020313 Command execution in phprojekt.
Reference: URL:http://www.securityfocus.com/archive/1/261676
Reference: CONFIRM:http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=19&mode=&order=
Reference: BID:4284
Reference: URL:http://www.securityfocus.com/bid/4284
Reference: XF:phpprojekt-filemanager-include-files(8448)
Reference: URL:http://www.iss.net/security_center/static/8448.php

filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote
attackers to execute arbitrary PHP code by specifying the URL to the
code in the lib_path parameter.

INFERRED ACTION: CAN-2002-0451 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Green, Baker, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0454
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0454
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020315 Bug in QPopper (All Versions?)
Reference: URL:http://www.securityfocus.com/archive/1/262213
Reference: CONFIRM:ftp://ftp.qualcomm.com/eudora/servers/unix/popper/qpopper4.0.4.tar.gz
Reference: XF:qpopper-qpopper-dos(8458)
Reference: URL:http://www.iss.net/security_center/static/8458.php
Reference: BID:4295
Reference: URL:http://www.securityfocus.com/bid/4295
Reference: CALDERA:CSSA-2002-SCO.20
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.20

Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote
attackers to cause a denial of service (CPU consumption) via a very
large string, which causes an infinite loop.


Modifications:
  ADDREF CALDERA:CSSA-2002-SCO.20

INFERRED ACTION: CAN-2002-0454 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Green, Baker, Wall, Cole
   NOOP(3) Christey, Cox, Foat

Voter Comments:
 Christey> CALDERA:CSSA-2002-SCO.20


======================================================
Candidate: CAN-2002-0462
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0462
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020318 [ARL02-A11] Big Sam (Built-In Guestbook Stand-Alone Module) Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/262735
Reference: CONFIRM:http://www.gezzed.net/bigsam/bigsam.1_1_12.php.txt
Reference: XF:bigsam-displaybegin-dos(8478)
Reference: URL:http://www.iss.net/security_center/static/8478.php
Reference: XF:bigsam-safemode-path-disclosure(8479)
Reference: URL:http://www.iss.net/security_center/static/8479.php
Reference: BID:4312
Reference: URL:http://www.securityfocus.com/bid/4312

bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone
Module) 1.1.08 and earlier allows remote attackers to cause a denial
of service (CPU consumption) or obtain the absolute path of the web
server via a displayBegin parameter with a very large number, which
leaks the web path in an error message when PHP safe_mode is enabled,
or consumes resources when safe_mode is not enabled.


Modifications:
  DESC rephrase to clarify

INFERRED ACTION: CAN-2002-0462 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Green, Baker, Foat, Cole
   NOOP(2) Cox, Wall


======================================================
Candidate: CAN-2002-0463
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0463
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020319 Re: [ARL02-A07] ARSC Really Simple Chat System Information Path    Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/262802
Reference: BUGTRAQ:20020316 [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/262652
Reference: BID:4307
Reference: URL:http://www.securityfocus.com/bid/4307
Reference: XF:arsc-language-path-disclosure(8472)
Reference: URL:http://www.iss.net/security_center/static/8472.php

home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote
attackers to determine the full pathname of the web server via an
invalid language in the arsc_language parameter, which leaks the
pathname in an error message.

INFERRED ACTION: CAN-2002-0463 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Green, Baker, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0464
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0464
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020318 Hosting Directory Traversal madness...
Reference: URL:http://www.securityfocus.com/archive/1/262734
Reference: CONFIRM:http://www.hostingcontroller.com/english/patches/ForAll/download/dot-slash.zip
Reference: BID:4311
Reference: URL:http://www.securityfocus.com/bid/4311

Directory traversal vulnerability in Hosting Controller 1.4.1 and
earlier allows remote attackers to read and modify arbitrary files and
directories via a .. (dot dot) in arguments to (1) file_editor.asp,
(2) folderactions.asp, or (3) editoractions.asp.

INFERRED ACTION: CAN-2002-0464 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Green, Baker, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0473
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0473
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: VULN-DEV:20020318 phpBB2 remote execution command
Reference: URL:http://online.securityfocus.com/archive/82/262600
Reference: BUGTRAQ:20020318 Re: phpBB2 remote execution command (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html
Reference: BUGTRAQ:20020318 phpBB2 remote execution command
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0229.html
Reference: CONFIRM:http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip
Reference: MISC:http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483
Reference: BID:4380
Reference: URL:http://www.securityfocus.com/bid/4380
Reference: XF:phpbb-db-command-execution(8476)
Reference: URL:http://www.iss.net/security_center/static/8476.php

db.php in phBB 2.0 (aka phBB2) RC-3 and earlier allows remote
attackers to execute arbitrary code from remote servers via the
phpbb_root_path parameter.

INFERRED ACTION: CAN-2002-0473 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Green, Baker, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0484
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0484
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020321 Re: move_uploaded_file breaks safe_mode restrictions in PHP
Reference: URL:http://online.securityfocus.com/archive/1/263259
Reference: BUGTRAQ:20020317 move_uploaded_file breaks safe_mode restrictions in PHP
Reference: URL:http://online.securityfocus.com/archive/1/262999
Reference: BUGTRAQ:20020322 Re: move_uploaded_file breaks safe_mode restrictions in PHP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101683938806677&w=2
Reference: CONFIRM:http://bugs.php.net/bug.php?id=16128
Reference: XF:php-moveuploadedfile-create-files(8591)
Reference: URL:http://www.iss.net/security_center/static/8591.php
Reference: BID:4325
Reference: URL:http://www.securityfocus.com/bid/4325

move_uploaded_file in PHP does not does not check for the base
directory (open_basedir), which could allow remote attackers to upload
files to unintended locations on the system.

INFERRED ACTION: CAN-2002-0484 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Green, Baker, Cox, Cole
   NOOP(2) Wall, Foat

Voter Comments:
 CHANGE> [Cox changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2002-0488
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0488
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020321 PHP script: Penguin Traceroute, Remote Command Execution
Reference: URL:http://www.securityfocus.com/archive/1/263285
Reference: CONFIRM:http://www.linux-directory.com/scripts/traceroute.pl
Reference: XF:penguin-traceroute-command-execution(8600)
Reference: URL:http://www.iss.net/security_center/static/8600.php
Reference: BID:4332
Reference: URL:http://www.securityfocus.com/bid/4332

Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote
attackers to execute arbitrary code via shell metacharacters in the
host parameter.

INFERRED ACTION: CAN-2002-0488 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Green, Baker, Wall, Foat, Cole
   NOOP(1) Cox


======================================================
Candidate: CAN-2002-0490
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0490
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020323 Instant Web Mail additional POP3 commands and mail headers
Reference: URL:http://www.securityfocus.com/archive/1/264041
Reference: CONFIRM:http://instantwebmail.sourceforge.net/#changeLog
Reference: XF:instant-webmail-pop-commands(8650)
Reference: URL:http://www.iss.net/security_center/static/8650.php
Reference: BID:4361
Reference: URL:http://www.securityfocus.com/bid/4361

Instant Web Mail before 0.60 does not properly filter CR/LF sequences,
which allows remote attackers to (1) execute arbitrary POP commands
via the id parameter in message.php, or (2) modify certain mail
message headers via numerous parameters in write.php.

INFERRED ACTION: CAN-2002-0490 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0493
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0493
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020325 re: Tomcat Security Exposure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101709002410365&w=2
Reference: MISC:http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail@icarus.apache.org%3E
Reference: XF:tomcat-xml-bypass-restrictions(9863)
Reference: URL:http://www.iss.net/security_center/static/9863.php

Apache Tomcat may be started without proper security settings if
errors are encountered while reading the web.xml file, which could
allow attackers to bypass intended restrictions.


Modifications:
  ADDREF XF:tomcat-xml-bypass-restrictions(9863)

INFERRED ACTION: CAN-2002-0493 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(3) Cox, Wall, Foat

Voter Comments:
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:tomcat-xml-bypass-restrictions(9863)


======================================================
Candidate: CAN-2002-0494
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0494
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020325 WebSight Directory System: cross-site-scripting bug
Reference: URL:http://www.securityfocus.com/archive/1/263914
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=163389
Reference: BID:4357
Reference: URL:http://www.securityfocus.com/bid/4357
Reference: XF:websight-directory-system-css(8624)
Reference: URL:http://www.iss.net/security_center/static/8624.php

Cross-site scripting vulnerability in WebSight Directory System 0.1
allows remote attackers to execute arbitrary Javascript and gain
access to the WebSight administrator via a new link submission
containing the script in a website name.

INFERRED ACTION: CAN-2002-0494 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0495
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0495
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020325 CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)
Reference: URL:http://www.securityfocus.com/archive/1/264169
Reference: MISC:http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7
Reference: BID:4368
Reference: URL:http://www.securityfocus.com/bid/4368
Reference: XF:cssearch-url-execute-commands(8636)
Reference: URL:http://www.iss.net/security_center/static/8636.php

csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to
execute arbitrary Perl code via the savesetup command and the setup
parameter, which overwrites the setup.cgi configuration file that is
loaded by csSearch.cgi.

INFERRED ACTION: CAN-2002-0495 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Foat, Cole
   NOOP(3) Cox, Wall, Armstrong

Voter Comments:
 Frech> http://online.securityfocus.com/archive/1/266432


======================================================
Candidate: CAN-2002-0497
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0497
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020306 mtr 0.45, 0.46
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0048.html
Reference: DEBIAN:DSA-124
Reference: URL:http://www.debian.org/security/2002/dsa-124
Reference: BID:4217
Reference: URL:http://www.securityfocus.com/bid/4217
Reference: XF:mtr-options-bo(8367)
Reference: URL:http://www.iss.net/security_center/static/8367.php

Buffer overflow in mtr 0.46 and earlier, when installed setuid root,
allows local users to access a raw socket via a long MTR_OPTIONS
environment variable.

INFERRED ACTION: CAN-2002-0497 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Cox, Cole
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2002-0501
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0501
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020327 Format String Bug in Posadis DNS Server
Reference: URL:http://online.securityfocus.com/archive/1/264450
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=165094
Reference: XF:posadis-logging-format-string(8653)
Reference: URL:http://www.iss.net/security_center/static/8653.php
Reference: BID:4378
Reference: URL:http://www.securityfocus.com/bid/4378

Format string vulnerability in log_print() function of Posadis DNS
server before version m5pre2 allows local users and possibly remote
attackers to execute arbitrary code via format strings that are
inserted into logging messages.


Modifications:
  DESC fix typo

INFERRED ACTION: CAN-2002-0501 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Frech, Foat, Cole, Armstrong
   NOOP(2) Cox, Wall


======================================================
Candidate: CAN-2002-0505
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0505
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: CISCO:20020327 LDAP Connection Leak in CTI when User Authentication Fails
Reference: URL:http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml
Reference: XF:cisco-cti-memory-leak(8655)
Reference: URL:http://www.iss.net/security_center/static/8655.php
Reference: BID:4370
Reference: URL:http://www.securityfocus.com/bid/4370

Memory leak in the Call Telephony Integration (CTI) Framework
authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows
remote attackers to cause a denial of service (crash and reload) via a
series of authentication failures, e.g. via incorrect passwords.

INFERRED ACTION: CAN-2002-0505 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0506
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0506
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020328 A possible buffer overflow in libnewt
Reference: URL:http://online.securityfocus.com/archive/1/264699
Reference: XF:libnewt-bo(8700)
Reference: URL:http://www.iss.net/security_center/static/8700.php
Reference: BID:4393
Reference: URL:http://www.securityfocus.com/bid/4393

Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33
and earlier may allow attackers to cause a denial of service or
execute arbitrary code in setuid programs that use libnewt.


Modifications:
  DESC emphasize setuid programs only

INFERRED ACTION: CAN-2002-0506 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Frech, Cox, Cole
   NOOP(3) Wall, Foat, Armstrong

Voter Comments:
 Cox> (although only really a problem if you have setuid programs
   that use libnewt)


======================================================
Candidate: CAN-2002-0511
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0511
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: CALDERA:CSSA-2002-013.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-013.0.txt
Reference: XF:nscd-dns-ptr-validation(8745)
Reference: URL:http://www.iss.net/security_center/static/8745.php
Reference: BID:4399
Reference: URL:http://www.securityfocus.com/bid/4399

The default configuration of Name Service Cache Daemon (nscd) in
Caldera OpenLinux 3.1 and 3.1.1 uses cached PTR records instead of
consulting the authoritative DNS server for the A record, which could
make it easier for remote attackers to bypass applications that
restrict access based on host names.

INFERRED ACTION: CAN-2002-0511 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Frech, Foat, Cole, Armstrong
   NOOP(2) Cox, Wall


======================================================
Candidate: CAN-2002-0512
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0512
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020817-01
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: CALDERA:CSSA-2002-005.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt
Reference: BID:4400
Reference: URL:http://www.securityfocus.com/bid/4400
Reference: XF:kde-startkde-search-directory(8737)
Reference: URL:http://www.iss.net/security_center/static/8737.php

startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the
LD_LIBRARY_PATH environment variable to include the current working
directory, which could allow local users to gain privileges of other
users running startkde via Trojan horse libraries.


Modifications:
  ADDREF XF:kde-startkde-search-directory(8737)

INFERRED ACTION: CAN-2002-0512 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Frech> XF:kde-startkde-search-directory(8737)
 Christey> There's a long history of overflows via long -xrm arguments.
   Need to make sure there's no overlap with other separate
   vulnerability reports.


======================================================
Candidate: CAN-2002-0513
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0513
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020330 popper_mod 1.2.1 and previous accounts compromise
Reference: URL:http://online.securityfocus.com/archive/1/265438
Reference: CONFIRM:http://www.symatec-computer.com/forums/viewtopic.php?t=14
Reference: XF:symatec-popper-admin-access(8746)
Reference: URL:http://www.iss.net/security_center/static/8746.php
Reference: BID:4412
Reference: URL:http://www.securityfocus.com/bid/4412

The PHP administration script in popper_mod 1.2.1 and earlier relies
on Apache .htaccess authentication, which allows remote attackers to
gain privileges if the script is not appropriately configured by the
administrator.

INFERRED ACTION: CAN-2002-0513 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0516
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0516
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020327 squirrelmail 1.2.5 email user can execute command
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html
Reference: BUGTRAQ:20020331 Re: squirrelmail 1.2.5 email user can execute command
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html
Reference: BID:4385
Reference: URL:http://www.securityfocus.com/bid/4385
Reference: XF:squirrelmail-theme-command-execution(8671)
Reference: URL:http://www.iss.net/security_center/static/8671.php

SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users
to execute arbitrary commands by modifying the THEME variable in a
cookie.

INFERRED ACTION: CAN-2002-0516 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0531
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0531
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020403 emumail.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0066.html
Reference: CONFIRM:http://www.emumail.com/downloads/download_unix.html/
Reference: XF:emumail-cgi-view-files(8766)
Reference: URL:http://www.iss.net/security_center/static/8766.php
Reference: BID:4435
Reference: URL:http://www.securityfocus.com/bid/4435

Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x
and 5.1.0 allows remote attackers to read arbitrary files or list
arbitrary directories via a .. (dot dot) in the type parameter.

INFERRED ACTION: CAN-2002-0531 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0532
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0532
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020410 Re: emumail.cgi, one more local vulnerability (not verified)
Reference: URL:http://online.securityfocus.com/archive/1/266930
Reference: XF:emumail-http-host-execute(8836)
Reference: URL:http://www.iss.net/security_center/static/8836.php
Reference: BID:4488
Reference: URL:http://www.securityfocus.com/bid/4488

EMU Webmail allows local users to execute arbitrary programs via a ..
(dot dot) in the HTTP Host header that points to a Trojan horse
configuration file that contains a pageroot specifier that contains
shell metacharacters.

INFERRED ACTION: CAN-2002-0532 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0536
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0536
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020403 SQL injection in PHPGroupware
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0036.html
Reference: BUGTRAQ:20020411 Re: SQL injection in PHPGroupware
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0143.html
Reference: XF:phpgroupware-sql-injection(8755)
Reference: URL:http://www.iss.net/security_center/static/8755.php
Reference: BID:4424
Reference: URL:http://www.securityfocus.com/bid/4424

PHPGroupware 0.9.12 and earlier, when running with the
magic_quotes_gpc feature disabled, allows remote attackers to
compromise the database via a SQL injection attack.

INFERRED ACTION: CAN-2002-0536 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(4) Cox, Wall, Foat, Armstrong


======================================================
Candidate: CAN-2002-0538
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0538
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020415 Raptor Firewall FTP Bounce vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0166.html
Reference: BUGTRAQ:20020417 Re: Raptor Firewall FTP Bounce vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0224.html
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.04.17.html
Reference: XF:raptor-firewall-ftp-bounce(8847)
Reference: URL:http://www.iss.net/security_center/static/8847.php
Reference: BID:4522
Reference: URL:h ttp://www.securityfocus.com/bid/4522

FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0
rewrites an FTP server's "FTP PORT" responses in a way that allows
remote attackers to redirect FTP data connections to arbitrary ports,
a variant of the "FTP bounce" vulnerability.

INFERRED ACTION: CAN-2002-0538 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0539
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0539
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020415 Demarc PureSecure 1.05 may be other (user can bypass login)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0168.html
Reference: BUGTRAQ:20020417 Demarc Security Update Advisory
Reference: URL:http://online.securityfocus.com/archive/1/267941
Reference: XF:puresecure-sql-injection(8854)
Reference: URL:http://www.iss.net/security_center/static/8854.php
Reference: BID:4520
Reference: URL:http://www.securityfocus.com/bid/4520

Demarc PureSecure 1.05 allows remote attackers to gain administrative
privileges via a SQL injection attack in a session ID that is stored
in the s_key cookie.

INFERRED ACTION: CAN-2002-0539 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0542
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0542
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020411 local root compromise in openbsd 3.0 and below
Reference: URL:http://online.securityfocus.com/archive/1/267089
Reference: BUGTRAQ:20020411 OpenBSD Local Root Compromise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101855467811695&w=2
Reference: CONFIRM:http://www.openbsd.org/errata30.html#mail
Reference: XF:openbsd-mail-root-privileges(8818)
Reference: URL:http://www.iss.net/security_center/static/8818.php
Reference: BID:4495
Reference: URL:http://www.securityfocus.com/bid/4495

mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in
a message even when it is not in interactive mode, which could allow
local users to gain root privileges via calls to mail in cron.

INFERRED ACTION: CAN-2002-0542 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0543
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0543
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020409 Abyss Webserver 1.0 Administration password file retrieval exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0110.html
Reference: CONFIRM:http://www.aprelium.com/forum/viewtopic.php?t=24
Reference: BID:4466
Reference: URL:http://www.securityfocus.com/bid/4466
Reference: XF:abyss-unicode-directory-traversal(8805)
Reference: URL:http://www.iss.net/security_center/static/8805.php

Directory traversal vulnerability in Aprelium Abyss Web Server
(abyssws) before 1.0.0.2 allows remote attackers to read files outside
the web root, including the abyss.conf file, via URL-encoded .. (dot
dot) sequences in the HTTP request.

INFERRED ACTION: CAN-2002-0543 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0545
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0545
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: CISCO:20020409 Aironet Telnet Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/Aironet-Telnet.shtml
Reference: BID:4461
Reference: URL:http://www.securityfocus.com/bid/4461
Reference: XF:cisco-aironet-telnet-dos(8788)
Reference: URL:http://www.iss.net/security_center/static/8788.php

Cisco Aironet before 11.21 with Telnet enabled allows remote attackers
to cause a denial of service (reboot) via a series of login attempts
with invalid usernames and passwords.

INFERRED ACTION: CAN-2002-0545 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0553
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0553
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020413 SunSop: cross-site-scripting bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0154.html
Reference: XF:sunshop-new-cust-css(8840)
Reference: URL:http://www.iss.net/security_center/static/8840.php
Reference: BID:4506
Reference: URL:http://www.securityfocus.com/bid/4506

Cross-site scripting vulnerability in SunShop 2.5 and earlier allows
remote attackers to gain administrative privileges to SunShop by
injecting the script into fields during new customer registration.

INFERRED ACTION: CAN-2002-0553 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0567
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0567
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020206 Remote Compromise in Oracle 9i Database Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301332402079&w=2
Reference: CERT-VN:VU#180147
Reference: URL:http://www.kb.cert.org/vuls/id/180147
Reference: CERT:CA-2002-08
Reference: URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf
Reference: BID:4033
Reference: URL:http://www.securityfocus.com/bid/4033
Reference: XF:oracle-plsql-remote-access(8089)
Reference: URL:http://xforce.iss.net/static/8089.php

Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC)
allows remote attackers to bypass authentication and execute arbitrary
functions by using the TNS Listener to directly connect to the EXTPROC
process.

INFERRED ACTION: CAN-2002-0567 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Frech, Wall, Cole, Alderson
   NOOP(2) Cox, Foat


======================================================
Candidate: CAN-2002-0569
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0569
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020206 Hackproofing Oracle Application Server paper
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301813117562&w=2
Reference: CERT-VN:VU#977251
Reference: URL:http://www.kb.cert.org/vuls/id/977251
Reference: CERT:CA-2002-08
Reference: URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: MISC:http://www.nextgenss.com/papers/hpoas.pdf
Reference: BID:4298
Reference: URL:http://www.securityfocus.com/bid/4298
Reference: XF:oracle-appserver-config-file-access(8453)
Reference: URL:http://www.iss.net/security_center/static/8453.php

Oracle 9i Application Server allows remote attackers to bypass access
restrictions for configuration files via a direct request to the XSQL
Servlet (XSQLServlet).


Modifications:
  ADDREF XF:oracle-appserver-config-file-access(8453)

INFERRED ACTION: CAN-2002-0569 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Cole, Alderson
   MODIFY(1) Frech
   NOOP(2) Cox, Foat

Voter Comments:
 Frech> XF:oracle-appserver-config-file-access(8453)


======================================================
Candidate: CAN-2002-0571
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0571
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020416 ansi outer join syntax in Oracle allows access to any data
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0175.html
Reference: CIAC:M-071
Reference: URL:http://www.ciac.org/ciac/bulletins/m-071.shtml
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf
Reference: XF:oracle-ansi-sql-bypass-acl(8855)
Reference: URL:http://www.iss.net/security_center/static/8855.php
Reference: BID:4523
Reference: URL:http://www.securityfocus.com/bid/4523

Oracle Oracle9i database server 9.0.1.x allows local users to access
restricted data via a SQL query using ANSI outer join syntax.

INFERRED ACTION: CAN-2002-0571 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Wall, Cole
   NOOP(2) Cox, Foat


======================================================
Candidate: CAN-2002-0573
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0573
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020430 Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System
Reference: URL:http://online.securityfocus.com/archive/1/270268
Reference: VULNWATCH:20020430 [VulnWatch] Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0049.html
Reference: CERT:CA-2002-10
Reference: URL:http://www.cert.org/advisories/CA-2002-10.html
Reference: CERT-VN:VU#638099
Reference: URL:http://www.kb.cert.org/vuls/id/638099
Reference: XF:solaris-rwall-format-string(8971)
Reference: URL:http://www.iss.net/security_center/static/8971.php
Reference: BID:4639
Reference: URL:http://www.securityfocus.com/bid/4639

Format string vulnerability in RPC wall daemon (rpc.rwalld) for
Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary
code via format strings in a message that is not properly provided to
the syslog function when the wall command cannot be executed.

INFERRED ACTION: CAN-2002-0573 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Foat, Cole
   NOOP(2) Cox, Wall


======================================================
Candidate: CAN-2002-0574
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0574
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020817-01
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:21
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc
Reference: BID:4539
Reference: URL:http://www.securityfocus.com/bid/4539
Reference: XF:freebsd-icmp-echo-reply-dos(8893)
Reference: URL:http://www.iss.net/security_center/static/8893.php

Memory leak in FreeBSD 4.5 and earlier allows remote attackers to
cause a denial of service (memory exhaustion) via ICMP echo packets
that trigger a bug in ip_output() in which the reference count for a
routing table entry is not decremented, which prevents the entry from
being removed.


Modifications:
  ADDREF XF:freebsd-icmp-echo-reply-dos(8893)

INFERRED ACTION: CAN-2002-0574 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(3) Cox, Wall, Foat

Voter Comments:
 Frech> XF:freebsd-icmp-echo-reply-dos(8893)


======================================================
Candidate: CAN-2002-0575
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0575
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020426 Revised OpenSSH Security Advisory (adv.token)
Reference: URL:http://online.securityfocus.com/archive/1/269701
Reference: BUGTRAQ:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow
Reference: URL:http://online.securityfocus.com/archive/1/268718
Reference: VULN-DEV:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101924296115863&w=2
Reference: BUGTRAQ:20020517 OpenSSH 3.2.2 released (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102167972421837&w=2
Reference: BUGTRAQ:20020429 TSLSA-2002-0047 - openssh
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0394.html
Reference: BUGTRAQ:20020420 OpenSSH Security Advisory (adv.token)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0298.html
Reference: CALDERA:CSSA-2002-022.2
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-022.2.txt
Reference: BID:4560
Reference: URL:http://www.securityfocus.com/bid/4560
Reference: XF:openssh-sshd-kerberos-bo(8896)
Reference: URL:http://www.iss.net/security_center/static/8896.php

Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with
Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing
enabled, allows remote and local authenticated users to gain
privileges.


Modifications:
  ADDREF BUGTRAQ:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow
  ADDREF VULN-DEV:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow
  ADDREF BUGTRAQ:20020517 OpenSSH 3.2.2 released (fwd)

INFERRED ACTION: CAN-2002-0575 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Cox, Cole
   NOOP(3) Christey, Wall, Foat

Voter Comments:
 Christey> BUGTRAQ:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow
   URL:http://online.securityfocus.com/archive/1/268718
   VULN-DEV:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow
   URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101924296115863&w=2
   BUGTRAQ:20020517 OpenSSH 3.2.2 released (fwd)
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102167972421837&w=2


======================================================
Candidate: CAN-2002-0576
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0576
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020418 KPMG-2002013: Coldfusion Path Disclosure
Reference: URL:http://online.securityfocus.com/archive/1/268263
Reference: VULNWATCH:20020418 [VulnWatch] KPMG-2002013: Coldfusion Path Disclosure
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22906
Reference: BID:4542
Reference: URL:http://www.securityfocus.com/bid/4542
Reference: XF:coldfusion-dos-device-path-disclosure(8866)
Reference: URL:http://www.iss.net/security_center/static/8866.php

ColdFusion 5.0 and earlier on Windows systems allows remote attackers
to determine the absolute pathname of .cfm or .dbm files via an HTTP
request that contains an MS-DOS device name such as NUL, which leaks
the pathname in an error message.

INFERRED ACTION: CAN-2002-0576 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Wall, Cole
   NOOP(2) Cox, Foat


======================================================
Candidate: CAN-2002-0594
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0594
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)
Reference: URL:http://online.securityfocus.com/archive/1/270249
Reference: CONECTIVA:CLA-2002:490
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490
Reference: BID:4640
Reference: URL:http://www.securityfocus.com/bid/4640
Reference: XF:mozilla-css-files-exist(8977)
Reference: URL:http://www.iss.net/security_center/static/8977.php

Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to
determine the existence of files on the client system via a LINK
element in a Cascading Style Sheet (CSS) page that causes an HTTP
redirect.


Modifications:
  ADDREF XF:mozilla-css-files-exist(8977)

INFERRED ACTION: CAN-2002-0594 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cox, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:mozilla-css-files-exist(8977)
 CHANGE> [Cox changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2002-0597
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0597
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020417 KPMG-2002011: Windows 2000 microsoft-ds Denial of Service
Reference: URL:http://online.securityfocus.com/archive/1/268066
Reference: VULNWATCH:20020417 [VulnWatch] KPMG-2002011: Windows 2000 microsoft-ds Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0025.html
Reference: MSKB:Q320751
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q320751
Reference: XF:win2k-lanman-dos(8867)
Reference: URL:http://www.iss.net/security_center/static/8867.php
Reference: BID:4532
Reference: URL:http://www.securityfocus.com/bid/4532

LANMAN service on Microsoft Windows 2000 allows remote attackers to
cause a denial of service (CPU/memory exhaustion) via a stream of
malformed data to microsoft-ds port 445.


Modifications:
  ADDREF MSKB:Q320751

INFERRED ACTION: CAN-2002-0597 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Foat, Cole
   NOOP(2) Cox, Wall


======================================================
Candidate: CAN-2002-0598
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0598
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020419 KPMG-2002014: Foundstone Fscan Format String Bug
Reference: URL:http://online.securityfocus.com/archive/1/268581
Reference: VULNWATCH:20020419 [VulnWatch] KPMG-2002014: Foundstone Fscan Format String Bug
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0030.html
Reference: CONFIRM:http://www.foundstone.com/knowledge/fscan112_advisory.html
Reference: XF:fscan-banner-format-string(8895)
Reference: URL:http://www.iss.net/security_center/static/8895.php
Reference: BID:4549
Reference: URL:http://www.securityfocus.com/bid/4549

Format string vulnerability in Foundstone FScan 1.12 with banner
grabbing enabled allows remote attackers to execute arbitrary code on
the scanning system via format string specifiers in the server banner.

INFERRED ACTION: CAN-2002-0598 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Foat, Cole
   NOOP(2) Cox, Wall


======================================================
Candidate: CAN-2002-0599
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0599
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020428 Blahz-DNS: Authentication bypass vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0395.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=87004
Reference: BID:4618
Reference: URL:http://www.securityfocus.com/bid/4618
Reference: XF:blahzdns-auth-bypass(8951)
Reference: URL:http://www.iss.net/security_center/static/8951.php

Blahz-DNS 0.2 and earlier allows remote attackers to bypass
authentication and modify configuration by directly requesting CGI
programs such as dostuff.php instead of going through the login
screen.

INFERRED ACTION: CAN-2002-0599 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Foat, Cole
   NOOP(2) Cox, Wall


======================================================
Candidate: CAN-2002-0601
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0601
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: ISS:20020430 Remote Denial of Service Vulnerability in RealSecure Network Sensor
Reference: URL:http://www.iss.net/security_center/alerts/advise116.php
Reference: BUGTRAQ:20020430 ISS Advisory: Remote Denial of Service Vulnerability in RealSecure Network Sensor
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0420.html
Reference: XF:rs-ns-dhcp-dos(8961)
Reference: URL:http://www.iss.net/security_center/static/8961.php
Reference: BID:4649
Reference: URL:http://www.securityfocus.com/bid/4649

ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers
to cause a denial of service (crash) via malformed DHCP packets that
cause RealSecure to dereference a null pointer.


Modifications:
  ADDREF XF:rs-ns-dhcp-dos(8961)

INFERRED ACTION: CAN-2002-0601 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Wall, Cole
   MODIFY(1) Frech
   NOOP(2) Cox, Foat

Voter Comments:
 Frech> XF:rs-ns-dhcp-dos(8961)


======================================================
Candidate: CAN-2002-0605
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0605
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020503 Macromedia Flash Activex Buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102039374017185&w=2
Reference: VULN-DEV:20020503 Macromedia Flash Activex Buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102038919414726&w=2
Reference: VULNWATCH:20020502 [VulnWatch] Macromedia Flash Activex Buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0051.html
Reference: NTBUGTRAQ:20020503 Macromedia Flash Activex Buffer overflow
Reference: CONFIRM:http://www.macromedia.com/support/flash/ts/documents/buf_ovflow_623.htm
Reference: XF:flash-activex-movie-bo(8993)
Reference: URL:http://www.iss.net/security_center/static/8993.php
Reference: BID:4664
Reference: URL:http://online.securityfocus.com/bid/4664

Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23
(6,0,23,0) allows remote attackers to execute arbitrary code via a
long movie parameter.

INFERRED ACTION: CAN-2002-0605 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Frech, Wall, Cole, Armstrong
   NOOP(2) Cox, Foat


======================================================
Candidate: CAN-2002-0613
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0613
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020428 dnstools: authentication bypass vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0390.html
Reference: CONFIRM:http://www.dnstools.com/dnstools_2.0.1.tar.gz
Reference: BID:4617
Reference: URL:http://www.securityfocus.com/bid/4617
Reference: XF:dnstools-auth-bypass(8948)
Reference: URL:http://www.iss.net/security_center/static/8948.php

dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote
attackers to bypass authentication and gain privileges by setting the
user_logged_in or user_dnstools_administrator parameters.

INFERRED ACTION: CAN-2002-0613 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Foat, Cole
   NOOP(2) Cox, Wall


======================================================
Candidate: CAN-2002-0616
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0616
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: MS:MS02-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp
Reference: XF:excel-inline-macro-execution(9397)
Reference: URL:http://www.iss.net/security_center/static/9397.php
Reference: BID:5063
Reference: URL:http://www.securityfocus.com/bid/5063

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows
allows remote attackers to execute code by attaching an inline macro
to an object within an Excel workbook, aka the "Excel Inline Macros
Vulnerability."


Modifications:
  ADDREF XF:excel-inline-macro-execution(9397)

INFERRED ACTION: CAN-2002-0616 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Foat, Cole
   NOOP(1) Cox


======================================================
Candidate: CAN-2002-0617
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0617
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: MS:MS02-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows
allows remote attackers to execute code by creating a hyperlink on a
drawing shape in a source workbook that points to a destination
workbook containing an autoexecute macro, aka "Hyperlinked Excel
Workbook Macro Bypass."

INFERRED ACTION: CAN-2002-0617 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Foat, Cole
   NOOP(1) Cox


======================================================
Candidate: CAN-2002-0618
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0618
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: NTBUGTRAQ:20020524 Excel XP xml stylesheet problems
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102256054320377&w=2
Reference: MISC:http://www.guninski.com/ex$el2.html
Reference: MS:MS02-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp
Reference: BID:4821
Reference: URL:http://online.securityfocus.com/bid/4821
Reference: XF:excel-xsl-script-execution(9399)
Reference: URL:http://www.iss.net/security_center/static/9399.php

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows
allows remote attackers to execute code in the Local Computer zone by
embedding HTML scripts within an Excel workbook that contains an XSL
stylesheet, aka "Excel XSL Stylesheet Script Execution".


Modifications:
  ADDREF XF:excel-xsl-script-execution(9399)

INFERRED ACTION: CAN-2002-0618 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Foat, Cole
   NOOP(1) Cox


======================================================
Candidate: CAN-2002-0619
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0619
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: BUGTRAQ:20020514 dH team & SECURITY.NNOV: A variant of "Word Mail Merge" vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102139136019862&w=2
Reference: MS:MS02-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp
Reference: XF:word-mail-merge-variant(9077)
Reference: URL:http://www.iss.net/security_center/static/9077.php
Reference: BID:5066
Reference: URL:http://www.securityfocus.com/bid/5066

The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft
Access is present on a system, allows remote attackers to execute
Visual Basic (VBA) scripts within a mail merge document that is saved
in HTML format, aka a "Variant of MS00-071, Word Mail Merge
Vulnerability" (CVE-2000-0788).


Modifications:
  DESC rephrase
  ADDREF XF:word-mail-merge-variant(9077)
  ADDREF BID:5066

INFERRED ACTION: CAN-2002-0619 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Wall, Cole
   MODIFY(1) Foat
   NOOP(2) Christey, Cox

Voter Comments:
 Foat> The candidate is technically correct, but the wording is not
   grammatically correct. Suggest the following: An attacker's macro code can be
   run automatically if the user has Microsoft Access present on the system and
   choses to open a mail merge document that had been saved in HTML format, aka a
   "Variant of MS00-071, Word Mail Merge Vulnerabilty" (CVE-2000-0788).
 Christey> desc: missing "*WHEN* access is present..."


======================================================
Candidate: CAN-2002-0621
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0621
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: BUGTRAQ:20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)
Reference: MS:MS02-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp
Reference: XF:mscs-owc-installer-bo(9424)
Reference: URL:http://www.iss.net/security_center/static/9424.php
Reference: BID:5108
Reference: URL:http://www.securityfocus.com/bid/5108

Buffer overflow in the Office Web Components (OWC) package installer
used by Microsoft Commerce Server 2000 allows remote attackers to
cause the process to fail or run arbitrary code in the LocalSystem
security context via certain input to the OWC package installer.


Modifications:
  DESC fix typos
  ADDREF XF:mscs-owc-installer-bo(9424)
  ADDREF BID:5108

INFERRED ACTION: CAN-2002-0621 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Foat, Cole
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> XF:mscs-owc-installer-bo(9424)
   URL:http://www.iss.net/security_center/static/9424.php
   BID:5108
   URL:http://www.securityfocus.com/bid/5108
 Christey> "arbitray"?  "by via"?


======================================================
Candidate: CAN-2002-0622
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0622
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: BUGTRAQ:20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)
Reference: MS:MS02-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp
Reference: XF:mscs-owc-installer-permissions(9425)
Reference: URL:http://www.iss.net/security_center/static/9425.php
Reference: BID:5111
Reference: URL:http://www.securityfocus.com/bid/5111

The Office Web Components (OWC) package installer for Microsoft
Commerce Server 2000 allows remote attackers to execute commands by
passing the commands as input to the OWC package installer, aka "OWC
Package Command Execution".


Modifications:
  ADDREF XF:mscs-owc-installer-permissions(9425)
  ADDREF BID:5111

INFERRED ACTION: CAN-2002-0622 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Foat, Cole
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> XF:mscs-owc-installer-permissions(9425)
   URL:http://www.iss.net/security_center/static/9425.php
   BID:5111
   URL:http://www.securityfocus.com/bid/5111


======================================================
Candidate: CAN-2002-0623
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0623
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: MS:MS02-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp
Reference: BID:5112
Reference: URL:http://www.securityfocus.com/bid/5112
Reference: XF:mscs-authfilter-isapi-bo-variant(9426)
Reference: URL:http://www.iss.net/security_center/static/9426.php

Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce
Server 2000 and 2002 allows remote attackers to execute arbitrary code
via long authentication data, aka "New Variant of the ISAPI Filter
Buffer Overrun".


Modifications:
  ADDREF BID:5112
  ADDREF XF:mscs-authfilter-isapi-bo-variant(9426)

INFERRED ACTION: CAN-2002-0623 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Foat, Cole
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> BID:5112
   URL:http://www.securityfocus.com/bid/5112
   XF:mscs-authfilter-isapi-bo-variant(9426)
   URL:http://www.iss.net/security_center/static/9426.php


======================================================
Candidate: CAN-2002-0631
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0631
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020726
Assigned: 20020621
Category: SF
Reference: SGI:20020607-02-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020607-02-I
Reference: BID:5092
Reference: URL:http://www.securityfocus.com/bid/5092
Reference: XF:irix-nveventd-file-write(9418)
Reference: URL:http://www.iss.net/security_center/static/9418.php

Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5
through 6.5.16 allows local users to write arbitrary files and gain
root privileges.


Modifications:
  DESC fix typo
  ADDREF BID:5092
  ADDREF XF:irix-nveventd-file-write(9418)

INFERRED ACTION: CAN-2002-0631 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> fix typo: "root root"
   BID:5092
   URL:http://www.securityfocus.com/bid/5092
   XF:irix-nveventd-file-write(9418)
   URL:http://www.iss.net/security_center/static/9418.php


======================================================
Candidate: CAN-2002-0638
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0638
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020830
Assigned: 20020627
Category: SF
Reference: VULNWATCH:20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html
Reference: BUGTRAQ:20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102795787713996&w=2
Reference: CERT-VN:VU#405955
Reference: URL:http://www.kb.cert.org/vuls/id/405955
Reference: REDHAT:RHSA-2002:132
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-132.html
Reference: REDHAT:RHSA-2002:137
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-137.html
Reference: CONECTIVA:CLA-2002:523
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523
Reference: CALDERA:CSSA-2002-043.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt
Reference: MANDRAKE:MDKSA-2002:047
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php
Reference: BUGTRAQ:20020730 TSLSA-2002-0064 - util-linux
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html
Reference: HP:HPSBTL0207-054
Reference: URL:http://online.securityfocus.com/advisories/4320
Reference: XF:utillinux-chfn-race-condition(9709)
Reference: URL:http://www.iss.net/security_center/static/9709.php
Reference: BID:5344
Reference: URL:http://www.securityfocus.com/bid/5344

setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3
and earlier, and other operating systems, does not properly lock a
temporary file when modifying /etc/passwd, which may allow local users
to gain privileges via a complex race condition that uses an open file
descriptor in utility programs such as chfn and chsh.


Modifications:
  ADDREF REDHAT:RHSA-2002:137
  ADDREF CONECTIVA:CLA-2002:523
  ADDREF CALDERA:CSSA-2002-043.0

INFERRED ACTION: CAN-2002-0638 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Foat, Cole
   MODIFY(1) Cox
   NOOP(1) Christey

Voter Comments:
 Cox> ADDREF:RHSA-2002:137
 Christey> CONECTIVA:CLA-2002:523
 Christey> CALDERA:CSSA-2002-043.0


======================================================
Candidate: CAN-2002-0639
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0639
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-02
Proposed: 20020726
Assigned: 20020628
Category: SF
Reference: ISS:20020626 OpenSSH Remote Challenge Vulnerability
Reference: BUGTRAQ:20020626 OpenSSH Security Advisory (adv.iss)
Reference: BUGTRAQ:20020626 Revised OpenSSH Security Advisory (adv.iss)
Reference: BUGTRAQ:20020627 How to reproduce OpenSSH Overflow.
Reference: NETBSD:2002-005
Reference: CERT-VN:VU#369347
Reference: CERT:CA-2002-18
Reference: HP:HPSBUX0206-195
Reference: CALDERA:CSSA-2002-030.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt
Reference: BUGTRAQ:20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html
Reference: CONECTIVA:CLA-2002:502
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502
Reference: ENGARDE:ESA-20020702-016
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2177.html
Reference: MANDRAKE:MDKSA-2002:040
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:040
Reference: BID:5093
Reference: XF:openssh-challenge-response-bo(9169)
Reference: URL:http://www.iss.net/security_center/static/9169.php

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote
attackers to execute arbitrary code during challenge response
authentication (ChallengeResponseAuthentication) when OpenSSH is using
SKEY or BSD_AUTH authentication.


Modifications:
  ADDREF CALDERA:CSSA-2002-030.0
  ADDREF BUGTRAQ:20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)
  ADDREF CONECTIVA:CLA-2002:502
  ADDREF ENGARDE:ESA-20020702-016
  ADDREF MANDRAKE:MDKSA-2002:040
  ADDREF XF:openssh-challenge-response-bo(9169)

INFERRED ACTION: CAN-2002-0639 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Cox, Foat, Cole
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> CALDERA:CSSA-2002-030.0
   URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt
   BUGTRAQ:20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)
   URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html
   CONECTIVA:CLA-2002:502
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502
   ENGARDE:ESA-20020702-016
   URL:http://www.linuxsecurity.com/advisories/other_advisory-2177.html
 Christey> MANDRAKE:MDKSA-2002:040


======================================================
Candidate: CAN-2002-0640
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0640
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-02
Proposed: 20020726
Assigned: 20020628
Category: SF
Reference: BUGTRAQ:20020626 Revised OpenSSH Security Advisory (adv.iss)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102514631524575&w=2
Reference: BUGTRAQ:20020626 OpenSSH Security Advisory (adv.iss)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102514371522793&w=2
Reference: BUGTRAQ:20020627 How to reproduce OpenSSH Overflow.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102521542826833&w=2
Reference: BUGTRAQ:20020628 Sun statement on the OpenSSH Remote Challenge Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102532054613894&w=2
Reference: CERT-VN:VU#369347
Reference: URL:http://www.kb.cert.org/vuls/id/369347
Reference: CERT:CA-2002-18
Reference: URL:http://www.cert.org/advisories/CA-2002-18.html
Reference: DEBIAN:DSA-134
Reference: URL:http://www.debian.org/security/2002/dsa-134
Reference: HP:HPSBUX0206-195
Reference: BID:5093
Reference: URL:http://www.securityfocus.com/bid/5093
Reference: REDHAT:RHSA-2002:131
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-131.html
Reference: CALDERA:CSSA-2002-030.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt
Reference: CONECTIVA:CLA-2002:502
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502
Reference: ENGARDE:ESA-20020702-016
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2177.html
Reference: MANDRAKE:MDKSA-2002:040
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:040
Reference: SUSE:SuSE-SA:2002:024
Reference: URL:http://www.suse.de/de/security/2002_024_openssh_txt.html
Reference: REDHAT:RHSA-2002:127
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-127.html

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote
attackers to execute arbitrary code via a large number of responses
during challenge response authentication when OpenBSD is using PAM
modules with interactive keyboard authentication
(PAMAuthenticationViaKbdInt).


Modifications:
  ADDREF REDHAT:RHSA-2002:131
  ADDREF CALDERA:CSSA-2002-030.0
  ADDREF CONECTIVA:CLA-2002:502
  ADDREF ENGARDE:ESA-20020702-016
  ADDREF SUSE:SuSE-SA:2002:024
  ADDREF REDHAT:RHSA-2002:127
  ADDREF MANDRAKE:MDKSA-2002:040

INFERRED ACTION: CAN-2002-0640 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Foat, Cole
   MODIFY(1) Cox
   NOOP(2) Christey, Wall

Voter Comments:
 Cox> ADDREF:RHSA-2002:131
 Christey> CALDERA:CSSA-2002-030.0
   URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt
   CONECTIVA:CLA-2002:502
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502
   ENGARDE:ESA-20020702-016
   URL:http://www.linuxsecurity.com/advisories/other_advisory-2177.html
   SUSE:SuSE-SA:2002:024
   URL:http://www.suse.de/de/security/2002_024_openssh_txt.html
   REDHAT:RHSA-2002:127
   URL:http://www.redhat.com/support/errata/RHSA-2002-127.html
 Christey> MANDRAKE:MDKSA-2002:040


======================================================
Candidate: CAN-2002-0642
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0642
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020726
Assigned: 20020628
Category: CF
Reference: MS:MS02-034
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-034.asp
Reference: CERT:CA-2002-22
Reference: URL:http://www.cert.org/advisories/CA-2002-22.html
Reference: CERT-VN:VU#796313
Reference: URL:http://www.kb.cert.org/vuls/id/796313
Reference: XF:mssql-registry-insecure-permissions(9523)
Reference: URL:http://www.iss.net/security_center/static/9523.php
Reference: BID:5205
Reference: URL:http://www.securityfocus.com/bid/5205

The registry key containing the SQL Server service account information
in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop
Engine (MSDE) 2000, has insecure permissions, which allows local users
to gain privileges, aka "Incorrect Permission on SQL Server Service
Account Registry Key."


Modifications:
  ADDREF XF:mssql-registry-insecure-permissions(9523)
  ADDREF BID:5205
  ADDREF CERT:CA-2002-22
  ADDREF CERT-VN:VU#796313

INFERRED ACTION: CAN-2002-0642 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> XF:mssql-registry-insecure-permissions(9523)
   URL:http://www.iss.net/security_center/static/9523.php
   BID:5205
   URL:http://www.securityfocus.com/bid/5205
   CERT:CA-2002-22
   CERT-VN:VU#796313
 Frech> XF:mssql-registry-insecure-permissions(9523)


======================================================
Candidate: CAN-2002-0647
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0647
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020830
Assigned: 20020628
Category: SF
Reference: MS:MS02-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp
Reference: XF:ms-legacytext-activex-bo(9935)
Reference: URL:http://www.iss.net/security_center/static/9935.php
Reference: BID:5558
Reference: URL:http://www.securityfocus.com/bid/5558

Buffer overflow in a legacy ActiveX control used to display specially
formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0
allows remote attackers to execute arbitrary code, aka "Buffer Overrun
in Legacy Text Formatting ActiveX Control".


Modifications:
  ADDREF XF:ms-legacytext-activex-bo(9935)
  ADDREF BID:5558

INFERRED ACTION: CAN-2002-0647 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
   NOOP(1) Cox


======================================================
Candidate: CAN-2002-0648
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0648
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020830
Assigned: 20020628
Category: SF
Reference: BUGTRAQ:20020823 Accessing remote/local content in IE (GM#009-IE)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011639524314&w=2
Reference: MS:MS02-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp
Reference: XF:ie-xml-redirect-read-files(9936)
Reference: URL:http://www.iss.net/security_center/static/9936.php
Reference: BID:5560
Reference: URL:http://www.securityfocus.com/bid/5560

The legacy <script> data-island capability for XML in Microsoft
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read
arbitrary XML files, and portions of other files, via a URL whose
"src" attribute redirects to a local file.


Modifications:
  ADDREF XF:ie-xml-redirect-read-files(9936)
  ADDREF BID:5560

INFERRED ACTION: CAN-2002-0648 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Cole, Armstrong
   MODIFY(1) Foat
   NOOP(1) Cox

Voter Comments:
 Foat> The description varies somewhat from the detailed references provided.
   The description indicates that this could lead to compromise of local files,
   while the other references (including Microsoft) indicate the problem is broader
   in scope. Suggest modifying the description to replace "redirects to a local
   file" to "redirects to another domain".


======================================================
Candidate: CAN-2002-0650
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0650
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020726
Assigned: 20020628
Category: SF
Reference: BUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102760196931518&w=2
Reference: NTBUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102760479902411&w=2
Reference: MS:MS02-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-039.asp
Reference: XF:mssql-resolution-keepalive-dos(9662)
Reference: URL:http://www.iss.net/security_center/static/9662.php
Reference: BID:5312
Reference: URL:http://www.securityfocus.com/bid/5312

The keep-alive mechanism for Microsoft SQL Server 2000 allows remote
attackers to cause a denial of service (bandwidth consumption) via a
"ping" style packet to the Resolution Service (UDP port 1434) with a
spoofed IP address of another SQL Server system, which causes the two
servers to exchange packets in an infinite loop.


Modifications:
  ADDREF XF:mssql-resolution-keepalive-dos(9662)
  ADDREF BID:5312

INFERRED ACTION: CAN-2002-0650 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> XF:mssql-resolution-keepalive-dos(9662)
   URL:http://www.iss.net/security_center/static/9662.php
   BID:5312
   URL:http://www.securityfocus.com/bid/5312
 Frech> XF:mssql-resolution-keepalive-dos(9662)


======================================================
Candidate: CAN-2002-0653
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20020817-01
Proposed: 20020726
Assigned: 20020702
Category: SF
Reference: VULN-DEV:20020622 Another flaw in Apache?
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102477330617604&w=2
Reference: BUGTRAQ:20020624 Apache mod_ssl off-by-one vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102513970919836&w=2
Reference: REDHAT:RHSA-2002:134
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-134.html
Reference: CALDERA:CSSA-2002-031.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-031.0.txt
Reference: MANDRAKE:MDKSA-2002:048
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-048.php
Reference: DEBIAN:DSA-135
Reference: URL:http://www.debian.org/security/2002/dsa-135
Reference: ENGARDE:ESA-20020702-017
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102563469326072&w=2
Reference: SUSE:SuSE-SA:2002:028
Reference: URL:http://www.suse.de/de/security/2002_028_mod_ssl.html
Reference: CONECTIVA:CLA-2002:504
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000504
Reference: BUGTRAQ:20020628 TSL-2002-0058 - apache/mod_ssl
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0350.html
Reference: HP:HPSBTL0207-052
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0018.html
Reference: BID:5084
Reference: URL:http://online.securityfocus.com/bid/5084
Reference: XF:apache-modssl-htaccess-bo(9415)
Reference: URL:http://www.iss.net/security_center/static/9415.php

Off-by-one buffer overflow in rewrite_command hook for mod_ssl Apache
module 2.8.9 and earlier allows local users to execute arbitrary code
as the Apache server user via .htaccess files with long entries.


Modifications:
  ADDREF MANDRAKE:MDKSA-2002:048
  ADDREF DEBIAN:DSA-135
  ADDREF ENGARDE:ESA-20020702-017
  ADDREF SUSE:SuSE-SA:2002:028
  ADDREF CONECTIVA:CLA-2002:504
  ADDREF BID:5084
  ADDREF VULN-DEV:20020622 Another flaw in Apache?
  ADDREF BUGTRAQ:20020628 TSL-2002-0058 - apache/mod_ssl
  ADDREF XF:apache-modssl-htaccess-bo(9415)
  ADDREF HP:HPSBTL0207-052

INFERRED ACTION: CAN-2002-0653 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Wall, Cole
   NOOP(3) Christey, Cox, Foat

Voter Comments:
 Christey> MANDRAKE:MDKSA-2002:048
 Christey> ADDREF DEBIAN:DSA-135
   ADDREF ENGARDE:ESA-20020702-017
   ADDREF SUSE:SuSE-SA:2002:028
   Add details to desc.
   ADDREF CONECTIVA:CLA-2002:504
   ADDREF BID:5084
   ADDREF VULN-DEV:20020622 Another flaw in Apache?
   BUGTRAQ:20020628 TSL-2002-0058 - apache/mod_ssl
   HP:HPSBTL0207-052


======================================================
Candidate: CAN-2002-0658
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020830
Assigned: 20020702
Category: SF
Reference: MANDRAKE:MDKSA-2002:045
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-045.php
Reference: REDHAT:RHSA-2002:153
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-153.html
Reference: REDHAT:RHSA-2002:154
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-154.html
Reference: REDHAT:RHSA-2002:156
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-156.html
Reference: REDHAT:RHSA-2002:164
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-164.html
Reference: CALDERA:CSSA-2002-032.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-032.0.txt
Reference: DEBIAN:DSA-137
Reference: URL:http://www.debian.org/security/2002/dsa-137
Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.007] OpenPKG Security Advisory (mm)
Reference: HP:HPSBTL0208-056
Reference: URL:http://online.securityfocus.com/advisories/4392
Reference: FREEBSD:FreeBSD-SN-02:05
Reference: URL:http://online.securityfocus.com/advisories/4431
Reference: SUSE:SuSE-SA:2002:028
Reference: URL:http://www.suse.com/de/security/2002_028_mod_ssl.html
Reference: XF:mm-tmpfile-symlink(9719)
Reference: URL:http://www.iss.net/security_center/static/9719.php
Reference: BID:5352
Reference: URL:http://online.securityfocus.com/bid/5352

OSSP mm library (libmm) before 1.2.0 allows the local Apache user to
gain privileges via temporary files, possibly via a symbolic link attack.


Modifications:
  ADDREF REDHAT:RHSA-2002:156

INFERRED ACTION: CAN-2002-0658 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Wall, Cole
   MODIFY(1) Cox
   NOOP(1) Foat

Voter Comments:
 Cox> ADDREF:RHSA-2002:163 RHSA-2002:156 RHSA-2002:154


======================================================
Candidate: CAN-2002-0663
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0663
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020726
Assigned: 20020702
Category: SF
Reference: ATSTAKE:A071502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071502-1.txt
Reference: VULNWATCH:20020715 Re: [VulnWatch] Advisory Name: Norton Personal Internet Firewall HTTP Proxy Vulnerability
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html
Reference: XF:norton-fw-http-bo(9579)
Reference: URL:http://www.iss.net/security_center/static/9579.php
Reference: BID:5237
Reference: URL:http://www.securityfocus.com/bid/5237

Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet
Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a large outgoing HTTP request.


Modifications:
  ADDREF XF:norton-fw-http-bo(9579)
  ADDREF BID:5237
  ADDREF CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html

INFERRED ACTION: CAN-2002-0663 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Prosser, Baker, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> XF:norton-fw-http-bo(9579)
   URL:http://www.iss.net/security_center/static/9579.php
   BID:5237
   URL:http://www.securityfocus.com/bid/5237
 Baker> http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html
 Prosser> Validated with discovered and fixed by Symantec

   http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html
 Frech> XF:norton-fw-http-bo(9579)


======================================================
Candidate: CAN-2002-0665
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0665
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020726
Assigned: 20020704
Category: SF
Reference: BUGTRAQ:20020628 wp-02-0009: Macromedia JRun Admin Server Authentication Bypass
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102529402127195&w=2
Reference: VULNWATCH:20020628 [VulnWatch] wp-02-0009: Macromedia JRun Admin Server Authentication Bypass
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.html
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
Reference: XF:jrun-forwardslash-auth-bypass(9450)
Reference: URL:http://www.iss.net/security_center/static/9450.php
Reference: BID:5118
Reference: URL:http://www.securityfocus.com/bid/5118

Macromedia JRun Administration Server allows remote attackers to
bypass authentication on the login form via an extra slash (/) in the
URL.


Modifications:
  ADDREF XF:jrun-forwardslash-auth-bypass(9450)
  ADDREF BID:5118

INFERRED ACTION: CAN-2002-0665 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Wall, Cole
   NOOP(3) Christey, Cox, Foat

Voter Comments:
 Christey> XF:jrun-forwardslash-auth-bypass(9450)
   URL:http://www.iss.net/security_center/static/9450.php
   BID:5118
   URL:http://www.securityfocus.com/bid/5118


======================================================
Candidate: CAN-2002-0671
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0671
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020726
Assigned: 20020709
Category: SF
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
Reference: XF:pingtel-xpressa-dns-spoofing(9566)
Reference: URL:http://www.iss.net/security_center/static/9566.php
Reference: BID:5224
Reference: URL:http://www.securityfocus.com/bid/5224

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4
downloads phone applications from a web site but can not verify the
integrity of the applications, which could allow remote attackers to
install Trojan horse applications via DNS spoofing.


Modifications:
  ADDREF XF:pingtel-xpressa-dns-spoofing(9566)
  ADDREF BID:5224

INFERRED ACTION: CAN-2002-0671 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(5) Cox, Balinsky, Wall, Foat, Armstrong

Voter Comments:
 Frech> XF:pingtel-xpressa-dns-spoofing(9566)


======================================================
Candidate: CAN-2002-0676
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0676
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020726
Assigned: 20020709
Category: SF
Reference: BUGTRAQ:20020706 MacOS X SoftwareUpdate Vulnerability
Reference: MISC:http://www.cunap.com/~hardingr/projects/osx/exploit.html
Reference: XF:macos-softwareupdate-no-auth(9502)
Reference: URL:http://www.iss.net/security_center/static/9502.php
Reference: BID:5176
Reference: URL:http://www.securityfocus.com/bid/5176

SoftwareUpdate for MacOS 10.1.x does not use authentication when
downloading a software update, which could allow remote attackers to
execute arbitrary code by posing as the Apple update server via
techniques such as DNS spoofing or cache poisoning, and supplying
Trojan Horse updates.


Modifications:
  ADDREF XF:macos-softwareupdate-no-auth(9502)
  ADDREF BID:5176

INFERRED ACTION: CAN-2002-0676 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Balinsky, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> XF:macos-softwareupdate-no-auth(9502)
   URL:http://www.iss.net/security_center/static/9502.php
   BID:5176
   URL:http://www.securityfocus.com/bid/5176
 Balinsky> Vendor addressed the vulnerable application. It isn't clear that this is the same problem, but it is likely.
   http://docs.info.apple.com/article.html?artnum=75304
 Frech> XF:macos-softwareupdate-no-auth(9502)
 Christey> Since this CAN was reserved by Apple, I think we can safely
   say that they've acknowledged the bug ;-)


======================================================
Candidate: CAN-2002-0678
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0678
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030321-01
Proposed: 20020726
Assigned: 20020709
Category: SF
Reference: BUGTRAQ:20020710 [CORE-20020528] Multiple vulnerabilities in ToolTalk Database server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102635906423617&w=2
Reference: CERT:CA-2002-20
Reference: URL:http://www.cert.org/advisories/CA-2002-20.html
Reference: CERT-VN:VU#299816
Reference: URL:http://www.kb.cert.org/vuls/id/299816
Reference: HP:HPSBUX0207-199
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0011.html
Reference: AIXAPAR:IY32368
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0002.html
Reference: AIXAPAR:IY32370
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0002.html
Reference: CALDERA:CSSA-2002-SCO.28
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.28/CSSA-2002-SCO.28.txt
Reference: SGI:20021101-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021101-01-P
Reference: XF:tooltalk-ttdbserverd-tttransaction-symlink(9527)
Reference: URL:http://www.iss.net/security_center/static/9527.php
Reference: BID:5083
Reference: URL:http://www.securityfocus.com/bid/5083

CDE ToolTalk database server (ttdbserver) allows local users to
overwrite arbitrary files via a symlink attack on the transaction log
file used by the _TT_TRANSACTION RPC procedure.


Modifications:
  ADDREF XF:tooltalk-ttdbserverd-tttransaction-symlink(9527)
  ADDREF BID:5083
  ADDREF AIXAPAR:IY32368
  ADDREF AIXAPAR:IY32370
  ADDREF HP:HPSBUX0207-199
  ADDREF SGI:20021101-01-P

INFERRED ACTION: CAN-2002-0678 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(3) Christey, Cox, Foat

Voter Comments:
 Christey> XF:tooltalk-ttdbserverd-tttransaction-symlink(9527)
   URL:http://www.iss.net/security_center/static/9527.php
   BID:5083
   URL:http://www.securityfocus.com/bid/5083

   HP:HPSBUX0207-199
   URL:http://archives.neohapsis.com/archives/hp/2002-q3/0011.html
   Note: while the HP advisory discusses "buffer overflows,"
   it specifically mentions CA-2002-20, and the text of the
   advisory is included in vendor statements for the CERT-VU's for both
   ToolTalk issues covered by CA-2002-20.

   AIXAPAR:IY32368
   URL:http://archives.neohapsis.com/archives/aix/2002-q3/0002.html
   AIXAPAR:IY32370
   URL:http://archives.neohapsis.com/archives/aix/2002-q3/0002.html
 Christey> HP:HPSBUX0207-199
   URL:http://online.securityfocus.com/advisories/4290
 Christey> SGI:20021101-01-P
 Frech> XF:tooltalk-ttdbserverd-tttransaction-symlink(9527)


======================================================
Candidate: CAN-2002-0679
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0679
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020709
Category: SF
Reference: BUGTRAQ:20020812 ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Database
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102917002523536&w=2
Reference: CERT:CA-2002-26
Reference: URL:http://www.cert.org/advisories/CA-2002-26.html
Reference: CERT-VN:VU#387387
Reference: URL:http://www.kb.cert.org/vuls/id/387387
Reference: CALDERA:CSSA-2002-SCO.28.1
Reference: COMPAQ:SSRT2274
Reference: AIXAPAR:IY32792
Reference: AIXAPAR:IY32793
Reference: HP:HPSBUX0207-199
Reference: URL:http://online.securityfocus.com/advisories/4290
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity
Reference: XF:tooltalk-ttdbserverd-ttcreatefile-bo(9822)
Reference: URL:http://www.iss.net/security_center/static/9822.php
Reference: BID:5444
Reference: URL:http://www.securityfocus.com/bid/5444

Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC
database server (rpc.ttdbserverd) allows remote attackers to execute
arbitrary code via an argument to the _TT_CREATE_FILE procedure.


Modifications:
  ADDREF XF:tooltalk-ttdbserverd-ttcreatefile-bo(9822)
  ADDREF BID:5444
  ADDREF HP:HPSBUX0207-199
  ADDREF CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity

INFERRED ACTION: CAN-2002-0679 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> XF:tooltalk-ttdbserverd-ttcreatefile-bo(9822)
   URL:http://www.iss.net/security_center/static/9822.php
   BID:5444
   URL:http://www.securityfocus.com/bid/5444
   HP:HPSBUX0207-199
   URL:http://online.securityfocus.com/advisories/4290
   CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity


======================================================
Candidate: CAN-2002-0685
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0685
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020726
Assigned: 20020711
Category: SF
Reference: BUGTRAQ:20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102634756815773&w=2
Reference: NTBUGTRAQ:20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102639521518942&w=2
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.04/hotfix/ReadMe.txt
Reference: XF:pgp-outlook-heap-overflow(9525)
Reference: URL:http://www.iss.net/security_center/static/9525.php
Reference: BID:5202
Reference: URL:http://www.securityfocus.com/bid/5202

Heap-based buffer overflow in the message decoding functionality for
PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security
7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote
attackers to modify the heap and gain privileges via a large,
malformed mail message.


Modifications:
  ADDREF XF:pgp-outlook-heap-overflow(9525)
  ADDREF BID:5202
  DESC Add "heap-based" to overflow term

INFERRED ACTION: CAN-2002-0685 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(3) Christey, Cox, Foat

Voter Comments:
 Christey> XF:pgp-outlook-heap-overflow(9525)
   URL:http://www.iss.net/security_center/static/9525.php
   BID:5202
   URL:http://www.securityfocus.com/bid/5202
 Frech> XF:pgp-outlook-heap-overflow(9525)


======================================================
Candidate: CAN-2002-0687
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0687
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020726
Assigned: 20020712
Category: SF
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert
Reference: REDHAT:RHSA-2002:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-060.html
Reference: BID:5813
Reference: URL:http://www.securityfocus.com/bid/5813
Reference: XF:zope-inject-headers-dos(9621)
Reference: URL:http://www.iss.net/security_center/static/9621.php

The "through the web code" capability for Zope 2.0 through 2.5.1 b1
allows untrusted users to shut down the Zope server via certain
headers.


Modifications:
  ADDREF REDHAT:RHSA-2002:060
  ADDREF BID:5813
  ADDREF XF:zope-inject-headers-dos(9621)

INFERRED ACTION: CAN-2002-0687 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Cox, Cole, Armstrong
   NOOP(3) Christey, Wall, Foat

Voter Comments:
 Christey> REDHAT:RHSA-2002:060
   URL:http://www.redhat.com/support/errata/RHSA-2002-060.html
   BID:5813
   URL:http://www.securityfocus.com/bid/5813


======================================================
Candidate: CAN-2002-0688
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0688
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020726
Assigned: 20020712
Category: SF
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert
Reference: REDHAT:RHSA-2002:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-060.html
Reference: BID:5812
Reference: URL:http://www.securityfocus.com/bid/5812
Reference: XF:zope-zcatalog-index-bypass(9610)
Reference: URL:http://www.iss.net/security_center/static/9610.php

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1
allows anonymous users and untrusted code to bypass access
restrictions and call arbitrary methods of catalog indexes.


Modifications:
  ADDREF REDHAT:RHSA-2002:060
  ADDREF BID:5812
  ADDREF XF:zope-zcatalog-index-bypass(9610)

INFERRED ACTION: CAN-2002-0688 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> REDHAT:RHSA-2002:060
   URL:http://www.redhat.com/support/errata/RHSA-2002-060.html
   BID:5812
   URL:http://www.securityfocus.com/bid/5812


======================================================
Candidate: CAN-2002-0691
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0691
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020712
Category: SF
Reference: MS:MS02-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp
Reference: XF:ie-local-resource-xss(9938)
Reference: URL:http://www.iss.net/security_center/static/9938.php
Reference: BID:5561
Reference: URL:http://www.securityfocus.com/bid/5561

Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to
execute scripts in the Local Computer zone via a URL that references a
local HTML resource file, a variant of "Cross-Site Scripting in Local
HTML Resource"as identified by CAN-2002-0189.


Modifications:
  ADDREF XF:ie-local-resource-xss(9938)
  ADDREF BID:5561

INFERRED ACTION: CAN-2002-0691 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> XF:ie-local-resource-xss(9938)
   URL:http://www.iss.net/security_center/static/9938.php
   BID:5561
   URL:http://www.securityfocus.com/bid/5561


======================================================
Candidate: CAN-2002-0695
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0695
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020712
Category: SF
Reference: MS:MS02-040
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-040.asp
Reference: MISC:http://www.nextgenss.com/advisories/mssql-ors.txt
Reference: XF:mssql-mdac-openrowset-bo(9734)
Reference: URL:http://www.iss.net/security_center/static/9734.php
Reference: BID:5372
Reference: URL:http://online.securityfocus.com/bid/5372

Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of
Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server
7.0 or 2000 allows remote attackers to execute arbitrary code via a
query that calls the OpenRowSet command.


Modifications:
  ADDREF XF:mssql-mdac-openrowset-bo(9734)
  ADDREF MISC:http://www.nextgenss.com/advisories/mssql-ors.txt
  ADDREF BID:5372

INFERRED ACTION: CAN-2002-0695 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Foat, Cole
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> XF:mssql-mdac-openrowset-bo(9734)
   URL:http://www.iss.net/security_center/static/9734.php
   MISC:http://www.nextgenss.com/advisories/mssql-ors.txt
   BID:5372
   URL:http://online.securityfocus.com/bid/5372


======================================================
Candidate: CAN-2002-0697
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0697
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020726
Assigned: 20020712
Category: SF
Reference: MS:MS02-036
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-036.asp
Reference: XF:mms-data-repository-access(9657)
Reference: URL:http://www.iss.net/security_center/static/9657.php
Reference: BID:5308
Reference: URL:http://www.securityfocus.com/bid/5308

Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to
bypass authentication and modify sensitive data by using an LDAP
client to directly connect to MMS and bypass the checks for MMS
credentials.


Modifications:
  ADDREF XF:mms-data-repository-access(9657)
  ADDREF BID:5308

INFERRED ACTION: CAN-2002-0697 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(3) Christey, Cox, Foat

Voter Comments:
 Christey> XF:mms-data-repository-access(9657)
   URL:http://www.iss.net/security_center/static/9657.php
   BID:5308
   URL:http://www.securityfocus.com/bid/5308
 CHANGE> [Armstrong changed vote from NOOP to ACCEPT]
 Frech> XF:mms-data-repository-access(9657)


======================================================
Candidate: CAN-2002-0698
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0698
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020726
Assigned: 20020712
Category: SF
Reference: ISS:20020724 Remote Buffer Overflow Vulnerability in Microsoft Exchange Server
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20759
Reference: MSKB:Q326322
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q326322
Reference: MS:MS02-037
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-037.asp
Reference: XF:exchange-imc-ehlo-bo(9658)
Reference: URL:http://www.iss.net/security_center/static/9658.php
Reference: BID:5306
Reference: URL:http://www.securityfocus.com/bid/5306

Buffer overflow in Internet Mail Connector (IMC) for Microsoft
Exchange Server 5.5 allows remote attackers to execute arbitrary code
via an EHLO request from a system with a long name as obtained through
a reverse DNS lookup, which triggers the overflow in IMC's hello
response.


Modifications:
  ADDREF XF:exchange-imc-ehlo-bo(9658)
  ADDREF BID:5306

INFERRED ACTION: CAN-2002-0698 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> XF:exchange-imc-ehlo-bo(9658)
   URL:http://www.iss.net/security_center/static/9658.php
   BID:5306
   URL:http://www.securityfocus.com/bid/5306
 Frech> XF:exchange-imc-ehlo-bo(9658)


======================================================
Candidate: CAN-2002-0700
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0700
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020712
Category: SF
Reference: MS:MS02-041
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-041.asp
Reference: XF:mcms-authentication-bo(9783)
Reference: URL:http://www.iss.net/security_center/static/9783.php
Reference: BID:5420
Reference: URL:http://www.securityfocus.com/bid/5420

Buffer overflow in a system function that performs user authentication
for Microsoft Content Management Server (MCMS) 2001 allows attackers
to execute code in the Local System context by authenticating to a web
page that calls the function, aka "Unchecked Buffer in MDAC Function
Could Enable SQL Server Compromise."


Modifications:
  ADDREF XF:mcms-authentication-bo(9783)
  ADDREF BID:5420

INFERRED ACTION: CAN-2002-0700 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> XF:mcms-authentication-bo(9783)
   URL:http://www.iss.net/security_center/static/9783.php
   BID:5420
   URL:http://www.securityfocus.com/bid/5420


======================================================
Candidate: CAN-2002-0701
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0701
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020726
Assigned: 20020712
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:30
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102650797504351&w=2
Reference: OPENBSD:20020627 009: SECURITY FIX: June 27, 2002
Reference: URL:http://www.openbsd.org/errata.html#ktrace
Reference: XF:openbsd-ktrace-gain-privileges(9474)
Reference: URL:http://www.iss.net/security_center/static/9474.php
Reference: BID:5133
Reference: URL:http://www.securityfocus.com/bid/5133

ktrace in BSD-based operating systems allows the owner of a process
with special privileges to trace the process after its privileges have
been lowered, which may allow the owner to obtain sensitive
information that the process obtained while it was running with the
extra privileges.


Modifications:
  ADDREF XF:openbsd-ktrace-gain-privileges(9474)
  ADDREF BID:5133

INFERRED ACTION: CAN-2002-0701 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> XF:openbsd-ktrace-gain-privileges(9474)
   URL:http://www.iss.net/security_center/static/9474.php
   BID:5133
   URL:http://www.securityfocus.com/bid/5133


======================================================
Candidate: CAN-2002-0703
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0703
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020716
Category: SF
Reference: REDHAT:RHSA-2002:081
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-081.html
Reference: MANDRAKE:MDKSA-2002:035
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-035.php
Reference: XF:linux-utf8-incorrect-md5(9051)
Reference: URL:http://www.iss.net/security_center/static/9051.php
Reference: BID:4716
Reference: URL:http://www.securityfocus.com/bid/4716

An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl
could produce incorrect MD5 checksums for UTF-8 data, which could
prevent a system from properly verifying the integrity of the data.

INFERRED ACTION: CAN-2002-0703 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong
   NOOP(1) Foat


======================================================
Candidate: CAN-2002-0704
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0704
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020716
Category: SF
Reference: BUGTRAQ:20020508 [CARTSA-20020402] Linux Netfilter NAT/ICMP code information leak
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102088521517722&w=2
Reference: REDHAT:RHSA-2002:086
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-086.html
Reference: MANDRAKE:MDKSA-2002:030
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-030.php
Reference: HP:HPSBTL0205-039
Reference: URL:http://online.securityfocus.com/advisories/4116
Reference: XF:linux-netfilter-information-leak(9043)
Reference: URL:http://www.iss.net/security_center/static/9043.php
Reference: BID:4699
Reference: URL:http://www.securityfocus.com/bid/4699

The Network Address Translation (NAT) capability for Netfilter
("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP
error messages.

INFERRED ACTION: CAN-2002-0704 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong
   NOOP(1) Foat


======================================================
Candidate: CAN-2002-0710
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0710
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020718
Category: SF
Reference: BUGTRAQ:20020730 Directory traversal vulnerability in sendform.cgi
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102809084218422&w=2
Reference: VULNWATCH:20020731 [VulnWatch] Directory traversal vulnerability in sendform.cgi
Reference: CONFIRM:http://www.scn.org/~bb615/scripts/sendform.html
Reference: XF:sendform-blurbfile-directory-traversal(9725)
Reference: URL:http://www.iss.net/security_center/static/9725.php
Reference: BID:5286
Reference: URL:http://www.securityfocus.com/bid/5286

Directory traversal vulnerability in sendform.cgi 1.44 and earlier
allows remote attackers to read arbitrary files by specifying the
desired files in the BlurbFilePath parameter.


Modifications:
  ADDREF XF:sendform-blurbfile-directory-traversal(9725)
  ADDREF BID:5286

INFERRED ACTION: CAN-2002-0710 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> XF:sendform-blurbfile-directory-traversal(9725)
   URL:http://www.iss.net/security_center/static/9725.php


======================================================
Candidate: CAN-2002-0714
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0714
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020726
Assigned: 20020720
Category: SF
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: REDHAT:RHSA-2002:051
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-051.html
Reference: REDHAT:RHSA-2002:130
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-130.html
Reference: SUSE:SuSE-SA:2002:025
Reference: CALDERA:CSSA-2002-046.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt
Reference: CONECTIVA:CLA-2002:506
Reference: MANDRAKE:MDKSA-2002:044
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php
Reference: BUGTRAQ:20020715 TSLSA-2002-0062 - squid
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102674543407606&w=2
Reference: XF:squid-ftp-data-injection(9479)
Reference: URL:http://www.iss.net/security_center/static/9479.php
Reference: BID:5158
Reference: URL:http://www.securityfocus.com/bid/5158

FTP proxy in Squid before 2.4.STABLE6 does not compare the IP
addresses of control and data connections with the FTP server, which
allows remote attackers to bypass firewall rules or spoof FTP server
responses.


Modifications:
  ADDREF XF:squid-ftp-data-injection(9479)
  ADDREF CALDERA:CSSA-2002-046.0
  ADDREF REDHAT:RHSA-2002:051

INFERRED ACTION: CAN-2002-0714 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(2) Christey, Foat

Voter Comments:
 Frech> XF:squid-ftp-data-injection(9479)
 Christey> REDHAT:RHSA-2002:051
   URL:http://rhn.redhat.com/errata/RHSA-2002-051.html


======================================================
Candidate: CAN-2002-0716
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0716
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020726
Assigned: 20020722
Category: SF
Reference: BUGTRAQ:20020604 SRT Security Advisory (SRT2002-06-04-1711): SCO crontab
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102323070305101&w=2
Reference: VULN-DEV:20020604 SRT Security Advisory (SRT2002-06-04-1711): SCO crontab
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102323386107641&w=2
Reference: CALDERA:CSSA-2002-SCO.35
Reference: BID:4938
Reference: URL:http://www.securityfocus.com/bid/4938
Reference: XF:openserver-crontab-format-string(9271)
Reference: URL:http://www.iss.net/security_center/static/9271.php

Format string vulnerability in crontab for SCO OpenServer 5.0.5 and
5.0.6 allows local users to gain privileges via format string
specifiers in the file name argument.


Modifications:
  ADDREF BID:4938
  ADDREF XF:openserver-crontab-format-string(9271)

INFERRED ACTION: CAN-2002-0716 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> BID:4938
   URL:http://www.securityfocus.com/bid/4938
   XF:openserver-crontab-format-string(9271)
   URL:http://www.iss.net/security_center/static/9271.php


======================================================
Candidate: CAN-2002-0718
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0718
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: MS:MS02-041
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-041.asp
Reference: BID:5421
Reference: URL:http://www.securityfocus.com/bid/5421
Reference: XF:mcms-authoring-file-execution(9784)
Reference: URL:http://www.iss.net/security_center/static/9784.php

Web authoring command in Microsoft Content Management Server (MCMS)
2001 allows attackers to authenticate and upload executable content,
by modifying the upload location, aka "Program Execution via MCMS
Authoring Function."


Modifications:
  ADDREF BID:5421
  ADDREF XF:mcms-authoring-file-execution(9784)

INFERRED ACTION: CAN-2002-0718 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> BID:5421
   URL:http://www.securityfocus.com/bid/5421
   XF:mcms-authoring-file-execution(9784)
   URL:http://www.iss.net/security_center/static/9784.php


======================================================
Candidate: CAN-2002-0719
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0719
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: MS:MS02-041
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-041.asp
Reference: BID:5422
Reference: URL:http://www.securityfocus.com/bid/5422
Reference: XF:mcms-resource-sql-injection(9785)
Reference: URL:http://www.iss.net/security_center/static/9785.php

SQL injection vulnerability in the function that services for
Microsoft Content Management Server (MCMS) 2001 allows remote
attackers to execute arbitrary commands via an MCMS resource request
for image files or other files.


Modifications:
  ADDREF BID:5422
  ADDREF XF:mcms-resource-sql-injection(9785)

INFERRED ACTION: CAN-2002-0719 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> BID:5422
   URL:http://www.securityfocus.com/bid/5422
   XF:mcms-resource-sql-injection(9785)
   URL:http://www.iss.net/security_center/static/9785.php


======================================================
Candidate: CAN-2002-0720
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0720
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: MS:MS02-042
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-042.asp
Reference: XF:win2k-ncm-gain-privileges(9856)
Reference: URL:http://www.iss.net/security_center/static/9856.php
Reference: BID:5480
Reference: URL:http://www.securityfocus.com/bid/5480

A handler routine for the Network Connection Manager (NCM) in Windows
2000 allows local users to gain privileges via a complex attack that
causes the handler to run in the LocalSystem context with
user-specified code.


Modifications:
  ADDREF XF:win2k-ncm-gain-privileges(9856)
  ADDREF BID:5480
  DESC add OS

INFERRED ACTION: CAN-2002-0720 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> XF:win2k-ncm-gain-privileges(9856)
   URL:http://www.iss.net/security_center/static/9856.php
   BID:5480
   URL:http://www.securityfocus.com/bid/5480


======================================================
Candidate: CAN-2002-0722
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0722
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: BUGTRAQ:20020828 Origin of downloaded files can be spoofed in MSIE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103054692223380&w=2
Reference: MS:MS02-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp
Reference: XF:ie-file-origin-spoofing(9937)
Reference: URL:http://www.iss.net/security_center/static/9937.php
Reference: BID:5559
Reference: URL:http://www.securityfocus.com/bid/5559

Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers
to misrepresent the source of a file in the File Download dialogue box
to trick users into thinking that the file type is safe to download,
aka "File Origin Spoofing."


Modifications:
  ADDREF XF:ie-file-origin-spoofing(9937)
  ADDREF BID:5559

INFERRED ACTION: CAN-2002-0722 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> XF:ie-file-origin-spoofing(9937)
   URL:http://www.iss.net/security_center/static/9937.php
   BID:5559
   URL:http://www.securityfocus.com/bid/5559


======================================================
Candidate: CAN-2002-0726
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0726
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: ATSTAKE:A082802-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a082802-1.txt
Reference: MS:MS02-046
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-046.asp
Reference: XF:ms-tsac-activex-bo(9934)
Reference: URL:http://www.iss.net/security_center/static/9934.php
Reference: BID:5554
Reference: URL:http://www.securityfocus.com/bid/5554

Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC)
ActiveX control allows remote attackers to execute arbitrary code via
a long server name field.


Modifications:
  ADDREF XF:ms-tsac-activex-bo(9934)
  ADDREF BID:5554

INFERRED ACTION: CAN-2002-0726 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> XF:ms-tsac-activex-bo(9934)
   URL:http://www.iss.net/security_center/static/9934.php
   BID:5554
   URL:http://www.securityfocus.com/bid/5554


======================================================
Candidate: CAN-2002-0727
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0727
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: MS:MS02-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-044.asp
Reference: BUGTRAQ:20020408 Scripting for the scriptless with OWC in IE (GM#005-IE)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101829645415486&w=2
Reference: XF:owc-spreadsheet-host-script-execution (8777)
Reference: URL:http://www.iss.net/security_center/static/8777.php
Reference: BID:4449
Reference: URL:http://online.securityfocus.com/bid/4449

The Host function in Microsoft Office Web Components (OWC) 2000 and
2002 is exposed in components that are marked as safe for scripting,
which allows remote attackers to execute arbitrary commands via the
setTimeout method.

INFERRED ACTION: CAN-2002-0727 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Cole, Armstrong
   NOOP(2) Cox, Foat


======================================================
Candidate: CAN-2002-0733
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0733
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: VULNWATCH:20020417 Smalls holes on 5 products #1
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html
Reference: CONFIRM:http://www.acme.com/software/thttpd/#releasenotes
Reference: MISC:http://www.ifrance.com/kitetoua/tuto/5holes1.txt
Reference: XF:thttpd-error-page-css(9029)
Reference: URL:http://www.iss.net/security_center/static/9029.php
Reference: BID:4601
Reference: URL:http://www.securityfocus.com/bid/4601

Cross-site scripting vulnerability in thttpd 2.20 and earlier allows
remote attackers to execute arbitrary script via a URL to a
nonexistent page, which causes thttpd to insert the script into a 404
error message.

INFERRED ACTION: CAN-2002-0733 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0734
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0734
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020506 b2 php remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0027.html
Reference: CONFIRM:http://cafelog.com/
Reference: BID:4673
Reference: URL:http://www.securityfocus.com/bid/4673
Reference: XF:b2-b2inc-command-execution(9013)
Reference: URL:http://www.iss.net/security_center/static/9013.php

b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly
load the b2config.php file in some configurations, which allows remote
attackers to execute arbitrary PHP code via a URL that sets the $b2inc
variable to point to a malicious program stored on a remote server.


Modifications:
  DESC remove "Trojan horse" terminology

INFERRED ACTION: CAN-2002-0734 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0736
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0736
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020416 Back Office Web Administrator Authentication Bypass (#NISR17042002A)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html
Reference: MSKB:Q316838
Reference: URL:http://support.microsoft.com/support/kb/articles/q316/8/38.asp
Reference: BID:4528
Reference: URL:http://www.securityfocus.com/bid/4528
Reference: XF:backoffice-bypass-authentication(8862)
Reference: URL:http://www.iss.net/security_center/static/8862.php

Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by
other systems, allows remote attackers to bypass authentication and
access the administrative ASP pages via an HTTP request with an
authorization type (auth_type) that is not blank.

INFERRED ACTION: CAN-2002-0736 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
   NOOP(1) Cox


======================================================
Candidate: CAN-2002-0737
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0737
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020417 KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass
Reference: URL:http://online.securityfocus.com/archive/1/268121
Reference: VULNWATCH:20020417 [VulnWatch] KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0026.html
Reference: CONFIRM:http://www.sambar.com/security.htm
Reference: XF:sambar-script-source-disclosure(8876)
Reference: URL:http://www.iss.net/security_center/static/8876.php
Reference: BID:4533
Reference: URL:http://www.securityfocus.com/bid/4533

Sambar web server before 5.2 beta 1 allows remote attackers to obtain
source code of server-side scripts, or cause a denial of service
(resource exhaustion) via DOS devices, using a URL that ends with a
space and a null character.

INFERRED ACTION: CAN-2002-0737 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0738
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0738
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0260.html
Reference: CONFIRM:http://www.mhonarc.org/MHonArc/CHANGES
Reference: DEBIAN:DSA-163
Reference: URL:http://www.debian.org/security/2002/dsa-163
Reference: XF:mhonarc-script-filtering-bypass(8894)
Reference: URL:http://www.iss.net/security_center/static/8894.php
Reference: BID:4546
Reference: URL:http://www.securityfocus.com/bid/4546

MHonArc 2.5.2 and earlier does not properly filter Javascript from
archived e-mail messages, which could allow remote attackers to
execute script in web clients by (1) splitting the SCRIPT tag into
smaller pieces, (2) including the script in a SRC argument to an IMG
tag, or (3) using "&={script}" syntax.


Modifications:
  ADDREF DEBIAN:DSA-163

INFERRED ACTION: CAN-2002-0738 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> DEBIAN:DSA-163


======================================================
Candidate: CAN-2002-0741
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0741
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020423 PsyBNC Remote Dos POC
Reference: URL:http://online.securityfocus.com/archive/1/269131
Reference: BUGTRAQ:20020422 Re: psyBNC 2.3 DoS / Bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0322.html
Reference: BID:4570
Reference: URL:http://www.securityfocus.com/bid/4570
Reference: XF:psybnc-long-password-dos(8912)
Reference: URL:http://www.iss.net/security_center/static/8912.php

psyBNC 2.3 allows remote attackers to cause a denial of service (CPU
consumption and resource exhaustion) by sending a PASS command with a
long password argument and quickly killing the connection, which is
not properly terminated by psyBNC.

INFERRED ACTION: CAN-2002-0741 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   NOOP(4) Cox, Wall, Foat, Armstrong


======================================================
Candidate: CAN-2002-0748
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0748
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020423 LabVIEW Web Server DoS Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0323.html
Reference: CONFIRM:http://digital.ni.com/public.nsf/websearch/4C3F86E655E5389886256BA00064B22F?OpenDocument
Reference: XF:labview-http-get-dos(8919)
Reference: URL:http://www.iss.net/security_center/static/8919.php
Reference: BID:4577
Reference: URL:http://www.securityfocus.com/bid/4577

LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause
a denial of service (crash) via an HTTP GET request that ends in two
newline characters, instead of the expected carriage return/newline
combinations.

INFERRED ACTION: CAN-2002-0748 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0754
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0754
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:07
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc
Reference: BID:3919
Reference: URL:http://www.securityfocus.com/bid/3919
Reference: XF:kerberos5-k5su-elevate-privileges(7956)
Reference: URL:http://www.iss.net/security_center/static/7956.php

Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin
system call to determine if the user running k5su is root, which could
allow a root-initiated process to regain its privileges after it has
dropped them.


Modifications:
  DESC clarify

INFERRED ACTION: CAN-2002-0754 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> need to rewrite desc to make a little more clear.


======================================================
Candidate: CAN-2002-0755
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0755
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:24
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc
Reference: BID:4777
Reference: URL:http://www.securityfocus.com/bid/4777
Reference: XF:freebsd-k5su-gain-privileges(9125)
Reference: URL:http://www.iss.net/security_center/static/9125.php

Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a
user is a member of the wheel group before granting superuser
privileges, which could allow unauthorized users to execute commands
as root.

INFERRED ACTION: CAN-2002-0755 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0758
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0758
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: SUSE:SuSE-SA:2002:016
Reference: URL:http://www.suse.de/de/support/security/2002_016_sysconfig_txt.html
Reference: BID:4695
Reference: URL:http://www.securityfocus.com/bid/4695
Reference: XF:suse-sysconfig-command-execution(9040)
Reference: URL:http://www.iss.net/security_center/static/9040.php

ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote
attackers to execute arbitrary commands via spoofed DHCP responses,
which are stored and executed in a file.

INFERRED ACTION: CAN-2002-0758 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0759
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0759
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:25
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
Reference: CALDERA:CSSA-2002-039.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
Reference: XF:bzip2-decompression-file-overwrite(9126)
Reference: URL:http://www.iss.net/security_center/static/9126.php
Reference: BID:4774
Reference: URL:http://www.securityfocus.com/bid/4774

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and
3.1.1, and possibly other operating systems, does not use the O_EXCL
flag to create files during decompression and does not warn the user
if an existing file would be overwritten, which could allow attackers
to overwrite files via a bzip2 archive.


Modifications:
  ADDREF CALDERA:CSSA-2002-039.0
  DESC add OpenLinux to desc

INFERRED ACTION: CAN-2002-0759 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Cox, Cole, Armstrong
   NOOP(3) Christey, Wall, Foat

Voter Comments:
 Christey> CALDERA:CSSA-2002-039.0


======================================================
Candidate: CAN-2002-0760
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0760
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:25
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
Reference: CALDERA:CSSA-2002-039.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
Reference: BID:4775
Reference: URL:http://www.securityfocus.com/bid/4775
Reference: XF:bzip2-decompression-race-condition(9127)
Reference: URL:http://www.iss.net/security_center/static/9127.php

Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier,
OpenLinux 3.1 and 3.1.1, and possibly other operating systems,
decompresses files with world-readable permissions before setting the
permissions to what is specified in the bzip2 archive, which could
allow local users to read the files as they are being decompressed.


Modifications:
  DESC add OpenLinux
  ADDREF CALDERA:CSSA-2002-039.0

INFERRED ACTION: CAN-2002-0760 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Cox, Cole, Armstrong
   NOOP(3) Christey, Wall, Foat

Voter Comments:
 Christey> CALDERA:CSSA-2002-039.0


======================================================
Candidate: CAN-2002-0761
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0761
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:25
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
Reference: CALDERA:CSSA-2002-039.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
Reference: XF:bzip2-compression-symlink(9128)
Reference: URL:http://www.iss.net/security_center/static/9128.php
Reference: BID:4776
Reference: URL:http://www.securityfocus.com/bid/4776

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and
3.1.1, and possibly systems, uses the permissions of symbolic links
instead of the actual files when creating an archive, which could
cause the files to be extracted with less restrictive permissions than
intended.


Modifications:
  DESC add OpenLinux
  ADDREF CALDERA:CSSA-2002-039.0

INFERRED ACTION: CAN-2002-0761 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Cox, Cole, Armstrong
   NOOP(3) Christey, Wall, Foat

Voter Comments:
 Christey> CALDERA:CSSA-2002-039.0


======================================================
Candidate: CAN-2002-0762
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0762
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: SUSE:SuSE-SA:2002:017
Reference: URL:http://www.suse.de/de/support/security/2002_17_shadow.html
Reference: XF:suse-shadow-filesize-limits(9102)
Reference: URL:http://www.iss.net/security_center/static/9102.php
Reference: BID:4757
Reference: URL:http://www.securityfocus.com/bid/4757

shadow package in SuSE 8.0 allows local users to destroy the
/etc/passwd and /etc/shadow files or assign extra group privileges to
some users by changing filesize limits before calling programs that
modify the files.

INFERRED ACTION: CAN-2002-0762 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0765
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0765
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020527 OpenSSH 3.2.3 released (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html
Reference: OPENBSD:20020522 004: SECURITY FIX: May 22, 2002
Reference: URL:http://www.openbsd.org/errata.html#sshbsdauth
Reference: BID:4803
Reference: URL:http://www.securityfocus.com/bid/4803
Reference: XF:bsd-sshd-authentication-error(9215)
Reference: URL:http://www.iss.net/security_center/static/9215.php

sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain
conditions, may allow users to successfully authenticate and log in
with another user's password.

INFERRED ACTION: CAN-2002-0765 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Armstrong
   NOOP(2) Cox, Wall


======================================================
Candidate: CAN-2002-0766
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0766
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: VULNWATCH:20020509 [VulnWatch] OpenBSD local DoS and root exploit
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0066.html
Reference: BUGTRAQ:20020509 OpenBSD local DoS and root exploit
Reference: URL:http://online.securityfocus.com/archive/1/271702
Reference: OPENBSD:20020508 003: SECURITY FIX: May 8, 2002
Reference: URL:http://www.openbsd.org/errata.html#fdalloc2
Reference: XF:openbsd-file-descriptor-dos(9048)
Reference: URL:http://www.iss.net/security_center/static/9048.php

OpenBSD 2.9 through 3.1 allows local users to cause a denial of
service (resource exhaustion) and gain root privileges by filling the
kernel's file descriptor table and closing file descriptors 0, 1, or 2
before executing a privileged process, which is not properly handled
when OpenBSD fails to open an alternate descriptor.

INFERRED ACTION: CAN-2002-0766 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0768
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0768
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category:
Reference: SUSE:SuSE-SA:2002:018
Reference: URL:http://www.suse.com/de/support/security/2002_18_lukemftp.html
Reference: XF:lukemftp-pasv-bo(9130)
Reference: URL:http://www.iss.net/security_center/static/9130.php

Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and
possibly other operating systems, allows a malicious FTP server to
execute arbitrary code via a long PASV command.

INFERRED ACTION: CAN-2002-0768 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0776
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0776
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020713 Hosting Controller Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/282129
Reference: CONFIRM:http://hostingcontroller.com/english/logs/sp2log.html
Reference: XF:hosting-controller-password-modification(9554)
Reference: URL:http://www.iss.net/security_center/static/9554.php
Reference: BID:5229
Reference: URL:http://www.securityfocus.com/bid/5229

getuserdesc.asp in Hosting Controller 2002 allows remote attackers to
change the passwords of arbitrary users and gain privileges by
modifying the username parameter, as addressed by the "UpdateUser" hot
fix.


Modifications:
  ADDREF XF:hosting-controller-password-modification(9554)
  ADDREF BID:5229

INFERRED ACTION: CAN-2002-0776 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Balinsky, Cole
   MODIFY(1) Frech
   NOOP(4) Cox, Wall, Foat, Armstrong

Voter Comments:
 Frech> XF:hosting-controller-password-modification(9554)


======================================================
Candidate: CAN-2002-0777
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0777
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020520 Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html
Reference: XF:imail-ldap-bo(9116)
Reference: URL:http://www.iss.net/security_center/static/9116.php
Reference: BID:4780
Reference: URL:http://www.securityfocus.com/bid/4780

Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and
earlier allows remote attackers to execute arbitrary code via a long
"bind DN" parameter.

INFERRED ACTION: CAN-2002-0777 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0778
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0778
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: CF
Reference: CISCO:20020528 Transparent Cache Engine and Content Engine TCP Relay Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/transparentcache-tcp-relay-vuln-pub.shtml
Reference: XF:cisco-cache-content-tcp-forward(9082)
Reference: URL:http://www.iss.net/security_center/static/9082.php
Reference: BID:4751
Reference: URL:http://www.securityfocus.com/bid/4751

The default configuration of the proxy for Cisco Cache Engine and
Content Engine allows remote attackers to use HTTPS to make TCP
connections to allowed IP addresses while hiding the actual source IP.

INFERRED ACTION: CAN-2002-0778 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Armstrong
   NOOP(2) Cox, Wall


======================================================
Candidate: CAN-2002-0785
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0785
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020508 Hole in AOL Instant Messenger
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0086.html
Reference: XF:aim-addbuddy-bo(9058)
Reference: URL:http://www.iss.net/security_center/static/9058.php
Reference: BID:4709
Reference: URL:http://www.securityfocus.com/bid/4709

AOL Instant Messenger (AIM) allows remote attackers to cause a denial
of service (crash) via an "AddBuddy" link with the ScreenName
parameter set to a large number of comma-separated values, possibly
triggering a buffer overflow.

INFERRED ACTION: CAN-2002-0785 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Wall, Cole, Armstrong
   NOOP(2) Cox, Foat


======================================================
Candidate: CAN-2002-0788
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0788
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020508 NTFS and PGP interact to expose EFS encrypted data
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0052.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt
Reference: XF:pgp-ntfs-reveal-data(9044)
Reference: URL:http://www.iss.net/security_center/static/9044.php
Reference: BID:4702
Reference: URL:http://www.securityfocus.com/bid/4702

An interaction between PGP 7.0.3 with the "wipe deleted files" option,
when used on Windows Encrypted File System (EFS), creates a cleartext
temporary files that cannot be wiped or deleted due to strong
permissions, which could allow certain local users or attackers with
physical access to obtain cleartext information.

INFERRED ACTION: CAN-2002-0788 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0789
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0789
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020511 Bug in mnogosearch-3.1.19
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0092.html
Reference: CONFIRM:http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz
Reference: MISC:http://www.mnogosearch.org/history.html#log31
Reference: BID:4724
Reference: URL:http://www.securityfocus.com/bid/4724
Reference: XF:mnogosearch-search-cgi-bo(9060)
Reference: URL:http://www.iss.net/security_center/static/9060.php

Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows
remote attackers to execute arbitrary code via a long query (q)
parameter.

INFERRED ACTION: CAN-2002-0789 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0790
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0790
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: AIXAPAR:IY24556
Reference: URL:http://techsupport.services.ibm.com/server/aix.uhuic_getrec?args=DVsteamboat.boulder.ibm.com+DBAIX2+DA6854+STIY24556+USbin

clchkspuser and clpasswdremote in AIX expose an encrypted password in
the cspoc.log file, which could allow local users to gain privileges.

INFERRED ACTION: CAN-2002-0790 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   NOOP(4) Cox, Wall, Foat, Armstrong


======================================================
Candidate: CAN-2002-0794
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0794
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:26
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2002-05/0349.html
Reference: BID:4879
Reference: URL:http://www.securityfocus.com/bid/4879
Reference: XF:freebsd-accept-filter-dos(9209)
Reference: URL:http://www.iss.net/security_center/static/9209.php

The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly
remove entries from the incomplete listen queue when adding a
syncache, which allows remote attackers to cause a denial of service
(network service availability) via a large number of connection
attempts, which fills the queue.

INFERRED ACTION: CAN-2002-0794 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0795
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0795
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:27
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc
Reference: XF:freebsd-rc-delete-directories(9217)
Reference: URL:http://www.iss.net/security_center/static/9217.php
Reference: BID:4880
Reference: URL:http://www.securityfocus.com/bid/4880

The rc system startup script for FreeBSD 4 through 4.5 allows local
users to delete arbitrary files via a symlink attack on X Windows lock
files.

INFERRED ACTION: CAN-2002-0795 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0801
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0801
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: VULNWATCH:20020529 [VulnWatch] FW: Macromedia JRUN Buffer overflow vulnerability (#NISR29052002)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0085.html
Reference: BUGTRAQ:20020529 Addendum to advisory #NISR29052002 (JRun buffer overflow)
Reference: URL:http://online.securityfocus.com/archive/1/274601
Reference: BUGTRAQ:20020529 Macromedia JRUN Buffer overflow vulnerability (#NISR29052002)
Reference: URL:http://online.securityfocus.com/archive/1/274528
Reference: CERT-VN:VU#703835
Reference: URL:http://www.kb.cert.org/vuls/id/703835
Reference: CERT:CA-2002-14
Reference: URL:http://www.cert.org/advisories/CA-2002-14.html
Reference: XF:jrun-isapi-host-bo(9194)
Reference: URL:http://www.iss.net/security_center/static/9194.php
Reference: BID:4873
Reference: URL:http://www.securityfocus.com/bid/4873

Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows
remote attackers to execute arbitrary code via a direct request to the
filter with a long HTTP host header field in a URL for a .jsp file.

INFERRED ACTION: CAN-2002-0801 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Armstrong, Baker, Wall
   NOOP(2) Cox, Foat


======================================================
Candidate: CAN-2002-0802
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0802
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: MISC:http://marc.theaimsgroup.com/?l=postgresql-general&m=102032794322362
Reference: REDHAT:RHSA-2002:149
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-149.html
Reference: XF:postgresql-sqlascii-sql-injection(10328)
Reference: URL:http://www.iss.net/security_center/static/10328.php

The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding
consumes an extra character when processing a character that cannot be
converted, which could remove an escape character from the query and
make the application subject to SQL injection attacks.


Modifications:
  ADDREF REDHAT:RHSA-2002:149
  ADDREF XF:postgresql-sqlascii-sql-injection(10328)

INFERRED ACTION: CAN-2002-0802 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Armstrong, Alderson, Baker, Jones
   MODIFY(2) Frech, Cox
   NOOP(1) Foat

Voter Comments:
 Cox> ADDREF:REDHAT:RHSA-2002:149
 Frech> XF:postgresql-sqlascii-sql-injection(10328)


======================================================
Candidate: CAN-2002-0804
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0804
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 Prior To 2.14.2, 2.16 Prior To 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=129466
Reference: REDHAT:RHSA-2002:109
Reference: BID:4964
Reference: URL:http://online.securityfocus.com/bid/4964
Reference: XF:bugzilla-reversedns-hostname-spoof(9301)
Reference: URL:http://www.iss.net/security_center/static/9301.php

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured
to perform reverse DNS lookups, allows remote attackers to bypass IP
restrictions by connecting from a system with a spoofed reverse DNS
hostname.


Modifications:
  ADDREF XF:bugzilla-reversedns-hostname-spoof(9301)

INFERRED ACTION: CAN-2002-0804 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Wall
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 Frech> XF:bugzilla-reversedns-hostname-spoof(9301)


======================================================
Candidate: CAN-2002-0805
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0805
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=134575
Reference: REDHAT:RHSA-2002:109
Reference: BID:4964
Reference: URL:http://online.securityfocus.com/bid/4964
Reference: XF:bugzilla-world-writable-dir(9302)
Reference: URL:http://www.iss.net/security_center/static/9302.php

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new
directories with world-writable permissions, and (2) creates the
params file with world-writable permissions, which allows local users
to modify the files and execute code.


Modifications:
  ADDREF XF:bugzilla-world-writable-dir(9302)

INFERRED ACTION: CAN-2002-0805 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Wall
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 Frech> XF:bugzilla-world-writable-dir(9302)


======================================================
Candidate: CAN-2002-0806
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0806
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=141557
Reference: REDHAT:RHSA-2002:109
Reference: BID:4964
Reference: URL:http://online.securityfocus.com/bid/4964
Reference: XF:bugzilla-edituser-user-delete(9303)
Reference: URL:http://www.iss.net/security_center/static/9303.php

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows
authenticated users with editing privileges to delete other users by
directly calling the editusers.cgi script with the "del" option.


Modifications:
  ADDREF XF:bugzilla-edituser-user-delete(9303)

INFERRED ACTION: CAN-2002-0806 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Wall
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 Frech> XF:bugzilla-edituser-user-delete(9303)


======================================================
Candidate: CAN-2002-0808
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0808
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=107718
Reference: REDHAT:RHSA-2002:109
Reference: BID:4964
Reference: URL:http://online.securityfocus.com/bid/4964
Reference: XF:bugzilla-masschange-change-groupset(9305)
Reference: URL:http://www.iss.net/security_center/static/9305.php

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing
a mass change, sets the groupset of all bugs to the groupset of the
first bug, which could inadvertently cause insecure groupset
permissions to be assigned to some bugs.


Modifications:
  ADDREF XF:bugzilla-masschange-change-groupset(9305)

INFERRED ACTION: CAN-2002-0808 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Wall
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 Frech> XF:bugzilla-masschange-change-groupset(9305)


======================================================
Candidate: CAN-2002-0809
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0809
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=148674
Reference: REDHAT:RHSA-2002:109
Reference: BID:4964
Reference: URL:http://online.securityfocus.com/bid/4964
Reference: XF:bugzilla-group-permissions-removal(10141)
Reference: URL:http://www.iss.net/security_center/static/10141.php

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not
properly handle URL-encoded field names that are generated by some
browsers, which could cause certain fields to appear to be unset,
which has the effect of removing group permissions on bugs when
buglist.cgi is provided with the encoded field names.


Modifications:
  ADDREF XF:bugzilla-group-permissions-removal(10141)

INFERRED ACTION: CAN-2002-0809 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Wall
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 Frech> XF: bugzilla-group-permissions-removal(10141)


======================================================
Candidate: CAN-2002-0810
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0810
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=92263
Reference: REDHAT:RHSA-2002:109
Reference: BID:4964
Reference: URL:http://online.securityfocus.com/bid/4964
Reference: XF:bugzilla-shadow-database-information(9306)
Reference: URL:http://www.iss.net/security_center/static/9306.php

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error
messages from the syncshadowdb command to the HTML output, which could
leak sensitive information, including plaintext passwords, if
syncshadowdb fails.


Modifications:
  ADDREF XF:bugzilla-shadow-database-information(9306)

INFERRED ACTION: CAN-2002-0810 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Wall
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 Frech> XF:bugzilla-shadow-database-information(9306)


======================================================
Candidate: CAN-2002-0813
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0813
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020730
Category: SF
Reference: BUGTRAQ:20020727 Phenoelit Advisory, 0815 ++ * - Cisco_tftp
Reference: URL:http://online.securityfocus.com/archive/1/284634
Reference: CISCO:20020730 TFTP Long Filename Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml
Reference: BUGTRAQ:20020822 Cisco IOS exploit PoC
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103002169829669&w=2
Reference: XF:cisco-tftp-filename-bo(9700)
Reference: URL:http://www.iss.net/security_center/static/9700.php
Reference: BID:5328
Reference: URL:http://www.securityfocus.com/bid/5328

Heap-based buffer overflow in the TFTP server capability in Cisco IOS
11.1, 11.2, and 11.3 allows remote attackers to cause a denial of
service (reset) or modify configuration via a long filename.

INFERRED ACTION: CAN-2002-0813 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Wall
   NOOP(2) Cox, Foat


======================================================
Candidate: CAN-2002-0814
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0814
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020730
Category: SF
Reference: BUGTRAQ:20020724 VMware GSX Server Remote Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102752511030425&w=2
Reference: BUGTRAQ:20020726 Re: VMware GSX Server Remote Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102765223418716&w=2
Reference: NTBUGTRAQ:20020805 VMware GSX Server 2.0.1 Release and Security Alert
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0057.html
Reference: CONFIRM:http://www.vmware.com/download/gsx_security.html
Reference: XF:vmware-gsx-auth-bo(9663)
Reference: URL:http://www.iss.net/security_center/static/9663.php
Reference: BID:5294
Reference: URL:http://www.securityfocus.com/bid/5294

Buffer overflow in VMware Authorization Service for VMware GSX Server
2.0.0 build-2050 allows remote authenticated users to execute
arbitrary code via a long GLOBAL argument.

INFERRED ACTION: CAN-2002-0814 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Foat
   NOOP(2) Cox, Wall


======================================================
Candidate: CAN-2002-0816
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0816
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020731
Category: SF
Reference: BUGTRAQ:20020719 tru64 proof of concept /bin/su non-exec bypass
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102709593117171&w=2
Reference: COMPAQ:SSRT2257
Reference: URL:http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html
Reference: BID:5272
Reference: URL:http://online.securityfocus.com/bid/5272
Reference: XF:tru64-su-bo(9640)
Reference: URL:http://www.iss.net/security_center/static/9640.php

Buffer overflow in su in Tru64 Unix 5.x allows local users to gain
root privileges via a long username and argument.

INFERRED ACTION: CAN-2002-0816 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Cole, Baker
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0817
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0817
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020801
Category: SF
Reference: BUGTRAQ:20020731 The SUPER Bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102812622416695&w=2
Reference: VULNWATCH:20020730 The SUPER Bug
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0045.html
Reference: DEBIAN:DSA-139
Reference: URL:http://www.debian.org/security/2002/dsa-139
Reference: XF:super-syslog-format-string(9741)
Reference: URL:http://www.iss.net/security_center/static/9741.php
Reference: BID:5367
Reference: URL:http://www.securityfocus.com/bid/5367

Format string vulnerability in super for Linux allows local users to
gain root privileges via a long command line argument.


Modifications:
  ADDREF VULNWATCH:20020730 [VulnWatch] The SUPER Bug
  ADDREF XF:super-syslog-format-string(9741)
  ADDREF BID:5367

INFERRED ACTION: CAN-2002-0817 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Wall
   NOOP(3) Christey, Cox, Foat

Voter Comments:
 Christey> XF:super-syslog-format-string(9741)
   URL:http://www.iss.net/security_center/static/9741.php
   VULNWATCH:20020730 [VulnWatch] The SUPER Bug
   URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0045.html
   BID:5367
   URL:http://www.securityfocus.com/bid/5367


======================================================
Candidate: CAN-2002-0818
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0818
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020801
Category: SF
Reference: BUGTRAQ:20020718 wwwoffle-2.7b and prior segfaults with negative Content-Length value
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0194.html
Reference: SUSE:SuSE-SA:2002:029
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102821890317683&w=2
Reference: DEBIAN:DSA-144
Reference: URL:http://www.debian.org/security/2002/dsa-144
Reference: CALDERA:CSSA-2002-048.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-048.0.txt
Reference: XF:wwwoffle-neg-length-bo(9619)
Reference: URL:http://www.iss.net/security_center/static/9619.php
Reference: BID:5260
Reference: URL:http://www.securityfocus.com/bid/5260

wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a negative Content-Length value.


Modifications:
  ADDREF CALDERA:CSSA-2002-048.0

INFERRED ACTION: CAN-2002-0818 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Baker
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> CALDERA:CSSA-2002-048.0


======================================================
Candidate: CAN-2002-0823
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0823
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020802
Category: SF
Reference: BUGTRAQ:20020801 Winhelp32 Remote Buffer Overrun
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102822806329440&w=2
Reference: NTBUGTRAQ:20020801 Winhlp32.exe Remote BufferOverrun
Reference: MSKB:Q293338
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;en-us;q293338
Reference: XF:htmlhelp-item-bo(9746)
Reference: URL:http://www.iss.net/security_center/static/9746.php
Reference: BID:4857
Reference: URL:http://www.securityfocus.com/bid/4857

Buffer overflow in Winhlp32.exe allows remote attackers to execute
arbitrary code via an HTML document that calls the HTML Help ActiveX
control (HHCtrl.ocx) with a long pathname in the Item parameter.


Modifications:
  ADDREF XF:htmlhelp-item-bo(9746)
  ADDREF BID:4857

INFERRED ACTION: CAN-2002-0823 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Armstrong, Baker, Wall
   NOOP(3) Christey, Cox, Foat

Voter Comments:
 Christey> XF:htmlhelp-item-bo(9746)
   URL:http://www.iss.net/security_center/static/9746.php
   BID:4857
   URL:http://www.securityfocus.com/bid/4857
   MSKB:Q293338
   URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q293338


======================================================
Candidate: CAN-2002-0824
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0824
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020803
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:32.pppd
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102812546815606&w=2
Reference: NETBSD:NetBSD-SA2002-010
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-010.txt.asc
Reference: OPENBSD:20020729 011: SECURITY FIX: July 29, 2002
Reference: URL:http://www.openbsd.org/errata31.html
Reference: XF:pppd-race-condition(9738)
Reference: URL:http://www.iss.net/security_center/static/9738.php
Reference: BID:5355
Reference: URL:http://www.securityfocus.com/bid/5355

BSD pppd allows local users to change the permissions of arbitrary
files via a symlink attack on a file that is specified as a tty
device.


Modifications:
  DESC Add "BSD"
  ADDREF XF:pppd-race-condition(9738)
  ADDREF BID:5355
  ADDREF OPENBSD:20020729 011: SECURITY FIX: July 29, 2002

INFERRED ACTION: CAN-2002-0824 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Cole, Baker
   MODIFY(1) Cox
   NOOP(3) Christey, Wall, Foat

Voter Comments:
 Cox> change to "BSD pppd"
 Christey> XF:pppd-race-condition(9738)
   URL:http://www.iss.net/security_center/static/9738.php
   BID:5355
   URL:http://www.securityfocus.com/bid/5355


======================================================
Candidate: CAN-2002-0826
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0826
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020806
Category: SF
Reference: ATSTAKE:A080802-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a080802-1.txt
Reference: CONFIRM:http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html
Reference: XF:wsftp-site-cpwd-bo(9794)
Reference: URL:http://www.iss.net/security_center/static/9794.php
Reference: BID:5427
Reference: URL:http://www.securityfocus.com/bid/5427

Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated
users to execute arbitrary code via a long SITE CPWD command.


Modifications:
  ADDREF XF:wsftp-site-cpwd-bo(9794)
  ADDREF BID:5427

INFERRED ACTION: CAN-2002-0826 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Armstrong, Baker, Wall
   NOOP(3) Christey, Cox, Foat

Voter Comments:
 Christey> XF:wsftp-site-cpwd-bo(9794)
   URL:http://www.iss.net/security_center/static/9794.php
   BID:5427
   URL:http://www.securityfocus.com/bid/5427


======================================================
Candidate: CAN-2002-0829
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0829
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030324-01
Proposed: 20020830
Assigned: 20020806
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:35.ffs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865404413458&w=2
Reference: XF:freebsd-ffs-integer-overflow(9771)
Reference: URL:http://www.iss.net/security_center/static/9771.php
Reference: BID:5399
Reference: URL:http://www.securityfocus.com/bid/5399

Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD
4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary
file contents within FFS to gain privileges by creating a file that is
larger than allowed by the virtual memory system.


Modifications:
  ADDREF XF:freebsd-ffs-integer-overflow(9771)
  ADDREF BID:5399

INFERRED ACTION: CAN-2002-0829 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Baker
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> XF:freebsd-ffs-integer-overflow(9771)
   URL:http://www.iss.net/security_center/static/9771.php
   BID:5399
   URL:http://www.securityfocus.com/bid/5399


======================================================
Candidate: CAN-2002-0830
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0830
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020806
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:36.nfs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865517214722&w=2
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Reference: NETBSD:NetBSD-SA2002-013
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-013.txt.asc

Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier,
NetBSD 1.5.3 and earlier, and possibly other operating systems, allows
remote attackers to cause a denial of service (hang) via an RPC
message with a zero length payload, which causes NFS to reference a
previous payload and enter an infinite loop.


Modifications:
  ADDREF CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
  ADDREF NETBSD:NetBSD-SA2002-013
  DESC include other OSes

INFERRED ACTION: CAN-2002-0830 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Baker
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
   (Apple says "This is FreeBSD-SA-02:36.nfs")
 Christey> NETBSD:NetBSD-SA2002-013
   URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-013.txt.asc


======================================================
Candidate: CAN-2002-0831
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0831
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020806
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:37.kqueue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865142610126&w=2
Reference: XF:freebsd-kqueue-dos(9774)
Reference: URL:http://www.iss.net/security_center/static/9774.php
Reference: BID:5405
Reference: URL:http://www.securityfocus.com/bid/5405

The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local
users to cause a denial of service (kernel panic) via a pipe call in
which one end is terminated and an EVFILT_WRITE filter is registered
for the other end.


Modifications:
  ADDREF XF:freebsd-kqueue-dos(9774)
  ADDREF BID:5405

INFERRED ACTION: CAN-2002-0831 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Baker
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> XF:freebsd-kqueue-dos(9774)
   URL:http://www.iss.net/security_center/static/9774.php
   BID:5405
   URL:http://www.securityfocus.com/bid/5405


======================================================
Candidate: CAN-2002-0845
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0845
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020809
Category: SF
Reference: BUGTRAQ:20020808 EEYE: Sun(TM) ONE / iPlanet Web Server 4.1 and 6.0 Remote Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102890933623192&w=2
Reference: CONFIRM:http://www.sun.com/service/support/software/iplanet/alerts/transferencodingalert-23july2002.html
Reference: XF:iplanet-chunked-encoding-bo(9799)
Reference: URL:http://www.iss.net/security_center/static/9799.php
Reference: BID:5433
Reference: URL:http://www.securityfocus.com/bid/5433

Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows
remote attackers to execute arbitrary code via an HTTP request using
chunked transfer encoding.

INFERRED ACTION: CAN-2002-0845 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Armstrong, Baker, Wall, Foat
   NOOP(1) Cox


======================================================
Candidate: CAN-2002-0846
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0846
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020809
Category: SF
Reference: BUGTRAQ:20020808 EEYE: Macromedia Shockwave Flash Malformed Header Overflow
Reference: BUGTRAQ:20020830 RE:  Macromedia Shockwave Flash Malformed Header Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103072708329280&w=2
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23293
Reference: XF:flash-swf-header-bo(9798)
Reference: URL:http://www.iss.net/security_center/static/9798.php
Reference: BID:5430
Reference: URL:http://www.securityfocus.com/bid/5430

The decoder for Macromedia Shockwave Flash allows remote attackers to
execute arbitrary code via a malformed SWF header that contains more
data than the specified length.


Modifications:
  ADDREF BUGTRAQ:20020830 RE:  Macromedia Shockwave Flash Malformed Header Overflow
  ADDREF XF:flash-swf-header-bo(9798)
  ADDREF BID:5430

INFERRED ACTION: CAN-2002-0846 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Armstrong, Baker, Cox, Wall
   NOOP(2) Christey, Foat

Voter Comments:
 Christey> BUGTRAQ:20020830 RE:  Macromedia Shockwave Flash Malformed Header Overflow
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103072708329280&w=2
 Christey> XF:flash-swf-header-bo(9798)
   URL:http://www.iss.net/security_center/static/9798.php
   BID:5430
   URL:http://www.securityfocus.com/bid/5430


======================================================
Candidate: CAN-2002-0847
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0847
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020809
Category: SF
Reference: DEBIAN:DSA-145
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102874450402924&w=2
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=88790
Reference: XF:tinyproxy-memory-corruption(9079)
Reference: URL:http://www.iss.net/security_center/static/9079.php
Reference: BID:4731
Reference: URL:http://www.securityfocus.com/bid/4731

tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers
to execute arbitrary code via memory that is freed twice
(double-free).

INFERRED ACTION: CAN-2002-0847 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Baker
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-0848
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0848
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020809
Category: SF
Reference: CISCO:20020807 Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml
Reference: XF:cisco-vpn5000-plaintext-password(9781)
Reference: URL:http://www.iss.net/security_center/static/9781.php
Reference: BID:5417
Reference: URL:http://www.securityfocus.com/bid/5417

Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier,
and 5.2.23.0003 and earlier, when using RADIUS with a challenge type
of Password Authentication Protocol (PAP) or Challenge, sends the user
password in cleartext in a validation retry request, which could allow
remote attackers to steal passwords via sniffing.


Modifications:
  ADDREF XF:cisco-vpn5000-plaintext-password(9781)
  ADDREF BID:5417

INFERRED ACTION: CAN-2002-0848 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Armstrong, Baker, Wall, Foat
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> XF:cisco-vpn5000-plaintext-password(9781)
   URL:http://www.iss.net/security_center/static/9781.php
   BID:5417
   URL:http://www.securityfocus.com/bid/5417


======================================================
Candidate: CAN-2002-0851
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0851
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020810
Category: SF
Reference: VULNWATCH:20020809 Local Root Exploit
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0068.html
Reference: SUSE:SuSE-SA:2002:030
Reference: XF:isdn4linux-ipppd-format-string(9811)
Reference: URL:http://www.iss.net/security_center/static/9811.php
Reference: BID:5437
Reference: URL:http://www.securityfocus.com/bid/5437

Format string vulnerability in ISDN Point to Point Protocol (PPP)
daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to
gain root privileges via format strings in the device name command
line argument, which is not properly handled in a call to syslog.

INFERRED ACTION: CAN-2002-0851 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Armstrong, Baker, Wall
   NOOP(2) Cox, Foat


======================================================
Candidate: CAN-2002-0853
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0853
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020812
Category: SF
Reference: CISCO:20020812 Cisco VPN Client Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml
Reference: CERT-VN:VU#287771
Reference: URL:http://www.kb.cert.org/vuls/id/287771
Reference: XF:cisco-vpn-zerolength-dos(9821)
Reference: URL:http://www.iss.net/security_center/static/9821.php
Reference: BID:5440
Reference: URL:http://www.securityfocus.com/bid/5440

Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows
remote attackers to cause a denial of service (CPU consumption) via a
packet with a zero-length payload.


Modifications:
  ADDREF CERT-VN:VU#287771
  ADDREF XF:cisco-vpn-zerolength-dos(9821)
  ADDREF BID:5440

INFERRED ACTION: CAN-2002-0853 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Armstrong, Baker, Wall, Foat
   NOOP(2) Christey, Cox

Voter Comments:
 Christey> CERT-VN:VU#287771
   URL:http://www.kb.cert.org/vuls/id/287771
   XF:cisco-vpn-zerolength-dos(9821)
   URL:http://www.iss.net/security_center/static/9821.php
   BID:5440
   URL:http://www.securityfocus.com/bid/5440


======================================================
Candidate: CAN-2002-0856
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0856
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020813
Category: SF
Reference: ISS:20020813 Remote Denial of Service Vulnerability in Oracle9i SQL*NET
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941
Reference: VULNWATCH:20020813 ISS Security Brief: Remote Denial of Service Vulnerability in Oracle9i SQL*NET
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf
Reference: XF:oracle-listener-debug-dos(9237)
Reference: URL:http://www.iss.net/security_center/static/9237.php
Reference: BID:5457
Reference: URL:http://www.securityfocus.com/bid/5457

SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote
attackers to cause a denial of service (crash) via certain debug
requests that are not properly handled by the debugging feature.


Modifications:
  ADDREF BID:5457
  ADDREF VULNWATCH:20020813 ISS Security Brief: Remote Denial of Service Vulnerability in Oracle9i SQL*NET

INFERRED ACTION: CAN-2002-0856 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Armstrong, Baker
   NOOP(5) Cole, Christey, Cox, Wall, Foat

Voter Comments:
 Christey> BID:5457
   URL:http://www.securityfocus.com/bid/5457
   VULNWATCH:20020813 ISS Security Brief: Remote Denial of Service Vulnerability in Oracle9i SQL*NET
   URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html


======================================================
Candidate: CAN-2002-0859
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0859
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020815
Category: SF
Reference: BUGTRAQ:20020619 Microsoft SQL Server 2000 OpenDataSource Buffer Overflow (#NISR19062002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102450188620081&w=2
Reference: MISC:http://www.nextgenss.com/advisories/mssql-ods.txt
Reference: XF:mssql-jet-ods-bo(9375)
Reference: URL:http://www.iss.net/security_center/static/9375.php
Reference: BID:5057
Reference: URL:http://www.securityfocus.com/bid/5057
Reference: MSKB:Q282010
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q282010

Buffer overflow in the OpenDataSource function of the Jet engine on
Microsoft SQL Server 2000 allows remote attackers to execute arbitrary
code.


Modifications:
  ADDREF XF:mssql-jet-ods-bo(9375)
  ADDREF MSKB:Q282010
  ADDREF BID:5057
  ADDREF MISC:http://www.nextgenss.com/advisories/mssql-ods.txt

INFERRED ACTION: CAN-2002-0859 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Green, Baker, Wall
   MODIFY(1) Frech
   NOOP(2) Cox, Foat

Voter Comments:
 Frech> XF:mssql-jet-ods-bo(9375)


======================================================
Candidate: CAN-2002-0860
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0860
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020815
Category: SF
Reference: MS:MS02-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-044.asp
Reference: BUGTRAQ:20020408 Reading local files with OWC in IE (GM#006-IE)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101829911018463&w=2
Reference: XF:owc-spreadsheet-loadtext-read-files (8778)
Reference: URL:http://www.iss.net/security_center/static/8778.php
Reference: BID:4453
Reference: URL:http://online.securityfocus.com/bid/4453

The LoadText method in the spreadsheet component in Microsoft Office
Web Components (OWC) 2000 and 2002 allows remote attackers to read
arbitrary files through Internet Explorer via a URL that redirects to
the target file.

INFERRED ACTION: CAN-2002-0860 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Armstrong, Baker, Wall
   NOOP(2) Cox, Foat


======================================================
Candidate: CAN-2002-0871
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0871
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: DEBIAN:DSA-151
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102927065426172&w=2
Reference: MANDRAKE:MDKSA-2002:053
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-053.php
Reference: REDHAT:RHSA-2002:196
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-196.html
Reference: BUGTRAQ:20020814 GLSA: xinetd
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102935383506155&w=2
Reference: XF:xinetd-signal-leak-dos(9844)
Reference: URL:http://www.iss.net/security_center/static/9844.php
Reference: BID:5458
Reference: URL:http://www.securityfocus.com/bid/5458

xinetd 2.3.4 leaks file descriptors for the signal pipe to services
that are launched by xinetd, which could allow those services to cause
a denial of service via the pipe.


Modifications:
  DESC fix typo
  ADDREF MANDRAKE:MDKSA-2002:053
  ADDREF XF:xinetd-signal-leak-dos(9844)
  ADDREF BID:5458
  ADDREF REDHAT:RHSA-2002:196

INFERRED ACTION: CAN-2002-0871 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Armstrong, Baker, Cox, Foat
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> MANDRAKE:MDKSA-2002:053
   URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-053.php
   XF:xinetd-signal-leak-dos(9844)
   URL:http://www.iss.net/security_center/static/9844.php
   BID:5458
   URL:http://www.securityfocus.com/bid/5458
 Christey> typo: "allow those services cause"
 Christey> REDHAT:RHSA-2002:196

   fix typo: say "to cause"


======================================================
Candidate: CAN-2002-0872
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0872
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020813 New l2tpd release 0.68
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0102.html
Reference: DEBIAN:DSA-152
Reference: URL:http://www.debian.org/security/2002/dsa-152
Reference: BID:5451
Reference: URL:http://www.securityfocus.com/bid/5451
Reference: XF:l2tpd-rand-number-predictable(9845)
Reference: URL:http://www.iss.net/security_center/static/9845.php

l2tpd 0.67 does not initialize the random number generator, which
allows remote attackers to hijack sessions.


Modifications:
  ADDREF BUGTRAQ:20020813 New l2tpd release 0.68
  ADDREF BID:5451
  ADDREF XF:l2tpd-rand-number-predictable(9845)

INFERRED ACTION: CAN-2002-0872 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Baker
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> BUGTRAQ:20020813 New l2tpd release 0.68
   URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0102.html
   BID:5451
   URL:http://www.securityfocus.com/bid/5451
   XF:l2tpd-rand-number-predictable(9845)
   URL:http://www.iss.net/security_center/static/9845.php


======================================================
Candidate: CAN-2002-0873
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0873
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020813 New l2tpd release 0.68
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102925612907148&w=2
Reference: DEBIAN:DSA-152
Reference: URL:http://www.debian.org/security/2002/dsa-152
Reference: XF:l2tpd-vendor-field-bo(10460)
Reference: URL:http://www.iss.net/security_center/static/10460.php

Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the
vendor field via a long value in an attribute/value pair, possibly via
a buffer overflow.


Modifications:
  ADDREF XF:l2tpd-vendor-field-bo(10460)

INFERRED ACTION: CAN-2002-0873 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Baker
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> Consider deleting the Bugtraq reference, as it doesn't seem
   to mention this issue, unless it's the one with the title
   "Fix some off by 6 errors in avp handling"


======================================================
Candidate: CAN-2002-0875
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0875
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: DEBIAN:DSA-154
Reference: URL:http://www.debian.org/security/2002/dsa-154
Reference: SGI:20000301-03-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000301-03-I
Reference: FREEBSD:FreeBSD-SN-02:05
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
Reference: BID:5487
Reference: URL:http://online.securityfocus.com/bid/5487
Reference: XF:sgi-fam-insecure-permissions(9880)
Reference: URL:http://www.iss.net/security_center/static/9880.php

Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows
unprivileged users to obtain the names of files whose access is
restricted to the root group.


Modifications:
  ADDREF SGI:20000301-03-I
  ADDREF FREEBSD:FreeBSD-SN-02:05
  ADDREF BID:5487
  ADDREF XF:sgi-fam-insecure-permissions(9880)

INFERRED ACTION: CAN-2002-0875 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Baker
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> SGI:20000301-03-I
   FREEBSD:FreeBSD-SN-02:05
   URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
   BID:5487
   URL:http://online.securityfocus.com/bid/5487
   XF:sgi-fam-insecure-permissions(9880)
   URL:http://www.iss.net/security_center/static/9880.php


======================================================
Candidate: CAN-2002-0887
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0887
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20010522 [SRT2001-10] - scoadmin /tmp issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99057164129869&w=2
Reference: CALDERA:CSSA-2002-SCO.22
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.22/CSSA-2002-SCO.22.txt
Reference: BID:4875
Reference: URL:http://www.securityfocus.com/bid/4875
Reference: XF:openserver-scoadmin-symlink(9210)
Reference: URL:http://www.iss.net/security_center/static/9210.php

scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users
to overwrite arbitrary files via a symlink attack on temporary files,
as demonstrated using log files.


Modifications:
  DESC clarify role of log files

INFERRED ACTION: CAN-2002-0887 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Armstrong, Alderson, Baker, Frech
   MODIFY(1) Jones
   NOOP(2) Cox, Foat

Voter Comments:
 Jones> Suggest removing "log" from CVE description (i.e., "... on
   temporary files.").  Caldera indicates "temporary files", which could be
   other than log files; log file was used by discoverer as a proof-of-concept,
   but problem is application's creation and use of temporary files in general.


======================================================
Candidate: CAN-2002-0889
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0889
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: VULN-DEV:20020428 QPopper 4.0.4 buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102003707432457&w=2
Reference: BUGTRAQ:20020428 QPopper 4.0.4 buffer overflow
Reference: URL:http://online.securityfocus.com/archive/1/269969
Reference: CALDERA:CSSA-2002-SCO.20
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.20/CSSA-2002-SCO.20.txt
Reference: XF:qpopper-bulldir-bo(8949)
Reference: URL:http://www.iss.net/security_center/static/8949.php
Reference: BID:4614
Reference: URL:http://www.securityfocus.com/bid/4614

Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local
users to cause a denial of service and possibly execute arbitrary code
via a long bulldir argument in the user's .qpopper-options
configuration file.

INFERRED ACTION: CAN-2002-0889 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(6) Cole, Armstrong, Alderson, Baker, Frech, Jones
   NOOP(2) Cox, Foat


======================================================
Candidate: CAN-2002-0891
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0891
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020527 Netscreen 25 unauthorised reboot issue
Reference: URL:http://online.securityfocus.com/archive/1/274240
Reference: CONFIRM:http://www.netscreen.com/support/ns25_reboot.html
Reference: XF:netscreen-screenos-username-dos(9186)
Reference: URL:http://www.iss.net/security_center/static/9186.php
Reference: BID:4842
Reference: URL:http://www.securityfocus.com/bid/4842

The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and
certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote
attackers to cause a denial of service (crash) via a long user name.

INFERRED ACTION: CAN-2002-0891 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Armstrong, Alderson, Baker, Frech
   MODIFY(1) Jones
   NOOP(3) Christey, Cox, Foat

Voter Comments:
 Jones> Per NetScreen Alert, vulnerable versions should be: "versions
   prior to 2.6.1r8, 2.8.0r2, 2.8.1r1, 3.0.1r2, 3.0.2r3, and 3.0.3r1."
 Christey> The NetScreen alert referenced in the CONFIRM URL, dated
   June 3, 2002, says that the problem was "addressed in all
   versions of ScreenOS released after April 23, 2002. This list
   includes versions 2.6.1r8 and later, 2.8.0r2 and later, 2.8.1r1 and
   later, 3.0.1r2 and later, 3.0.2r3 and later, 3.0.3r1 and
   later"

   I've modified the description to reflect these ranges, though
   not to the level of detail covered by the advisory.


======================================================
Candidate: CAN-2002-0892
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0892
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: CF
Reference: BUGTRAQ:20020522 Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1
Reference: URL:http://online.securityfocus.com/archive/1/273615
Reference: VULNWATCH:20020522 [VulnWatch] Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0077.html
Reference: CONFIRM:http://www.newatlanta.com/do/findFaq?faq_id=151
Reference: BID:4793
Reference: URL:http://www.securityfocus.com/bid/4793
Reference: XF:servletexec-jsp10servlet-path-disclosure(9139)
Reference: URL:http://www.iss.net/security_center/static/9139.php

The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows
remote attackers to determine the path of the web root via a direct
request to com.newatlanta.servletexec.JSP10Servlet without a filename,
which leaks the pathname in an error message.

INFERRED ACTION: CAN-2002-0892 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Armstrong, Alderson, Baker, Frech
   MODIFY(1) Jones
   NOOP(2) Cox, Foat

Voter Comments:
 Jones> CVE description should read "... via a direct request to
   /servlet/com.newatlanta.servletexec.JSP10Servlet/ without ..."


======================================================
Candidate: CAN-2002-0897
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0897
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: VULNWATCH:20020524 [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0079.html
Reference: BUGTRAQ:20020524 [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/274020
Reference: BID:4820
Reference: URL:http://www.securityfocus.com/bid/4820
Reference: XF:localweb2k-protection-bypass(9165)
Reference: URL:http://www.iss.net/security_center/static/9165.php

LocalWEB2000 2.1.0 web server allows remote attackers to bypass access
restrictions for restricted files via a URL that contains the "/./"
directory.


Modifications:
  CHANGEREF VULNWATCH [normalize]

INFERRED ACTION: CAN-2002-0897 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Alderson, Frech, Jones
   NOOP(4) Cole, Armstrong, Cox, Foat


======================================================
Candidate: CAN-2002-0898
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0898
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: NTBUGTRAQ:20020527 Reading ANY local file in Opera (GM#001-OP)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102256058220402&w=2
Reference: BUGTRAQ:20020527 Reading ANY local file in Opera (GM#001-OP)
Reference: URL:http://online.securityfocus.com/archive/1/274202
Reference: CONFIRM:http://www.opera.com/windows/changelog/log603.html
Reference: BID:4834
Reference: URL:http://www.securityfocus.com/bid/4834
Reference: XF:opera-browser-file-retrieval(9188)
Reference: URL:http://www.iss.net/security_center/static/9188.php

Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary
files from the client system, without prompting the client, via an
input type=file tag whose value contains a newline.


Modifications:
  DESC fix typo

INFERRED ACTION: CAN-2002-0898 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Armstrong, Alderson, Baker, Frech
   MODIFY(1) Jones
   NOOP(2) Cox, Foat

Voter Comments:
 Jones> "arbiotrary" should be "arbitrary".


======================================================
Candidate: CAN-2002-0900
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0900
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020524 pks public key server DOS and remote execution
Reference: URL:http://online.securityfocus.com/archive/1/274107
Reference: CONFIRM:http://www.rubin.ch/pgp/src/patch_buffoverflow20020525
Reference: BID:4828
Reference: URL:http://www.securityfocus.com/bid/4828
Reference: XF:pgp-pks-search-bo(9171)
Reference: URL:http://www.iss.net/security_center/static/9171.php

Buffer overflow in pks PGP public key web server before 0.9.5 allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via a long search argument to the lookup
capability.


Modifications:
  ADDREF CONFIRM:http://www.rubin.ch/pgp/src/patch_buffoverflow20020525

INFERRED ACTION: CAN-2002-0900 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Alderson, Frech
   NOOP(6) Foat, Cole, Armstrong, Christey, Cox, Jones

Voter Comments:
 Jones> Unclear which versions are vulnerable.
 Christey> The PKS developer, Richard Laager, sent an email February 25,
   2003, saying that a patch was available.

   CONFIRM:http://www.rubin.ch/pgp/src/patch_buffoverflow20020525

   He also says that 0.9.5 and later versions were fixed.


======================================================
Candidate: CAN-2002-0904
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0904
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: VULN-DEV:20020529 New Kismet Packages available - SayText() and suid kismet_server issues
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102269718506080&w=2
Reference: BUGTRAQ:20020528 New Kismet Packages available - SayText() and suid kismet_server issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0259.html
Reference: CONFIRM:http://www.kismetwireless.net/CHANGELOG
Reference: BID:4883
Reference: URL:http://www.securityfocus.com/bid/4883
Reference: XF:kismet-saytext-command-execution(9213)
Reference: URL:http://www.iss.net/security_center/static/9213.php

SayText function in Kismet 2.2.1 and earlier allows remote attackers
to execute arbitrary commands via shell metacharacters (backtick or
pipe) in the essid argument.

INFERRED ACTION: CAN-2002-0904 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(6) Cole, Armstrong, Alderson, Baker, Frech, Jones
   NOOP(2) Foat, Cox


======================================================
Candidate: CAN-2002-0906
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0906
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: CERT-VN:VU#814627
Reference: URL:http://www.kb.cert.org/vuls/id/814627
Reference: CONFIRM:http://www.sendmail.org/8.12.5.html
Reference: BID:5122
Reference: URL:http://www.securityfocus.com/bid/5122
Reference: XF:sendmail-dns-txt-bo(9443)
Reference: URL:http://www.iss.net/security_center/static/9443.php

Buffer overflow in Sendmail before 8.12.5, when configured to use a
custom DNS map to query TXT records, allows remote attackers to cause
a denial of service and possibly execute arbitrary code via a
malicious DNS server.

INFERRED ACTION: CAN-2002-0906 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(7) Foat, Cole, Green, Baker, Frech, Cox, Wall


======================================================
Candidate: CAN-2002-0911
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0911
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: CALDERA:CSSA-2002-024.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-024.0.txt
Reference: BID:4923
Reference: URL:http://www.securityfocus.com/bid/4923
Reference: XF:volution-manager-plaintext-password(9240)
Reference: URL:http://www.iss.net/security_center/static/9240.php

Caldera Volution Manager 1.1 stores the Directory Administrator
password in cleartext in the slapd.conf file, which could allow local
users to gain privileges.

INFERRED ACTION: CAN-2002-0911 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Frech
   NOOP(2) Foat, Wall


======================================================
Candidate: CAN-2002-0914
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0914
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020601 SECURITY.NNOV: Courier CPU exhaustion + bonus on imap-uw
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0295.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=93065
Reference: BID:4908
Reference: URL:http://www.securityfocus.com/bid/4908
Reference: XF:courier-mta-year-dos(9228)
Reference: URL:http://www.iss.net/security_center/static/9228.php

Double Precision Courier e-mail MTA allows remote attackers to cause a
denial of service (CPU consumption) via a message with an extremely
large or negative value for the year, which causes a tight loop.

INFERRED ACTION: CAN-2002-0914 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Frech
   NOOP(2) Foat, Wall


======================================================
Candidate: CAN-2002-0916
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0916
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: VULNWATCH:20020603 [VulnWatch] [DER #11] - Remotey exploitable fmt string bug in squid
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0087.html
Reference: BUGTRAQ:20020604 [DER #11] - Remotey exploitable fmt string bug in squid
Reference: URL:http://online.securityfocus.com/archive/1/275347
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/diff-2.4.STABLE6-2.4.STABLE7.gz
Reference: BID:4929
Reference: URL:http://www.securityfocus.com/bid/4929
Reference: XF:msntauth-squid-format-string(9248)
Reference: URL:http://www.iss.net/security_center/static/9248.php

Format string vulnerability in the allowuser code for the Stellar-X
msntauth authentication module, as distributed in Squid 2.4.STABLE6
and earlier, allows remote attackers to execute arbitrary code via
format strings in the user name, which are not properly handled in a
syslog call.

INFERRED ACTION: CAN-2002-0916 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Frech
   NOOP(2) Foat, Wall


======================================================
Candidate: CAN-2002-0935
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0935
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: VULNWATCH:20020620 [VulnWatch] KPMG-2002025: Apache Tomcat Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0120.html
Reference: BUGTRAQ:20020620 KPMG-2002025: Apache Tomcat Denial of Service
Reference: URL:http://online.securityfocus.com/archive/1/277940
Reference: XF:tomcat-null-thread-dos(9396)
Reference: URL:http://www.iss.net/security_center/static/9396.php
Reference: BID:5067
Reference: URL:http://www.securityfocus.com/bid/5067

Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta,
allows remote attackers to cause a denial of service (resource
exhaustion) via a large number of requests to the server with null
characters, which causes the working threads to hang.

INFERRED ACTION: CAN-2002-0935 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Green, Baker, Frech
   NOOP(3) Foat, Cox, Wall

Voter Comments:
 Green> - SECURITYTRACKER REPORTS THAT THE ISSUE HAS BEEN ACKNOWLEDGED BY APACHE


======================================================
Candidate: CAN-2002-0938
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0938
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020614 XSS in CiscoSecure ACS v3.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html
Reference: BUGTRAQ:20020621 Re: XSS in CiscoSecure ACS v3.0
Reference: URL:http://online.securityfocus.com/archive/1/278222
Reference: BID:5026
Reference: URL:http://www.securityfocus.com/bid/5026
Reference: XF:ciscosecure-web-css(9353)
Reference: URL:http://www.iss.net/security_center/static/9353.php

Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows
remote attackers to execute arbitrary script or HTML as other web
users via the action argument in a link to setup.exe.

INFERRED ACTION: CAN-2002-0938 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Green, Baker, Frech, Wall
   NOOP(2) Foat, Cox


======================================================
Candidate: CAN-2002-0941
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0941
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020617 nCipher Advisory #4: Console Java apps can leak passphrases on Windows
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0172.html
Reference: BID:5024
Reference: URL:http://www.securityfocus.com/bid/5024
Reference: XF:ncipher-consolecallback-passphrase-leak(9354)
Reference: URL:http://www.iss.net/security_center/static/9354.php

The ConsoleCallBack class for nCipher running under JRE 1.4.0 and
1.4.0_01, as used by the TrustedCodeTool and possibly other
applications, may leak a passphrase when the user aborts an
application that is prompting for the passphrase, which could allow
attackers to gain privileges.

INFERRED ACTION: CAN-2002-0941 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Green, Baker, Frech
   NOOP(3) Foat, Cox, Wall


======================================================
Candidate: CAN-2002-0945
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0945
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020608 SeaNox Devwex - Denial of Service and Directory traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html
Reference: CONFIRM:http://www.seanox.de/projects.devwex.php
Reference: XF:devwex-get-bo(9298)
Reference: URL:http://www.iss.net/security_center/static/9298.php
Reference: BID:4979
Reference: URL:http://www.securityfocus.com/bid/4979

Buffer overflow in SeaNox Devwex allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
long HTTP GET request.

INFERRED ACTION: CAN-2002-0945 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Frech
   NOOP(2) Foat, Wall


======================================================
Candidate: CAN-2002-0946
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0946
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020608 SeaNox Devwex - Denial of Service and Directory traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html
Reference: CONFIRM:http://www.seanox.de/projects.devwex.php
Reference: BID:4978
Reference: URL:http://www.securityfocus.com/bid/4978
Reference: XF:devwex-dotdot-directory-traversal(9299)
Reference: URL:http://www.iss.net/security_center/static/9299.php

Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601
allows remote attackers to read arbitrary files via ..\ (dot dot)
sequences in an HTTP request.

INFERRED ACTION: CAN-2002-0946 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Frech
   NOOP(2) Foat, Wall


======================================================
Candidate: CAN-2002-0947
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0947
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020612 Oracle Reports Server Buffer Overflow (#NISR12062002B)
Reference: URL:http://online.securityfocus.com/archive/1/276524
Reference: VULNWATCH:20020612 [VulnWatch] Oracle Reports Server Buffer Overflow (#NISR12062002B)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html
Reference: CERT-VN:VU#997403
Reference: URL:http://www.kb.cert.org/vuls/id/997403
Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf
Reference: MISC:http://www.nextgenss.com/vna/ora-reports.txt
Reference: BID:4848
Reference: URL:http://www.securityfocus.com/bid/4848
Reference: XF:oracle-reports-server-bo(9289)
Reference: URL:http://www.iss.net/security_center/static/9289.php

Buffer overflow in rwcgi60 CGI program for Oracle Reports Server
6.0.8.18.0 and earlier, as used in Oracle9iAS and other products,
allows remote attackers to execute arbitrary code via a long database
name parameter.


Modifications:
  DESC clarify role of Oracle9iAS

INFERRED ACTION: CAN-2002-0947 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Armstrong, Alderson, Baker, Frech
   MODIFY(1) Jones
   NOOP(2) Foat, Cox

Voter Comments:
 Jones> Suggest description read "...for Oracle Reports Server 6i Release
   6.0.8.18.0 and earlier...", removing "9iAS" since Oracle advisory states
   "any Oracle product" containing vulnerable version of the reports server.


======================================================
Candidate: CAN-2002-0952
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0952
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: CISCO:20020619 Cisco ONS15454 IP TOS Bit Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ons-tos-vuln-pub.shtml
Reference: XF:cisco-ons-tcc-dos(9377)
Reference: URL:http://www.iss.net/security_center/static/9377.php
Reference: BID:5058
Reference: URL:http://www.securityfocus.com/bid/5058

Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0
allows remote attackers to cause a denial of service (reset) by
sending IP packets with non-zero Type of Service (TOS) bits to the
Timing Control Card (TCC) LAN interface.

INFERRED ACTION: CAN-2002-0952 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Cole, Green, Baker, Frech, Wall
   NOOP(2) Foat, Cox


======================================================
Candidate: CAN-2002-0953
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0953
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020617 PHP source injection in PHPAddress
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0182.html
Reference: BUGTRAQ:20020619 Source Injection into PHPAddress
Reference: URL:http://online.securityfocus.com/archive/1/277987
Reference: XF:phpaddress-include-remote-files(9379)
Reference: URL:http://www.iss.net/security_center/static/9379.php
Reference: BID:5039
Reference: URL:http://www.securityfocus.com/bid/5039

globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen
and register_globals variables enabled, allows remote attackers to
execute arbitrary PHP code via a URL to the code in the LangCookie
parameter.

INFERRED ACTION: CAN-2002-0953 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Green, Baker, Frech
   NOOP(3) Foat, Cox, Wall


======================================================
Candidate: CAN-2002-0958
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0958
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020606 [ARL02-A12] PHP(Reactor) Cross Site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0034.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=91877
Reference: XF:phpreactor-browse-xss(9280)
Reference: URL:http://www.iss.net/security_center/static/9280.php
Reference: BID:4952
Reference: URL:http://www.securityfocus.com/bid/4952

Cross-site scripting vulnerability in browse.php for PHP(Reactor)
1.2.7 allows remote attackers to execute script as other users via the
go parameter in the comments section.

INFERRED ACTION: CAN-2002-0958 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Frech
   NOOP(2) Foat, Wall


======================================================
Candidate: CAN-2002-0964
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0964
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020620 Half-life fake players bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0248.html
Reference: XF:halflife-mulitple-player-dos(9412)
Reference: URL:http://www.iss.net/security_center/static/9412.php
Reference: BID:5076
Reference: URL:http://www.securityfocus.com/bid/5076

Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause
a denial of service (resource exhaustion) via multiple responses to
the initial challenge with different cd_key values, which reaches the
player limit and prevents other players from connecting until the
original responses have timed out.

INFERRED ACTION: CAN-2002-0964 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Green, Baker, Frech
   NOOP(4) Foat, Cole, Cox, Wall


======================================================
Candidate: CAN-2002-0965
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0965
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020612 Oracle TNS Listener Buffer Overflow (#NISR12062002A)
Reference: URL:http://online.securityfocus.com/archive/1/276526
Reference: VULNWATCH:20020612 [VulnWatch] Oracle TNS Listener Buffer Overflow (#NISR12062002A)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0096.html
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf
Reference: BID:4845
Reference: URL:http://www.securityfocus.com/bid/4845
Reference: XF:oracle-listener-servicename-bo(9288)
Reference: URL:http://www.iss.net/security_center/static/9288.php

Buffer overflow in TNS Listener for Oracle 9i Database Server on
Windows systems, and Oracle 8 on VM, allows local users to execute
arbitrary code via a long SERVICE_NAME parameter, which is not
properly handled when writing an error message to a log file.


Modifications:
  DESC fix affected versions
  ADDREF XF:oracle-listener-servicename-bo(9288)

INFERRED ACTION: CAN-2002-0965 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Armstrong, Alderson, Baker
   MODIFY(2) Frech, Jones
   NOOP(2) Foat, Cox

Voter Comments:
 Jones> Oracle 9i Database Server on Windows systems and Oracle 8 on VM allows local
   users to execute arbitrary code via a long SERVICE_NAME parameter, which is
   not properly handled when forming an error message prior to writing to a log
   file."
 Frech> XF:oracle-listener-servicename-bo(9288)


======================================================
Candidate: CAN-2002-0967
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0967
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020606 eDonkey 2000 ed2k: URL Buffer Overflow
Reference: URL:http://online.securityfocus.com/archive/1/275708
Reference: CONFIRM:http://www.edonkey2000.com/
Reference: XF:edonkey2000-ed2k-filename-bo(9278)
Reference: URL:http://www.iss.net/security_center/static/9278.php
Reference: BID:4951
Reference: URL:http://www.securityfocus.com/bid/4951

Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a long "ed2k:" URL.

INFERRED ACTION: CAN-2002-0967 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Frech
   NOOP(2) Foat, Wall


======================================================
Candidate: CAN-2002-0968
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0968
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020613 Remote DoS in AnalogX SimpleServer:www 1.16
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0106.html
Reference: BUGTRAQ:20020702 Re: Remote DoS in AnlaogX SimpleServer:www 1.16
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102563702928443&w=2
Reference: CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm
Reference: BID:5006
Reference: URL:http://www.securityfocus.com/bid/5006
Reference: XF:analogx-simpleserver-at-dos(9338)
Reference: URL:http://www.iss.net/security_center/static/9338.php

Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows
remote attackers to cause a denial of service (crash) and execute code
via a long HTTP request method name.

INFERRED ACTION: CAN-2002-0968 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Green, Baker, Frech
   NOOP(3) Foat, Cox, Wall


======================================================
Candidate: CAN-2002-0981
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0981
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020822
Category: SF
Reference: CALDERA:CSSA-2002-SCO.36
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.36/CSSA-2002-SCO.36.txt
Reference: XF:openunix-unixware-ndcfg-bo(9945)
Reference: URL:http://www.iss.net/security_center/static/9945.php
Reference: BID:5551
Reference: URL:http://www.securityfocus.com/bid/5551

Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX
8.0.0 allows local users to execute arbitrary code via a long command
line.


Modifications:
  ADDREF XF:openunix-unixware-ndcfg-bo(9945)
  ADDREF BID:5551

INFERRED ACTION: CAN-2002-0981 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Baker
   NOOP(4) Foat, Christey, Cox, Wall

Voter Comments:
 Christey> XF:openunix-unixware-ndcfg-bo(9945)
   URL:http://www.iss.net/security_center/static/9945.php
   BID:5551
   URL:http://www.securityfocus.com/bid/5551


======================================================
Candidate: CAN-2002-0984
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0984
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020823
Category: SF
Reference: BUGTRAQ:20020822 Light Security Advisory: Remotely-exploitable code execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0231.html
Reference: DEBIAN:DSA-156
Reference: URL:http://www.debian.org/security/2002/dsa-156
Reference: XF:light-channel-execute-script(9943)
Reference: URL:http://www.iss.net/security_center/static/9943.php
Reference: BID:5555
Reference: URL:http://www.securityfocus.com/bid/5555

The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x
before 2.8pre10, running EPIC allows remote attackers to execute
arbitrary code if the user joins a channel whose topic includes EPIC4
code.


Modifications:
  ADDREF BUGTRAQ:20020822 Light Security Advisory: Remotely-exploitable code execution
  ADDREF XF:light-channel-execute-script(9943)
  ADDREF BID:5555

INFERRED ACTION: CAN-2002-0984 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Baker
   NOOP(4) Foat, Christey, Cox, Wall

Voter Comments:
 Christey> XF:light-channel-execute-script(9943)
   URL:http://www.iss.net/security_center/static/9943.php
   BID:5555
   URL:http://www.securityfocus.com/bid/5555
 Christey> BUGTRAQ:20020822 Light Security Advisory: Remotely-exploitable code execution
   URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0231.html
   XF:light-channel-execute-script(9943)
   URL:http://www.iss.net/security_center/static/9943.php
   BID:5555
   URL:http://www.securityfocus.com/bid/5555


======================================================
Candidate: CAN-2002-0987
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0987
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020826
Category: SF
Reference: CALDERA:CSSA-2002-SCO.38
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38
Reference: XF:openunix-unixware-xsco-privileges(9976)
Reference: URL:http://www.iss.net/security_center/static/9976.php
Reference: BID:5575
Reference: URL:http://www.securityfocus.com/bid/5575

X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop
privileges before calling programs such as xkbcomp using popen, which
could allow local users to gain privileges.


Modifications:
  ADDREF XF:openunix-unixware-xsco-privileges(9976)
  ADDREF BID:5575

INFERRED ACTION: CAN-2002-0987 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Baker
   NOOP(3) Foat, Cox, Wall


======================================================
Candidate: CAN-2002-0988
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0988
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020826
Category: SF
Reference: CALDERA:CSSA-2002-SCO.38
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38
Reference: XF:openunix-unixware-xsco-bo(9977)
Reference: URL:http://www.iss.net/security_center/static/9977.php
Reference: BID:5577
Reference: URL:http://www.securityfocus.com/bid/5577

Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare
7.1.1, possibly related to XBM/xkbcomp capabilities.


Modifications:
  ADDREF XF:openunix-unixware-xsco-bo(9977)
  ADDREF BID:5577

INFERRED ACTION: CAN-2002-0988 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Baker
   NOOP(3) Foat, Cox, Wall


======================================================
Candidate: CAN-2002-0989
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0989
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: CONFIRM:http://gaim.sourceforge.net/ChangeLog
Reference: DEBIAN:DSA-158
Reference: URL:http://www.debian.org/security/2002/dsa-158
Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=72728
Reference: MANDRAKE:MDKSA-2002:054
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:054
Reference: REDHAT:RHSA-2002:189
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-189.html
Reference: CONECTIVA:CLA-2002:521
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000521
Reference: HP:HPSBTL0209-067
Reference: URL:http://online.securityfocus.com/advisories/4471
Reference: FREEBSD:FreeBSD-SN-02:06
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:06.asc
Reference: BUGTRAQ:20020827 GLSA: gaim
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103046442403404&w=2
Reference: BID:5574
Reference: URL:http://www.securityfocus.com/bid/5574
Reference: XF:gaim-url-handler-command-execution(9978)
Reference: URL:http://www.iss.net/security_center/static/9978.php

The URL handler in the manual browser option for Gaim before 0.59.1
allows remote attackers to execute arbitrary script via shell
metacharacters in a link.


Modifications:
  ADDREF MANDRAKE:MDKSA-2002:054
  ADDREF REDHAT:RHSA-2002:189
  ADDREF CONECTIVA:CLA-2002:521
  ADDREF HP:HPSBTL0209-067
  ADDREF FREEBSD:FreeBSD-SN-02:06
  ADDREF XF:gaim-url-handler-command-execution(9978)
  ADDREF BID:5574

INFERRED ACTION: CAN-2002-0989 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Cole, Armstrong, Baker, Cox
   NOOP(3) Foat, Christey, Wall

Voter Comments:
 Christey> ADDREF MANDRAKE:MDKSA-2002:054
 Christey> REDHAT:RHSA-2002:189
   URL:http://www.redhat.com/support/errata/RHSA-2002-189.html
 Christey> CONECTIVA:CLA-2002:521
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000521
   BID:5574
   URL:http://www.securityfocus.com/bid/5574
   HP:HPSBTL0209-067
   URL:http://online.securityfocus.com/advisories/4471
   FREEBSD:FreeBSD-SN-02:06
   URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:06.asc
   XF:gaim-url-handler-command-execution(9978)
   URL:http://www.iss.net/security_center/static/9978.php


======================================================
Candidate: CAN-2002-0995
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0995
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020702 PHPAuction bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0014.html
Reference: CONFIRM:http://www.phpauction.org/viewnew.php?id=5
Reference: XF:phpauction-admin-account-creation(9462)
Reference: URL:http://www.iss.net/security_center/static/9462.php
Reference: BID:5141
Reference: URL:http://www.securityfocus.com/bid/5141

login.php for PHPAuction allows remote attackers to gain privileges
via a direct call to login.php with the action parameter set to
"insert," which adds the provided username to the adminUsers table.

INFERRED ACTION: CAN-2002-0995 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Cole, Baker, Frech
   NOOP(3) Foat, Cox, Wall


======================================================
Candidate: CAN-2002-1000
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1000
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020626 Foundstone Advisory - Buffer Overflow in AnalogX SimpleServer:Shout (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0338.html
Reference: CONFIRM:http://www.analogx.com/contents/download/network/ssshout.htm
Reference: BID:5104
Reference: URL:http://www.securityfocus.com/bid/5104
Reference: XF:analogx-simpleserver-shout-bo(9427)
Reference: URL:http://www.iss.net/security_center/static/9427.php

Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote
attackers to cause a denial of service and execute arbitrary code via
a long request to TCP port 8001.

INFERRED ACTION: CAN-2002-1000 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Green, Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1002
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1002
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020812 NOVL-2002-2963081 - Novell iManager (eMFrame 1.2.1) DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0093.html
Reference: BUGTRAQ:20020627 Cluestick Advisory #001
Reference: URL:http://online.securityfocus.com/archive/1/279683
Reference: XF:netware-imanage-username-dos(9444)
Reference: URL:http://www.iss.net/security_center/static/9444.php
Reference: BID:5117
Reference: URL:http://www.securityfocus.com/bid/5117

Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote
attackers to cause a denial of service (crash) via a long user name.

INFERRED ACTION: CAN-2002-1002 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Green, Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1004
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1004
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020703 Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0029.html
Reference: CONFIRM:http://www.argosoft.com/applications/mailserver/changelist.asp
Reference: BID:5144
Reference: URL:http://www.securityfocus.com/bid/5144
Reference: XF:argosoft-dotdot-directory-traversal(9477)
Reference: URL:http://www.iss.net/security_center/static/9477.php

Directory traversal vulnerability in webmail feature of ArGoSoft Mail
Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read
arbitrary files via .. (dot dot) sequences in a URL.

INFERRED ACTION: CAN-2002-1004 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1006
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1006
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020701 PTL-2002-03 Betsie XSS Vuln
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0002.html
Reference: CONFIRM:http://www.bbc.co.uk/education/betsie/parser.pl.txt
Reference: BID:5135
Reference: URL:http://www.securityfocus.com/bid/5135
Reference: XF:betsie-parserl-xss(9468)
Reference: URL:http://www.iss.net/security_center/static/9468.php

Cross-site scripting (XSS) vulnerability in BBC Education Text to
Speech Internet Enhancer (Betsie) 1.5.11 and earlier allows remote
attackers to execute arbitrary web script via parserl.pl.


Modifications:
  DESC add "XSS" acronym

INFERRED ACTION: CAN-2002-1006 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1013
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1013
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020702 CORE-20020620: Inktomi Traffic Server Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0023.html
Reference: CONFIRM:http://support.inktomi.com/kb/070202-003.html
Reference: BID:5098
Reference: URL:http://www.securityfocus.com/bid/5098
Reference: XF:inktomi-trafficserver-manager-bo(9465)
Reference: URL:http://www.iss.net/security_center/static/9465.php

Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18
through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4
allows local users to gain root privileges via a long -path argument.

INFERRED ACTION: CAN-2002-1013 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Frech> CONFIRM is now http://support.inktomi.com/kb/Private/070202-003.html,
   and is only
   available to customers with a current support contract.
 Christey> I will keep the original CONFIRM URL to indicate that, at
   one point in time, the entire public could access a
   confirmation note.


======================================================
Candidate: CAN-2002-1014
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1014
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020712 [SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html
Reference: CONFIRM:http://service.real.com/help/faq/security/bufferoverrun07092002.html
Reference: XF:realplayer-rjs-controlnimage-bo(9538)
Reference: URL:http://www.iss.net/security_center/static/9538.php
Reference: BID:5217
Reference: URL:http://www.securityfocus.com/bid/5217

Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne
Player Gold 6.0.10.505, allows remote attackers to execute arbitrary
code via an RFS skin file whose skin.ini contains a long value in a
CONTROLnImage argument, such as CONTROL1Image.

INFERRED ACTION: CAN-2002-1014 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1015
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1015
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020712 [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html
Reference: CONFIRM:http://service.real.com/help/faq/security/bufferoverrun07092002.html
Reference: XF:realplayer-rjs-file-download(9539)
Reference: URL:http://www.iss.net/security_center/static/9539.php
Reference: BID:5210
Reference: URL:http://www.securityfocus.com/bid/5210

RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold
6.0.10.505, allows remote attackers to execute arbitrary script in the
Local computer zone by inserting the script into the skin.ini file of
an RJS archive, then referencing skin.ini from a web page after it has
been extracted, which is parsed as HTML by Internet Explorer or other
Microsoft-based web readers.

INFERRED ACTION: CAN-2002-1015 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1024
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1024
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: CERT-VN:VU#290140
Reference: URL:http://www.kb.cert.org/vuls/id/290140
Reference: CISCO:20020627 Scanning for SSH Can Cause a Crash
Reference: URL:http://www.cisco.com/warp/public/707/SSH-scanning.shtml
Reference: XF:cisco-ssh-scan-dos(9437)
Reference: URL:http://www.iss.net/security_center/static/9437.php
Reference: BID:5114
Reference: URL:http://www.securityfocus.com/bid/5114

Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote
attackers to cause a denial of service (CPU consumption) via a large
packet that was designed to exploit the SSH CRC32 attack detection
overflow (CVE-2001-0144).

INFERRED ACTION: CAN-2002-1024 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(5) Green, Baker, Frech, Wall, Cole
   NOOP(2) Cox, Foat


======================================================
Candidate: CAN-2002-1025
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1025
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020701 [VulnWatch] KPMG-2002026: Jrun sourcecode Disclosure
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.html
Reference: BUGTRAQ:20020701 KPMG-2002026: Jrun sourcecode Disclosure
Reference: URL:http://online.securityfocus.com/archive/1/280062
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
Reference: BID:5134
Reference: URL:http://www.securityfocus.com/bid/5134
Reference: XF:jrun-null-view-source(9459)
Reference: URL:http://www.iss.net/security_center/static/9459.php

JRun 3.0 through 4.0 allows remote attackers to read JSP source code
via an encoded null byte in an HTTP GET request, which causes the
server to send the .JSP file unparsed.

INFERRED ACTION: CAN-2002-1025 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1030
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1030
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020708 [VulnWatch] KPMG-2002029: Bea Weblogic Performance Pack Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html
Reference: BUGTRAQ:20020708 KPMG-2002029: Bea Weblogic Performance Pack Denial of Service
Reference: URL:http://online.securityfocus.com/archive/1/281046
Reference: CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm
Reference: BID:5159
Reference: URL:http://www.securityfocus.com/bid/5159
Reference: XF:weblogic-race-condition-dos(9486)
Reference: URL:http://www.iss.net/security_center/static/9486.php

Race condition in Performance Pack in BEA WebLogic Server and Express
5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial
of service (crash) via a flood of data and connections.

INFERRED ACTION: CAN-2002-1030 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1031
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1031
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020707 KF Web Server version 1.0.2 shows file and directory content
Reference: URL:http://online.securityfocus.com/archive/1/281102
Reference: VULNWATCH:20020707 [VulnWatch] KF Web Server version 1.0.2 shows file and directory content
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0007.html
Reference: CONFIRM:http://www.keyfocus.net/kfws/support/
Reference: BID:5177
Reference: URL:http://www.securityfocus.com/bid/5177
Reference: XF:kfwebserver-null-view-dir(9500)
Reference: URL:http://www.iss.net/security_center/static/9500.php

KeyFocus (KF) web server 1.0.2 allows remote attackers to list
directories and read restricted files via an HTTP request containing a
%00 (null) character.

INFERRED ACTION: CAN-2002-1031 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1035
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1035
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020701 BufferOverflow in OmniHTTPd 2.09
Reference: URL:http://online.securityfocus.com/archive/1/280132
Reference: XF:omnihttpd-http-version-bo(9457)
Reference: URL:http://www.iss.net/security_center/static/9457.php
Reference: BID:5136
Reference: URL:http://www.securityfocus.com/bid/5136

Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of
service (crash) via an HTTP request with a long, malformed HTTP
1version number.

INFERRED ACTION: CAN-2002-1035 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1039
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1039
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html
Reference: BUGTRAQ:20020714 Double Choco Latte multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102668783632589&w=2
Reference: CONFIRM:http://dcl.sourceforge.net/index.php
Reference: XF:dcl-dotdot-directory-traversal(9743)
Reference: URL:http://www.iss.net/security_center/static/9743.php

Directory traversal vulnerability in Double Choco Latte (DCL) before
20020706 allows remote attackers to read arbitrary files via .. (dot
dot) sequences when downloading files from the Projects: Attachments
feature.

INFERRED ACTION: CAN-2002-1039 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1046
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1046
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020709 KPMG-2002030: Watchguard Firebox Dynamic VPN Configuration Protocol DoS
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0012.html
Reference: BID:5186
Reference: URL:http://www.securityfocus.com/bid/5186
Reference: XF:firebox-dvcp-dos(9509)
Reference: URL:http://www.iss.net/security_center/static/9509.php

Dynamic VPN Configuration Protocol service (DVCP) in Watchguard
Firebox firmware 5.x.x allows remote attackers to cause a denial of
service (crash) via a malformed packet containing tab characters to
TCP port 4110.


Modifications:
  CHANGEREF VULNWATCH [normalize]

INFERRED ACTION: CAN-2002-1046 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Frech, Foat
   NOOP(3) Cox, Wall, Cole


======================================================
Candidate: CAN-2002-1049
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1049
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020729 HylaFAX - Various Vulnerabilities Fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html
Reference: DEBIAN:DSA-148
Reference: URL:http://www.debian.org/security/2002/dsa-148
Reference: MANDRAKE:MDKSA-2002:055
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:055
Reference: SUSE:SuSE-SA:2002:035
Reference: URL:http://www.suse.de/de/security/2002_035_hylafax.html
Reference: CONFIRM:http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=300
Reference: BID:5348
Reference: URL:http://www.securityfocus.com/bid/5348
Reference: XF:hylafax-faxgetty-tsi-dos(9728)
Reference: URL:http://www.iss.net/security_center/static/9728.php

Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows
remote attackers to cause a denial of service (crash) via the TSI data
element.


Modifications:
  ADDREF MANDRAKE:MDKSA-2002:055
  ADDREF SUSE:SuSE-SA:2002:035

INFERRED ACTION: CAN-2002-1049 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> MANDRAKE:MDKSA-2002:055
 Christey> SUSE:SuSE-SA:2002:035


======================================================
Candidate: CAN-2002-1050
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1050
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020729 HylaFAX - Various Vulnerabilities Fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html
Reference: DEBIAN:DSA-148
Reference: URL:http://www.debian.org/security/2002/dsa-148
Reference: CONFIRM:http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=312
Reference: MANDRAKE:MDKSA-2002:055
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:055
Reference: SUSE:SuSE-SA:2002:035
Reference: URL:http://www.suse.de/de/security/2002_035_hylafax.html
Reference: BID:5349
Reference: URL:http://www.securityfocus.com/bid/5349
Reference: XF:hylafax-faxgetty-image-bo(9729)
Reference: URL:http://www.iss.net/security_center/static/9729.php

Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote
attackers to cause a denial of service, and possibly execute arbitrary
code, via a long line of image data.


Modifications:
  ADDREF MANDRAKE:MDKSA-2002:055
  ADDREF SUSE:SuSE-SA:2002:035
  DESC fix typo

INFERRED ACTION: CAN-2002-1050 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> MANDRAKE:MDKSA-2002:055
 Christey> SUSE:SuSE-SA:2002:035
   Close off parenthesis in desc.
 Christey> fix typo (extra parenthesis)


======================================================
Candidate: CAN-2002-1051
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1051
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020606 Format String bug in TrACESroute 6.0 GOLD
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0040.html
Reference: BUGTRAQ:20020721 Nanog traceroute format string exploit.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102737546927749&w=2
Reference: BUGTRAQ:20020723 Re: Nanog traceroute format string exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0254.html
Reference: BUGTRAQ:20020724 Re: Nanog traceroute format string exploit.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102753136231920&w=2
Reference: SUSE:SuSE-SA:2000:041
Reference: URL:http://www.suse.de/de/security/2000_041_traceroute_txt.html
Reference: BID:4956
Reference: URL:http://www.securityfocus.com/bid/4956
Reference: XF:tracesroute-t-format-string(9291)
Reference: URL:http://www.iss.net/security_center/static/9291.php

Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG
traceroute) allows local users to execute arbitrary code via the -T
(terminator) command line argument.

INFERRED ACTION: CAN-2002-1051 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(4) Baker, Frech, Foat, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2002-1053
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1053
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020817 W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0190.html
Reference: CONFIRM:http://www.w3.org/Jigsaw/RelNotes.html#2.2.1
Reference: BID:5506
Reference: URL:http://www.securityfocus.com/bid/5506
Reference: XF:jigsaw-http-proxy-xss(9914)
Reference: URL:http://www.iss.net/security_center/static/9914.php

Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server
before 2.2.1 allows remote attackers to execute arbitrary script via a
URL that contains a reference to a nonexistent host followed by the
script, which is included in the resulting error message.


Modifications:
  DESC add "XSS" term

INFERRED ACTION: CAN-2002-1053 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1054
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020722 Pablo Sofware Solutions FTP server Directory Traversal Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/283665
Reference: VULNWATCH:20020722 [VulnWatch] Pablo Sofware Solutions FTP server Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0035.html
Reference: CONFIRM:http://www.pablovandermeer.nl/ftpserversrc.zip
Reference: BID:5283
Reference: URL:http://www.securityfocus.com/bid/5283
Reference: XF:pablo-ftp-directory-traversal(9647)
Reference: URL:http://www.iss.net/security_center/static/9647.php

Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and
earlier allows remote authenticated users to list arbitrary
directories via "..\" (dot-dot backslash) sences in a LIST command.

INFERRED ACTION: CAN-2002-1054 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1057
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1057
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020723 MailMax security advisory/exploit/patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0245.html
Reference: BID:5285
Reference: URL:http://www.securityfocus.com/bid/5285
Reference: XF:mailmax-pop3max-user-bo(9651)
Reference: URL:http://www.iss.net/security_center/static/9651.php

Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows
remote attackers to execute arbitrary code via a long USER command.

INFERRED ACTION: CAN-2002-1057 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1059
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1059
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020723 Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102744150718462&w=2
Reference: BUGTRAQ:20020723 Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102746007908689&w=2
Reference: CONFIRM:http://www.vandyke.com/products/securecrt/security07-25-02.html
Reference: XF:securecrt-ssh1-identifier-bo(9650)
Reference: URL:http://www.iss.net/security_center/static/9650.php
Reference: BID:5287
Reference: URL:http://www.securityfocus.com/bid/5287

Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x
before 4.0 beta 3, allows an SSH server to execute arbitrary code via
a long SSH1 protocol version string.

INFERRED ACTION: CAN-2002-1059 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1060
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1060
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020724 CacheFlow CacheOS Cross-site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0283.html
Reference: CONFIRM:http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm
Reference: BID:5305
Reference: URL:http://www.securityfocus.com/bid/5305
Reference: XF:cacheos-unresolved-error-xss(9674)
Reference: URL:http://www.iss.net/security_center/static/9674.php

Cross-site scripting (XSS) vulnerability in CacheFlow CacheOS 4.1.06
and earlier allows remote attackers to insert arbitrary HTML,
including script, via a URL to a nonexistent hostname that includes
the HTML, which is inserted into the resulting error message.


Modifications:
  DESC add XSS term

INFERRED ACTION: CAN-2002-1060 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   NOOP(3) Cox, Wall, Foat


======================================================
Candidate: CAN-2002-1076
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1076
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020725 IPSwitch IMail ADVISORY/EXPLOIT/PATCH
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html
Reference: BUGTRAQ:20020729 Hoax Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html
Reference: BUGTRAQ:20020729 Re:  Hoax Exploit (2c79cbe14ac7d0b8472d3f129fa1df55 RETURNS)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html
Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20020731-DM02.htm
Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20020729-DM01.htm
Reference: BID:5323
Reference: URL:http://www.securityfocus.com/bid/5323
Reference: XF:imail-web-messaging-bo(9679)
Reference: URL:http://www.iss.net/security_center/static/9679.php

Buffer overflow in the Web Messaging daemon for Ipswitch IMail before
7.12 allows remote attackers to execute arbitrary code via a long HTTP
GET request for HTTP/1.0.

INFERRED ACTION: CAN-2002-1076 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Wall, Cole
   NOOP(2) Cox, Foat


======================================================
Candidate: CAN-2002-1079
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1079
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020822 Abyss 1.0.3 directory traversal and administration bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html
Reference: CONFIRM:http://www.aprelium.com/news/patch1033.html
Reference: XF:abyss-get-directory-traversal(9941)
Reference: URL:http://www.iss.net/security_center/static/9941.php
Reference: XF:abyss-http-directory-traversal(9940)
Reference: URL:http://www.iss.net/security_center/static/9940.php
Reference: BID:5547
Reference: URL:http://www.securityfocus.com/bid/5547

Directory traversal vulnerability in Abyss Web Server 1.0.3 allows
remote attackers to read arbitrary files via ..\ (dot-dot backslash)
sequences in an HTTP GET request.


Modifications:
  ADDREF BID:5547

INFERRED ACTION: CAN-2002-1079 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> BID:5547
   URL:http://www.securityfocus.com/bid/5547


======================================================
Candidate: CAN-2002-1081
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1081
Final-Decision: 20030402
Interim-Decision: 20030326
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020822 Abyss 1.0.3 directory traversal and administration bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html
Reference: CONFIRM:http://www.aprelium.com/news/patch1033.html
Reference: XF:abyss-plus-file-disclosure(9956)
Reference: URL:http://www.iss.net/security_center/static/9956.php
Reference: BID:5549
Reference: URL:http://www.securityfocus.com/bid/5549

The Administration console for Abyss Web Server 1.0.3 allows remote
attackers to read files without providing login credentials via an
HTTP request to a target file that ends in a "+" character.


Modifications:
  ADDREF BID:5549

INFERRED ACTION: CAN-2002-1081 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   NOOP(4) Christey, Cox, Wall, Foat

Voter Comments:
 Christey> BID:5549
   URL:http://www.securityfocus.com/bid/5549


======================================================
Candidate: CAN-2002-1088
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1088
Final-Decision: 20030402
Interim-Decision: 20030326
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020725 Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0296.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963273
Reference: BID:5313
Reference: URL:http://www.securityfocus.com/bid/5313
Reference: XF:groupwise-rcpt-bo(9671)
Reference: URL:http://www.iss.net/security_center/static/9671.php

Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote
attackers to execute arbitrary code via a long RCPT TO command.

INFERRED ACTION: CAN-2002-1088 FINAL (Final Decision 20030402)

Current Votes:
   ACCEPT(2) Baker, Cole
   NOOP(3) Cox, Wall, Foat

 
Page Last Updated: May 22, 2007