|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster 2004-01-B - 42 candidates
I am proposing cluster 2004-01-B for review and voting by the Editorial Board. Name: 2004-01-B Description: CANs announced between 2004/01/13 and 2004/01/31 Size: 42 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2003-0903 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0903 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20031104 Category: SF Reference: MS:MS04-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-003.asp Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request. Analysis ---------------- ED_PRI CAN-2003-0903 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0924 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0924 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20031104 Category: SF Reference: DEBIAN:DSA-426 Reference: URL:http://www.debian.org/security/2004/dsa-426 Reference: REDHAT:RHSA-2004:030 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-030.html Reference: REDHAT:RHSA-2004:031 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-031.html Reference: SGI:20040201-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc Reference: MANDRAKE:MDKSA-2004:011 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:011 Reference: CERT-VN:VU#487102 Reference: URL:http://www.kb.cert.org/vuls/id/487102 netpbm 2:9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. Analysis ---------------- ED_PRI CAN-2003-0924 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0966 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0966 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20031126 Category: SF Reference: REDHAT:RHSA-2004:009 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-009.html Reference: SGI:20040103-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc Buffer overflow in the frm command in elm 2.5.6 and earlier allows remote attackers to execute arbitrary code via a long Subject line. Analysis ---------------- ED_PRI CAN-2003-0966 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0988 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20031216 Category: SF Reference: BUGTRAQ:20040114 KDE Security Advisory: VCF file information reader vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107412130407906&w=2 Reference: CONFIRM:http://www.kde.org/info/security/advisory-20040114-1.txt Reference: REDHAT:RHSA-2004:005 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-005.html Reference: MANDRAKE:MDKSA-2004:003 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:003 Reference: CONECTIVA:CLA-2004:810 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810 Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file. Analysis ---------------- ED_PRI CAN-2003-0988 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0001 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0001 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040105 Category: SF Reference: REDHAT:RHSA-2004:017 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-017.html Reference: BUGTRAQ:20040217 [ GLSA 200402-06 ] Linux kernel AMD64 ptrace vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107703562524092&w=2 Reference: CERT-VN:VU#337238 Reference: URL:http://www.kb.cert.org/vuls/id/337238 Reference: XF:linux-ptrace-gain-privilege(14888) Reference: URL:http://xforce.iss.net/xforce/xfdb/14888 Reference: BID:9429 Reference: URL:http://www.securityfocus.com/bid/9429 Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-2004-0001 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0004 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0004 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040105 Category: SF Reference: BUGTRAQ:20040116 [OpenCA Advisory] Vulnerability in signature verification Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107427313700554&w=2 Reference: CONFIRM:http://www.openca.org/news/CAN-2004-0004.txt The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users. Analysis ---------------- ED_PRI CAN-2004-0004 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0047 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0047 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040113 Category: SF Reference: DEBIAN:DSA-430 Reference: URL:http://www.debian.org/security/2004/dsa-430 Multiple programs in trr19 1.0 do not properly drop privileges before executing a system command, which could allow local users to gain privileges. Analysis ---------------- ED_PRI CAN-2004-0047 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0063 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0063 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040114 Category: SF Reference: CONFIRM:http://www.ncipher.com/support/advisories/advisory8_payshield.html Reference: BUGTRAQ:20040114 nCipher Advisory #8: payShield library may verify bad requests Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411819503569&w=2 The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number. Analysis ---------------- ED_PRI CAN-2004-0063 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0068 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0068 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040115 Category: SF Reference: BUGTRAQ:20040114 PhpDig 1.6.x: remote command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107412194008671&w=2 Reference: CONFIRM:http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393 PHP remote code injection vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code. Analysis ---------------- ED_PRI CAN-2004-0068 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0089 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0089 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040120 Category: SF Reference: ATSTAKE:A012704-1 Reference: URL:http://www.atstake.com/research/advisories/2004/a012704-1.txt Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable. Analysis ---------------- ED_PRI CAN-2004-0089 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0092 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0092 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040123 Category: SF Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact. Analysis ---------------- ED_PRI CAN-2004-0092 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0099 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040129 Category: SF Reference: FREEBSD:FreeBSD-SA-04:01 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions. Analysis ---------------- ED_PRI CAN-2004-0099 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0128 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0128 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040204 Category: SF Reference: BUGTRAQ:20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior Reference: URL:http://www.securityfocus.com/archive/1/352355 Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=141517 PHP remote code injection vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script. Analysis ---------------- ED_PRI CAN-2004-0128 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the changelog for PhpGedView v2.65.2, dated January 28, 2004, includes an item that says the developer "Fixed vulnerability in $INDEX_DIRECTORY/gedcom.ged_conf.php." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0256 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0256 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040130 Symlink Vulnerability in GNU libtool <1.5.2 Reference: URL:http://www.securityfocus.com/archive/1/352333 Reference: CONECTIVA:CLA-2004:811 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000811 Reference: MISC:http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405 Reference: BID:9530 Reference: URL:http://www.securityfocus.com/bid/9530 Reference: XF:libtool-insecure-temp-directory(15017) Reference: URL:http://xforce.iss.net/xforce/xfdb/15017 GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp. Analysis ---------------- ED_PRI CAN-2004-0256 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0096 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0096 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040126 Category: SF Reference: MLIST:[mod_python] 20040122 [ANNOUNCE] Mod_python 2.7.10 Reference: URL:http://www.modpython.org/pipermail/mod_python/2004-January/014879.html Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973. Analysis ---------------- ED_PRI CAN-2004-0096 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0819 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0819 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20030918 Category: SF Reference: MISC:http://www.uniras.gov.uk/vuls/2004/006489/h323.htm Reference: MS:MS04-001 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-001.asp Reference: CERT:CA-2004-01 Reference: URL:http://www.cert.org/advisories/CA-2004-01.html Reference: CERT-VN:VU#749342 Reference: URL:http://www.kb.cert.org/vuls/id/749342 Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. Analysis ---------------- ED_PRI CAN-2003-0819 3 Vendor Acknowledgement: yes advisory Content Decisions: SUITE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0989 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20031216 Category: SF Reference: SUSE:SuSE-SA:2004:002 Reference: REDHAT:RHSA-2004:007 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-007.html Reference: REDHAT:RHSA-2004:008 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-008.html Reference: DEBIAN:DSA-425 Reference: URL:http://www.debian.org/security/2004/dsa-425 Reference: MANDRAKE:MDKSA-2004:008 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:008 Reference: SGI:20040103-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html Reference: BUGTRAQ:20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107577418225627&w=2 Reference: CERT-VN:VU#738518 Reference: URL:http://www.kb.cert.org/vuls/id/738518 tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CAN-2004-0057. Analysis ---------------- ED_PRI CAN-2003-0989 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: since CAN-2004-0057 and CAN-2003-0989 affect different tcpdump versions, they are SPLIT per CD:SF-LOC. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0003 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0003 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040105 Category: SF Reference: CONFIRM:http://www.linuxcompatible.org/print25630.html Reference: REDHAT:RHSA-2004:065 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-065.html Reference: REDHAT:RHSA-2004:044 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-044.html Reference: SUSE:SuSE-SA:2004:005 Reference: URL:http://www.suse.de/de/security/2004_05_linux_kernel.html Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking." Analysis ---------------- ED_PRI CAN-2004-0003 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0005 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0005 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040105 Category: SF Reference: BUGTRAQ:20040126 Advisory 01/2004: 12 x Gaim remote overflows Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2 Reference: MISC:http://security.e-matters.de/advisories/012004.html Reference: DEBIAN:DSA-434 Reference: URL:http://www.debian.org/security/2004/dsa-434 Reference: CONECTIVA:CLA-2004:813 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813 Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte. Analysis ---------------- ED_PRI CAN-2004-0005 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CAN-2004-0005, CAN-2004-0006, and CAN-2004-0007 are all SPLIT per CD:SF-LOC because the sets of affected versions do not precisely overlap. ABSTRACTION: while there may be slightly different "flavors" of buffer overflows mentioned in this CAN, there is insufficient research to reliably distinguish between such subtle differences, so they are combined under the more general "buffer overflow" class. ACCURACY: note that while Ultramagnetic was also affected by other Gaim vulnerabilities (CAN-2004-0006, CAN-2004-0007, and CAN-2004-0008), the Ultramagnetic advisory explicitly states that Ultramagnetic is *not* affected by this bug; presumably the common codebase is from an earlier version. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0006 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0006 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040105 Category: SF Reference: BUGTRAQ:20040126 Advisory 01/2004: 12 x Gaim remote overflows Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2 Reference: MISC:http://security.e-matters.de/advisories/012004.html Reference: BUGTRAQ:20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522432613022&w=2 Reference: CONFIRM:http://ultramagnetic.sourceforge.net/advisories/001.html Reference: REDHAT:RHSA-2004:032 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-032.html Reference: REDHAT:RHSA-2004:033 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-033.html Reference: REDHAT:RHSA-2004:045 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-045.html Reference: MANDRAKE:MDKSA-2004:006 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:006 Reference: SUSE:SuSE-SA:2004:004 Reference: URL:http://www.suse.de/de/security/2004_04_gaim.html Reference: DEBIAN:DSA-434 Reference: URL:http://www.debian.org/security/2004/dsa-434 Reference: CONECTIVA:CLA-2004:813 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813 Reference: SGI:20040201-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc Reference: BUGTRAQ:20040127 [slackware-security] GAIM security update (SSA:2004-026-01) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522338611564&w=2 Reference: BUGTRAQ:20040127 [gentoo-announce] [ GLSA 200401-04 ] GAIM 0.75 Remote overflows Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107525779200944&w=2 Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect. Analysis ---------------- ED_PRI CAN-2004-0006 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: CAN-2004-0005, CAN-2004-0006, and CAN-2004-0007 are all SPLIT per CD:SF-LOC because the sets of affected versions do not precisely overlap. ABSTRACTION: The Ultramagnetic specifically states that it has a codebase relationship with Gaim, so the issues are MERGED per CD:SF-CODEBASE. ABSTRACTION: while there may be slightly different "flavors" of buffer overflows mentioned in this CAN, there is insufficient research to reliably distinguish between such subtle differences, so they are combined under the more general "buffer overflow" class. ACCURACY: SUSE:SuSE-SA:2004:004 says that they are only vulnerable to some of these issues, which might suggest a SPLIT. ACCURACY/ABSTRACTION: Red Hat also noted that only the HTTP Proxy Connect issue affects their 0.59.1 version of Gaim. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0007 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0007 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040105 Category: SF Reference: BUGTRAQ:20040126 Advisory 01/2004: 12 x Gaim remote overflows Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2 Reference: MISC:http://security.e-matters.de/advisories/012004.html Reference: BUGTRAQ:20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522432613022&w=2 Reference: CONFIRM:http://ultramagnetic.sourceforge.net/advisories/001.html Reference: REDHAT:RHSA-2004:032 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-032.html Reference: REDHAT:RHSA-2004:033 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-033.html Reference: MANDRAKE:MDKSA-2004:006 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:006 Reference: DEBIAN:DSA-434 Reference: URL:http://www.debian.org/security/2004/dsa-434 Reference: CONECTIVA:CLA-2004:813 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813 Reference: BUGTRAQ:20040127 [slackware-security] GAIM security update (SSA:2004-026-01) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522338611564&w=2 Reference: BUGTRAQ:20040127 [gentoo-announce] [ GLSA 200401-04 ] GAIM 0.75 Remote overflows Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107525779200944&w=2 Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code. Analysis ---------------- ED_PRI CAN-2004-0007 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: CAN-2004-0005, CAN-2004-0006, and CAN-2004-0007 are all SPLIT per CD:SF-LOC because the sets of affected versions do not precisely overlap. ABSTRACTION: The Ultramagnetic specifically states that it has a codebase relationship with Gaim, so the issues are MERGED per CD:SF-CODEBASE. ABSTRACTION: while there may be slightly different "flavors" of buffer overflows mentioned in this CAN, there is insufficient research to reliably distinguish between such subtle differences, so they are combined under the more general "buffer overflow" class. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0008 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0008 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040105 Category: SF Reference: BUGTRAQ:20040126 Advisory 01/2004: 12 x Gaim remote overflows Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2 Reference: MISC:http://security.e-matters.de/advisories/012004.html Reference: BUGTRAQ:20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522432613022&w=2 Reference: CONFIRM:http://ultramagnetic.sourceforge.net/advisories/001.html Reference: REDHAT:RHSA-2004:032 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-032.html Reference: REDHAT:RHSA-2004:033 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-033.html Reference: MANDRAKE:MDKSA-2004:006 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:006 Reference: DEBIAN:DSA-434 Reference: URL:http://www.debian.org/security/2004/dsa-434 Reference: REDHAT:RHSA-2004:045 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-045.html Reference: CONECTIVA:CLA-2004:813 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813 Reference: SGI:20040201-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc Reference: BUGTRAQ:20040127 [slackware-security] GAIM security update (SSA:2004-026-01) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522338611564&w=2 Reference: BUGTRAQ:20040127 [gentoo-announce] [ GLSA 200401-04 ] GAIM 0.75 Remote overflows Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107525779200944&w=2 Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow. Analysis ---------------- ED_PRI CAN-2004-0008 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE, SF-LOC ABSTRACTION: The Ultramagnetic specifically states that it has a codebase relationship with Gaim, so the issues are MERGED per CD:SF-CODEBASE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0054 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040114 Category: SF Reference: CISCO:20040113 Vulnerabilities in H.323 Message Processing Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml Reference: MISC:http://www.uniras.gov.uk/vuls/2004/006489/h323.htm Reference: CERT:CA-2004-01 Reference: URL:http://www.cert.org/advisories/CA-2004-01.html Reference: CERT-VN:VU#749342 Reference: URL:http://www.kb.cert.org/vuls/id/749342 Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. Analysis ---------------- ED_PRI CAN-2004-0054 3 Vendor Acknowledgement: yes advisory Content Decisions: SUITE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0056 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0056 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040114 Category: SF Reference: MISC:http://www.uniras.gov.uk/vuls/2004/006489/h323.htm Reference: CERT:CA-2004-01 Reference: URL:http://www.cert.org/advisories/CA-2004-01.html Reference: CERT-VN:VU#749342 Reference: URL:http://www.kb.cert.org/vuls/id/749342 Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. Analysis ---------------- ED_PRI CAN-2004-0056 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SUITE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0057 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040114 Category: SF Reference: MISC:http://marc.theaimsgroup.com/?l=tcpdump-workers&m=107325073018070&w=2 Reference: REDHAT:RHSA-2004:007 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-007.html Reference: REDHAT:RHSA-2004:008 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-008.html Reference: DEBIAN:DSA-425 Reference: URL:http://www.debian.org/security/2004/dsa-425 Reference: MANDRAKE:MDKSA-2004:008 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:008 Reference: SGI:20040103-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html Reference: BUGTRAQ:20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107577418225627&w=2 The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CAN-2003-0989. Analysis ---------------- ED_PRI CAN-2004-0057 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: since CAN-2004-0057 and CAN-2003-0989 affect different tcpdump versions, they are SPLIT per CD:SF-LOC. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0058 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0058 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040114 Category: SF Reference: BUGTRAQ:20040113 symlink vul for Antivir / Linux Version 2.0.9-9 (maybe lower) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107402026023763&w=2 Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file. Analysis ---------------- ED_PRI CAN-2004-0058 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0059 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040114 Category: SF Reference: BUGTRAQ:20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411794303201&w=2 Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter of a Content-Disposition: header. Analysis ---------------- ED_PRI CAN-2004-0059 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0060 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0060 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040114 Category: SF Reference: BUGTRAQ:20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411794303201&w=2 WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request. Analysis ---------------- ED_PRI CAN-2004-0060 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0061 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0061 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040114 Category: SF Reference: BUGTRAQ:20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411794303201&w=2 WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character. Analysis ---------------- ED_PRI CAN-2004-0061 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0062 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0062 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040114 Category: SF Reference: BUGTRAQ:20040114 FishCart Integer Overflow / Rounding Error Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411850203994&w=2 Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity. Analysis ---------------- ED_PRI CAN-2004-0062 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0064 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0064 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040114 Category: SF Reference: BUGTRAQ:20040113 SuSE linux 9.0 YaST config Skribt [exploit] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107402658600437&w=2 The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory. Analysis ---------------- ED_PRI CAN-2004-0064 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0085 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0085 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040120 Category: SF Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CAN-2004-0086. Analysis ---------------- ED_PRI CAN-2004-0085 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, VAGUE ABSTRACTION: CAN-2004-0085 and CAN-2004-0086 are SPLIT because (1) they affect different versions, and (2) the vendor, while not providing details, has seen fit to split the issues. So CD:SF-LOC suggests a SPLIT./ Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0086 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0086 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040120 Category: SF Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html Unknown vulnerability in the Mail application for Mac OS X 10.3.2 with unknown impact, a different vulnerability than CAN-2004-0085. Analysis ---------------- ED_PRI CAN-2004-0086 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, VAGUE ABSTRACTION: CAN-2004-0085 and CAN-2004-0086 are SPLIT because (1) they affect different versions, and (2) the vendor, while not providing details, has seen fit to split the issues. So CD:SF-LOC suggests a SPLIT./ Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0087 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0087 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040120 Category: SF Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CAN-2004-0088. Analysis ---------------- ED_PRI CAN-2004-0087 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, VAGUE ABSTRACTION: CAN-2004-0087 and CAN-2004-0088 are SPLIT because (1) they affect slightly different versions, and (2) Apple, the vendor, has decided to SPLIT them. CD:SF-LOC applies here. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0088 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0088 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040120 Category: SF Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CAN-2004-0087. Analysis ---------------- ED_PRI CAN-2004-0088 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, VAGUE ABSTRACTION: CAN-2004-0087 and CAN-2004-0088 are SPLIT because (1) they affect slightly different versions, and (2) Apple, the vendor, has decided to SPLIT them. CD:SF-LOC applies here. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0091 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0091 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040121 Category: SF Reference: BUGTRAQ:20040120 vBulletin Security Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107462349324945&w=2 Reference: VULN-DEV:20040120 vBulletin Security Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=107462499927040&w=2 Reference: VULN-DEV:20040120 Re: vBulletin Security Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=107478592401619&w=2 Reference: VULN-DEV:20040123 RE: vBulletin Security Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=107488880317647&w=2 Reference: MISC:http://securitytracker.com/alerts/2004/Jan/1008780.html Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed the existence of this issue. Analysis ---------------- ED_PRI CAN-2004-0091 3 Vendor Acknowledgement: no disputed ABSTRACTION/ACCURACY: a followup post claims that the Jan 2004 issue (CAN-2004-0091) had been reported in August 2003 (CAN-2003-1031); however, the Aug. 2003 post did not explicitly name the reg_site parameter, and since the Jan. 2004 post has no version information, there is insufficient proof to link the two issues closely. Thus these will remain SPLIT unless/until there is additional evidence to merge them. ACCURACY: In a January 21, 2004 post to Vuln-Dev, Kier Darby of vBulletin says "There is no hidden field called "reg_site", nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft." A followup says it's the "regtype" parameter (note the different spelling), but there's an additional followup from the vendor that states that even "regtype" doesn't have an issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0095 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040126 Category: SF Reference: BID:9476 Reference: URL:http://www.securityfocus.com/bid/9476 McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow. Analysis ---------------- ED_PRI CAN-2004-0095 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0127 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0127 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040204 Category: SF Reference: BUGTRAQ:20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior Reference: URL:http://www.securityfocus.com/archive/1/352355 Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter. Analysis ---------------- ED_PRI CAN-2004-0127 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0130 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0130 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040204 Category: SF Reference: MISC:http://www.securiteam.com/unixfocus/5NP0M1PBPQ.html login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message. Analysis ---------------- ED_PRI CAN-2004-0130 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0164 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0164 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040218 Category: SF Reference: BUGTRAQ:20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107403331309838&w=2 Reference: BUGTRAQ:20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2 Reference: NETBSD:NetBSD-SA2004-001 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html Reference: XF:openbsd-isakmp-initialcontact-delete-sa(14118) Reference: URL:http://xforce.iss.net/xforce/xfdb/14118 Reference: XF:openbsd-isakmp-invalidspi-delete-sa(14117) Reference: URL:http://xforce.iss.net/xforce/xfdb/14117 Reference: BID:9416 Reference: URL:http://www.securityfocus.com/bid/9416 Reference: BID:9417 Reference: URL:http://www.securityfocus.com/bid/9417 KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c. Analysis ---------------- ED_PRI CAN-2004-0164 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: it could be argued that there are 2 distinct types of bugs here, in which case a SPLIT might be recommended. However, a followup post by the KAME developer provides a single patch. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0236 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0236 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040131 Advisory ! Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107576894019530&w=2 Reference: XF:thephototool-login-sql-injection(15007) Reference: URL:http://xforce.iss.net/xforce/xfdb/15007 SQL injection vulnerability in login.asp in thePHOTOtool allows remote attackers to gain unauthorized access via the password field. Analysis ---------------- ED_PRI CAN-2004-0236 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0237 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0237 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040131 Directory Traversal in Aprox PHP Portal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107577555527321&w=2 Reference: BID:9540 Reference: URL:http://www.securityfocus.com/bid/9540 Reference: XF:aproxphpportal-index-directory-traversal(15014) Reference: URL:http://xforce.iss.net/xforce/xfdb/15014 Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter. Analysis ---------------- ED_PRI CAN-2004-0237 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
