[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster 2004-02-A - 57 candidates



I am proposing cluster 2004-02-A for review and voting by the
Editorial Board.

Name: 2004-02-A
Description: CANs announced between 2004/02/02 and 2004/02/10
Size: 57

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-1574
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1574
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20031201
Category: SF
Reference: REDHAT:RHSA-2004:044
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-044.html
Reference: CIAC:N-096
Reference: URL:http://www.ciac.org/ciac/bulletins/n-096.shtml
Reference: XF:linux-ixj-root-privileges(10417)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10417
Reference: BID:5985
Reference: URL:http://www.securityfocus.com/bid/5985

Buffer overflow in the ixj telephony card driver in Linux before
2.4.20, with unknown attack vectors and impact.

Analysis
----------------
ED_PRI CAN-2002-1574 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0825
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0825
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20030918
Category: SF
Reference: MS:MS04-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-006.asp

The Windows Internet Naming Service (WINS) for Microsoft Windows
Server 2003, and possibly Windows NT and Server 2000, does not
properly validate the length of certain packets, which allows
attackers to cause a denial of service and possibly execute arbitrary
code.

Analysis
----------------
ED_PRI CAN-2003-0825 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0991
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0991
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20031216
Category: SF
Reference: MLIST:[Mailman-Announce] 20040208 RELEASED: Mailman 2.0.14 patch-only release
Reference: URL:http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html
Reference: DEBIAN:DSA-436
Reference: URL:http://www.debian.org/security/2004/dsa-436
Reference: REDHAT:RHSA-2004:019
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-019.html
Reference: SGI:20040201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Reference: MANDRAKE:MDKSA-2004:013
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:013
Reference: XF:mailman-command-handler-dos(15106)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15106
Reference: BID:9620
Reference: URL:http://www.securityfocus.com/bid/9620

Unknown vulnerability in the mail command handler in Mailman before
2.0.14 allows remote attackers to cause a denial of service (crash)
via malformed e-mail commands.

Analysis
----------------
ED_PRI CAN-2003-0991 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0009
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0009
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: BUGTRAQ:20040206 Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107619127531765&w=2
Reference: FULLDISC:20040206 [apache-ssl] Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016870.html
Reference: CONFIRM:http://www.apache-ssl.org/advisory-20040206.txt
Reference: XF:apachessl-default-password(15065)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15065
Reference: BID:9590
Reference: URL:http://www.securityfocus.com/bid/9590

Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3
and SSLFakeBasicAuth enabled, allows remote attackers to forge a
client certificate by using basic authentication with the "one-line
DN" of the target user.

Analysis
----------------
ED_PRI CAN-2004-0009 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0040
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040107
Category: SF
Reference: ISS:20040204 Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow
Reference: URL:http://xforce.iss.net/xforce/alerts/id/163
Reference: BUGTRAQ:20040205 Two checkpoint fw-1/vpn-1 vulns
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107604682227031&w=2
Reference: MISC:http://www.us-cert.gov/cas/techalerts/TA04-036A.html
Reference: CERT-VN:VU#873334
Reference: URL:http://www.kb.cert.org/vuls/id/873334
Reference: CIAC:O-073
Reference: URL:http://www.ciac.org/ciac/bulletins/o-073.shtml
Reference: XF:vpn1-ike-bo(14150)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14150
Reference: BID:9582
Reference: URL:http://www.securityfocus.com/bid/9582

Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through
4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build
4200 allows remote attackers to execute arbitrary code via an ISAKMP
packet with a large Certificate Request packet.

Analysis
----------------
ED_PRI CAN-2004-0040 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0080
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040119
Category: SF
Reference: REDHAT:RHSA-2004:056
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-056.html
Reference: SGI:20040201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc

The login program in util-linux 2.11 and earlier uses a pointer after
it has been freed and reallocated, which could cause login to leak
sensitive data.

Analysis
----------------
ED_PRI CAN-2004-0080 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0114
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0114
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040203
Category: SF
Reference: BUGTRAQ:20040205 [PINE-CERT-20040201] reference count overflow in shmat()
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107608375207601&w=2
Reference: MISC:http://www.pine.nl/press/pine-cert-20040201.txt
Reference: FREEBSD:FreeBSD-SA-04:02
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc
Reference: NETBSD:NetBSD-SA2004-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-004.txt.asc
Reference: BID:9586
Reference: URL:http://www.securityfocus.com/bid/9586
Reference: XF:bsd-shmat-gain-privileges(15061)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15061

The shmat system call in the System V Shared Memory interface for
FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and
earlier, does not properly decrement a shared memory segment's
reference count when the vm_map_find function fails, which could allow
local users to gain read or write access to a portion of kernel memory
and gain privileges.

Analysis
----------------
ED_PRI CAN-2004-0114 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0115
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0115
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040203
Category: SF
Reference: MS:MS04-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-005.asp
Reference: ATSTAKE:A021004-1
Reference: URL:http://www.atstake.com/research/advisories/2004/a021004-1.txt

VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1
allows local attackers to truncate and overwrite arbitrary files, and
execute arbitrary code, via a symlink attack on the VPCServices_Log
temporary file.

Analysis
----------------
ED_PRI CAN-2004-0115 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0129
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0129
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040204
Category: SF
Reference: BUGTRAQ:20040203 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107582619125932&w=2
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=350228
Reference: CONFIRM:http://www.phpmyadmin.net/home_page/relnotes.php?rel=0
Reference: MLIST:[gentoo-announce] 20040217 [ GLSA 200402-05 ] phpMyAdmin < 2.5.6-rc1 directory traversal attack
Reference: URL:http://marc.theaimsgroup.com/?l=gentoo-announce&m=107698496510511&w=2

Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5
and earlier allows remote attackers to read arbitrary files via
.. (dot dot) sequences in the what parameter.

Analysis
----------------
ED_PRI CAN-2004-0129 1
Vendor Acknowledgement: unknown discloser-claimed

ACKNOWLEDGEMENT: the Changelog for version 2.5.6-rc1 states that "a
security fix" was made, and a diff of export.php with an earlier
version confirms it.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0131
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0131
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040210
Category: SF
Reference: FULLDISC:20040204 iDEFENSE Security Advisory 02.04.04: GNU Radius Remote Denial of Service Vulnerability
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016721.html
Reference: MISC:http://www.idefense.com/application/poi/display?id=71&type=vulnerabilities&flashstatus=true
Reference: CONFIRM:http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz
Reference: CERT-VN:VU#277396
Reference: URL:http://www.kb.cert.org/vuls/id/277396
Reference: XF:radius-radprintrequest-dos(15046)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15046

The rad_print_request function in logger.c for GNU Radius daemon
(radiusd) before 1.2 allows remote atackers to cause a denial of
service (crash) via a UDP packet with an Acct-Status-Type attribute
without a value and no Acct-Session-Id attribute, which causes a null
dereference.

Analysis
----------------
ED_PRI CAN-2004-0131 1
Vendor Acknowledgement: unknown

ACKNOWLEDGEMENT: the ChangeLog for Radius 1.2 includes an item dated
2003-11-26 which says "(rad_print_request): Removed."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0186
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0186
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040302
Category: SF
Reference: BUGTRAQ:20040209 Samba 3.x + kernel 2.6.x local root vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107636290906296&w=2
Reference: BUGTRAQ:20040211 Re: Samba 3.x + kernel 2.6.x local root vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107657505718743&w=2
Reference: DEBIAN:DSA-463
Reference: URL:http://www.debian.org/security/2004/dsa-463
Reference: XF:samba-smbmnt-gain-privileges(15131)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15131
Reference: BID:9619
Reference: URL:http://www.securityfocus.com/bid/9619

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid,
allows local users to gain root privileges by mounting a Samba share
that contains a setuid root program, whose setuid attributes are not
cleared when the share is mounted.

Analysis
----------------
ED_PRI CAN-2004-0186 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0257
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0257
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040205 OpenBSD IPv6 remote kernel crash
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107604603226564&w=2
Reference: FULLDISC:20040204 [Full-Disclosure] Remote openbsd crash with ip6, yet still openbsd much better than windows
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016704.html
Reference: MISC:http://www.guninski.com/obsdmtu.html
Reference: CONFIRM:http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet6/ip6_output.c
Reference: NETBSD:NetBSD-SA2004-002
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-002.txt.asc
Reference: XF:openbsd-ipv6-dos(15044)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15044
Reference: BID:9577
Reference: URL:http://www.securityfocus.com/bid/9577

OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a
denial of service (crash) by sending an IPv6 packet with a small MTU
to a listening port and then issuing a TCP connect to that port.

Analysis
----------------
ED_PRI CAN-2004-0257 1
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0261
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0261
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040206 Open Journal Blog Authenticaion Bypassing Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107619136600713&w=2
Reference: CONFIRM:http://www.grohol.com/downloads/oj/latest/changelog.txt
Reference: BID:9598
Reference: URL:http://www.securityfocus.com/bid/9598
Reference: XF:openjournal-uid-admin-access(15069)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15069

oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to
bypass authentication and access the control panel via a 0 in the uid
parameter.

Analysis
----------------
ED_PRI CAN-2004-0261 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the vendor changelog's entry under v2.06 - 05 Feb
2004 says "Fixed security issue in oj.cgi and oj.cfg"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0270
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0270
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040209 clamav 0.65 remote DOS exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634700823822&w=2
Reference: CONFIRM:http://www.freebsd.org/cgi/query-pr.cgi?pr=62586
Reference: BUGTRAQ:20040218 [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712186605402&w=2
Reference: XF:clam-antivirus-uuencoded-dos(15077)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15077
Reference: BID:9610
Reference: URL:http://www.securityfocus.com/bid/9610

libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a
denial of service (crash) via a uuencoded e-mail message with an
invalid line length (e.g., a lowercase character), which causes an
assert error in clamd that terminates the calling program.

Analysis
----------------
ED_PRI CAN-2004-0270 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0273
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0273
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040210 Directory traversal in RealPlayer allows code execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107642978524321&w=2
Reference: CONFIRM:http://service.real.com/help/faq/security/040123_player/EN/

Directory traversal vulnerability in RealOne Player, RealOne Player
2.0, and RealOne Enterprise Desktop allows remote attackers to upload
arbitrary files via an RMP file that contains .. (dot dot) sequences
in a .rjs skin file.

Analysis
----------------
ED_PRI CAN-2004-0273 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT:at
http://service.real.com/help/faq/security/040123_player/EN/ under
exploit 2 it says "To fashion RMP files which allow an attacker to
download and execute arbitrary code on a user's machine."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0263
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0263
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040207 [gentoo-announce] [ GLSA 200402-01 ] PHP setting leaks from .htaccess files on virtual hosts
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107619072227748&w=2
Reference: XF:php-virtualhost-info-disclosure(15072)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15072

PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global
variables between virtual hosts that are handled by the same Apache
child process but have different settings, which could allow remote
attackers to obtain sensitive information.

Analysis
----------------
ED_PRI CAN-2004-0263 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0274
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0274
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040208 Eggrop bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634593827102&w=2
Reference: BUGTRAQ:20040210 Re: Eggrop bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643315623958&w=2
Reference: MISC:http://mogan.nonsoloirc.com/egg_advisory.txt
Reference: XF:eggdrop-sharemod-gain-access(15084)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15084
Reference: BID:9606
Reference: URL:http://www.securityfocus.com/bid/9606

Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can
mistakenly assign STAT_OFFERED status to a bot that is not a sharebot,
which allows remote attackers to use STAT_OFFERED to promote a bot to
a sharebot and conduct unauthorized activities.

Analysis
----------------
ED_PRI CAN-2004-0274 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0818
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0818
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20030918
Category: SF
Reference: BUGTRAQ:20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643836125615&w=2
Reference: NTBUGTRAQ:20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=107650972617367&w=2
Reference: BUGTRAQ:20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643892224825&w=2
Reference: NTBUGTRAQ:20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=107650972723080&w=2
Reference: MS:MS04-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS04-007.asp
Reference: MISC:http://www.us-cert.gov/cas/techalerts/TA04-041A.html
Reference: CERT-VN:VU#216324
Reference: URL:http://www.kb.cert.org/vuls/id/216324
Reference: CERT-VN:VU#583108
Reference: URL:http://www.kb.cert.org/vuls/id/583108

Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as
used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and
libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to
execute arbitrary code via ASN.1 BER encodings with (1) very large
length fields that cause arbitrary heap data to be overwritten, or (2)
modified bit strings.

Analysis
----------------
ED_PRI CAN-2003-0818 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ACCURACY/ACKNOWLEDGEMENT: while there are two eEye advisories on
separate sets of integer overflow vulnerabilities, both of which
provide MS04-007 as a reference, the description of MS04-007 itself
suggests a single buffer overflow.  MSRC confirmed via email on
2004/02/12 that MS04-007 addresses all the issues.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0039
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0039
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040107
Category: SF
Reference: ISS:20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities
Reference: URL:http://xforce.iss.net/xforce/alerts/id/162
Reference: BUGTRAQ:20040205 Two checkpoint fw-1/vpn-1 vulns
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107604682227031&w=2
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/security_server.html
Reference: MISC:http://www.us-cert.gov/cas/techalerts/TA04-036A.html
Reference: CERT-VN:VU#790771
Reference: URL:http://www.kb.cert.org/vuls/id/790771
Reference: CIAC:O-072
Reference: URL:http://www.ciac.org/ciac/bulletins/o-072.shtml
Reference: XF:fw1-format-string(14149)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14149
Reference: BID:9581
Reference: URL:http://www.securityfocus.com/bid/9581

Multiple format string vulnerabilities in HTTP Application
Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and
R54, and Check Point Firewall-1 HTTP Security Server included with NG
FP1, FP2, and FP3 allows remote attackers to execute arbitrary code
via HTTP requests that cause format string specifiers to be used in an
error message, as demonstrated using the scheme of a URI.

Analysis
----------------
ED_PRI CAN-2004-0039 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0083
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040119
Category: SF
Reference: BUGTRAQ:20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107644835523678&w=2
Reference: MISC:http://www.idefense.com/application/poi/display?id=72
Reference: BUGTRAQ:20040211 XFree86 vulnerability exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107653324115914&w=2
Reference: CONFIRM:http://www.xfree86.org/cvs/changes
Reference: CONECTIVA:CLA-2004:821
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
Reference: DEBIAN:DSA-443
Reference: URL:http://www.debian.org/security/2004/dsa-443
Reference: REDHAT:RHSA-2004:059
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-059.html
Reference: REDHAT:RHSA-2004:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-060.html
Reference: REDHAT:RHSA-2004:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-061.html
Reference: SLACKWARE:SSA:2004-043
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
Reference: SUSE:SuSE-SA:2004:006
Reference: URL:http://www.suse.de/de/security/2004_06_xf86.html
Reference: MANDRAKE:MDKSA-2004:012
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:012
Reference: BUGTRAQ:20040211 [ GLSA 200402-02 ] XFree86 Font Information File Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107658060431049&w=2
Reference: XF:xfree86-fontalias-bo(15130)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15130

Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0
through 4.3.0 allows local users and remote attackers to execute
arbitrary code via a font alias file (font.alias) with a long token, a
different vulnerability than CAN-2004-0084 and CAN-2004-0106.

Analysis
----------------
ED_PRI CAN-2004-0083 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: The change log for XFree86 4.3.99.903 includes the
item "794. Fix font alias overrun."

ABSTRACTION: CAN-2004-0083, CAN-2004-0084, and CAN-2004-0106 were all
assigned by the CNA (Mark Cox) within a very short time frame as
multiple changes were incorporated; some fixes would go out as other
reported issues came in.  So it's reasonable to expect that some
distributions or versions might not have addressed all 3 issues, so
the CANs should remain SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0103
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0103
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040129
Category: SF
Reference: DEBIAN:DSA-432
Reference: URL:http://www.debian.org/security/2004/dsa-432

crawl before 4.0.0 beta23 does not properly "apply a size check" when
copying a certain environment variable, which may allow local users to
gain privileges, possibly triggering a buffer overflow.

Analysis
----------------
ED_PRI CAN-2004-0103 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0132
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0132
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040210
Category: SF
Reference: BUGTRAQ:20040210 PHP Code Injection Vulnerabilities in ezContents 2.0.2 and prior
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107651585921958&w=2
Reference: XF:ezcontents-multiple-file-include(15135)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15135

Multiple PHP remote code injection vulnerabilities in ezContents 2.0.2
and earlier allow remote attackers to execute arbitrary PHP code from
a remote web server, as demonstrated using (1) the GLOBALS[rootdp]
parameter to db.php, or (2) the GLOBALS[language_home] parameter to
archivednews.php, and a malicious version of lang_admin.php.

Analysis
----------------
ED_PRI CAN-2004-0132 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0143
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0143
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040212
Category: SF
Reference: BUGTRAQ:20040209 ptl-2004-01: Multiple vulnerabilities in Nokia phones
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634788029065&w=2
Reference: VULNWATCH:20040209 ptl-2004-01: Multiple vulnerabilities in Nokia phones
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0034.html
Reference: MISC:http://www.pentest.co.uk/documents/ptl-2004-01.html
Reference: XF:nokia-obex-dos(15107)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15107

Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote
attackers to cause a denial of service (reset) via malformed Bluetooth
OBject EXchange (OBEX) messages, probably triggering buffer overflows.

Analysis
----------------
ED_PRI CAN-2004-0143 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC, VAGUE, INCLUSION

INCLUSION: the Editorial Board should discuss whether mobile phones
and other IT-enabled devices should be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0238
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0238
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040202 0verkill - little simple vulnerability.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107577335424509&w=2
Reference: FULLDISC:20040202 0verkill - little simple vulnerability.
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016579.html
Reference: MISC:http://www.securiteam.com/securitynews/5AP010KC0C.html
Reference: XF:overkill-client-multiple-bo(14999)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14999
Reference: BID:9550
Reference: URL:http://www.securityfocus.com/bid/9550

Buffer overflow in (1) load_cfg and (2) save_cfg in Overkill 0.15pre3
allows local users to execute arbitrary code via a long HOME
environment variable, and possibly (3) via long strings to
send_message.

Analysis
----------------
ED_PRI CAN-2004-0238 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0239
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0239
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040202 ZH2004-03SA (security advisory): Photopost PHP Pro 4.6 Sql
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107582512023998&w=2
Reference: MISC:http://www.securiteam.com/securitynews/5KP010UC0W.html
Reference: XF:photopostphp-sql-injection(15008)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15008
Reference: BID:9557
Reference: URL:http://www.securityfocus.com/bid/9557

SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6
and earlier allows remote attackers to gain unauthorized access via
the photo variable.

Analysis
----------------
ED_PRI CAN-2004-0239 3
Vendor Acknowledgement: unknown discloser-claimed

ACKNOWLEDGEMENT:the poster of the vuln says at
http://www.photopost.com/members/forum/showthread.php?s=&threadid=98113
there is a patch for the problem but that site is password protected.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0240
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0240
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040203 X-Cart vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107582648326448&w=2
Reference: XF:xcart-dotdot-directory-traversal(15033)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15033

Directory traversal vulnerability in X-Cart 3.4.3 allows remote
attackers to view arbitrary files via a .. (dot dot) in the
shop_closed_file argument to auth.php.

Analysis
----------------
ED_PRI CAN-2004-0240 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0241
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0241
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040203 X-Cart vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107582648326448&w=2
Reference: XF:xcart-perlbinary-execute-commands(15034)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15034
Reference: BID:9560
Reference: URL:http://www.securityfocus.com/bid/9560

X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via
the perl_binary argument in (1) upgrade.php or (2) general.php.

Analysis
----------------
ED_PRI CAN-2004-0241 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0242
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0242
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040203 X-Cart vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107582648326448&w=2
Reference: XF:xcart-generalphp-obtain-information(15036)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15036
Reference: BID:9563
Reference: URL:http://www.securityfocus.com/bid/9563

X-Cart 3.4.3 allows remote attackers to gain sensitive information via
a mode parameter with (1) phpinfo command or (2) perlinfo command.

Analysis
----------------
ED_PRI CAN-2004-0242 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0243
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0243
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040203 Re: sqwebmail web login
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107583269206044&w=2

AIX 4.3.3 through AIX 5.1, when direct remote login is disabled,
displays a different message if the password is correct, which allows
remote attackers to guess the password via brute force methods.

Analysis
----------------
ED_PRI CAN-2004-0243 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0244
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0244
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: CISCO:20040203 Cisco 6000/6500/7600 Crafted Layer 2 Frame Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040203-cat6k.shtml
Reference: XF:cisco-malformed-frame-dos(15013)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15013
Reference: BID:9562
Reference: URL:http://www.securityfocus.com/bid/9562

Cisco 6000, 6500, and 7600 series systems with Multilayer Switch
Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users
to cause a denial of service (hang or reset) by sending a layer 2
frame packet that encapsulates a layer 3 packet, but has inconsistent
length values with that packet.

Analysis
----------------
ED_PRI CAN-2004-0244 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0245
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0245
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040203 Web Crossing 4.x/5.x Denial of Service Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107586518120516&w=2

Web Crossing 4.x and 5.x allows remote attackers to cause a denial of
service (crash) by sending a HTTP POST request with a large or
negative Content-Length, which causes an integer divide-by-zero.

Analysis
----------------
ED_PRI CAN-2004-0245 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0246
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0246
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040203 Les Commentaires (PHP) Include file
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107584083719763&w=2
Reference: XF:lescommentaires-multiple-file-include(15010)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15010
Reference: BID:9536
Reference: URL:http://www.securityfocus.com/bid/9536

Multiple PHP remote code injection vulnerabilities in (1)
fonctions.lib.php, (2) derniers_commentaires.php, or (3) admin.php in
Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP
code by modifying the rep parameter to reference a URL on a remote web
server that contains the code.

Analysis
----------------
ED_PRI CAN-2004-0246 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0247
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0247
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040203 Remote crash of Chaser game <= 1.50
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107584109420084&w=2
Reference: BID:9567
Reference: URL:http://www.securityfocus.com/bid/9567
Reference: XF:chaser-memory-dos(15031)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15031

The client and server of Chaser 1.50 and earlier allow remote
attackers to cause a denial of service (crash via exception) via a UDP
packet with a length field that is greater than the actual data
length, which causes Chaser to read unexpected memory.

Analysis
----------------
ED_PRI CAN-2004-0247 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0248
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0248
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040203 Multiple Vulnerabilities in PHPX
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107586932324901&w=2
Reference: BID:9569
Reference: URL:http://www.securityfocus.com/bid/9569
Reference: XF:phpx-subject-html-injection(15050)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15050
Reference: XF:phpx-main-help-xss(15051)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15051

Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote
attackers to execute arbitrary script as other users by injecting
arbitrary HTML or script into (1) keywords argument of main.inc.php,
(2) body argument of help.inc.php, or (3) the subject field in
Personal Messages and Forum.

Analysis
----------------
ED_PRI CAN-2004-0248 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0249
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0249
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040203 Multiple Vulnerabilities in PHPX
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107586932324901&w=2
Reference: BID:9569
Reference: URL:http://www.securityfocus.com/bid/9569
Reference: XF:phpx-cookie-account-hijacking(15052)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15052

PHPX 3.2.3 allows remote attackers to gain access to other accounts by
modifying the cookie's PXL variable to reference another userID.

Analysis
----------------
ED_PRI CAN-2004-0249 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0250
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0250
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040204 ZH2004-04SA (security advisory): Multiple Sql Injection
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107593114909696&w=2
Reference: MISC:http://www.zone-h.org/en/advisories/read/id=3864/
Reference: BID:9557
Reference: URL:http://www.securityfocus.com/bid/9557
Reference: XF:photopostphp-sql-injection(15008)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15008

SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier
allows remote attackers to gain privileges via (1) the product
parameter in showproduct.php or (2) the cat parameter in showcat.php.

Analysis
----------------
ED_PRI CAN-2004-0250 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: The poster gives a link to a patch, but the site
requires a username and password to get in.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0251
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0251
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040204 rxgoogle.cgi XSS Vulnerability.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107594183924958&w=2
Reference: XF:rxgoogle-query-xss(15043)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15043
Reference: BID:9575
Reference: URL:http://www.securityfocus.com/bid/9575

Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote
attackers to execute arbitrary script as other users via the query
parameter.

Analysis
----------------
ED_PRI CAN-2004-0251 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0252
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0252
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040204 TYPSoft FTP Server 1.10 may be crashed
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107591511716707&w=2
Reference: XF:typsoft-empty-username-dos(15048)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15048
Reference: BID:9573
Reference: URL:http://www.securityfocus.com/bid/9573

TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of
service (CPU consumption) via an empty USER name.

Analysis
----------------
ED_PRI CAN-2004-0252 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0253
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0253
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040205 IBM cloudscape SQL Database (DB2J) vulnerable to remote command
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107604065819233&w=2
Reference: BID:9583
Reference: URL:http://www.securityfocus.com/bid/9583
Reference: XF:cloudscape-sql-injection(15067)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15067

IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to
execute arbitrary programs or cause a denial of service via certain
SQL code, possibly due to a SQL injection vulnerability.

Analysis
----------------
ED_PRI CAN-2004-0253 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0254
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0254
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040205 Possible Cross Site Scripting in Discuz! Board
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107606726417150&w=2
Reference: BID:9584
Reference: URL:http://www.securityfocus.com/bid/9584
Reference: XF:discuzboard-image-tag-xss(15066)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15066

Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x
allows remote attackers to execute arbitrary script as other users via
an img tag.

Analysis
----------------
ED_PRI CAN-2004-0254 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0255
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0255
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040205 Remote crash Xlight ftp server 1.52
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107605633904122&w=2
Reference: XF:xlight-long-string-dos(15064)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15064
Reference: BID:9585
Reference: URL:http://www.securityfocus.com/bid/9585

Xlight 1.52, with log to screen enabled, allows remote attackers to
cause a denial of service by requesting a long directory consisting of
. (dot) and / (slash) characters, which causes the server to crash
when the administrator views the log file, possibly triggering a
buffer overflow.

Analysis
----------------
ED_PRI CAN-2004-0255 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0258
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0258
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: VULNWATCH:20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne & RealPlayer
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0028.html
Reference: BUGTRAQ:20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne & RealPlayer
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107608748813559&w=2
Reference: MISC:http://www.nextgenss.com/advisories/realone.txt
Reference: CONFIRM:http://www.service.real.com/help/faq/security/040123_player/EN/
Reference: CERT-VN:VU#473814
Reference: URL:http://www.kb.cert.org/vuls/id/473814
Reference: CIAC:O-075
Reference: URL:http://www.ciac.org/ciac/bulletins/o-075.shtml
Reference: BID:9579
Reference: URL:http://www.securityfocus.com/bid/9579
Reference: XF:realoneplayer-multiple-file-bo(15040)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15040

Multiple buffer overflows in RealOne Player, RealOne Player 2.0,
RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote
attackers to execute arbitrary code via malformed (1) .RP, (2) .RT,
(3) .RAM, (4) .RPM or (5) .SMIL files.

Analysis
----------------
ED_PRI CAN-2004-0258 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0259
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0259
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040206 formmail (PHP) Upload file using CSS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107619109629629&w=2
Reference: XF:jack-formmail-file-upload(15079)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15079
Reference: BID:9591
Reference: URL:http://www.securityfocus.com/bid/9591

The check_referer() function in Formmail.php 5.0 and earlier allows
remote attackers to bypass access restrictions via an empty or spoofed
HTTP Referer, as demonstrated using an application on the same web
server that contains a cross-site scripting (XSS) issue.

Analysis
----------------
ED_PRI CAN-2004-0259 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0260
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0260
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040206 CactuSoft CactuShop 5.0 Lite shopping cart software backdoor
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107619501815888&w=2
Reference: FULLDISC:20040206 CactuSoft CactuShop 5.0 Lite shopping cart software backdoor
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016819.html
Reference: XF:cactushoplite-backdoor(15063)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15063
Reference: BID:9589
Reference: URL:http://www.securityfocus.com/bid/9589

The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains
a backdoor that allows remote attackers to delete arbitrary files via
an email address that starts with |||.

Analysis
----------------
ED_PRI CAN-2004-0260 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0262
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0262
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040207 The Palace 3.x (Client) Stack Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634556632195&w=2
Reference: MISC:http://www.elitehaven.net/thepalace.txt
Reference: XF:palace-server-address-bo(15074)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15074
Reference: BID:9602
Reference: URL:http://www.securityfocus.com/bid/9602

Stack-based buffer overflow in The Palace 3.5 and earlier client
allows remote attackers to execute arbitrary code via a link to a
palace:// url followed by a long server address string.

Analysis
----------------
ED_PRI CAN-2004-0262 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0264
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0264
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040208 PalmOS httpd accept() queue overflow DoS vulnerability.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634638201570&w=2
Reference: XF:palmhttpd-accept-bo(15090)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15090
Reference: BID:9608
Reference: URL:http://www.securityfocus.com/bid/9608

palmhttpd for PalmOS allows remote attackers to cause a denial of
service (crash) by establishing two simultaneous HTTP connections,
which exceeds the PalmOS accept queue.

Analysis
----------------
ED_PRI CAN-2004-0264 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0265
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0265
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040208 [waraxe-2004-SA#002] - Cross-Site Scripting (XSS) in Php-Nuke 7.1.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634727520936&w=2
Reference: XF:phpnuke-mulitple-xss(15076)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15076
Reference: BID:9605
Reference: URL:http://www.securityfocus.com/bid/9605
Reference: BID:9613
Reference: URL:http://www.securityfocus.com/bid/9613

Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke
6.x-7.1.0 allows remote attackers to execute arbitrary script as other
users via URL-encoded (1) title or (2) fname parameters in the News or
Reviews modules.

Analysis
----------------
ED_PRI CAN-2004-0265 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0266
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0266
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040208 [waraxe-2004-SA#003] - SQL injection in Php-Nuke 7.1.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107635110327066&w=2
Reference: XF:phpnuke-publicmessage-sql-injection(15080)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15080
Reference: BID:9615
Reference: URL:http://www.securityfocus.com/bid/9615

SQL injection vulnerability in the "public message" capability
(public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers
obtain the administrator password via the c_mid parameter.

Analysis
----------------
ED_PRI CAN-2004-0266 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0267
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0267
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040209 [local problems] eTrust Virus Protection 6.0 InoculateIT for linux
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107635584431518&w=2
Reference: XF:etrust-inoculateit-symlink(15102)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15102
Reference: BID:9616
Reference: URL:http://www.securityfocus.com/bid/9616

The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust
InoculateIT for Linux 6.0 allow local users to overwrite arbitrary
files via a symlink attack on files in /tmp.

Analysis
----------------
ED_PRI CAN-2004-0267 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0268
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0268
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040210 XBOX EvolutionX ftp 'cd' command and telnet 'dir' buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643394724891&w=2
Reference: FULLDISC:20040210 XBOX EvolutionX ftp 'cd' command and telnet 'dir' buffer overflow
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016988.html
Reference: XF:evolutionx-command-line-dos(15104)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15104
Reference: BID:9631
Reference: URL:http://www.securityfocus.com/bid/9631

Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote
attackers to cause a denial of service (hang) via (1) a long cd
command to the FTP server, or (2) a long dir command to the telnet
server.

Analysis
----------------
ED_PRI CAN-2004-0268 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0269
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0269
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040210 [SCAN Associates Sdn Bhd Security Advisory] PHPNuke 6.9 > and below SQL Injection in multiple module
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643348117646&w=2
Reference: MISC:http://www.scan-associates.net/papers/phpnuke69.txt
Reference: XF:phpnuke-modules-sql-injection(15115)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15115
Reference: BID:9630
Reference: URL:http://www.securityfocus.com/bid/9630

SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly
7.x, allows remote attackers to inject arbitrary SQL code and gain
sensitive information via (1) the category variable in the Search
module or (2) the admin variable in the Web_Links module.

Analysis
----------------
ED_PRI CAN-2004-0269 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0271
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0271
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040210 XSS, Sql Injection and Avatar ScriptCode Injection in MaxWebPortal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643014606515&w=2
Reference: XF:maxwebportal-register-xss(15122)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15122
Reference: BID:9625
Reference: URL:http://www.securityfocus.com/bid/9625

Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal
allow remote attackers to execute arbitrary web script as other users
via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo
parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or
(4) the image name of an Avatar in the register form.

Analysis
----------------
ED_PRI CAN-2004-0271 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0272
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0272
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040210 XSS, Sql Injection and Avatar ScriptCode Injection in MaxWebPortal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643014606515&w=2
Reference: XF:maxwebportal-personalmesssages-sql-injection(15121)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15121
Reference: BID:9625
Reference: URL:http://www.securityfocus.com/bid/9625

SQL injection vulnerability in MaxWebPortal allows remote attackers to
inject arbitrary SQL code and gain sensitive information via the
SendTo parameter in Personal Messages.

Analysis
----------------
ED_PRI CAN-2004-0272 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0277
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0277
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: FULLDISC:20040207 DreamFTP Server 1.02 Buffer Overflow
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016871.html
Reference: MISC:http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722
Reference: BUGTRAQ:20040211 Re: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107656166402882&w=2
Reference: XF:dreamftp-username-format-string(15070)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15070
Reference: BID:9600
Reference: URL:http://www.securityfocus.com/bid/9600

Format string vulnerability in Dream FTP 1.02 allows remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via format string specifiers in the username.

Analysis
----------------
ED_PRI CAN-2004-0277 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0280
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0280
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040205 Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access Resin Forbidden Directory ("/WEB-INF/")
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107635084830547&w=2
Reference: BID:9614
Reference: URL:http://www.securityfocus.com/bid/9614
Reference: XF:resin-source-disclosure(15085)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15085

Caucho Technology Resin 2.1.12 allows remote attackers to view JSP
source via an HTTP request to a .jsp file that ends in a "%20"
(encoded space character), e.g. index.jsp%20.

Analysis
----------------
ED_PRI CAN-2004-0280 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0281
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0281
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040205 Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access Resin Forbidden Directory ("/WEB-INF/")
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107635084830547&w=2
Reference: BID:9617
Reference: URL:http://www.securityfocus.com/bid/9617
Reference: XF:resin-dotdot-directory-traversal(15087)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15087

Caucho Technology Resin 2.1.12 allows remote attackers to gain
sensitive information and view the contents of the /WEB-INF/ directory
via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF"
in Windows.

Analysis
----------------
ED_PRI CAN-2004-0281 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0284
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0284
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040210 ASPR #2004-01-20-1: Internet Explorer/Outlook double null character DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643134712133&w=2
Reference: XF:ie-host-null-dos(15127)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15127
Reference: BID:9629
Reference: URL:http://www.securityfocus.com/bid/9629

Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow
remote attackers to cause a denial of service (CPU consumption), if
"Do not save encrypted pages to disk" is disabled, via a web site or
HTML e-mail that contains two null characters (%00) after the host
name.

Analysis
----------------
ED_PRI CAN-2004-0284 3
Vendor Acknowledgement: unknown discloser-claimed

ACKNOWLEDGEMENT: the discloser claims that MS04-004 fixes this problem
but MS04-004 does not mention a fix to this problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007