[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster 2004-02-B - 47 candidates

I am proposing cluster 2004-02-B for review and voting by the
Editorial Board.

Name: 2004-02-B
Description: CANs announced between 2004/02/11 and 2004/02/19
Size: 47

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2004-0075
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0075
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040119
Category: SF
Reference: REDHAT:RHSA-2004:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-065.html
Reference: SUSE:SuSE-SA:2004:005
Reference: URL:http://www.suse.de/de/security/2004_05_linux_kernel.html
Reference: XF:linux-vicam-dos(15246)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15246

The Vicam USB driver in Linux before 2.4.25 does not use the
copy_from_user function when copying data from userspace to kernel
space, which crosses security boundaries and allows local users to
cause a denial of service.

Analysis
----------------
ED_PRI CAN-2004-0075 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0077
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040119
Category: SF
Reference: BUGTRAQ:20040218 Second critical mremap() bug found in all Linux kernels
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107711762014175&w=2
Reference: VULNWATCH:20040218 Second critical mremap() bug found in all Linux kernels
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html
Reference: MISC:http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
Reference: CONECTIVA:CLA-2004:820
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
Reference: DEBIAN:DSA-438
Reference: URL:http://www.debian.org/security/2004/dsa-438
Reference: DEBIAN:DSA-439
Reference: URL:http://www.debian.org/security/2004/dsa-439
Reference: DEBIAN:DSA-440
Reference: URL:http://www.debian.org/security/2004/dsa-440
Reference: DEBIAN:DSA-441
Reference: URL:http://www.debian.org/security/2004/dsa-441
Reference: DEBIAN:DSA-442
Reference: URL:http://www.debian.org/security/2004/dsa-442
Reference: DEBIAN:DSA-444
Reference: URL:http://www.debian.org/security/2004/dsa-444
Reference: DEBIAN:DSA-456
Reference: URL:http://www.debian.org/security/2004/dsa-456
Reference: REDHAT:RHSA-2004:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-065.html
Reference: REDHAT:RHSA-2004:066
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-066.html
Reference: SLACKWARE:SSA:2004-049
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.541911
Reference: SUSE:SuSE-SA:2004:005
Reference: URL:http://www.suse.de/de/security/2004_05_linux_kernel.html
Reference: BUGTRAQ:20040218 TSLSA-2004-0007 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712137732553&w=2
Reference: BUGTRAQ:20040223 TSLSA-2004-0008 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755871932680&w=2
Reference: BUGTRAQ:20040306 [ GLSA 200403-02 ] Linux kernel do_mremap local privilege escalation
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107876807929721&w=2
Reference: XF:linux-mremap-gain-privileges(15244)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15244
Reference: BID:9686
Reference: URL:http://www.securityfocus.com/bid/9686

The do_mremap function for the mremap system call in Linux 2.2 to
2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the
return value from the do_munmap function when the maximum number of
VMA descriptors is exceeded, which allows local users to gain root
privileges, a different vulnerability than CAN-2003-0985.

Analysis
----------------
ED_PRI CAN-2004-0077 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0078
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0078
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040119
Category: SF
Reference: BUGTRAQ:20040211 Mutt-1.4.2 fixes buffer overflow.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107651677817933&w=2
Reference: REDHAT:RHSA-2004:050
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-050.html
Reference: REDHAT:RHSA-2004:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-051.html
Reference: MANDRAKE:MDKSA-2004:010
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:010
Reference: SLACKWARE:SSA:2004-043
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405607
Reference: CONFIRM:http://bugs.debian.org/126336
Reference: BUGTRAQ:20040215 LNSA-#2004-0001: mutt remote crash
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107696262905039&w=2
Reference: BUGTRAQ:20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107884956930903&w=2
Reference: XF:mutt-index-menu-bo(15134)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15134
Reference: BID:9641
Reference: URL:http://www.securityfocus.com/bid/9641

Buffer overflow in the index menu code (menu_pad_string of menu.c) for
Mutt 1.4.1 and earlier allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via certain mail
messages.

Analysis
----------------
ED_PRI CAN-2004-0078 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0082
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0082
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040119
Category: SF
Reference: REDHAT:RHSA-2004:064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-064.html
Reference: CONFIRM:http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt
Reference: XF:samba-mksmbpasswd-gain-access(15132)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15132

The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and
3.0.1, when creating an account but marking it as disabled, may
overwrite the user password with an uninitialized buffer, which could
enable the account with a more easily guessable password.

Analysis
----------------
ED_PRI CAN-2004-0082 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: The release notes for Samba 3.02, dated February 9,
2004, explicitly reference this identifier.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0093
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0093
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040123
Category: SF
Reference: DEBIAN:DSA-443
Reference: URL:http://www.debian.org/security/2004/dsa-443
Reference: XF:xfree86-glx-array-dos(15272)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15272

XFree86 4.1.0 allows remote attackers to cause a denial of service and
possibly execute arbitrary code via an out-of-bounds array index when
using the GLX extension and Direct Rendering Infrastructure (DRI).

Analysis
----------------
ED_PRI CAN-2004-0093 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0094
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0094
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040123
Category: SF
Reference: DEBIAN:DSA-443
Reference: URL:http://www.debian.org/security/2004/dsa-443
Reference: XF:xfree86-glx-integer-dos(15273)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15273

Integer signedness errors in XFree86 4.1.0 allow remote attackers to
cause a denial of service and possibly execute arbitrary code when
using the GLX extension and Direct Rendering Infrastructure (DRI).

Analysis
----------------
ED_PRI CAN-2004-0094 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0276
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0276
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040211 Denial of Service in Monkey httpd <= 0.8.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107652610506968&w=2
Reference: CONFIRM:http://monkeyd.sourceforge.net/
Reference: MISC:http://aluigi.altervista.org/poc/monkeydos.zip
Reference: XF:monkey-getrealstring-dos(15187)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15187
Reference: BID:9642
Reference: URL:http://www.securityfocus.com/bid/9642

The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and
earlier allows remote attackers to cause a denial of service (crash)
via an HTTP request with a sequence of "%" characters and a missing
Host field.

Analysis
----------------
ED_PRI CAN-2004-0276 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: the announcement for Monkey 0.8.2 says that there are
"a lot of bug fixes (including a fix for a DoS). Thanks to Luigi
A."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0290
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0290
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: CF
Reference: BUGTRAQ:20040216 Broadcast client buffer-overflow in Purge Jihad <= 2.0.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107695064204362&w=2
Reference: CONFIRM:http://purge.worthplaying.com/phpbb/viewtopic.php?t=1167
Reference: BID:9671
Reference: URL:http://www.securityfocus.com/bid/9671
Reference: XF:purge-battletype-map-bo(15216)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15216

Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game
servers to execute arbitrary code via an information packet that
contains large battle type and map name fields.

Analysis
----------------
ED_PRI CAN-2004-0290 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: at
http://purge.worthplaying.com/phpbb/viewtopic.php?t=1167, dated Feb
12, 2004, under [Engine/Technology] it says "Fixed buffer overflow
security issue."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0297
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0297
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040217 iDEFENSE Security Advisory 02.17.04: Ipswitch IMail LDAP Daemon Remote Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107705541425564&w=2
Reference: MISC:http://www.idefense.com/application/poi/display?id=74
Reference: CONFIRM:http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html
Reference: CERT-VN:VU#972334
Reference: URL:http://www.kb.cert.org/vuls/id/972334
Reference: BID:9682
Reference: URL:http://www.securityfocus.com/bid/9682
Reference: XF:imail-ldap-tag-bo(15243)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15243

Buffer overflow in the Lightweight Directory Access Protocol (LDAP)
daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows
remote attackers to cause a denial of service (crash) and execute
arbitrary code via an LDAP message with a large tag length.

Analysis
----------------
ED_PRI CAN-2004-0297 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: at
http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html
it says "fixes a possible LDAP Denial of Service vulnerability" and
the poster refers to this patch and the patch is dated Feb 17.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0306
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0306
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: CF
Reference: CISCO:20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml
Reference: XF:cisco-ons-file-upload(15264)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15264
Reference: BID:9699
Reference: URL:http://www.securityfocus.com/bid/9699

Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD
before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service
on UDP port 69 by default, which allows remote attackers to GET or PUT
ONS system files on the current active TCC in the /flash0 or /flash1
directories.

Analysis
----------------
ED_PRI CAN-2004-0306 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0307
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0307
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: CISCO:20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml
Reference: BID:9699
Reference: URL:http://www.securityfocus.com/bid/9699
Reference: XF:cisco-ons-ack-dos(15265)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15265

Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454
SD before 4.1(3) allows remote attackers to cause a denial of service
(reset) by not sending the ACK portion of the TCP three-way handshake
and sending an invalid response instead.

Analysis
----------------
ED_PRI CAN-2004-0307 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0308
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0308
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: CISCO:20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml
Reference: XF:cisco-ons-gain-access(15266)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15266
Reference: BID:9699
Reference: URL:http://www.securityfocus.com/bid/9699

Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454
before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before
1.3(0) allows a superuser whose account is locked out, disabled, or
suspended to gain unauthorized access via a Telnet connection to the
VxWorks shell.

Analysis
----------------
ED_PRI CAN-2004-0308 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0309
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0309
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040219 EEYE: ZoneLabs SMTP Processing Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107722656827427&w=2
Reference: CERT-VN:VU#619982
Reference: URL:http://www.kb.cert.org/vuls/id/619982
Reference: CIAC:O-084
Reference: URL:http://www.ciac.org/ciac/bulletins/o-084.shtml
Reference: CONFIRM:http://download.zonelabs.com/bin/free/securityAlert/8.html
Reference: XF:zonelabs-multiple-products-bo(14991)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14991
Reference: BID:9696
Reference: URL:http://www.securityfocus.com/bid/9696

Stack-based buffer overflow in the SMTP service support in vsmon.exe
in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client
4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote
attackers to execute arbitrary code via a long RCPT TO argument.

Analysis
----------------
ED_PRI CAN-2004-0309 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0084
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0084
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040119
Category: SF
Reference: BUGTRAQ:20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107662833512775&w=2
Reference: MISC:http://www.idefense.com/application/poi/display?id=73
Reference: CONECTIVA:CLA-2004:821
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
Reference: DEBIAN:DSA-443
Reference: URL:http://www.debian.org/security/2004/dsa-443
Reference: REDHAT:RHSA-2004:059
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-059.html
Reference: REDHAT:RHSA-2004:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-060.html
Reference: REDHAT:RHSA-2004:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-061.html
Reference: SLACKWARE:SSA:2004-043
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
Reference: SUSE:SuSE-SA:2004:006
Reference: URL:http://www.suse.de/de/security/2004_06_xf86.html
Reference: MANDRAKE:MDKSA-2004:012
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:012
Reference: XF:xfree86-copyisolatin1lLowered-bo(15200)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15200

Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to
4.3.0, when using the CopyISOLatin1Lowered function, allows local or
remote authenticated users to execute arbitrary code via a malformed
entry in the font alias (font.alias) file, a different vulnerability
than CAN-2004-0083 and CAN-2004-0106.

Analysis
----------------
ED_PRI CAN-2004-0084 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: CAN-2004-0083, CAN-2004-0084, and CAN-2004-0106 were all
assigned by the CNA (Mark Cox) within a very short time frame as
multiple changes were incorporated; some fixes would go out as other
reported issues came in.  So it's reasonable to expect that some
distributions or versions might not have addressed all 3 issues, so
the CANs should remain SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0097
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0097
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040126
Category: SF
Reference: DEBIAN:DSA-448
Reference: URL:http://www.debian.org/security/2004/dsa-448
Reference: REDHAT:RHSA-2004:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-047.html
Reference: CERT:CA-2004-01
Reference: URL:http://www.cert.org/advisories/CA-2004-01.html
Reference: CERT-VN:VU#749342
Reference: URL:http://www.kb.cert.org/vuls/id/749342
Reference: XF:pwlib-message-dos(15202)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15202

Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers
to cause a denial of service and possibly execute arbitrary code, as
demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225
protocol.

Analysis
----------------
ED_PRI CAN-2004-0097 3
Vendor Acknowledgement: yes advisory
Content Decisions: SUITE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0104
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0104
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040202
Category: SF
Reference: BUGTRAQ:20040218 metamail format string bugs and buffer overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107713476911429&w=2
Reference: VULNWATCH:20040218 metamail format string bugs and buffer overflows
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0041.html
Reference: MANDRAKE:MDKSA-2004:014
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:014
Reference: REDHAT:RHSA-2004:073
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-073.html
Reference: SLACKWARE:SSA:2004-049
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734
Reference: XF:metamail-contenttype-format-string(15245)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15245
Reference: XF:metamail-printheader-format-string(15259)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15259

Multiple format string vulnerabilities in Metamail 2.7 and earlier
allow remote attackers to execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2004-0104 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0105
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0105
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040202
Category: SF
Reference: BUGTRAQ:20040218 metamail format string bugs and buffer overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107713476911429&w=2
Reference: VULNWATCH:20040218 metamail format string bugs and buffer overflows
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0041.html
Reference: MANDRAKE:MDKSA-2004:014
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:014
Reference: REDHAT:RHSA-2004:073
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-073.html
Reference: SLACKWARE:SSA:2004-049
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734
Reference: XF:metamail-printheader-nonascii-bo(15247)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15247
Reference: XF:metamail-splitmail-subject-bo(15258)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15258

Multiple buffer overflows in Metamail 2.7 and earlier allow remote
attackers to execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2004-0105 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0106
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0106
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040202
Category: SF
Reference: CONECTIVA:CLA-2004:821
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
Reference: DEBIAN:DSA-443
Reference: URL:http://www.debian.org/security/2004/dsa-443
Reference: REDHAT:RHSA-2004:059
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-059.html
Reference: REDHAT:RHSA-2004:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-060.html
Reference: REDHAT:RHSA-2004:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-061.html
Reference: SLACKWARE:SSA:2004-043
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
Reference: SUSE:SuSE-SA:2004:006
Reference: URL:http://www.suse.de/de/security/2004_06_xf86.html
Reference: MANDRAKE:MDKSA-2004:012
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:012
Reference: XF:xfree86-multiple-font-improper-handling(15206)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15206

Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to
improper handling of font files, a different set of vulnerabilities
than CAN-2004-0083 and CAN-2004-0084.

Analysis
----------------
ED_PRI CAN-2004-0106 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: CAN-2004-0083, CAN-2004-0084, and CAN-2004-0106 were all
assigned by the CNA (Mark Cox) within a very short time frame as
multiple changes were incorporated; some fixes would go out as other
reported issues came in.  So it's reasonable to expect that some
distributions or versions might not have addressed all 3 issues, so
the CANs should remain SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0190
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0190
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040303
Category: SF
Reference: BUGTRAQ:20040216 Symantec FireWall/VPN Appliance model 200 leak of security
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107694794031839&w=2
Reference: FULLDISC:20040216 Symantec FireWall/VPN Appliance model 200 leak of security
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/017414.html
Reference: XF:symantec-firewallvpn-password-plaintext(15212)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15212

Symantec FireWall/VPN Appliance model 200 records a cleartext
password for the password administration page, which may be cached on
the administrator's local system or in a proxy, which allows attackers
to steal the password and gain privileges.

Analysis
----------------
ED_PRI CAN-2004-0190 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0217
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0217
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040312
Category: SF
Reference: BUGTRAQ:20040216 Possible race condition in Symantec AntiVirus Scan Engine for Red
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107694800908164&w=2
Reference: XF:symantec-scanengine-race-condition(15215)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15215
Reference: BID:9662
Reference: URL:http://www.securityfocus.com/bid/9662

The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan
Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or
append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.

Analysis
----------------
ED_PRI CAN-2004-0217 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0275
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0275
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040211 ZH2004-05SA (security advisory): Sql Injection Vulnerability in BosDates
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107651618613575&w=2
Reference: MISC:http://www.zone-h.org/en/advisories/read/id=3925/
Reference: XF:bosdates-calendar-sql-injection(15133)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15133
Reference: BID:9639
Reference: URL:http://www.securityfocus.com/bid/9639

SQL injection vulnerability in calendar_download.php in BosDates 3.2
and earlier allows remote attackers to obtain sensitive information
and gain access via the calendar parameter.

Analysis
----------------
ED_PRI CAN-2004-0275 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0278
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0278
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040211 Denial of Service in Ratbag's game engine
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107655269820530&w=2
Reference: XF:ratbag-data-length-dos(15188)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15188
Reference: BID:9644
Reference: URL:http://www.securityfocus.com/bid/9644

Ratbag game engine, as used in products such as Dirt Track Racing,
Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to
cause a denial of service (CPU consumption) via a TCP packet that
specifies the length of data to read and then sends a second TCP
packet that contains less data than specified, which causes Ratbag to
repeatedly check the socket for more data.

Analysis
----------------
ED_PRI CAN-2004-0278 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0279
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0279
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040212 aimSniff.pl file "deletion" (local)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107662243303439&w=2
Reference: XF:aim-sniff-symlink(15199)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15199
Reference: BID:9653
Reference: URL:http://www.securityfocus.com/bid/9653

AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary
files via a symlink attack on /tmp/AS.log.

Analysis
----------------
ED_PRI CAN-2004-0279 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0282
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0282
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040212 crob ftpd Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107665920909374&w=2
Reference: XF:crob-multiple-connections-dos(15201)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15201
Reference: BID:9651
Reference: URL:http://www.securityfocus.com/bid/9651

Crob FTP daemon 2.5.2 allows remote attackers to cause a denial of
service (crash) by connecting and disconnecting repeatedly.

Analysis
----------------
ED_PRI CAN-2004-0282 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0283
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0283
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040212 Symlink vulnerabilities in mailmgr
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107665013714517&w=2
Reference: XF:mailmgr-insecure-temp-directory (15203)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15203
Reference: BID:9654
Reference: URL:http://www.securityfocus.com/bid/9654

Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a
symlink attack on (1) /tmp/mailmgr.unsort, (2) /tmp/mailmgr.tmp, or
(3) /tmp/mailmgr.sort.

Analysis
----------------
ED_PRI CAN-2004-0283 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0285
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0285
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040214 AllMyVisitors PHP Code Injection vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107696235424865&w=2
Reference: BUGTRAQ:20040214 AllMyGuests PHP Code Injection vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107696209514155&w=2
Reference: BUGTRAQ:20040214 AllMyLinks PHP Code Injection vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107696291728750&w=2
Reference: XF:allmyvisitors-file-include(15228)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15228
Reference: XF:allmyguests-php-file-include(15227)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15227
Reference: XF:allmylinks-file-include(15226)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15226
Reference: BID:9664
Reference: URL:http://www.securityfocus.com/bid/9664

PHP remote code injection vulnerabilities in (1) AllMyVisitors, (2)
AllMyLinks, and (3) AllMyGuests allow remote attackers to execute
arbitrary PHP code by modifying the _AMVconfig[cfg_serverpath]
parameter to reference a URL on a remote web server that contains
template.inc.php.

Analysis
----------------
ED_PRI CAN-2004-0285 3
Vendor Acknowledgement: unknown
Content Decisions: SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0286
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0286
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040215 buffer overflow in Robot FTP Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107696194306878&w=2
Reference: XF:robot-username-bo(15225)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15225
Reference: BID:9672
Reference: URL:http://www.securityfocus.com/bid/9672

Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a long username.

Analysis
----------------
ED_PRI CAN-2004-0286 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0287
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0287
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040215 Xlight ftp server 1.52 RETR bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107695172917263&w=2
Reference: XF:xlight-retr-dos(15220)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15220
Reference: BID:9627
Reference: URL:http://www.securityfocus.com/bid/9627

Xlight FTP server 1.52 allows remote authenticated users to cause a
denial of service (crash) via a RETR command with a long argument,
possibly triggering a buffer overflow.

Analysis
----------------
ED_PRI CAN-2004-0287 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0288
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0288
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040215 Buffer overflow in mnoGoSearch
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2
Reference: XF:mnogosearch-udmdoctotextbuf-bo(15209)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15209
Reference: BID:9667
Reference: URL:http://www.securityfocus.com/bid/9667

Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13
through 3.2.15 could allow remote attackers to execute arbitrary code
by indexing a large document.

Analysis
----------------
ED_PRI CAN-2004-0288 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0289
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0289
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040215 problems with database files in 'SignatureDB'
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107695113832648&w=2
Reference: BID:9661
Reference: URL:http://www.securityfocus.com/bid/9661
Reference: XF:signaturedb-sdbscan-bo(15217)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15217

Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to
cause a denial of service (segmentation fault) via a database file
that contains a large key parameter.

Analysis
----------------
ED_PRI CAN-2004-0289 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0291
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0291
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040216 Another YabbSE SQL Injection
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107696318522985&w=2
Reference: BID:9674
Reference: URL:http://www.securityfocus.com/bid/9674
Reference: XF:yabb-post-sql-injection(15224)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15224

SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5
allows remote attackers to obtain hashed passwords via the quote
parameter.

Analysis
----------------
ED_PRI CAN-2004-0291 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0292
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0292
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040217 KarjaSoft Sami HTTP Server 1.0.4 Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107703630913205&w=2
Reference: MISC:http://www.security-protocols.com/modules.php?name=News&file=article&sid=1746
Reference: BID:9679
Reference: URL:http://www.securityfocus.com/bid/9679
Reference: XF:sami-http-get-bo(15237)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15237

Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a long HTTP GET request.

Analysis
----------------
ED_PRI CAN-2004-0292 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0293
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0293
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040217 ZH2004-06SA (security advisory): ShopCartCGI v2.3 Remote
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107703602707450&w=2
Reference: MISC:http://www.zone-h.org/en/advisories/read/id=3962/
Reference: XF:shopcartcgi-dotdot-directory-traversal(14982)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14982
Reference: BID:9670
Reference: URL:http://www.securityfocus.com/bid/9670

Directory traversal vulnerability in ShopCartCGI 2.3 allows remote
attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP
request to (1) gotopage.cgi or (2) genindexpage.cgi.

Analysis
----------------
ED_PRI CAN-2004-0293 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0294
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0294
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040217 YABB information leakage on failed login
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107703591314745&w=2
Reference: BID:9677
Reference: URL:http://www.securityfocus.com/bid/9677
Reference: XF:yabb-invalidmessage-obtain-information(15236)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15236

YaBB 1 SP 1.3.1 displays different error messages when a user exists
or not, which makes it easier for remote attackers to identify valid
users and conduct a brute force password guessing attack.

Analysis
----------------
ED_PRI CAN-2004-0294 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0295
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0295
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040217 Broker FTP DoS (Message Server)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107705346817241&w=2
Reference: MISC:http://www.securiteam.com/windowsntfocus/5IP0B0AC1I.html
Reference: XF:broker-ftp-tsftpsrv-dos(15242)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15242
Reference: BID:9680
Reference: URL:http://www.securityfocus.com/bid/9680

TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a
denial of service (CPU consumption) via an open idle connection.

Analysis
----------------
ED_PRI CAN-2004-0295 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0296
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0296
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040217 Broker FTP DoS (Message Server)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107705346817241&w=2
Reference: MISC:http://www.securiteam.com/windowsntfocus/5IP0B0AC1I.html
Reference: XF:broker-ftp-dos(15241)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15241
Reference: BID:9680
Reference: URL:http://www.securityfocus.com/bid/9680

TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a
TsFtpSrv.exe to exit with an exception by opening and immediately
closing a connection.  NOTE: the original researcher

Analysis
----------------
ED_PRI CAN-2004-0296 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0298
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0298
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040217 CesarFTP 0.99 : 100% employment of computer resources
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712057628250&w=2
Reference: BID:9666
Reference: URL:http://www.securityfocus.com/bid/9666
Reference: XF:cesarftp-userpass-dos(15252)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15252

CesarFTP 0.99e allows remote attackers to cause a denial of service
(CPU consumption) via a long RETR parameter.

Analysis
----------------
ED_PRI CAN-2004-0298 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0299
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0299
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040217 Smallftpd 1.0.3 DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107714207708375&w=2
Reference: BID:9684
Reference: URL:http://www.securityfocus.com/bid/9684
Reference: XF:smallftpd-forwardslash-dos(15262)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15262

Buffer overflow in smallftpd 0.99 allows local users to cause a denial
of service (crash) via an FTP request with a large number of "/"
(slash) characters.

Analysis
----------------
ED_PRI CAN-2004-0299 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0300
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0300
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040218 ZH2004-07SA (security advisory): Multiple Sql injection
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712117913185&w=2
Reference: MISC:http://www.zone-h.org/en/advisories/read/id=3972/
Reference: MISC:http://www.systemsecure.org/advisories/ssadvisory16022004.php
Reference: MISC:http://secunia.com/advisories/10902/
Reference: XF:onlinestorekit-more-sql-injection(15232)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15232
Reference: BID:9676
Reference: URL:http://www.securityfocus.com/bid/9676
Reference: BID:9687
Reference: URL:http://www.securityfocus.com/bid/9687

SQL injection vulnerability in Online Store Kit 3.0 allows remote
attackers to inject arbitrary SQL and gain unauthorized access via (1)
the cat parameter in shop.php, (2) the id parameter in more.php, (3)
the cat_manufacturer parameter in shop_by_brand.php, or (4) the id
parameter in listing.php.

Analysis
----------------
ED_PRI CAN-2004-0300 3
Vendor Acknowledgement: unknown

BID:9687 could be the same vuln. Site is not updated yet.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0301
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0301
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: MISC:http://www.systemsecure.org/advisories/ssadvisory16022004.php
Reference: MISC:http://secunia.com/advisories/10902/
Reference: BID:9676
Reference: URL:http://www.securityfocus.com/bid/9676
Reference: XF:onlinestorekit-more-xss(15235)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15235

Cross-site scripting (XSS) vulnerability in more.php for Online Store
Kit 3.0 allows remote attackers to inject arbitrary HTML via the id
parameter.

Analysis
----------------
ED_PRI CAN-2004-0301 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0302
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0302
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040218 ZH2004-08SA (security advisory): OWLS 1.0 Remote arbitrary files
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712123305706&w=2
Reference: MISC:http://www.zone-h.org/en/advisories/read/id=3973/
Reference: XF:owls-file-retrieval(15249)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15249
Reference: BID:9689
Reference: URL:http://www.securityfocus.com/bid/9689

Directory traversal vulnerability in OWLS 1.0 allows remote attackers
to read arbitrary files via a .. (dot dot) in the (1) file parameter
in index.php, (2) editfile in glossary.php, or (3) editfile in
newmultiplechoice.php.

Analysis
----------------
ED_PRI CAN-2004-0302 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

ABSTRACTION: the ".." and "/absolute/path" problems are regarded as
distinct variants of the directory traversal class, so they are SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0303
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0303
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040218 ZH2004-08SA (security advisory): OWLS 1.0 Remote arbitrary files
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712123305706&w=2
Reference: MISC:http://www.zone-h.org/en/advisories/read/id=3973/
Reference: XF:owls-file-retrieval(15249)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15249
Reference: BID:9689
Reference: URL:http://www.securityfocus.com/bid/9689

OWLS 1.0 allows remote attackers to retrieve arbitrary files via
absolute pathnames in (1) the file parameter in /glossaries/index.php,
(2) the filename parameter in /readings/index.php, or (3) the filename
parameter in /multiplechoice/resultsignore.php, as demonstrated using
/etc/passwd.

Analysis
----------------
ED_PRI CAN-2004-0303 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

ABSTRACTION: the ".." and "/absolute/path" problems are regarded as
distinct variants of the directory traversal class, so they are SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0304
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0304
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040218 WebCortex Webstores2000 version 6.0 multiple security vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712159425226&w=2
Reference: MISC:http://www.s-quadra.com/advisories/Adv-20040218.txt
Reference: XF:webstores-browseitems-sql-injection(15253)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15253
Reference: BID:7766
Reference: URL:http://www.securityfocus.com/bid/7766

SQL injection vulnerability in browse_items.asp in WebCortex WebStores
2000 6.0 allows remote attackers to gain unauthorized access and
execute arbitrary commands via the Search_Text parameter.

Analysis
----------------
ED_PRI CAN-2004-0304 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0305
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0305
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040218 WebCortex Webstores2000 version 6.0 multiple security vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712159425226&w=2
Reference: XF:webstores-error-xss(15254)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15254
Reference: BID:9693
Reference: URL:http://www.securityfocus.com/bid/9693

Cross-site scripting (XSS) vulnerability in error.asp in WebCortex
WebStores 2000 6.0 allows remote attackers to execute arbitrary script
as other users and steal session IDs via the Message_id parameter.

Analysis
----------------
ED_PRI CAN-2004-0305 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0310
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0310
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040219 LiveJournal XSS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107722627800820&w=2
Reference: BID:9700
Reference: URL:http://www.securityfocus.com/bid/9700
Reference: XF:livejournal-url-xss(15268)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15268

Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1
allows remote attackers to execute Javascript as other users via the
stylesheet, which does not strip the semicolon or parentheses, as
demonstrated using a background:url.

Analysis
----------------
ED_PRI CAN-2004-0310 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0311
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0311
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: CF
Reference: BUGTRAQ:20040216 APC 9606 SmartSlot Web/SNMP management card "backdoor"
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107703696631367&w=2
Reference: BUGTRAQ:20040219 Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor"
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107721020803565&w=2
Reference: CONFIRM:http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131&p_created=1077139129
Reference: XF:apc-smartslot-default-password(15238)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15238
Reference: BID:9681
Reference: URL:http://www.securityfocus.com/bid/9681

American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0
through 3.0.3 and 3.21 are shipped with a default password of
TENmanUFactOryPOWER, which allows remote attackers to gain
unauthorized access.

Analysis
----------------
ED_PRI CAN-2004-0311 3
Vendor Acknowledgement: yes advisory
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0312
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0312
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040217 SNMP community string disclosure in Linksys WAP55AG
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712101324233&w=2
Reference: BUGTRAQ:20040219 Re: SNMP community string disclosure in Linksys WAP55AG
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107730681012131&w=2
Reference: XF:linksys-snmp-strings-disclosure(15257)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15257
Reference: BID:9688
Reference: URL:http://www.securityfocus.com/bid/9688

Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP
read only community string to gain access to read/write communtiy
strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2.

Analysis
----------------
ED_PRI CAN-2004-0312 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007