|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster 2004-03-A - 36 candidates
I am proposing cluster 2004-03-A for review and voting by the Editorial Board. Name: 2004-03-A Description: CANs announced between 2004/03/01 and 2004/03/11 Size: 36 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2003-0592 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0592 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20030718 Category: SF Reference: FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018475.html Reference: VULNWATCH:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html Reference: REDHAT:RHSA-2004:074 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-074.html Reference: DEBIAN:DSA-459 Reference: URL:http://www.debian.org/security/2004/dsa-459 Reference: MANDRAKE:MDKSA-2004:022 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:022 Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Analysis ---------------- ED_PRI CAN-2003-0592 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0594 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0594 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20030718 Category: SF Reference: FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018475.html Reference: VULNWATCH:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html Reference: MANDRAKE:MDKSA-2004:021 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:021 Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Analysis ---------------- ED_PRI CAN-2003-0594 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0905 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0905 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20031104 Category: SF Reference: MS:MS04-008 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-008.asp Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets. Analysis ---------------- ED_PRI CAN-2003-0905 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0993 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20031216 Category: SF Reference: CONFIRM:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850 Reference: MLIST:[apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c Reference: URL:http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722 Reference: CONFIRM:http://www.apacheweek.com/features/security-13 Reference: XF:apache-modaccess-obtain-information(15422) Reference: URL:http://xforce.iss.net/xforce/xfdb/15422 Reference: BID:9829 Reference: URL:http://www.securityfocus.com/bid/9829 mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. Analysis ---------------- ED_PRI CAN-2003-0993 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0108 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0108 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040202 Category: SF Reference: REDHAT:RHSA-2004:053 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-053.html Reference: DEBIAN:DSA-460 Reference: URL:http://www.debian.org/security/2004/dsa-460 Reference: SGI:20040302-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107. Analysis ---------------- ED_PRI CAN-2004-0108 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0111 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040202 Category: SF Reference: REDHAT:RHSA-2004:103 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-103.html Reference: MANDRAKE:MDKSA-2004:020 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:020 gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file. Analysis ---------------- ED_PRI CAN-2004-0111 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0113 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040202 Category: SF Reference: MISC:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27106 Reference: MLIST:[apache-cvs] 20040307 cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c Reference: URL:http://marc.theaimsgroup.com/?l=apache-cvs&m=107869699329638 Reference: CONFIRM:http://www.apacheweek.com/features/security-20 Reference: XF:apache-modssl-plain-dos(15419) Reference: URL:http://xforce.iss.net/xforce/xfdb/15419 Reference: BID:9826 Reference: URL:http://www.securityfocus.com/bid/9826 Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. Analysis ---------------- ED_PRI CAN-2004-0113 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0121 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0121 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040203 Category: SF Reference: BUGTRAQ:20040310 Outlook mailto: URL argument injection vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107893704602842&w=2 Reference: MISC:http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities Reference: MS:MS04-009 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-009.asp Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs. Analysis ---------------- ED_PRI CAN-2004-0121 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0122 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0122 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040203 Category: SF Reference: MS:MS04-010 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-010.asp Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files. Analysis ---------------- ED_PRI CAN-2004-0122 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0148 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040213 Category: SF Reference: DEBIAN:DSA-457 Reference: URL:http://www.debian.org/security/2004/dsa-457 Reference: REDHAT:RHSA-2004:096 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-096.html wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. Analysis ---------------- ED_PRI CAN-2004-0148 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0150 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0150 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040213 Category: SF Reference: DEBIAN:DSA-458 Reference: URL:http://www.debian.org/security/2004/dsa-458 Reference: MANDRAKE:MDKSA-2004:019 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:019 Buffer overflow in the getaddrinfo in Python 2.2 allows remote attackers to executer arbitrary code via an IPv6 address that is obtained using DNS. Analysis ---------------- ED_PRI CAN-2004-0150 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0171 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0171 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040219 Category: SF Reference: FULLDISC:20040302 iDEFENSE Security Advisory 03.02.04: FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018133.html Reference: MISC:http://www.idefense.com/application/poi/display?id=78&type=vulnerabilities Reference: FREEBSD:FreeBSD-SA-04:04 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc Reference: XF:freebsd-mbuf-dos(15369) Reference: URL:http://xforce.iss.net/xforce/xfdb/15369 FreeBSD 5.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion of memory buffers) via a large number of out-of-sequence TCP packets, which prevents FreeBSD from creating new connections. Analysis ---------------- ED_PRI CAN-2004-0171 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0352 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0352 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: CISCO:20040304 Cisco CSS 11000 Series Content Services Switches Malformed UDP Packet Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040304-css.shtml Reference: CERT-VN:VU#363374 Reference: URL:http://xforce.iss.net/xforce/xfdb/15388 Reference: XF:cisco-css-udp-dos(15388) Reference: URL:http://xforce.iss.net/xforce/xfdb/15388 Reference: BID:9806 Reference: URL:http://www.securityfocus.com/bid/9806 Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. Analysis ---------------- ED_PRI CAN-2004-0352 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0356 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0356 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040305 SLMail Pro Supervisor Report Center Buffer Overflow (#NISR05022004a) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107850488326232&w=2 Reference: CONFIRM:http://216.26.170.92/Download/webfiles/Patches/SLMPPatch-2.0.14.pdf Reference: MISC:http://www.nextgenss.com/advisories/slmailsrc.txt Reference: XF:slmail-src-stack-bo(15398) Reference: URL:http://xforce.iss.net/xforce/xfdb/15398 Reference: BID:9809 Reference: URL:http://www.securityfocus.com/bid/9809 Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro 2.0.9 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a long HTTP sub-version. Analysis ---------------- ED_PRI CAN-2004-0356 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: the patch document for SL Mail 2.0.14 includes the item: "Security Issues: SL Supervisor buffer overflow" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0347 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0347 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107826362024112&w=2 Reference: BUGTRAQ:20040304 NetScreen Advisory 58412: XSS Bug in NetScreen-SA SSL VPN Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107850564102190&w=2 Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter. Analysis ---------------- ED_PRI CAN-2004-0347 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0513 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0513 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20030707 Category: SF Reference: FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018475.html Reference: VULNWATCH:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Analysis ---------------- ED_PRI CAN-2003-0513 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0514 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0514 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20030707 Category: SF Reference: FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018475.html Reference: VULNWATCH:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Analysis ---------------- ED_PRI CAN-2003-0514 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0593 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0593 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20030718 Category: SF Reference: FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018475.html Reference: VULNWATCH:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Analysis ---------------- ED_PRI CAN-2003-0593 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0107 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0107 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040202 Category: SF Reference: REDHAT:RHSA-2004:053 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-053.html Reference: REDHAT:RHSA-2004:093 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-093.html Reference: SGI:20040302-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CAN-2004-0108. Analysis ---------------- ED_PRI CAN-2004-0107 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0194 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0194 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040304 Category: SF Reference: BUGTRAQ:20040303 Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107842545022724&w=2 Reference: FULLDISC:20040303 Adobe Acrobat Reader XML Forms Data Format Buffer Overflow Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018227.html Reference: MISC:http://www.nextgenss.com/advisories/adobexfdf.txt Reference: XF:acrobatreader-xfdf-bo(15384) Reference: URL:http://xforce.iss.net/xforce/xfdb/15384 Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data. Analysis ---------------- ED_PRI CAN-2004-0194 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0224 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0224 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040315 Category: SF Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=5767 Reference: MISC:http://secunia.com/advisories/11087/ Reference: BID:9845 Reference: URL:http://www.securityfocus.com/bid/9845 Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." Analysis ---------------- ED_PRI CAN-2004-0224 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0343 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0343 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040301 YabbSE (3 on 1) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107816202813083&w=2 Reference: XF:yabb-multiple-sql-injection(15354) Reference: URL:http://xforce.iss.net/xforce/xfdb/15354 Reference: BID:9774 Reference: URL:http://www.securityfocus.com/bid/9774 Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php. Analysis ---------------- ED_PRI CAN-2004-0343 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0344 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0344 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040301 YabbSE (3 on 1) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107816202813083&w=2 Reference: BID:9774 Reference: URL:http://www.securityfocus.com/bid/9774 Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter. Analysis ---------------- ED_PRI CAN-2004-0344 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0345 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0345 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040301 Clients broadcast buffer overflow in Red Faction <= 1.20 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107816217901923&w=2 Reference: XF:redfaction-bo(15353) Reference: URL:http://xforce.iss.net/xforce/xfdb/15353 Reference: BID:9775 Reference: URL:http://www.securityfocus.com/bid/9775 Buffer overflow in Red Faction client 1.20 and earlier allows remote servers to execute arbitrary code via a long server name. Analysis ---------------- ED_PRI CAN-2004-0345 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0346 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0346 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040302 The Cult of a Cardinal Number Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107824679817240&w=2 Reference: XF:proftpd-offbyone-bo(15387) Reference: URL:http://xforce.iss.net/xforce/xfdb/15387 Reference: BID:9782 Reference: URL:http://www.securityfocus.com/bid/9782 Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command. Analysis ---------------- ED_PRI CAN-2004-0346 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0348 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0348 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040303 Spider Sales shopping cart software multiple security vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107833097705486&w=2 Reference: MISC:http://www.s-quadra.com/advisories/Adv-20040303.txt Reference: XF:spidersales-userid-sql-injection(15371) Reference: URL:http://xforce.iss.net/xforce/xfdb/15371 Reference: BID:9799 Reference: URL:http://www.securityfocus.com/bid/9799 SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter. Analysis ---------------- ED_PRI CAN-2004-0348 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0349 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0349 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040303 directory traversal in GWeb 0.6 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107833161617397&w=2 Reference: XF:gweb-dotdot-directory-traversal(15381) Reference: URL:http://xforce.iss.net/xforce/xfdb/15381 Reference: BID:9742 Reference: URL:http://www.securityfocus.com/bid/9742 Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. (dot dot) in the URL. Analysis ---------------- ED_PRI CAN-2004-0349 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0350 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0350 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040303 Spider Sales shopping cart software multiple security vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107833097705486&w=2 Reference: FULLDISC:20040303 Spider Sales shopping cart software multiple security vulnerabilities Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018177.html Reference: MISC:http://www.s-quadra.com/advisories/Adv-20040303.txt Reference: XF:spidersales-weak-encryption(15370) Reference: URL:http://xforce.iss.net/xforce/xfdb/15370 Reference: BID:9799 Reference: URL:http://www.securityfocus.com/bid/9799 SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring. Analysis ---------------- ED_PRI CAN-2004-0350 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0351 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0351 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040303 Spider Sales shopping cart software multiple security vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107833097705486&w=2 Reference: FULLDISC:20040303 Spider Sales shopping cart software multiple security vulnerabilities Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018177.html Reference: XF:spidersales-weak-encryption(15370) Reference: URL:http://xforce.iss.net/xforce/xfdb/15370 Reference: BID:9799 Reference: URL:http://www.securityfocus.com/bid/9799 Spider Sales shopping cart stores the private key in the same database and table as the public key, which allows local users with access to the database to decrypt data. Analysis ---------------- ED_PRI CAN-2004-0351 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0353 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0353 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040304 GNU Anubis buffer overflows and format string bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107843915424588&w=2 Reference: MLIST:[bug-anubis] 20040228 Important security update Reference: URL:http://mail.gnu.org/archive/html/bug-anubis/2004-02/msg00000.html Reference: BUGTRAQ:20040310 GNU Anubis 3.6.2 remote root exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107894315012081&w=2 Reference: BID:9772 Reference: URL:http://www.securityfocus.com/bid/9772 Reference: XF:anubis-ident-bo(15345) Reference: URL:http://xforce.iss.net/xforce/xfdb/15345 Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string. Analysis ---------------- ED_PRI CAN-2004-0353 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0354 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0354 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040304 GNU Anubis buffer overflows and format string bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107843915424588&w=2 Reference: MLIST:[bug-anubis] 20040228 Important security update Reference: URL:http://mail.gnu.org/archive/html/bug-anubis/2004-02/msg00000.html Reference: BID:9772 Reference: URL:http://www.securityfocus.com/bid/9772 Reference: XF:anubis-format-string(15346) Reference: URL:http://xforce.iss.net/xforce/xfdb/15346 Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c. Analysis ---------------- ED_PRI CAN-2004-0354 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0355 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0355 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040305 Invision Power Board 1.3 Final Path Disclosure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107850510428567&w=2 Reference: XF:invision-invalid-path-disclosure(15400) Reference: URL:http://xforce.iss.net/xforce/xfdb/15400 Reference: BID:9810 Reference: URL:http://www.securityfocus.com/bid/9810 Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for "Personal Photo" that is not an image file, which displays the installation path in an error message. Analysis ---------------- ED_PRI CAN-2004-0355 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0357 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0357 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040305 SLWebMail Multiple Buffer Overflow Vulnerabilities (#NISR05022004b) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107850432827699&w=2 Reference: CONFIRM:http://216.26.170.92/Download/webfiles/Patches/SLMPPatch-2.0.14.pdf Reference: MISC:http://www.nextgenss.com/advisories/slmailwm.txt Reference: XF:slmail-slwebmail-bo(15399) Reference: URL:http://xforce.iss.net/xforce/xfdb/15399 Reference: BID:9808 Reference: URL:http://www.securityfocus.com/bid/9808 Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote attackers to execute arbitrary code via (1) user.dll, (2) loadpageadmin.dll or (3) loadpageuser.dll. Analysis ---------------- ED_PRI CAN-2004-0357 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC ACKNOWLEDGEMENT: the patch document for SL Mail 2.0.14 includes the item: "Security Issues: Webmail buffer overrun" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0358 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0358 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040305 VirtuaNews Admin Panel 1.0.3 Pro Cross Site Scripting Vulnerabillity Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107851556116088&w=2 Reference: BUGTRAQ:20040307 RE: VirtuaNews Admin Panel 1.0.3 Pro Cross Site Scripting Vulnerabillity Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-03/0069.html Reference: XF:virtuanews-multiple-xss(15402) Reference: URL:http://xforce.iss.net/xforce/xfdb/15402 Reference: BID:9812 Reference: URL:http://www.securityfocus.com/bid/9812 Reference: BID:9819 Reference: URL:http://www.securityfocus.com/bid/9819 Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in admin.php, (4) the catid parameter in admin.php, or (5) an unnamed parameter during the newslogo_upload action in admin.php. Analysis ---------------- ED_PRI CAN-2004-0358 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ACCURACY: other attack vectors were claimed in the original post, but a followup claimed some cut-and-paste and similar errors in the original post. The followup post is being used. It does not appear to add any new issues. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0359 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0359 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040305 Invision Power Board v1.3 Final Cross Site Scripting Vulnerabillity Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107851589701916&w=2 Reference: BID:9768 Reference: URL:http://www.securityfocus.com/bid/9768 Reference: XF:invision-xss(15403) Reference: URL:http://xforce.iss.net/xforce/xfdb/15403 Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters. Analysis ---------------- ED_PRI CAN-2004-0359 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0361 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0361 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040306 Safari javascript array overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107861828510106&w=2 Reference: MISC:http://www.insecure.ws/article.php?story=2004021918172533 Reference: BID:9815 Reference: URL:http://www.securityfocus.com/bid/9815 Reference: XF:safari-array-dos(15413) Reference: URL:http://xforce.iss.net/xforce/xfdb/15413 The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array. Analysis ---------------- ED_PRI CAN-2004-0361 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
