|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 480 candidates (Final Decision September 1)
I have made an Interim Decision to ACCEPT the following 480 candidates. I will make a Final Decision on September 1. The candidates came from the following clusters: 1 RECENT-48 2 RECENT-49 1 MISC-99 1 RECENT-60 1 RECENT-61 1 RECENT-62 1 RECENT-65 1 RECENT-66 1 RECENT-67 1 LEGACY-UNIX-ADV 1 LEGACY-MISC-1997 1 LEGACY-MISC-1998-A 1 LEGACY-MISC-1998-B 3 LEGACY-MISC-1999-A 3 LEGACY-MISC-1999-B 1 LEGACY-MISC-1999-C 2 RECENT-69 1 RECENT-72 1 RECENT-73 3 RECENT-75 2 RECENT-76 2 RECENT-77 3 RECENT-78 1 RECENT-79 1 RECENT-80 1 RECENT-81 2 RECENT-82 1 RECENT-84 2 MISC-2001-001 3 MISC-2001-002 1 RECENT-86 1 RECENT-87 1 RECENT-88 4 MISC-2001-004 2 RECENT-89 1 RECENT-90 1 RECENT-91 10 RECENT-93 2 RECENT-96 6 RECENT-97 3 MISC-2001-005 2 RECENT-98 2 RECENT-103 2 RECENT-104 24 CERT-2003a 17 CISCO-2003a 27 UNIX-2002a 35 UNIX-2002b 22 UNIX-2002c 21 UNIX-2003a 36 MS-2002a 31 CONFIRM-2002a 28 CONFIRM-2002b 39 CONFIRM-2003a 23 MISC-2002b 1 RECENT-14 3 RECENT-31 1 RECENT-32 Voters: Renaud NOOP(1) Ziese ACCEPT(2) NOOP(6) REVIEWING(6) Dik ACCEPT(2) Levy ACCEPT(3) REVIEWING(2) Green ACCEPT(253) MODIFY(1) NOOP(5) REVIEWING(3) Magdych NOOP(1) Frech ACCEPT(36) MODIFY(76) Cole ACCEPT(418) NOOP(62) Alderson ACCEPT(6) REVIEWING(1) Jones ACCEPT(27) MODIFY(6) NOOP(2) REVIEWING(5) Stracener ACCEPT(6) NOOP(1) Balinsky ACCEPT(13) MODIFY(2) NOOP(4) Foat ACCEPT(33) MODIFY(1) NOOP(43) Bollinger ACCEPT(8) Cox ACCEPT(89) MODIFY(55) NOOP(290) REVIEWING(1) Williams ACCEPT(16) MODIFY(4) NOOP(1) REVIEWING(2) Baker ACCEPT(294) MODIFY(1) Bishop ACCEPT(1) NOOP(2) Christey MODIFY(4) NOOP(155) Armstrong ACCEPT(212) NOOP(24) Wall ACCEPT(116) NOOP(206) REVIEWING(30) ====================================================== Candidate: CAN-1999-0718 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0718 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20010214 Assigned: 19991125 Category: unknown Reference: NTBUGTRAQ:19990823 IBM Gina security warning Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=&S=&P=5534 Reference: BID:608 Reference: URL:http://www.securityfocus.com/bid/608 Reference: XF:ibm-gina-group-add Reference: URL:http://xforce.iss.net/static/3166.php IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-1999-0718 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Baker, Frech, Cole Voter Comments: Frech> XF:ibm-gina-group-add ====================================================== Candidate: CAN-1999-1189 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1189 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991124 Netscape Communicator 4.7 - Navigator Overflows Reference: URL:http://www.securityfocus.com/archive/1/36306 Reference: BUGTRAQ:19991127 Netscape Communicator 4.7 - Navigator Overflows Reference: URL:http://www.securityfocus.com/archive/1/36608 Reference: BID:822 Reference: URL:http://www.securityfocus.com/bid/822 Reference: XF:netscape-long-argument-bo(7884) Reference: URL:http://xforce.iss.net/xforce/xfdb/7884 Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file. Modifications: 20040723 ADDREF XF:netscape-long-argument-bo(7884) Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-1999-1189 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:netscape-long-argument-bo(7884) ====================================================== Candidate: CAN-1999-1199 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1199 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980807 YA Apache DoS attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90252779826784&w=2 Reference: BUGTRAQ:19980808 Debian Apache Security Update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90276683825862&w=2 Reference: BUGTRAQ:19980810 Apache DoS Attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90286768232093&w=2 Reference: BUGTRAQ:19980811 Apache 'sioux' DOS fix for TurboLinux Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90280517007869&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#apache Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. Modifications: 20040723 ADDREF CONFIRM Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-1999-1199 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cox, Cole NOOP(3) Christey, Wall, Foat Voter Comments: Christey> CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#apache ====================================================== Candidate: CAN-1999-1201 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1201 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990206 New Windows 9x Bug: TCP Chorusing Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91849617221319&w=2 Reference: BID:225 Reference: URL:http://www.securityfocus.com/bid/225 Reference: XF:win-multiple-ip-dos(7542) Reference: URL:http://xforce.iss.net/xforce/xfdb/7542 Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing. Modifications: 20040723 ADDREF XF:win-multiple-ip-dos(7542) Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-1999-1201 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:win-multiple-ip-dos(7542) ====================================================== Candidate: CAN-1999-1217 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1217 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19970725 Re: NT security - why bother? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319435&w=2 Reference: NTBUGTRAQ:19970723 NT security - why bother? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319426&w=2 Reference: XF:nt-path(526) Reference: URL:http://xforce.iss.net/static/526.php The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-1999-1217 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Foat, Cole Voter Comments: CHANGE> [Foat changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-1999-1365 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1365 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990628 NT runs Explorer.exe, Taskmgr.exe etc. from wrong location Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93069418400856&w=2 Reference: NTBUGTRAQ:19990630 Update: NT runs explorer.exe, etc... Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93127894731200&w=2 Reference: XF:nt-login-default-folder(2336) Reference: URL:http://xforce.iss.net/xforce/xfdb/2336 Reference: BID:0515 Reference: URL:http://www.securityfocus.com/bid/0515 Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. Modifications: 20040723 ADDREF XF:nt-login-default-folder(2336) Analysis -------- Vendor Acknowledgement: The %systemroot% being writable by users is contrary to Microsoft recommended configuration. So, is this just one implication of a bad configuration problem? INFERRED ACTION: CAN-1999-1365 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-login-default-folder(2336) CHANGE> [Foat changed vote from NOOP to ACCEPT] Frech> XF:nt-login-default-folder(2336) ====================================================== Candidate: CAN-1999-1397 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1397 Final-Decision: Interim-Decision: 20040825 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990323 Index Server 2.0 and the Registry Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92242671024118&w=2 Reference: NTBUGTRAQ:19990323 Index Server 2.0 and the Registry Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92223293409756&w=2 Reference: BID:476 Reference: URL:http://www.securityfocus.com/bid/476 Reference: XF:iis-indexserver-reveal-path(7559) Reference: URL:http://www.iss.net/security_center/static/7559.php Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. Modifications: ADDREF XF:iis-indexserver-reveal-path(7559) Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-1999-1397 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:iis-indexserver-reveal-path(7559) ====================================================== Candidate: CAN-1999-1486 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1486 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CONFIRM:http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info Reference: AIXAPAR:IX75554 Reference: AIXAPAR:IX76853 Reference: AIXAPAR:IX76330 Reference: BID:408 Reference: URL:http://www.securityfocus.com/bid/408 Reference: XF:aix-sadc-timex(7675) Reference: URL:http://xforce.iss.net/xforce/xfdb/7675 sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack. Modifications: 20040723 fix desc. to show linkage with timex 20040723 ADDREF CONFIRM Analysis -------- Vendor Acknowledgement: yes patch ABSTRACTION: This could be related to the sadc problem in other UNIXes as discovered by 8lgm in 1994, but there are insufficient details to be sure. INFERRED ACTION: CAN-1999-1486 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Bollinger, Foat, Cole, Stracener NOOP(1) Christey Voter Comments: Christey> The description needs to be modified to mention the role of timex. The one-line description for the IX75554 APAR mentions timex instead of sadc, but the BID mentions sadc and not timex. This apparent discrepancy is resolved by a README file for the fileset that is used by IX75554: CONFIRM:http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info This clearly shows the relationship between timex and sadc. Bollinger> The one line abstract is somewhat misleading. The timex command calls sadc with a filename and it's the sadc command that can be tricked into modifying files owned by the adm group. Since sadc is only executable by group adm, a local attacker would need to use timex to exploit this. (timex is setgid adm.) So the vulnerability is really in sadc and that's where the fix was made. ====================================================== Candidate: CAN-1999-1520 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1520 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19990511 [ALERT] Site Server 3.0 May Expose SQL IDs and PSWs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92647407227303&w=2 Reference: BID:256 Reference: URL:http://www.securityfocus.com/bid/256 Reference: XF:siteserver-site-csc(2270) Reference: URL:http://xforce.iss.net/static/2270.php A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information. Modifications: 20040723 update desc style Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-1999-1520 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Wall, Cole NOOP(1) Foat ====================================================== Candidate: CAN-1999-1537 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1537 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990707 SSL and IIS. Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827329577&w=2 Reference: BID:521 Reference: URL:http://www.securityfocus.com/bid/521 Reference: XF:ssl-iis-dos(2352) Reference: URL:http://xforce.iss.net/static/2352.php IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-1999-1537 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Wall, Cole NOOP(1) Foat ====================================================== Candidate: CAN-1999-1556 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1556 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19980629 MS SQL Server 6.5 stores password in unprotected registry keys Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222453431645&w=2 Reference: BID:109 Reference: URL:http://www.securityfocus.com/bid/109 Reference: XF:mssql-sqlexecutivecmdexec-password(7354) Reference: URL:http://xforce.iss.net/xforce/xfdb/7354 Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. Modifications: 20040723 ADDREF XF:mssql-sqlexecutivecmdexec-password(7354) 20040723 desc: fix typo "andd" Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-1999-1556 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(2) Christey, Foat Voter Comments: Frech> XF:mssql-sqlexecutivecmdexec-password(7354) Christey> Need to consult MS on this issue. ====================================================== Candidate: CAN-1999-1568 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1568 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990223 NcFTPd remote buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91981352617720&w=2 Reference: BUGTRAQ:19990223 Comments on NcFTPd "theoretical root compromise" Reference: URL:http://www.securityfocus.com/archive/1/12699 Reference: XF:ncftpd-port-bo(1833) Reference: URL:http://xforce.iss.net/static/1833.php Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command. Analysis -------- Vendor Acknowledgement: yes followup INCLUSION: This is a UNIX based server. The process that crashes is a child process whose resources are released appropriately, according to reports. Since it's also an off-by-one error instead of a buffer overflow, perhaps this is not "exploitable" and as such should not be included in CVE. INFERRED ACTION: CAN-1999-1568 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Frech, Foat, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2000-0247 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0247 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000322 Local root compromise in GNQS 3.50.6 and 3.50.7 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0236.html Reference: MISC:http://ftp.gnqs.org/pub/gnqs/source/by-version-number/v3.50/Generic-NQS-3.50.8-ChangeLog.txt Reference: FREEBSD:FreeBSD-SA-00:13 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:13.generic-nqs.asc Reference: BID:1842 Reference: URL:http://www.securityfocus.com/bid/1842 Reference: XF:generic-nqs-local-root(4306) Reference: URL:http://xforce.iss.net/xforce/xfdb/4306 Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges. Modifications: 20040723 desc: add "unknown" 20040723 ADDREF BID:1842 20040723 ADDREF XF:generic-nqs-local-root(4306) 20040723 ADDREF FREEBSD:FreeBSD-SA-00:13 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2000-0247 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(1) Baker MODIFY(2) Frech, Christey NOOP(2) Magdych, Cole REVIEWING(1) Levy Voter Comments: Christey> ADDREF FREEBSD:FreeBSD-SA-00:13 ADDREF ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A13-generic-nqs.asc CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:generic-nqs-local-root CHANGE> [Magdych changed vote from REVIEWING to NOOP] CHANGE> [Christey changed vote from NOOP to MODIFY] Christey> BID:1842 XF:generic-nqs-local-root(4306) ====================================================== Candidate: CAN-2000-0747 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0747 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000726 CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENLDAP Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0379.html Reference: XF:openldap-logrotate-script-dos(5036) Reference: URL:http://xforce.iss.net/xforce/xfdb/5036 The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it. Modifications: 20040723 ADDREF XF:openldap-logrotate-script-dos(5036) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2000-0747 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(1) Wall REVIEWING(1) Levy ====================================================== Candidate: CAN-2000-0773 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0773 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000731 Two security flaws in Bajie Webserver Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0426.html Reference: BID:1522 Reference: URL:http://www.securityfocus.com/bid/1522 Reference: XF:bajie-view-arbitrary-files(5021) Reference: URL:http://xforce.iss.net/xforce/xfdb/5021 Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack. Modifications: 20040723 XF:bajie-view-arbitrary-files(5021) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2000-0773 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Baker, Levy, Williams MODIFY(1) Christey NOOP(2) Wall, Cole Voter Comments: Baker> Apparently the vendor fixed this issue, as it doesn't appear in later versions of the software. Christey> XF:bajie-view-arbitrary-files(5021) ====================================================== Candidate: CAN-2000-0781 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0781 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000728 Client Agent 6.62 for Unix Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0431.html Reference: BID:1519 Reference: URL:http://www.securityfocus.com/bid/1519 Reference: XF:arcserveit-clientagent-temp-file(5023) Reference: URL:http://xforce.iss.net/xforce/xfdb/5023 uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved. Modifications: 20040723 desc fix "the the" 20040723 XF:arcserveit-clientagent-temp-file(5023) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2000-0781 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Williams MODIFY(2) Baker, Christey NOOP(2) Wall, Cole Voter Comments: Christey> fix typo: "the the" Baker> Can't really access the CA website to get info on this. CHANGE> [Christey changed vote from NOOP to MODIFY] Christey> XF:arcserveit-clientagent-temp-file(5023) ====================================================== Candidate: CAN-2000-0797 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0797 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl Reference: SGI:20040104-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc Reference: BID:1526 Reference: URL:http://www.securityfocus.com/bid/1526 Reference: XF:irix-grosview-bo(5062) Reference: URL:http://xforce.iss.net/xforce/xfdb/5062 Reference: OSVDB:3815 Reference: URL:http://www.osvdb.org/3815 Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option. Modifications: 20040723 ADDREF XF:irix-grosview-bo(5062) 20040723 ADDREF SGI:20040104-01-P 20040818 ADDREF OSVDB:3815 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2000-0797 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Levy NOOP(4) Williams, Wall, Cole, Christey Voter Comments: Christey> XF:irix-grosview-bo http://xforce.iss.net/static/5062.php Christey> SGI:20040104-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc ====================================================== Candidate: CAN-2000-0894 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0894 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20010202 Assigned: 20001114 Category: SF Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall Reference: URL:http://xforce.iss.net/alerts/advise70.php Reference: XF:watchguard-soho-web-auth(5554) Reference: URL:http://xforce.iss.net/xforce/xfdb/5554 Reference: BID:2119 Reference: URL:http://www.securityfocus.com/bid/2119 Reference: OSVDB:4404 Reference: URL:http://www.osvdb.org/4404 HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities. Modifications: 20040818 ADDREF OSVDB:4404 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2000-0894 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey REVIEWING(1) Ziese Voter Comments: Frech> XF:watchguard-soho-web-auth(5554) Christey> Consider adding BID:2119 ====================================================== Candidate: CAN-2000-0895 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0895 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20010202 Assigned: 20001114 Category: SF Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall Reference: URL:http://xforce.iss.net/alerts/advise70.php Reference: BID:2114 Reference: URL:http://www.securityfocus.com/bid/2114 Reference: XF:watchguard-soho-web-dos(5218) Reference: URL:http://xforce.iss.net/xforce/xfdb/5218 Reference: OSVDB:4403 Reference: URL:http://www.osvdb.org/4403 Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request. Modifications: 20040723 ADDREF XF:watchguard-soho-web-dos(5218) 20040723 desc normalize to "arbitrary code" 20040818 ADDREF OSVDB:4403 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2000-0895 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall REVIEWING(1) Ziese Voter Comments: Frech> XF:watchguard-soho-web-dos(5218) ====================================================== Candidate: CAN-2000-1203 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1203 Final-Decision: Interim-Decision: 20040825 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020131 Category: SF Reference: VULN-DEV:20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=95886062521327&w=2 Reference: BUGTRAQ:20010820 Lotus Domino DoS Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-21&end=2002-01-27&mid=209116&threads=1 Reference: BUGTRAQ:20010823 Lotus Domino DoS solution Reference: URL:http://www.securityfocus.com/archive/1/209754 Reference: BID:3212 Reference: URL:http://www.securityfocus.com/bid/3212 Reference: XF:lotus-domino-bounced-message-dos(7012) Reference: URL:http://xforce.iss.net/xforce/xfdb/7012 Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop. Modifications: ADDREF XF:lotus-domino-bounced-message-dos(7012) Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2000-1203 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Baker, Armstrong, Green MODIFY(1) Frech NOOP(5) Cox, Wall, Foat, Cole, Christey Voter Comments: Green> Since a work around involving configuration settings exists the presenting problem should also exist. Frech> XF:lotus-domino-bounced-message-dos(7012) CONFIRM: http://www-1.ibm.com/support/docview.wss?rs=0&org=sims&doc=DA18AA221C3 B982085256B84000033EB Christey> The CONFIRM URL provided by Andre is broken ====================================================== Candidate: CAN-2001-0042 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0042 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001206 CHINANSL Security Advisory(CSA-200011) Reference: URL:http://www.securityfocus.com/archive/1/149210 Reference: BID:2060 Reference: URL:http://www.securityfocus.com/bid/2060 Reference: XF:apache-php-disclose-files Reference: URL:http://xforce.iss.net/static/5659.php PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences. Modifications: 20040723 desc normalize, add "%5c" detail Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-0042 ACCEPT_REV (3 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Cole, Baker, Frech NOOP(1) Wall REVIEWING(1) Ziese ====================================================== Candidate: CAN-2001-0375 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0375 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010406 PIX Firewall 5.1 DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98658271707833&w=2 Reference: CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml Reference: XF:cisco-pix-tacacs-dos(6353) Reference: URL:http://xforce.iss.net/xforce/xfdb/6353 Reference: BID:2551 Reference: URL:http://www.securityfocus.com/bid/2551 Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. Modifications: 20040723 desc normalize 20040723 XF:cisco-pix-tacacs-dos(6353) 20040723 CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-0375 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Christey REVIEWING(1) Ziese Voter Comments: Frech> XF:cisco-pix-tacacs-dos(6353) Christey> CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability URL:http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml ====================================================== Candidate: CAN-2001-0423 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0423 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010412 Solaris ipcs vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0217.html Reference: BID:2581 Reference: URL:http://www.securityfocus.com/bid/2581 Reference: XF:solaris-ipcs-bo(6369) Reference: URL:http://xforce.iss.net/xforce/xfdb/6369 Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093. Modifications: 20040723 desc add "different from CAN-2002-0093" 20040723 ADDREF XF:solaris-ipcs-bo(6369) Analysis -------- Vendor Acknowledgement: yes cve-vote INFERRED ACTION: CAN-2001-0423 ACCEPT_ACK_REV (2 accept, 1 ack, 2 review) Current Votes: ACCEPT(1) Dik MODIFY(1) Frech NOOP(3) Wall, Cole, Christey REVIEWING(2) Ziese, Williams Voter Comments: Frech> XF:solaris-ipcs-bo(6369) Dik> sun bug: 4448598 Christey> This might be a duplicate of CAN-2002-0093, which is for Compaq IPCS. Christey> An authoritative source confirmed that this issue is in fact different from CAN-2002-0093. ====================================================== Candidate: CAN-2001-0485 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0485 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010426 IRIX /usr/lib/print/netprint local root symbols exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0475.html Reference: BUGTRAQ:20010427 Re: IRIX /usr/lib/print/netprint local root symbols exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0502.html Reference: SGI:20010701-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010701-01-P Reference: BID:2656 Reference: URL:http://www.securityfocus.com/bid/2656 Reference: XF:irix-netprint-shared-library(6473) Reference: URL:http://xforce.iss.net/xforce/xfdb/6473 Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option. Modifications: 20040723 ADDREF SGI:20010701-01-P 20040723 ADDREF BID:2656 20040723 ADDREF XF:irix-netprint-shared-library(6473) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-0485 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(5) Wall, Cole, Christey, Ziese, Renaud REVIEWING(1) Williams Voter Comments: Williams> Apply the following patch: 2022? See advisory 19961203-01-PX for more information? Frech> XF:irix-netprint-shared-library(6473) Christey> SGI:20010701-01-P Baker> SGI Patch 20010701-01-P Christey> ADDREF BID:2656 ====================================================== Candidate: CAN-2001-0548 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0548 Final-Decision: Interim-Decision: 20040825 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010717 Category: SF Reference: BUGTRAQ:20010724 NSFOCUS SA2001-04 : Solaris dtmail Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99598918914068&w=2 Reference: XF:solaris-dtmail-bo(6879) Reference: URL:http://xforce.iss.net/static/6879.php Reference: BID:3081 Reference: URL:http://www.securityfocus.com/bid/3081 Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable. Modifications: ADDREF XF:solaris-dtmail-bo(6879) DESC remove "possibly other OSes" Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-0548 ACCEPT (5 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Foat, Armstrong, Stracener MODIFY(2) Frech, Balinsky NOOP(4) Wall, Cole, Christey, Ziese Voter Comments: Frech> XF:solaris-dtmail-bo(6879) Balinsky> Delete "and possibly other operating systems" because that is not verifiable, and add the following references from Sun, which acknowledge the problem: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/105338 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/105339 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/107200 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/107201 Christey> BID:3081 URL:http://www.securityfocus.com/bid/3081 Christey> It is not clear from the patch list whether these *particular* dtmail overflows have been addressed. ====================================================== Candidate: CAN-2001-0612 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0612 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010516 Remote Desktop DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0158.html Reference: XF:remote-desktop-dos(6547) Reference: URL:http://xforce.iss.net/static/6547.php Reference: BID:2726 Reference: URL:http://www.securityfocus.com/bid/2726 Reference: OSVDB:6288 Reference: URL:http://www.osvdb.org/6288 McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045. Modifications: 20040723 desc normalize 20040818 ADDREF OSVDB:6288 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-0612 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Frech, Ziese NOOP(3) Wall, Foat, Bishop Voter Comments: CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0643 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0643 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010829 Assigned: 20010806 Category: SF Reference: BUGTRAQ:20010416 Double clicking on innocent looking files may be dangerous Reference: URL:http://www.securityfocus.com/archive/1/176909 Reference: MISC:http://www.guninski.com/clsidext.html Reference: MISC:http://vil.nai.com/vil/virusSummary.asp?virus_k=99048 Reference: MISC:http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html Reference: XF:ie-clsid-execute-files(6426) Reference: URL:http://xforce.iss.net/static/6426.php Reference: BID:2612 Reference: URL:http://www.securityfocus.com/bid/2612 A type-check flaw in Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type. Modifications: 20040723 ADDREF MISC:http://www.guninski.com/clsidext.html 20040723 ADDREF BID:2612 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-0643 ACCEPT (5 accept, 0 ack, 0 review) Current Votes: ACCEPT(5) Wall, Foat, Cole, Baker, Frech NOOP(2) Stracener, Ziese Voter Comments: CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0741 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0741 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20011012 Assigned: 20011012 Category: CF Reference: BUGTRAQ:20010503 Cisco HSRP Weakness/DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0035.html Reference: MISC:http://www.cisco.com/networkers/nw00/pres/2402.pdf Reference: XF:cisco-hsrp-dos(6497) Reference: URL:http://xforce.iss.net/static/6497.php Reference: BID:2684 Reference: URL:http://www.securityfocus.com/bid/2684 Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-0741 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Foat, Armstrong, Frech NOOP(2) Wall, Cole ====================================================== Candidate: CAN-2001-0749 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0749 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010524 IPC@Chip Security Reference: URL:http://www.securityfocus.com/archive/1/186418 Reference: BID:2775 Reference: URL:http://www.securityfocus.com/bid/2775 Reference: XF:ipcchip-web-root-system(8922) Reference: URL:http://xforce.iss.net/xforce/xfdb/8922 Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attacker to retrieve arbitrary files via webserver root directory set to system root. Modifications: 20040723 ADDREF XF:ipcchip-web-root-system(8922) Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-0749 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Armstrong Voter Comments: Frech> XF:ipcchip-web-root-system(8922) ====================================================== Candidate: CAN-2001-0792 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0792 Final-Decision: Interim-Decision: 20040825 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: MISC:http://www.securiteam.com/exploits/5AP0Q2A4AQ.html Reference: XF:xchat-nickname-format-string(7416) Reference: URL:http://xforce.iss.net/static/7416.php Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname. Modifications: ADDREF XF:xchat-nickname-format-string(7416) Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-0792 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Armstrong MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Frech> XF:xchat-nickname-format-string(7416) Christey> Inquiry sent to xchat developer on 2/25/2002. Christey> Received a reply 2/26/2002: "I don't know... It doesn't seem to effect [sic] any recent versions though." This vulnerability was reported for a *MUCH* older version. ====================================================== Candidate: CAN-2001-0825 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0825 Final-Decision: Interim-Decision: 20040825 Modified: 20020821-02 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: SUSE:SuSE-SA:2001:022 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Jun/0002.html Reference: CONECTIVA:CLA-2001:406 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406 Reference: REDHAT:RHSA-2001:092 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-092.html Reference: IMMUNIX:IMNX-2001-70-029-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-029-01 Reference: BID:2971 Reference: URL:http://www.securityfocus.com/bid/2971 Reference: XF:xinetd-zero-length-bo(6804) Reference: URL:http://xforce.iss.net/static/6804.php Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. Modifications: ADDREF XF:xinetd-zero-length-bo(6804) ADDREF IMMUNIX:IMNX-2001-70-024-01 DELREF IMMUNIX:IMNX-2001-70-024-01 DELREF BUGTRAQ:20010629 xinetd update [normalize to IMMUNIX] DELREF BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-0825 ACCEPT (7 accept, 2 ack, 0 review) Current Votes: ACCEPT(6) Wall, Foat, Cole, Armstrong, Baker, Bishop MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:xinetd-zero-length-bo(6804) Christey> Need to sift through the references to make sure they're correct and appropriately distinguish from CAN-2001-0763. Christey> DELREF IMMUNIX:IMNX-2001-70-024-01 - it does not explicitly mention this issue. DELREF BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1 That's for CAN-2001-0763. Change affected version to 2.1.8, I have no idea where 2.3.1 came from. ====================================================== Candidate: CAN-2001-0837 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0837 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011025 Pc-to-Phone vulnerability - broken by design Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100403691432052&w=2 Reference: XF:pc2phone-temp-account-readable(7393) Reference: URL:http://xforce.iss.net/xforce/xfdb/7393 Reference: BID:3475 Reference: URL:http://www.securityfocus.com/bid/3475 DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder. Modifications: 20040723 ADDREF XF:pc2phone-temp-account-readable(7393) Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2001-0837 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Armstrong, Baker MODIFY(1) Frech NOOP(4) Wall, Foat, Cole, Bishop Voter Comments: Frech> XF:pc2phone-temp-account-readable(7393) Armstrong> http://www.securiteam.com/windowsntfocus/6V00P202UC.html ====================================================== Candidate: CAN-2001-0902 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0902 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011120 IIS logging issue Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626531103946&w=2 Reference: NTBUGTRAQ:20011120 IIS logging issue Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100627497122247&w=2 Reference: XF:iis-fake-log-entry(7613) Reference: URL:http://xforce.iss.net/xforce/xfdb/7613 Reference: BID:6795 Reference: URL:http://www.securityfocus.com/bid/6795 Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. Modifications: 20040723 ADDREF XF:iis-fake-log-entry(7613) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-0902 ACCEPT_REV (3 accept, 0 ack, 1 review) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(1) Armstrong REVIEWING(1) Wall Voter Comments: Frech> XF:iis-fake-log-entry(7613) ====================================================== Candidate: CAN-2001-0907 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0907 Final-Decision: Interim-Decision: 20040825 Modified: 20020817-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011018 Flaws in recent Linux kernels Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337 Reference: MANDRAKE:MDKSA-2001:082 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082-1.php3 Reference: SUSE:SuSE-SA:2001:036 Reference: URL:http://www.suse.de/de/support/security/2001_036_kernel_txt.html Reference: IMMUNIX:IMNX-2001-70-035-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01 Reference: CALDERA:CSSA-2001-036.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt Reference: MANDRAKE:MDKSA-2001:079 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-079.php Reference: ENGARDE:ESA-20011019-02 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1650.html Reference: BUGTRAQ:20011019 TSLSA-2001-0028 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100350685431610&w=2 Reference: XF:linux-multiple-symlink-dos(7312) Reference: URL:http://www.iss.net/security_center/static/7312.php Reference: BID:3444 Reference: URL:http://www.securityfocus.com/bid/3444 Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link. Modifications: ADDREF SUSE:SuSE-SA:2001:036 ADDREF IMMUNIX:IMNX-2001-70-035-01 ADDREF CALDERA:CSSA-2001-036.0 ADDREF MANDRAKE:MDKSA-2001:079 ADDREF ENGARDE:ESA-20011019-02 ADDREF BUGTRAQ:20011019 TSLSA-2001-0028 ADDREF XF:linux-multiple-symlink-dos(7312) ADDREF BID:3444 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-0907 ACCEPT_REV (5 accept, 2 ack, 1 review) Current Votes: ACCEPT(4) Foat, Cole, Green, Baker MODIFY(1) Frech NOOP(1) Christey REVIEWING(1) Wall Voter Comments: Frech> XF:linux-multiple-symlink-dos(7312) Christey> SUSE:SuSE-SA:2001:036 URL:http://www.suse.de/de/support/security/2001_036_kernel_txt.html IMMUNIX:IMNX-2001-70-035-01 URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01 CALDERA:CSSA-2001-036.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt MANDRAKE:MDKSA-2001:079 ENGARDE:ESA-20011019-02 URL:http://www.linuxsecurity.com/advisories/other_advisory-1650.html BUGTRAQ:20011019 TSLSA-2001-0028 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100350685431610&w=2 ====================================================== Candidate: CAN-2001-0909 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0909 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 Buffer overflow in Windows XP "helpctr.exe" Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638955422011&w=2 Reference: XF:winxp-helpctr-bo(7605) Reference: URL:http://xforce.iss.net/static/7605.php Reference: BID:6802 Reference: URL:http://www.securityfocus.com/bid/6802 Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL. Modifications: 20040723 BID:6802 Analysis -------- Vendor Acknowledgement: no INFERRED ACTION: CAN-2001-0909 ACCEPT_REV (3 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Armstrong REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-0914 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0914 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 SuSE 7.3 : Kernel 2.4.10-4GB Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638584813349&w=2 Reference: BUGTRAQ:20011122 Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654787226869&w=2L:2 Reference: XF:linux-vmlinux-dos(7591) Reference: URL:http://xforce.iss.net/xforce/xfdb/7591 Reference: BID:3570 Reference: URL:http://www.securityfocus.com/bid/3570 Linux kernel before 2.4.11pre3 in multiple Linux distributions allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, possibly related to poor error checking during ELF loading. Modifications: 20040723 ADDREF XF:linux-vmlinux-dos(7591) 20040723 ADDREF BID:3570 Analysis -------- Vendor Acknowledgement: yes followup ABSTRACTION: There could be a rediscovery of CVE-2000-0729, but there is insufficient information to be certain. INFERRED ACTION: CAN-2001-0914 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Baker MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-vmlinux-dos(7591) ====================================================== Candidate: CAN-2001-0951 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0951 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011207 UDP DoS attack in Win2k via IKE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100774842520403&w=2 Reference: BUGTRAQ:20011211 UDP DoS attack in Win2k via IKE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100813081913496&w=2 Reference: XF:win2k-ike-dos(7667) Reference: URL:http://xforce.iss.net/static/7667.php Reference: BID:3652 Reference: URL:http://www.securityfocus.com/bid/3652 Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. Modifications: 20040723 desc normalize DoS term Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-0951 ACCEPT_REV (3 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(1) Cole REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1029 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1029 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html Reference: XF:bsd-libutil-privilege-dropping(8697) Reference: URL:http://xforce.iss.net/xforce/xfdb/8697 Reference: OSVDB:6073 Reference: URL:http://www.osvdb.org/6073 libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. Modifications: 20040723 ADDREF XF:bsd-libutil-privilege-dropping(8697) 20040818 ADDREF OSVDB:6073 Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2001-1029 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Foat, Green MODIFY(1) Frech NOOP(2) Wall, Cole Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:bsd-libutil-privilege-dropping(8697) ====================================================== Candidate: CAN-2001-1055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1055 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010730 ARPNuke - 80 kb/s kills a whole subnet Reference: URL:http://www.securityfocus.com/archive/1/200323 Reference: BID:3113 Reference: URL:http://www.securityfocus.com/bid/3113 Reference: XF:win-arp-packet-flooding-dos(6924) Reference: URL:http://xforce.iss.net/xforce/xfdb/6924 The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. Modifications: 20040723 ADDREF XF:win-arp-packet-flooding-dos(6924) 20040723 desc - add ARPNuke Analysis -------- Vendor Acknowledgement: There is insufficient information to be able to narrow down which operating systems are affected; the disclosers did not mention these specifics. INFERRED ACTION: CAN-2001-1055 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Foat MODIFY(2) Green, Frech NOOP(3) Wall, Cole, Armstrong Voter Comments: Green> TOO VAGUE TO REACH ANY CONCLUSION Frech> XF:win-arp-packet-flooding-dos(6924) ====================================================== Candidate: CAN-2001-1066 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1066 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010827 Dangerous temp file creation during installation of Netscape 6. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99893667921216&w=2 Reference: VULNWATCH:20010827 Dangerous temp file creation during installation of Netscape 6. Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0036.html Reference: SUNBUG:4633888 Reference: BID:3243 Reference: URL:http://www.securityfocus.com/bid/3243 Reference: XF:netscape-install-tmpfile-symlink(7042) Reference: URL:http://xforce.iss.net/static/7042.php ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack. Modifications: 20040725 ADDREF SUNBUG:4633888 20040725 ADDREF BID:3243 20040725 ADDREF XF:netscape-install-tmpfile-symlink(7042) 20040725 ADDREF VULNWATCH:20010827 [VulnWatch] Dangerous temp file creation during installation of Netscape 6. Analysis -------- Vendor Acknowledgement: yes cve-vote INFERRED ACTION: CAN-2001-1066 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Dik, Green MODIFY(1) Frech NOOP(4) Foat, Cole, Armstrong, Christey REVIEWING(1) Wall Voter Comments: Dik> Verified by code inspection of ns6install from netscape 6.2.1 beta Sun bug: 4633888 (just filed) Christey> BID:3243 URL:http://www.securityfocus.com/bid/3243 XF:netscape-install-tmpfile-symlink(7042) URL:http://xforce.iss.net/static/7042.php Christey> VULNWATCH:20010827 [VulnWatch] Dangerous temp file creation during installation of Netscape 6. URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0036.html Frech> XF:netscape-install-tmpfile-symlink(7042) ====================================================== Candidate: CAN-2001-1069 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1069 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20010822 Adobe Acrobat creates world writable ~/AdobeFnt.lst files Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99849121502399&w=2 Reference: MISC:http://lists.debian.org/debian-security/2001/debian-security-200101/msg00085.html Reference: BID:3225 Reference: URL:http://www.securityfocus.com/bid/3225 Reference: XF:adobe-acrobat-insecure-permissions(7024) Reference: URL:http://xforce.iss.net/static/7024.php libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1069 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(3) Cole, Armstrong, Christey REVIEWING(1) Wall Voter Comments: Christey> SGI:20020806-01-I points to this candidate, but I'm not so sure that's correct; the SGI advisory discusses symlink attacks, but this CAN is related to permissions. ====================================================== Candidate: CAN-2001-1081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1081 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CONFIRM:http://freshmeat.net/releases/52020/ Reference: MLIST:[fm-news] 20010713 Newsletter for Friday, July 13th 2001 Reference: URL:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0009.html Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html Reference: BID:2994 Reference: URL:http://www.securityfocus.com/bid/2994 Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages. Modifications: 20040725 VULNWATCH:20010719 Changelog maddness (14 various broken apps) 20040725 MLIST:[fm-news] 20010713 Newsletter for Friday, July 13th 2001 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1081 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Baker MODIFY(2) Christey, Frech NOOP(2) Wall, Foat Voter Comments: Frech> ISS: ISS Security Advisory: Remote Buffer Overflow in Multiple RADIUS Implementations XF:lucent-radius-authentication-bo(6794) CONFIRM reference is no longer available. Christey> VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html MISC:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0009.html Christey> XF:lucent-radius-authentication-bo(6794) does not seem appropriate, as it deals with buffer overflows; however, this is a format string issue. XF:lucent-radius-authentication-bo(6794) is really about CAN-2001-0534. ====================================================== Candidate: CAN-2001-1098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1098 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011010 Vulnerability: Cisco PIX Firewall Manager Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0071.html Reference: CERT-VN:VU#639507 Reference: URL:http://www.kb.cert.org/vuls/id/639507 Reference: XF:cisco-pfm-plaintext-password(7265) Reference: URL:http://xforce.iss.net/static/7265.php Reference: BID:3419 Reference: URL:http://www.securityfocus.com/bid/3419 Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file. Modifications: 20040725 ADDREF BID:3419 20040725 ADDREF CERT-VN:VU#639507 Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2001-1098 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(3) Wall, Cole, Armstrong REVIEWING(1) Ziese Voter Comments: CHANGE> [Armstrong changed vote from REVIEWING to NOOP] Frech> HAS-INDEPENDENT-CONFIRMATION:http://www.kb.cert.org/vuls/id/6 39507 ====================================================== Candidate: CAN-2001-1103 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1103 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CERT-VN:VU#320944 Reference: URL:http://www.kb.cert.org/vuls/id/320944 Reference: XF:ftp-voyager-embedded-script-execution(7119) Reference: URL:http://xforce.iss.net/static/7119.php FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-1103 ACCEPT_REV (4 accept, 1 ack, 1 review) Current Votes: ACCEPT(4) Green, Baker, Frech, Ziese NOOP(3) Foat, Cole, Armstrong REVIEWING(1) Wall Voter Comments: Green> Vendor appears to have acknowledged with a new release of the product, although there is no explicit citing of the vulnerability on the vendor's website ====================================================== Candidate: CAN-2001-1186 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1186 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug. Reference: URL:http://www.securityfocus.com/archive/1/244892 Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug Memory attack Reference: URL:http://online.securityfocus.com/archive/1/244931 Reference: BUGTRAQ:20011212 Microsoft IIS/5.0 Content-Length DoS (proved) Reference: URL:http://online.securityfocus.com/archive/1/245100 Reference: BID:3667 Reference: URL:http://www.securityfocus.com/bid/3667 Reference: XF:iis-false-content-length-dos(7691) Reference: URL:http://www.iss.net/security_center/static/7691.php Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-1186 ACCEPT_REV (3 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(2) Foat, Ziese REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1200 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1200 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011217 Hot keys permissions bypass under XP Reference: URL:http://www.securityfocus.com/archive/1/246014 Reference: BID:3703 Reference: URL:http://www.securityfocus.com/bid/3703 Reference: XF:winxp-hotkey-execute-programs(7713) Reference: URL:http://www.iss.net/security_center/static/7713.php Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-1200 ACCEPT_REV (3 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(2) Cole, Ziese REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1267 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1267 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers Reference: URL:http://online.securityfocus.com/archive/1/196445 Reference: CONFIRM:ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz Reference: MANDRAKE:MDKSA-2002:066 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:066 Reference: REDHAT:RHSA-2002:096 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-096.html Reference: REDHAT:RHSA-2002:138 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-138.html Reference: REDHAT:RHSA-2003:218 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-218.html Reference: CONECTIVA:CLA-2002:538 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 Reference: HP:HPSBTL0209-068 Reference: URL:http://online.securityfocus.com/advisories/4514 Reference: XF:archive-extraction-directory-traversal(10224) Reference: URL:http://www.iss.net/security_center/static/10224.php Reference: BID:3024 Reference: URL:http://www.securityfocus.com/bid/3024 Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). Modifications: ADDREF MANDRAKE:MDKSA-2002:066 ADDREF REDHAT:RHSA-2002:096 ADDREF CONECTIVA:CLA-2002:538 ADDREF HP:HPSBTL0209-068 ADDREF XF:archive-extraction-directory-traversal(10224) 20040725 BID:3024 20040818 ADDREF REDHAT:RHSA-2002:138 20040818 ADDREF REDHAT:RHSA-2003:218 Analysis -------- Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: in the ChangeLog file for 1.13.25, the entry dated 2001-08-27 says "(extract_archive): Fix test for absolute pathnames and/or '..'." INFERRED ACTION: CAN-2001-1267 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Cole, Green MODIFY(2) Frech, Cox NOOP(3) Wall, Foat, Christey Voter Comments: Christey> MANDRAKE:MDKSA-2002:066 CHANGE> [Cox changed vote from REVIEWING to MODIFY] Cox> ADDREF: RHSA-2002:096 Frech> XF:archive-extraction-directory-traversal(10224) Christey> MANDRAKE:MDKSA-2002:066 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:066 CONECTIVA:CLA-2002:538 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 HP:HPSBTL0209-068 URL:http://online.securityfocus.com/advisories/4514 REDHAT:RHSA-2002:096 URL:http://www.redhat.com/support/errata/RHSA-2002-096.html Christey> There are a couple directory traversal variants for GNU tar out there. Can we be sure the references line up correctly? ====================================================== Candidate: CAN-2001-1279 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1279 Final-Decision: Interim-Decision: 20040825 Modified: 20030318-02 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: REDHAT:RHSA-2001:089 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-089.html Reference: FREEBSD:FreeBSD-SA-01:48 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc Reference: CONECTIVA:CLA-2002:480 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480 Reference: MANDRAKE:MDKSA-2002:032 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-032.php Reference: CALDERA:CSSA-2002-025.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt Reference: XF:tcpdump-afs-rpc-bo(7006) Reference: URL:http://www.iss.net/security_center/static/7006.php Reference: BID:3065 Reference: URL:http://online.securityfocus.com/bid/3065 Reference: CERT-VN:VU#797201 Reference: URL:http://www.kb.cert.org/vuls/id/797201 Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026. Modifications: ADDREF CONECTIVA:CLA-2002:480 ADDREF MANDRAKE:MDKSA-2002:032 ADDREF CALDERA:CSSA-2002-025.0 ADDREF XF:tcpdump-afs-rpc-bo(7006) ADDREF CERT-VN:VU#797201 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1279 ACCEPT (4 accept, 4 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Cox MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Christey> ADDREF CONECTIVA:CLA-2002:480 The Conectiva advisory references the FreeBSD advisory used in this CAN, along with other issues that are addressed. Christey> CONECTIVA:CLA-2002:480 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480 Christey> MANDRAKE:MDKSA-2002:032 CONECTIVA:CLA-2002:480 CALDERA:CSSA-2002-025.0 Frech> XF:tcpdump-afs-rpc-bo(7006) Christey> Consider whether SUSE:SuSE-SA:2002:020 addresses this issue or not. ====================================================== Candidate: CAN-2001-1302 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1302 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: NTBUGTRAQ:20010718 Changing NT/2000 accounts password from the command line Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1911 Reference: BID:3063 Reference: URL:http://www.securityfocus.com/bid/3063 Reference: XF:win2k-change-network-passwords(6876) Reference: URL:http://xforce.iss.net/static/6876.php The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-1302 ACCEPT_REV (4 accept, 0 ack, 1 review) Current Votes: ACCEPT(4) Foat, Cole, Green, Frech NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1328 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1328 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020502 Assigned: 20020501 Category: Reference: CIAC:L-103 Reference: AUSCERT:AA-2001.03 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2001.03 Reference: SUN:00203 Reference: XF:solaris-ypbind-bo(6828) Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-1328 ACCEPT_ACK_REV (2 accept, 3 ack, 1 review) Current Votes: ACCEPT(2) Green, Frech NOOP(3) Foat, Cole, Cox REVIEWING(1) Wall Voter Comments: Green> Sun Security bulletin 00203 ====================================================== Candidate: CAN-2001-1347 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1347 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010524 Elevation of privileges with debug registers on Win2K Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html Reference: XF:win2k-debug-elevate-privileges(6590) Reference: URL:http://www.iss.net/security_center/static/6590.php Reference: BID:2764 Reference: URL:http://www.securityfocus.com/bid/2764 Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2001-1347 ACCEPT_REV (4 accept, 0 ack, 1 review) Current Votes: ACCEPT(4) Foat, Cole, Green, Frech NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1350 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1350 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020602 Category: SF Reference: REDHAT:RHSA-2001:162 Reference: MISC:http://search.namazu.org/ml/namazu-devel-ja/msg02114.html Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter. Modifications: 20040725 XF:linux-namazu-css(7875) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1350 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Cole, Green, Cox MODIFY(1) Frech NOOP(2) Foat, Christey Voter Comments: Frech> XF:linux-namazu-bo(7876) Christey> This is not a buffer overflow as suggested by the XF reference, it's a CSS/XSS issue (XF:linux-namazu-css(7875)) ====================================================== Candidate: CAN-2001-1351 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1351 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020602 Category: SF Reference: REDHAT:RHSA-2001:162 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&w=2&r=1&s=namazu&q=b Reference: XF:linux-namazu-css(7875) Reference: URL:http://www.iss.net/security_center/static/7875.php Reference: OSVDB:5690 Reference: URL:http://www.osvdb.org/5690 Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers. Modifications: ADDREF XF:linux-namazu-css(7875) 20040818 ADDREF OSVDB:5690 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1351 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Alderson, Green, Cox MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:linux-namazu-css(7875) ====================================================== Candidate: CAN-2001-1352 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1352 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020602 Category: SF Reference: REDHAT:RHSA-2001:179 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101060476404565&w=2 Reference: BUGTRAQ:20011227 Re: [RHSA-2001:162-04] Updated namazu packages are available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100947261916155&w=2 Reference: BUGTRAQ:20020109 Details on the updated namazu packages that are available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101068116016472&w=2 Reference: XF:linux-namazu-css(7875) Reference: URL:http://xforce.iss.net/xforce/xfdb/7875 Reference: OSVDB:5691 Reference: URL:http://www.osvdb.org/5691 Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter. Modifications: 20040725 ADDREF XF:linux-namazu-css(7875) 20040818 ADDREF OSVDB:5691 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1352 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Wall, Cole, Alderson, Green, Cox MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:linux-namazu-css(7875) ====================================================== Candidate: CAN-2001-1367 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1367 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:http://phpslice.org/comments.php?aid=1031&; Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html Reference: XF:phpslice-checkaccess-function-privileges(9649) Reference: URL:http://xforce.iss.net/xforce/xfdb/9649 The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges. Modifications: 20040725 ADDREF XF:phpslice-checkaccess-function-privileges(9649) Analysis -------- Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: a post on the vendor web page states "Due to a stupid mistake on a line in the checkAccess() function, PHPSlice 0.1.4 (and potentially all earlier releases as well) has a gaping security hole that allows any user to perform administrative tasks if they enter the correct URL." ACCURACY: while the vendor's statement implies that the problem was fixed after 0.1.4, a review of the source code indicates that it actually wasn't fixed until 0.1.7. INFERRED ACTION: CAN-2001-1367 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Cox REVIEWING(1) Alderson Voter Comments: Alderson> Is there a candidate already in existence for the problem as it relates to 0.1.4? If so, since this problem was not fixed, perhaps that one needs to be modified to include 0.1.7. Frech> XF:phpslice-checkaccess-function-privileges(9649) ====================================================== Candidate: CAN-2001-1386 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1386 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20010701 WFTPD v3.00 R5 Directory Traversal Reference: URL:http://www.securityfocus.com/archive/1/194442 Reference: XF:ftp-lnk-directory-traversal(6760) Reference: URL:http://www.iss.net/security_center/static/6760.php Reference: BID:2957 Reference: URL:http://www.securityfocus.com/bid/2957 WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-1386 ACCEPT_REV (4 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Green, Baker, Frech MODIFY(1) Foat NOOP(3) Cole, Armstrong, Cox REVIEWING(1) Wall Voter Comments: Foat> If a windows shortcut file (*.lnk) linked to a directory is uploaded, an ftp user would be3 able to have access to the directory link points by typing 'cd <file>.lnk'. If an ftp user uploads a *.lnk file to a known file for which the user does not have access and then does a 'GET' on the link, the file will be downloaded. ====================================================== Candidate: CAN-2001-1391 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1391 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2 Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html Reference: IMMUNIX:IMNX-2001-70-010-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2 Reference: CALDERA:CSSA-2001-012.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2 Reference: MANDRAKE:MDKSA-2001:037 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2 Reference: DEBIAN:DSA-047 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2 Reference: SUSE:SuSE-SA:2001:018 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2 Reference: CONECTIVA:CLA-2001:394 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2 Reference: REDHAT:RHSA-2001:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html Reference: XF:linux-cpia-memory-overwrite(11162) Reference: URL:http://xforce.iss.net/xforce/xfdb/11162 Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory. Modifications: 20040725 desc fix small typo 20040725 XF:linux-cpia-memory-overwrite(11162) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1391 ACCEPT (7 accept, 5 ack, 0 review) Current Votes: ACCEPT(6) Wall, Cole, Armstrong, Green, Baker, Cox MODIFY(1) Frech NOOP(2) Foat, Christey Voter Comments: Frech> XF:linux-ptrace-modify-process(6080) Christey> fix typo: "off-by-one" should be "Off-by-one" Christey> XF:linux-cpia-memory-overwrite(11162) is clearly the correct reference here. ====================================================== Candidate: CAN-2002-0036 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0036 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020116 Category: SF Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt Reference: CERT-VN:VU#587579 Reference: URL:http://www.kb.cert.org/vuls/id/587579 Reference: CONECTIVA:CLA-2003:639 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639 Reference: MANDRAKE:MDKSA-2003:043 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043 Reference: REDHAT:RHSA-2003:051 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html Reference: REDHAT:RHSA-2003:052 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html Reference: REDHAT:RHSA-2003:168 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html Reference: XF:kerberos-kdc-neglength-bo(11190) Reference: URL:http://xforce.iss.net/xforce/xfdb/11190 Reference: BID:6713 Reference: URL:http://www.securityfocus.com/bid/6713 Reference: OSVDB:4896 Reference: URL:http://www.osvdb.org/4896 Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. Modifications: 20040725 ADDREF REDHAT:RHSA-2003:051 20040725 ADDREF REDHAT:RHSA-2003:052 20040725 ADDREF MANDRAKE:MDKSA-2003:043 20040725 ADDREF CONECTIVA:CLA-2003:639 20040725 ADDREF XF:kerberos-kdc-neglength-bo(11190) 20040725 ADDREF BID:6713 20040818 ADDREF REDHAT:RHSA-2003:168 20040818 ADDREF OSVDB:4896 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0036 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Baker, Wall, Cole MODIFY(2) Frech, Cox NOOP(1) Christey Voter Comments: Cox> This is fixed in krb5 version 1.2.5 Cox> Addref RHSA-2003:051 Cox> Addref REDHAT:RHSA-2003:052 Christey> MANDRAKE:MDKSA-2003:043 (as suggested by Vincent Danen of Mandrake) Frech> XF:kerberos-kdc-neglength-bo(11190) ====================================================== Candidate: CAN-2002-0090 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0090 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20020315 Assigned: 20020306 Category: SF Reference: MISC:http://www.esecurityonline.com/advisories/eSO3761.asp Reference: VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0041.html Reference: BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability Reference: URL:http://online.securityfocus.com/archive/1/270149 Reference: SUNALERT:44842 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/44842 Reference: CERT-VN:VU#188507 Reference: URL:http://www.kb.cert.org/vuls/id/188507 Reference: BID:4633 Reference: URL:http://www.securityfocus.com/bid/4633 Reference: XF:solaris-lbxproxy-display-bo(8958) Reference: URL:http://www.iss.net/security_center/static/8958.php Reference: OVAL:OVAL179 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL179.html Reference: OVAL:OVAL86 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL86.html Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option. Modifications: ADDREF VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability ADDREF BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability ADDREF BID:4633 ADDREF CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44842&zone_32=category%3Asecurity%20lbxproxy ADDREF XF:solaris-lbxproxy-display-bo(8958) ADDREF CERT-VN:VU#188507 DESC expanded "lbx" term 20040725 Normalize SUNALERT reference 20040824 ADDREF OVAL:OVAL179 20040824 ADDREF OVAL:OVAL86 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-0090 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Balinsky, Wall, Cole, Green NOOP(3) Ziese, Foat, Christey Voter Comments: Balinsky> Patch at http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 resolves an lbxproxy buffer overflow. Christey> VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0041.html BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability URL:http://online.securityfocus.com/archive/1/270149 BID:4633 URL:http://www.securityfocus.com/bid/4633 ====================================================== Candidate: CAN-2002-0158 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0158 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20020502 Assigned: 20020327 Category: SF Reference: BUGTRAQ:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2 Reference: VULNWATCH:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 Reference: OVAL:OVAL14 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL14.html Reference: OVAL:OVAL33 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL33.html Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. Modifications: ADDREF CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 20040824 ADDREF OVAL:OVAL14 20040824 ADDREF OVAL:OVAL33 Analysis -------- Vendor Acknowledgement: yes patch ACKNOWLEDGEMENT: the description for patch 108652-52, bug 4661987, explicitly references CAN-2002-0158. INFERRED ACTION: CAN-2002-0158 ACCEPT_REV (5 accept, 1 ack, 1 review) Current Votes: ACCEPT(4) Baker, Foat, Armstrong, Green MODIFY(1) Frech NOOP(3) Christey, Cox, Cole REVIEWING(1) Wall Voter Comments: Green> The documentation of this vulnerability is compelling Christey> CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 the description for patch 108652-52, bug 4661987, explicitly references CAN-2002-0158. Green> The documentation of this vulnerability is compelling Frech> XF:solaris-xsun-co-bo(8703) Christey> I received an email on Oct 10, 2003, that suggested that other non-Sun operating systems may be affected. Christey> XSco is also affected: BUGTRAQ:20020611 SCO Openserver Xsco heap overflow. URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102380830430665&w=2 VULN-DEV:20020611 SCO Openserver Xsco heap overflow. URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102381771109722&w=2 CALDERA:CSSA-2003-SCO.26 ====================================================== Candidate: CAN-2002-0188 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0188 Final-Decision: Interim-Decision: 20040825 Modified: 20030320-01 Proposed: 20020611 Assigned: 20020420 Category: SF Reference: BUGTRAQ:20020516 [SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0126.html Reference: MS:MS02-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp Reference: MISC:http://www.lac.co.jp/security/english/snsadv_e/48_e.html Reference: XF:ie-content-disposition-variant2(9086) Reference: URL:http://www.iss.net/security_center/static/9086.php Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. Modifications: ADDREF BUGTRAQ:20020516 [SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically ADDREF MISC:http://www.lac.co.jp/security/english/snsadv_e/48_e.html ADDREF XF:ie-content-disposition-variant2(9086) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0188 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:ie-content-disposition-variant2(9086) ====================================================== Candidate: CAN-2002-0193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0193 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20020611 Assigned: 20020420 Category: SF Reference: MS:MS02-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp Reference: XF:ie-content-disposition-variant(9085) Reference: URL:http://xforce.iss.net/xforce/xfdb/9085 Reference: BID:4752 Reference: URL:http://www.securityfocus.com/bid/4752 Reference: OVAL:OVAL27 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL27.html Reference: OVAL:OVAL99 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL99.html Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. Modifications: 20040725 XF:ie-content-disposition-variant(9085) 20040725 BID:4752 20040824 ADDREF OVAL:OVAL27 20040824 ADDREF OVAL:OVAL99 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0193 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:ie-content-disposition-variant(9085) ====================================================== Candidate: CAN-2002-0275 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0275 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020213 Falcon Web Server Authentication Circumvention Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363946626951&w=2 Reference: VULNWATCH:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0082.html Reference: BUGTRAQ:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102253858809370&w=2 Reference: BID:4099 Reference: URL:http://online.securityfocus.com/bid/4099 Reference: XF:falcon-protected-dir-access(8189) Reference: URL:http://xforce.iss.net/xforce/xfdb/8189 Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL. Modifications: 20040725 XF:falcon-protected-dir-access(8189) 20040725 VULNWATCH:20020526 [VulnWatch] [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability 20040725 BUGTRAQ:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability Analysis -------- Vendor Acknowledgement: yes via-email ACKNOWLEDGEMENT: the vendor confirmed the issue via email. INFERRED ACTION: CAN-2002-0275 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(6) Christey, Cox, Wall, Foat, Cole, Armstrong Voter Comments: Frech> XF:falcon-protected-dir-access(8189) Christey> This issue was rediscovered a few months later: VULNWATCH:20020526 [VulnWatch] [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0082.html BUGTRAQ:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102253858809370&w=2 ====================================================== Candidate: CAN-2002-0313 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0313 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch) Reference: URL:http://online.securityfocus.com/archive/1/258365 Reference: BUGTRAQ:20020221 SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440530023617&w=2 Reference: FULLDISC:20030704 Essentia Web Server 2.12 (Linux) Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2003-July/006231.html Reference: XF:essentia-server-long-request-dos(8249) Reference: URL:http://www.iss.net/security_center/static/8249.php Reference: BID:4159 Reference: URL:http://www.securityfocus.com/bid/4159 Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL. Modifications: 20040725 ADDREF FULLDISC:20030704 Essentia Web Server 2.12 (Linux) Analysis -------- Vendor Acknowledgement: yes followup INFERRED ACTION: CAN-2002-0313 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> FULLDISC:20030704 Essentia Web Server 2.12 (Linux) URL:http://lists.netsys.com/pipermail/full-disclosure/2003-July/010909.html ====================================================== Candidate: CAN-2002-0357 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0357 Final-Decision: Interim-Decision: 20040825 Modified: 20030320-01 Proposed: 20020611 Assigned: 20020502 Category: SF Reference: SGI:20020601-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020601-01-P Reference: XF:irix-rpcpasswd-gain-privileges(9261) Reference: URL:http://www.iss.net/security_center/static/9261.php Reference: BID:4939 Reference: URL:http://online.securityfocus.com/bid/4939 Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges. Modifications: ADDREF XF:irix-rpcpasswd-gain-privileges(9261) ADDREF BID:4939 Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: SecurityFocus' title for the BID implies that the problem is due to a buffer overflow, but there does not seem to be specific information about the type of problem in the SGI advisory, which appears to be the only public information regarding this vulnerability. INFERRED ACTION: CAN-2002-0357 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> XF:irix-rpcpasswd-gain-privileges(9261) URL:http://www.iss.net/security_center/static/9261.php BID:4939 URL:http://online.securityfocus.com/bid/4939 SecurityFocus' title for the BID implies that the problem is due to a buffer overflow, but there does not seem to be specific information about the type of problem in the SGI advisory, which appears to be the only public information regarding this vulnerability. Frech> XF:irix-rpcpasswd-gain-privileges(9261) ====================================================== Candidate: CAN-2002-0362 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0362 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020506 Category: SF Reference: VULNWATCH:20020506 [VulnWatch] w00w00 on AOL Instant Messenger remote overflow #2 Reference: BUGTRAQ:20020506 w00w00 on AOL Instant Messenger remote overflow #2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102071080509955&w=2 Reference: BID:4677 Reference: URL:http://www.securityfocus.com/bid/4677 Reference: XF:aim-addexternalapp-bo(9017) Reference: URL:http://www.iss.net/security_center/static/9017.php Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711. Modifications: 20040725 ADDREF XF:aim-addexternalapp-bo(9017) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0362 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Baker, Wall MODIFY(1) Frech NOOP(5) Christey, Cox, Foat, Cole, Armstrong Voter Comments: Frech> XF:aim-addexternalapp-bo(9017) Christey> XF:aim-addexternalapp-bo(9017) URL:http://www.iss.net/security_center/static/9017.php ====================================================== Candidate: CAN-2002-0376 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0376 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020513 Category: SF Reference: ATSTAKE:A091002-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a091002-1.txt Reference: BUGTRAQ:20020925 Fwd: QuickTime for Windows ActiveX security advisory Reference: URL:http://online.securityfocus.com/archive/1/293095 Reference: XF:quicktime-activex-pluginspage-bo(10077) Reference: URL:http://www.iss.net/security_center/static/10077.php Reference: BID:5685 Reference: URL:http://www.securityfocus.com/bid/5685 Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0376 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-0380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0380 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020517 Category: SF Reference: REDHAT:RHSA-2002:094 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-094.html Reference: REDHAT:RHSA-2002:121 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-121.html Reference: REDHAT:RHSA-2003:214 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html Reference: FREEBSD:FreeBSD-SA-02:29 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102650721503642&w=2 Reference: CONECTIVA:CLA-2002:491 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000491 Reference: CALDERA:CSSA-2002-025.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt Reference: DEBIAN:DSA-255 Reference: URL:http://www.debian.org/security/2003/dsa-255 Reference: BUGTRAQ:20020606 TSLSA-2002-0055 - tcpdump Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102339541014226&w=2 Reference: XF:tcpdump-nfs-bo(9216) Reference: URL:http://www.iss.net/security_center/static/9216.php Reference: BID:4890 Reference: URL:http://online.securityfocus.com/bid/4890 Reference: HP:HPSBTL0205-044 Reference: URL:http://online.securityfocus.com/advisories/4169 Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet. Modifications: CHANGEREF REDHAT:RHSA-2002:094 (advisory ID was wrong) ADDREF FREEBSD:FreeBSD-SA-02:29 ADDREF CONECTIVA:CLA-2002:491 ADDREF CALDERA:CSSA-2002-025.0 ADDREF XF:tcpdump-nfs-bo(9216) ADDREF BID:4890 ADDREF BUGTRAQ:20020606 TSLSA-2002-0055 - tcpdump ADDREF HP:HPSBTL0205-044 20040818 ADDREF REDHAT:RHSA-2002:121 20040818 ADDREF REDHAT:RHSA-2003:214 20040818 ADDREF DEBIAN:DSA-255 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0380 ACCEPT (6 accept, 5 ack, 0 review) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong MODIFY(2) Frech, Cox NOOP(2) Christey, Foat Voter Comments: Cox> ADDREF: CLA-2002:491 TSLSA-2002-0055 Christey> I clearly screwed up the references here. This is supposed to be REDHAT:RHSA-2002:094. #089 is already covered by CAN-2001-1279. ADDREF FREEBSD:FreeBSD-SA-02:29 Christey> CALDERA:CSSA-2002-025.0 CONECTIVA:CLA-2002:491 Consider SUSE:SuSE-SA:2002:020, but beware that it upgrades *to* 3.6.2, and it mentions *AFS* packets. There are no cross-references to know for sure whether they meant this tcpdump vulnerability or an older one. Frech> XF:tcpdump-nfs-bo(9216) Christey> HP:HPSBTL0205-044 URL:http://online.securityfocus.com/advisories/4169 Christey> I'm not going to add the SuSE reference, which may be describing CAN-2001-1279. I don't want to hold this CAN back from promotion to an entry any further. ====================================================== Candidate: CAN-2002-0384 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0384 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020522 Category: SF Reference: REDHAT:RHSA-2002:098 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-098.html Reference: REDHAT:RHSA-2002:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-107.html Reference: REDHAT:RHSA-2002:122 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-122.html Reference: REDHAT:RHSA-2003:156 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-156.html Reference: MANDRAKE:MDKSA-2002:054 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-054.php Reference: HP:HPSBTL0208-057 Reference: URL:http://online.securityfocus.com/advisories/4358 Reference: XF:gaim-jabber-module-bo(9766) Reference: URL:http://www.iss.net/security_center/static/9766.php Reference: BID:5406 Reference: URL:http://www.securityfocus.com/bid/5406 Reference: OSVDB:3729 Reference: URL:http://www.osvdb.org/3729 Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code. Modifications: 20040725 ADDREF REDHAT:RHSA-2003:122 20040818 ADDREF REDHAT:RHSA-2002:122 20040818 ADDREF REDHAT:RHSA-2003:156 20040725 DELREF REDHAT:RHSA-2003:122 [does not exist] 20040818 ADDREF OSVDB:3729 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0384 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Cox, Cole, Armstrong, Green NOOP(1) Christey Voter Comments: Christey> ADDREF MANDRAKE:MDKSA-2002:054 Cox> Addref: RHSA-2003:122 ====================================================== Candidate: CAN-2002-0387 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0387 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020522 Category: SF Reference: ATSTAKE:A031303-1 Reference: URL:http://www.atstake.com/research/advisories/2003/a031303-1.txt Reference: SUNALERT:52022 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/52022 Reference: CIAC:N-064 Reference: URL:http://www.ciac.org/ciac/bulletins/n-064.shtml Reference: XF:sunone-gxnsapi6-bo(11529) Reference: URL:http://xforce.iss.net/xforce/xfdb/11529 Reference: BID:7082 Reference: URL:http://www.securityfocus.com/bid/7082 Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL. Modifications: 20040725 ADDREF XF:sunone-gxnsapi6-bo(11529) 20040725 ADDREF SUNALERT:52022 20040725 CIAC:N-064 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0387 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Stracener, Green NOOP(3) Cox, Wall, Cole Voter Comments: Green> ACKNOWLEDGED IN SP1 AVAILABLE AT http://wwws.sun.com/software/download/products/3e3afb89.html Stracener> cf. Sun[tm] ONE Application Server, Enterprise Edition 6.5 Service Pack 1 ====================================================== Candidate: CAN-2002-0395 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0395 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Reference: XF:redm-1050ap-tftp-bruteforce(9264) Reference: URL:http://xforce.iss.net/xforce/xfdb/9264 The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods. Modifications: 20040725 ADDREF XF:redm-1050ap-tftp-bruteforce(9264) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0395 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Baker, Foat MODIFY(1) Frech NOOP(4) Cox, Wall, Cole, Armstrong Voter Comments: Frech> XF:redm-1050ap-tftp-bruteforce (9264) ====================================================== Candidate: CAN-2002-0396 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0396 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Reference: XF:redm-1050ap-insecure-session(9265) Reference: URL:http://xforce.iss.net/xforce/xfdb/9265 The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session. Modifications: 20040725 ADDREF XF:redm-1050ap-insecure-session(9265) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0396 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Baker, Foat MODIFY(1) Frech NOOP(4) Cox, Wall, Cole, Armstrong Voter Comments: Frech> XF:redm-1050ap-insecure-session(9265) ====================================================== Candidate: CAN-2002-0397 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0397 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Reference: XF:redm-1050ap-device-existence(9266) Reference: URL:http://xforce.iss.net/xforce/xfdb/9266 Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887. Modifications: 20040725 ADDREF XF:redm-1050ap-device-existence(9266) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0397 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Baker, Foat MODIFY(1) Frech NOOP(4) Cox, Wall, Cole, Armstrong Voter Comments: Frech> XF:redm-1050ap-device-existence (9266) ====================================================== Candidate: CAN-2002-0398 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0398 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Reference: XF:redm-1050ap-ppp-dos(9267) Reference: URL:http://xforce.iss.net/xforce/xfdb/9267 Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name. Modifications: 20040725 ADDREF XF:redm-1050ap-ppp-dos(9267) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0398 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Baker, Foat MODIFY(1) Frech NOOP(4) Cox, Wall, Cole, Armstrong Voter Comments: Frech> XF:redm-1050ap-ppp-dos(9267) ====================================================== Candidate: CAN-2002-0400 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0400 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020603 Category: SF Reference: CERT:CA-2002-15 Reference: URL:http://www.cert.org/advisories/CA-2002-15.html Reference: CERT-VN:VU#739123 Reference: URL:http://www.kb.cert.org/vuls/id/739123 Reference: ISS:20020604 Remote Denial of Service Vulnerability in ISC BIND Reference: CALDERA:CSSA-2002-SCO.24 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt Reference: CONECTIVA:CLA-2002:494 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494 Reference: HP:HPSBUX0207-202 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0022.html Reference: MANDRAKE:MDKSA-2002:038 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-038.php Reference: REDHAT:RHSA-2002:105 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-105.html Reference: REDHAT:RHSA-2002:119 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-119.html Reference: REDHAT:RHSA-2003:154 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-154.html Reference: SUSE:SuSE-SA:2002:021 Reference: URL:http://www.suse.de/de/security/2002_21_bind9.html Reference: BID:4936 Reference: URL:http://www.securityfocus.com/bid/4936 Reference: XF:bind-findtype-dos(9250) Reference: URL:http://www.iss.net/security_center/static/9250.php ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL. Modifications: ADDREF CALDERA:CSSA-2002-SCO.24 ADDREF CONECTIVA:CLA-2002:494 ADDREF SUSE:SuSE-SA:2002:021 ADDREF REDHAT:RHSA-2002:105 ADDREF MANDRAKE:MDKSA-2002:038 ADDREF BID:4936 ADDREF XF:bind-findtype-dos(9250) ADDREF HP:HPSBUX0207-202 20040725 ADDREF REDHAT:RHSA-2003:154 20040818 ADDREF REDHAT:RHSA-2002:119 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0400 ACCEPT (6 accept, 7 ack, 0 review) Current Votes: ACCEPT(6) Baker, Cox, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> CALDERA:CSSA-2002-SCO.24 Christey> CALDERA:CSSA-2002-SCO.24 URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt CONECTIVA:CLA-2002:494 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494 SUSE:SuSE-SA:2002:021 URL:http://www.suse.de/de/support/security/2002_21_bind9.html XF:bind-findtype-dos(9250) URL:http://www.iss.net/security_center/static/9250.php BID:4936 URL:http://www.securityfocus.com/bid/4936 Christey> REDHAT:RHSA-2002:105 Frech> XF:bind-findtype-dos(9250) Christey> MANDRAKE:MDKSA-2002:038 Christey> HP:HPSBUX0207-202 URL:http://archives.neohapsis.com/archives/hp/2002-q3/0022.html Christey> REDHAT:RHSA-2003:154 ====================================================== Candidate: CAN-2002-0443 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0443 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020307 Windows 2000 password policy bypass possibility Reference: URL:http://online.securityfocus.com/archive/1/260704 Reference: XF:win2k-password-bypass-policy(8402) Reference: URL:http://www.iss.net/security_center/static/8402.php Reference: BID:4256 Reference: URL:http://www.securityfocus.com/bid/4256 Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2002-0443 ACCEPT_REV (4 accept, 0 ack, 1 review) Current Votes: ACCEPT(4) Frech, Foat, Cole, Alderson NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-0444 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0444 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020408 Vulnerability: Windows2000Server running Terminalservices Reference: URL:http://www.securityfocus.com/archive/1/266729 Reference: BID:4464 Reference: URL:http://www.securityfocus.com/bid/4464 Reference: XF:win2k-terminal-bypass-policies(8813) Reference: URL:http://www.iss.net/security_center/static/8813.php Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2002-0444 ACCEPT_REV (4 accept, 0 ack, 1 review) Current Votes: ACCEPT(4) Frech, Foat, Cole, Alderson NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-0445 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0445 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020312 [ARL02-A05] PHP FirstPost System Information Path Disclosure Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/261337 Reference: XF:phpfirstpost-path-disclosure(8434) Reference: URL:http://www.iss.net/security_center/static/8434.php Reference: BID:4274 Reference: URL:http://www.securityfocus.com/bid/4274 Reference: OSVDB:7170 Reference: URL:http://www.osvdb.org/7170 article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message. Modifications: 20040818 ADDREF OSVDB:7170 Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INCLUSION: CD:EX-BETA suggests that beta software should not be included in CVE unless it is popular or in permanent beta. The home page for PHP FirstPost implies that the product is in beta; however, the discloser suggests that the developer has stopped maintaining the code, so it could be argued that this software is in "permanent beta" and should be included in CVE. INFERRED ACTION: CAN-2002-0445 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Green, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0546 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0546 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020403 Winamp: Mp3 file can control the minibrowser Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html Reference: BUGTRAQ:20020403 Re: Winamp: Mp3 file can control the minibrowser Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html Reference: XF:winamp-mp3-browser-css(8753) Reference: URL:http://www.iss.net/security_center/static/8753.php Reference: BID:4414 Reference: URL:http://www.securityfocus.com/bid/4414 Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file. Analysis -------- Vendor Acknowledgement: yes followup ACKNOWLEDGEMENT: the vendor's changelog for version 2.80 says "minibrowser security fix," but it is not clear that the vendor is fixing *this* vulnerability, as there are several issues that affect 2.79 (at least CAN-2002-0546 and CAN-2002-0547, and possibly CAN-2002-0284). INFERRED ACTION: CAN-2002-0546 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(4) Cox, Wall, Foat, Armstrong ====================================================== Candidate: CAN-2002-0615 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0615 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020726 Assigned: 20020612 Category: SF Reference: MS:MS02-032 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp Reference: XF:mediaplayer-playlist-script-execution(9422) Reference: URL:http://www.iss.net/security_center/static/9422.php Reference: BID:5110 Reference: URL:http://www.securityfocus.com/bid/5110 The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". Modifications: 20040725 ADDREF XF:mediaplayer-playlist-script-execution(9422) 20040725 ADDREF BID:5110 20040725 DELREF BID:4821 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0615 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole NOOP(2) Christey, Cox Voter Comments: Christey> XF:mediaplayer-playlist-script-execution(9422) URL:http://www.iss.net/security_center/static/9422.php BID:5110 URL:http://www.securityfocus.com/bid/5110 Christey> DELREF BID:4821 (that BID is for CVE-2002-0618) ====================================================== Candidate: CAN-2002-0627 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0627 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020617 Category: SF Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089 Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf Reference: CIAC:M-123 Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml Reference: XF:viewstation-unicode-retrieve-password(9348) Reference: URL:http://www.iss.net/security_center/static/9348.php Reference: BID:5632 Reference: URL:http://www.securityfocus.com/bid/5632 The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0627 ACCEPT_ACK (2 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0630 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0630 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020617 Category: SF Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089 Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf Reference: CIAC:M-123 Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml Reference: XF:viewstation-icmp-dos(9350) Reference: URL:http://www.iss.net/security_center/static/9350.php Reference: BID:5637 Reference: URL:http://www.securityfocus.com/bid/5637 The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0630 ACCEPT_ACK (2 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0651 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0651 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020726 Assigned: 20020628 Category: SF Reference: BUGTRAQ:20020626 Remote buffer overflow in resolver code of libc Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102513011311504&w=2 Reference: NTBUGTRAQ:20020703 Buffer overflow and DoS i BIND Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html Reference: MISC:http://www.pine.nl/advisories/pine-cert-20020601.txt Reference: CERT:CA-2002-19 Reference: URL:http://www.cert.org/advisories/CA-2002-19.html Reference: CERT-VN:VU#803539 Reference: URL:http://www.kb.cert.org/vuls/id/803539 Reference: AIXAPAR:IY32719 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0001.html Reference: AIXAPAR:IY32746 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0001.html Reference: CALDERA:CSSA-2002-SCO.37 Reference: URL:ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37 Reference: CALDERA:CSSA-2002-SCO.39 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39 Reference: CONECTIVA:CLSA-2002:507 Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507 Reference: ENGARDE:ESA-20020724-018 Reference: URL:http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html Reference: FREEBSD:FreeBSD-SA-02:28 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102520962320134&w=2 Reference: MANDRAKE:MDKSA-2002:038 Reference: URL:http://online.securityfocus.com/advisories/4397 Reference: MANDRAKE:MDKSA-2002:043 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php Reference: NETBSD:NetBSD-SA2002-006 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc Reference: REDHAT:RHSA-2002:119 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-119.html Reference: REDHAT:RHSA-2002:133 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-133.html Reference: REDHAT:RHSA-2002:139 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-139.html Reference: REDHAT:RHSA-2002:167 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-167.html Reference: REDHAT:RHSA-2003:154 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-154.html Reference: SGI:20020701-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/ Reference: BUGTRAQ:20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102579743329251&w=2 Reference: XF:dns-resolver-lib-bo(9432) Reference: URL:http://www.iss.net/security_center/static/9432.php Reference: BID:5100 Reference: URL:http://online.securityfocus.com/bid/5100 Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers. Modifications: ADDREF REDHAT:RHSA-2002:133 ADDREF MANDRAKE:MDKSA-2002:038 ADDREF CONECTIVA:CLSA-2002:507 ADDREF XF:dns-resolver-lib-bo(9432) ADDREF BUGTRAQ:20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind) ADDREF BID:5100 ADDREF SGI:20020701-01-I ADDREF REDHAT:RHSA-2002:139 ADDREF AIXAPAR:IY32719 ADDREF AIXAPAR:IY32746 ADDREF ENGARDE:ESA-20020724-018 20040725 ADDREF CALDERA:CSSA-2002-SCO.37 20040725 ADDREF CALDERA:CSSA-2002-SCO.39 20040725 ADDREF MISC:http://www.pine.nl/advisories/pine-cert-20020601.txt 20040725 ADDREF REDHAT:RHSA-2003:154 20040725 CHANGEREF CERT:VU#803539 (use CERT-VN source) 20040818 ADDREF REDHAT:RHSA-2002:119 20040818 ADDREF REDHAT:RHSA-2002:167 20040818 ADDREF REDHAT:RHSA-2003:154 20040818 DELREF REDHAT:RHSA-2002:154 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0651 ACCEPT (5 accept, 8 ack, 0 review) Current Votes: ACCEPT(5) Baker, Cox, Wall, Foat, Cole NOOP(1) Christey Voter Comments: Christey> There are actually 2 closely related issues, one in gethostbyname/etc. responses related to dn_expand(), and another in the getnetbyX functions. The getnetby* functions apparently don't affect BIND 8.x, so they should get a different CAN. See: http://marc.theaimsgroup.com/?l=bugtraq&m=102581482511612&w=2 Christey> Need to beef up the description to more clearly distinguish it from CAN-2002-0684. The NetBSD reference has details, related to padding and getanswer() and getnetanswer(). Also need to closely check each reference to see which issue(s) the reference is *really* referring to. Christey> REDHAT:RHSA-2002:133 Christey> MANDRAKE:MDKSA-2002:038 Christey> MANDRAKE:MDKSA-2002:050 Christey> The getnet* functions were assigned to CAN-2002-0684. Note: MANDRAKE:MDKSA-2002:038-1 explicitly acknowledges this issue, but the Mandrake site doesn't have this new revision yet. Don't add MANDRAKE:MDKSA-2002:050, that's for CAN-2002-0684 Christey> XF:dns-resolver-lib-bo(9432) URL:http://www.iss.net/security_center/static/9432.php CONECTIVA:CLSA-2002:507 BUGTRAQ:20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind) BID:5100 URL:http://online.securityfocus.com/bid/5100 SGI:20020701-01-I REDHAT:RHSA-2002:139 AIXAPAR:IY32719 AIXAPAR:IY32746 ENGARDE:ESA-20020724-018 Christey> CALDERA:CSSA-2002-SCO.37 URL:ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37 Christey> Change the CERT:VU#803539 to a CERT-VN reference. Christey> MISC:http://www.pine.nl/advisories/pine-cert-20020601.txt CALDERA:CSSA-2002-SCO.39 Christey> REDHAT:RHSA-2003:154 ====================================================== Candidate: CAN-2002-0662 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0662 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020702 Category: SF Reference: BUGTRAQ:20020902 The ScrollKeeper Root Trap Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103098575826031&w=2 Reference: DEBIAN:DSA-160 Reference: URL:http://www.debian.org/security/2002/dsa-160 Reference: REDHAT:RHSA-2002:186 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-186.html Reference: BUGTRAQ:20020904 GLSA: scrollkeeper Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103115387102294&w=2 Reference: XF:scrollkeeper-tmp-file-symlink(10002) Reference: URL:http://www.iss.net/security_center/static/10002.php Reference: BID:5602 Reference: URL:http://www.securityfocus.com/bid/5602 scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files. Modifications: 20040725 ADDREF XF:scrollkeeper-tmp-file-symlink(10002) 20040725 ADDREF BID:5602 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0662 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong NOOP(1) Christey Voter Comments: Christey> XF:scrollkeeper-tmp-file-symlink(10002) URL:http://www.iss.net/security_center/static/10002.php BID:5602 URL:http://www.securityfocus.com/bid/5602 ====================================================== Candidate: CAN-2002-0668 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0668 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020726 Assigned: 20020709 Category: SF Reference: ATSTAKE:A071202-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp Reference: XF:pingtel-xpressa-call-hijacking(9563) Reference: URL:http://xforce.iss.net/xforce/xfdb/9563 Reference: OSVDB:5144 Reference: URL:http://www.osvdb.org/5144 The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls. Modifications: 20040725 ADDREF XF:pingtel-xpressa-call-hijacking(9563) 20040818 ADDREF OSVDB:5144 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0668 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(5) Cox, Wall, Foat, Cole, Armstrong Voter Comments: Frech> XF:pingtel-xpressa-call-hijacking(9563) ====================================================== Candidate: CAN-2002-0672 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0672 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020726 Assigned: 20020709 Category: SF Reference: ATSTAKE:A071202-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp Reference: XF:pingtel-xpressa-factory-defaults(9567) Reference: URL:http://www.iss.net/security_center/static/9567.php Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null. Modifications: 20040725 XF:pingtel-xpressa-factory-defaults(9567) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0672 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(6) Christey, Cox, Wall, Foat, Cole, Armstrong Voter Comments: Christey> XF:pingtel-xpressa-factory-defaults(9567) URL:http://www.iss.net/security_center/static/9567.php Frech> XF:pingtel-xpressa-factory-defaults(9567) ====================================================== Candidate: CAN-2002-0673 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0673 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020726 Assigned: 20020709 Category: SF Reference: ATSTAKE:A071202-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp Reference: XF:pingtel-xpressa-phone-reregister(9568) Reference: URL:http://www.iss.net/security_center/static/9568.php The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions. Modifications: 20040725 ADDREF XF:pingtel-xpressa-phone-reregister(9568) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0673 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(6) Christey, Cox, Wall, Foat, Cole, Armstrong Voter Comments: Christey> XF:pingtel-xpressa-phone-reregister(9568) URL:http://www.iss.net/security_center/static/9568.php Frech> XF:pingtel-xpressa-phone-reregister(9568) ====================================================== Candidate: CAN-2002-0674 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0674 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020726 Assigned: 20020709 Category: SF Reference: ATSTAKE:A071202-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp Reference: XF:pingtel-xpressa-admin-timeout(9569) Reference: URL:http://xforce.iss.net/xforce/xfdb/9569 Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication. Modifications: 20040725 ADDREF XF:pingtel-xpressa-admin-timeout(9569) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0674 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(5) Cox, Wall, Foat, Cole, Armstrong Voter Comments: Frech> XF:pingtel-xpressa-admin-timeout(9569) ====================================================== Candidate: CAN-2002-0682 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0682 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020726 Assigned: 20020710 Category: SF Reference: BUGTRAQ:20020710 wp-02-0008: Apache Tomcat Cross Site Scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102631703811297&w=2 Reference: VULNWATCH:20020710 [VulnWatch] wp-02-0008: Apache Tomcat Cross Site Scripting Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0014.html Reference: XF:tomcat-servlet-xss(9520) Reference: URL:http://xforce.iss.net/xforce/xfdb/9520 Reference: BID:5193 Reference: URL:http://www.securityfocus.com/bid/5193 Reference: OSVDB:4973 Reference: URL:http://www.osvdb.org/4973 Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet. Modifications: 20040725 ADDREF XF:tomcat-servlet-xss(9520) 20040725 ADDREF BID:5193 20040818 ADDREF OSVDB:4973 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0682 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(5) Christey, Cox, Balinsky, Wall, Foat Voter Comments: Christey> XF:tomcat-servlet-xss(9520) URL:http://www.iss.net/security_center/static/9520.php BID:5193 URL:http://www.securityfocus.com/bid/5193 Frech> XF:tomcat-servlet-xss(9520) ====================================================== Candidate: CAN-2002-0692 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0692 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020712 Category: SF Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2002-September/002252.html Reference: MS:MS02-053 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-053.asp Reference: CERT-VN:VU#723537 Reference: URL:http://www.kb.cert.org/vuls/id/723537 Reference: XF:fpse-smarthtml-interpreter-dos(10194) Reference: URL:http://www.iss.net/security_center/static/10194.php Reference: XF:fpse-smarthtml-interpreter-bo(10195) Reference: URL:http://www.iss.net/security_center/static/10195.php Reference: BID:5804 Reference: URL:http://www.securityfocus.com/bid/5804 Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request. Modifications: 20040725 ADDREF CERT-VN:VU#723537 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0692 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(2) Christey, Cox Voter Comments: Christey> ADDREF CERT-VN:VU#723537 URL:http://www.kb.cert.org/vuls/id/723537 ====================================================== Candidate: CAN-2002-0694 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0694 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20020712 Category: SF Reference: MS:MS02-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-055.asp Reference: XF:win-chm-code-execution(10254) Reference: URL:http://www.iss.net/security_center/static/10254.php Reference: OVAL:OVAL403 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL403.html The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." Modifications: 20040824 ADDREF OVAL:OVAL403 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0694 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-0696 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0696 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020712 Category: SF Reference: MS:MS02-049 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-049.asp Reference: XF:ms-foxpro-app-execution(10035) Reference: URL:http://www.iss.net/security_center/static/10035.php Reference: BID:5633 Reference: URL:http://www.securityfocus.com/bid/5633 Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0696 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-0729 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0729 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102760196931518&w=2 Reference: NTBUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102760479902411&w=2 Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0729 ACCEPT_REV (5 accept, 0 ack, 1 review) Current Votes: ACCEPT(4) Baker, Balinsky, Cole, Armstrong MODIFY(1) Frech NOOP(3) Christey, Cox, Foat REVIEWING(1) Wall Voter Comments: Balinsky> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp Frech> XF:mssql-resolution-service-bo(9661) Christey> Microsoft MS02-039 does not mention this issue, therefore it is uncertain whether they acknowledged it or not. The XF reference is for an overflow, not a malformed packet. ====================================================== Candidate: CAN-2002-0835 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0835 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020808 Category: SF Reference: REDHAT:RHSA-2002:162 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-162.html Reference: REDHAT:RHSA-2002:165 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-165.html Reference: CALDERA:CSSA-2002-044.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt Reference: HP:HPSBTL0209-066 Reference: URL:http://online.securityfocus.com/advisories/4449 Reference: BID:5596 Reference: URL:http://www.securityfocus.com/bid/5596 Reference: XF:pxe-dhcp-dos(10003) Reference: URL:http://www.iss.net/security_center/static/10003.php Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0835 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Cox ====================================================== Candidate: CAN-2002-0836 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0836 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020808 Category: SF Reference: REDHAT:RHSA-2002:194 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-194.html Reference: REDHAT:RHSA-2002:195 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-195.html Reference: MANDRAKE:MDKSA-2002:070 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php Reference: DEBIAN:DSA-207 Reference: URL:http://www.debian.org/security/2002/dsa-207 Reference: BUGTRAQ:20021018 GLSA: tetex Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103497852330838&w=2 Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005975415582&w=2 Reference: CONECTIVA:CLA-2002:537 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537 Reference: HP:HPSBTL0210-073 Reference: URL:http://www.securityfocus.com/advisories/4567 Reference: CERT-VN:VU#169841 Reference: URL:http://www.kb.cert.org/vuls/id/169841 Reference: BID:5978 Reference: URL:http://www.securityfocus.com/bid/5978 Reference: XF:dvips-system-execute-commands(10365) Reference: URL:http://www.iss.net/security_center/static/10365.php dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. Modifications: 20040725 ADDREF REDHAT:RHSA-2002:195 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0836 ACCEPT (5 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Cole, Baker, Frech, Wall MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2002:195 ====================================================== Candidate: CAN-2002-0840 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020808 Category: SF Reference: BUGTRAQ:20021002 Apache 2 Cross-Site Scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103357160425708&w=2 Reference: VULNWATCH:20021002 Apache 2 Cross-Site Scripting Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2 Reference: CONECTIVA:CLA-2002:530 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 Reference: ENGARDE:ESA-20021007-024 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2414.html Reference: MANDRAKE:MDKSA-2002:068 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php Reference: DEBIAN:DSA-187 Reference: URL:http://www.debian.org/security/2002/dsa-187 Reference: DEBIAN:DSA-188 Reference: URL:http://www.debian.org/security/2002/dsa-188 Reference: DEBIAN:DSA-195 Reference: URL:http://www.debian.org/security/2002/dsa-195 Reference: HP:HPSBUX0210-224 Reference: URL:http://online.securityfocus.com/advisories/4617 Reference: BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103376585508776&w=2 Reference: BUGTRAQ:20021017 TSLSA-2002-0069-apache Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html Reference: REDHAT:RHSA-2002:222 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-222.html Reference: REDHAT:RHSA-2002:243 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html Reference: REDHAT:RHSA-2002:244 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html Reference: REDHAT:RHSA-2002:248 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html Reference: REDHAT:RHSA-2002:251 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-251.html Reference: REDHAT:RHSA-2003:106 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-106.html Reference: SGI:20021105-02-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I Reference: CERT-VN:VU#240329 Reference: URL:http://www.kb.cert.org/vuls/id/240329 Reference: XF:apache-http-host-xss(10241) Reference: URL:http://xforce.iss.net/xforce/xfdb/10241 Reference: BID:5847 Reference: URL:http://www.securityfocus.com/bid/5847 Reference: OSVDB:862 Reference: URL:http://www.osvdb.org/862 Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Modifications: 20040725 ADDREF REDHAT:RHSA-2002:222 20040725 ADDREF REDHAT:RHSA-2002:243 20040725 ADDREF REDHAT:RHSA-2002:244 20040725 ADDREF REDHAT:RHSA-2002:248 20040725 ADDREF REDHAT:RHSA-2002:251 20040725 ADDREF SGI:20021105-02-I 20040725 ADDREF XF:apache-http-host-xss(10241) 20040725 ADDREF BID:5847 20040818 ADDREF REDHAT:RHSA-2003:106 20040818 ADDREF OSVDB:862 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-0840 ACCEPT (5 accept, 6 ack, 0 review) Current Votes: ACCEPT(3) Cole, Baker, Wall MODIFY(2) Frech, Cox NOOP(1) Christey Voter Comments: Christey> CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Cox> Addref: RHSA-2002:251 Addref: RHSA-2002:248 Addref: RHSA-2002:244 Addref: RHSA-2002:243 Addref: RHSA-2002:222 Frech> XF:apache-http-host-xss(10241) Christey> SGI:20021105-02-I URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I ====================================================== Candidate: CAN-2002-0842 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0842 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020808 Category: SF Reference: BUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549708626309&w=2 Reference: NTBUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549708626309&w=2 Reference: VULNWATCH:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0076.html Reference: MISC:http://www.nextgenss.com/advisories/ora-appservfmtst.txt Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf Reference: CERT:CA-2003-05 Reference: URL:http://www.cert.org/advisories/CA-2003-05.html Reference: CERT-VN:VU#849993 Reference: URL:http://www.kb.cert.org/vuls/id/849993 Reference: CIAC:N-046 Reference: URL:http://www.ciac.org/ciac/bulletins/n-046.shtml Reference: BUGTRAQ:20030218 CSSA-2003-007.0 Advisory withdrawn. Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav mo Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104559446010858&w=2 Reference: BUGTRAQ:20030218 Re: CSSA-2003-007.0 Advisory withdrawn. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104560577227981&w=2 Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2003-February/004258.html Reference: XF:oracle-appserver-davpublic-dos(11330) Reference: URL:http://www.iss.net/security_center/static/11330.php Reference: BID:6846 Reference: URL:http://www.securityfocus.com/bid/6846 Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror(). Modifications: 20040725 ADDREF CERT:CA-2003-05 20040725 ADDREF CIAC:N-046 20040725 ADDREF BID:6846 20040725 ADDREF MISC:http://www.nextgenss.com/advisories/ora-appservfmtst.txt Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: a SCO advisory was released which mentioned this CAN, but it was quickly rescinded. This CAN is for the issue addressed by Oracle only. NOTE: This CAN was public in 2003. It has a 2002 identifier because the CNA (Red Hat) originally assigned the CAN to the issue in 2002; but due to some early confusion regarding the "location" of the bug, and the fact that it only affected certain modifications to the package, and not the original package itself, it was a while before the bug was published. INFERRED ACTION: CAN-2002-0842 ACCEPT (5 accept, 4 ack, 0 review) Current Votes: ACCEPT(5) Cole, Baker, Frech, Cox, Wall NOOP(1) Christey Voter Comments: Christey> CERT:CA-2003-05 URL:http://www.cert.org/advisories/CA-2003-05.html CIAC:N-046 URL:http://www.ciac.org/ciac/bulletins/n-046.shtml BID:6846 URL:http://www.securityfocus.com/bid/6846 MISC:http://www.nextgenss.com/advisories/ora-appservfmtst.txt ====================================================== Candidate: CAN-2002-0844 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0844 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020830 Assigned: 20020809 Category: SF Reference: BUGTRAQ:20020525 [DER ADV#8] - Local off by one in CVSD Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102233767925177&w=2 Reference: VULNWATCH:20020525 [DER ADV#8] - Local off by one in CVSD Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html Reference: CALDERA:CSSA-2002-035.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt Reference: REDHAT:RHSA-2004:004 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-004.html Reference: SGI:20040103-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc Reference: XF:cvs-rcs-offbyone-bo(9175) Reference: URL:http://xforce.iss.net/xforce/xfdb/9175 Reference: BID:4829 Reference: URL:http://www.securityfocus.com/bid/4829 Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. Modifications: 20040725 ADDREF XF:cvs-rcs-offbyone-bo(9175) 20040725 ADDREF REDHAT:RHSA-2004:004 20040725 ADDREF SGI:20040103-01-U Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0844 ACCEPT_REV (6 accept, 3 ack, 1 review) Current Votes: ACCEPT(5) Cole, Armstrong, Alderson, Baker, Cox MODIFY(1) Frech NOOP(2) Christey, Foat REVIEWING(1) Jones Voter Comments: Jones> Vulnerable version unclear. CVE description says 1.11.2, Caldera reference says 1.11-8 is both vulnerable AND is the version of the patched code. Frech> XF:cvs-rcs-offbyone-bo(9175) Christey> REDHAT:RHSA-2004:004 URL:http://www.redhat.com/support/errata/RHSA-2004-004.html Christey> SGI:20040103-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc ====================================================== Candidate: CAN-2002-0850 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0850 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020809 Category: SF Reference: BUGTRAQ:20020906 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103133995920090&w=2 Reference: VULNWATCH:20020905 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0106.html Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/ReadMe.txt Reference: XF:pgp-long-filename-bo(10043) Reference: URL:http://xforce.iss.net/xforce/xfdb/10043 Reference: BID:5656 Reference: URL:http://www.securityfocus.com/bid/5656 Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted. Modifications: 20040725 ADDREF XF:pgp-long-filename-bo(10043) 20040725 ADDREF BID:5656 Analysis -------- Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The release notes for PGP Corporate Desktop 7.1.x state: "While PGP supports long file names, it encounters problems when it tries to encrypt or decrypt files that have names longer than 200 characters... For more information on this issue, see Foundstone Labs Advisory - 080202-PCRO." While the advisory ID is different than the one in Foundstone's Bugtraq post, Foundstone did confirm via email that both ID's reference the same issue. INFERRED ACTION: CAN-2002-0850 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0864 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0864 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020815 Category: SF Reference: BUGTRAQ:20020916 Microsoft Windows XP Remote Desktop denial of service vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103235745116592&w=2 Reference: BUGTRAQ:20020918 Microsoft Windows Terminal Services vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103236181522253&w=2 Reference: MS:MS02-051 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-051.asp Reference: XF:winxp-remote-desktop-dos(10120) Reference: URL:http://www.iss.net/security_center/static/10120.php Reference: BID:5713 Reference: URL:http://www.securityfocus.com/bid/5713 The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0864 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Wall NOOP(1) Cox ====================================================== Candidate: CAN-2002-0865 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0865 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020815 Category: SF Reference: MS:MS02-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp Reference: CERT-VN:VU#140898 Reference: URL:http://www.kb.cert.org/vuls/id/140898 Reference: XF:msvm-xml-methods-access(10135) Reference: URL:http://www.iss.net/security_center/static/10135.php Reference: BID:5752 Reference: URL:http://online.securityfocus.com/bid/5752 A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes." Modifications: 20040725 ADDREF CERT-VN:VU#140898 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0865 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Wall NOOP(2) Christey, Cox Voter Comments: Christey> ADDREF CERT-VN:VU#140898 URL:http://www.kb.cert.org/vuls/id/140898 This VU# also explicitly mentions the com.ms.osp.ospmrshl class. ====================================================== Candidate: CAN-2002-0866 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0866 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020815 Category: SF Reference: BUGTRAQ:20020923 Technical information about the vulnerabilities fixed by MS-02-52 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0271.html Reference: MS:MS02-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp Reference: CERT-VN:VU#307306 Reference: URL:http://www.kb.cert.org/vuls/id/307306 Reference: XF:msvm-jdbc-dll-execution(10133) Reference: URL:http://www.iss.net/security_center/static/10133.php Reference: BID:5751 Reference: URL:http://online.securityfocus.com/bid/5751 Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes." Modifications: 20040725 ADDREF CERT-VN:VU#307306 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0866 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Wall NOOP(2) Christey, Cox Voter Comments: Christey> ADDREF CERT-VN:VU#307306 URL:http://www.kb.cert.org/vuls/id/307306 ====================================================== Candidate: CAN-2002-0867 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0867 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020815 Category: SF Reference: MS:MS02-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp Reference: CERT-VN:VU#792881 Reference: URL:http://www.kb.cert.org/vuls/id/792881 Reference: XF:msvm-jdbc-ie-dos(10134) Reference: URL:http://www.iss.net/security_center/static/10134.php Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw." Modifications: 20040725 CERT-VN:VU#792881 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0867 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Wall NOOP(2) Christey, Cox Voter Comments: Christey> ADDREF CERT-VN:VU#792881 URL:http://www.kb.cert.org/vuls/id/792881 Consider adding BID:5670 ====================================================== Candidate: CAN-2002-0895 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0895 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020522 MatuFtpServer Remote Buffer Overflow and Possible DoS Reference: URL:http://online.securityfocus.com/archive/1/273581 Reference: BID:4792 Reference: URL:http://www.securityfocus.com/bid/4792 Reference: XF:matuftpserver-pass-bo(9138) Reference: URL:http://www.iss.net/security_center/static/9138.php Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PASS (password) command. Analysis -------- Vendor Acknowledgement: ACKNOWLEDGEMENT: vendor web page is in Japanese, so acknowledgement could not be determined. INFERRED ACTION: CAN-2002-0895 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Alderson, Frech, Jones NOOP(4) Cole, Armstrong, Cox, Foat Voter Comments: Alderson> The fact that the vendor page is in Japanese and therefore couldnt be verified may highlight future problems of a similar nature. ====================================================== Candidate: CAN-2002-0969 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0969 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020820 Category: SF Reference: VULNWATCH:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html Reference: BUGTRAQ:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103358628011935&w=2 Reference: MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt Reference: CONFIRM:http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x Reference: XF:mysql-myini-datadir-bo(10243) Reference: URL:http://www.iss.net/security_center/static/10243.php Reference: BID:5853 Reference: URL:http://www.securityfocus.com/bid/5853 Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. Modifications: 20040725 desc - add Win32 Analysis -------- Vendor Acknowledgement: unknown ACKNOWLEDGEMENT: The changelog for "Changes in release 3.23.50 (21 Apr 2002)" says: "Fixed buffer overflow problem if someone specified a too long datadir parameter to mysqld." INFERRED ACTION: CAN-2002-0969 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Cox, Wall Voter Comments: Cox> Note that description should refer to Win32 platform Green> THE VENDOR'S STATEMENTS IN THE CHANGELOG SHOULD SURFICE AS ACKNOWLEDGEMENT ====================================================== Candidate: CAN-2002-0970 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0970 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020812 Re: IE SSL Vulnerability (Konqueror affected too) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918241005893&w=2 Reference: BUGTRAQ:20020818 KDE Security Advisory: Konqueror SSL vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0170.html Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020818-1.txt Reference: DEBIAN:DSA-155 Reference: URL:http://www.debian.org/security/2002/dsa-155 Reference: MANDRAKE:MDKSA-2002:058 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:058 Reference: CALDERA:CSSA-2002-047.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt Reference: CONECTIVA:CLA-2002:519 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000519 Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: REDHAT:RHSA-2002:221 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-221.html Reference: XF:ssl-ca-certificate-spoofing(9776) Reference: URL:http://xforce.iss.net/xforce/xfdb/9776 Reference: BID:5410 Reference: URL:http://www.securityfocus.com/bid/5410 The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. Modifications: ADDREF BUGTRAQ:20020818 KDE Security Advisory: Konqueror SSL vulnerability ADDREF CONFIRM:http://www.kde.org/info/security/advisory-20020818-1.txt ADDREF MANDRAKE:MDKSA-2002:058 ADDREF CALDERA:CSSA-2002-047.0 ADDREF CONECTIVA:CLA-2002:519 ADDREF REDHAT:RHSA-2002:220 20040725 ADDREF XF:ssl-ca-certificate-spoofing(9776) 20040725 ADDREF BID:5410 20040818 ADDREF REDHAT:RHSA-2002:221 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0970 ACCEPT (5 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox MODIFY(1) Frech NOOP(3) Foat, Christey, Wall Voter Comments: Christey> CAN-2002-0970 and CAN-2002-0828 are treated differently because, as I understand it, the SSL design requires that you verify Basic Constraints. Here, we have 2 separate implementations that had the same implementation error, just like the 20+ FTP servers have the "buffer overflow in USER command" implementation error. It is assumed that CAN-2002-0970 and CAN-2002-0828 don't share the same codebases. Christey> BUGTRAQ:20020818 KDE Security Advisory: Konqueror SSL vulnerability URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0170.html Christey> CONFIRM:http://www.kde.org/info/security/advisory-20020818-1.txt MANDRAKE:MDKSA-2002:058 Christey> CALDERA:CSSA-2002-047.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt Christey> CONECTIVA:CLA-2002:519 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000519 Christey> REDHAT:RHSA-2002:220 Frech> XF:ssl-ca-certificate-spoofing(9776) ====================================================== Candidate: CAN-2002-0974 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0974 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020815 Delete arbitrary files using Help and Support Center [MSRC 1198dg] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102942549832077&w=2 Reference: MS:MS02-060 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-060.asp Reference: MSKB:Q328940 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q328940 Reference: XF:winxp-helpctr-delete-files(9878) Reference: URL:http://www.iss.net/security_center/static/9878.php Reference: BID:5478 Reference: URL:http://www.securityfocus.com/bid/5478 Reference: OSVDB:3001 Reference: URL:http://www.osvdb.org/3001 Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm. Modifications: 20040725 ADDREF MS:MS02-060 20040725 ADDREF MSKB:Q328940 20040725 ADDREF XF:winxp-helpctr-delete-files(9878) 20040725 ADDREF BID:5478 20040818 ADDREF OSVDB:3001 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-0974 ACCEPT_REV (3 accept, 2 ack, 1 review) Current Votes: ACCEPT(2) Foat, Armstrong MODIFY(1) Frech NOOP(3) Cole, Christey, Cox REVIEWING(1) Wall Voter Comments: Christey> MSKB:Q328940 Christey> MS:MS02-060 URL:http://www.microsoft.com/technet/security/bulletin/ms02-060.asp XF:winxp-helpctr-delete-files(9878) URL:http://www.iss.net/security_center/static/9878.php BID:5478 URL:http://www.securityfocus.com/bid/5478 Frech> XF:winxp-helpctr-delete-files(9878) ====================================================== Candidate: CAN-2002-0985 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0985 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020830 Assigned: 20020823 Category: SF Reference: BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail() Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2 Reference: DEBIAN:DSA-168 Reference: URL:http://www.debian.org/security/2002/dsa-168 Reference: REDHAT:RHSA-2002:213 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-213.html Reference: REDHAT:RHSA-2002:214 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-214.html Reference: REDHAT:RHSA-2002:243 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html Reference: REDHAT:RHSA-2002:244 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html Reference: REDHAT:RHSA-2002:248 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html Reference: REDHAT:RHSA-2003:159 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-159.html Reference: SUSE:SuSE-SA:2002:036 Reference: URL:http://www.suse.de/de/security/2002_036_modphp4.html Reference: CONECTIVA:CLA-2002:545 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 Reference: CALDERA:CSSA-2003-008.0 Reference: XF:php-mail-safemode-bypass(9966) Reference: URL:http://xforce.iss.net/xforce/xfdb/9966 Reference: BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2 Reference: MANDRAKE:MDKSA-2003:082 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:0 Reference: OSVDB:2111 Reference: URL:http://www.osvdb.org/2111 Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. Modifications: 20040725 desc change "remote attackers" 20040725 desc say "argument injection" 20040725 ADDREF DEBIAN:DSA-168 20040725 ADDREF SUSE:SuSE-SA:2002:036 20040725 ADDREF REDHAT:RHSA-2002:213 20040725 ADDREF CONECTIVA:CLA-2002:545 20040725 ADDREF CALDERA:CSSA-2003-008.0 20040725 ADDREF XF:php-mail-safemode-bypass(9966) 20040725 ADDREF BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) 20040725 ADDREF MANDRAKE:MDKSA-2003:082 20040818 ADDREF REDHAT:RHSA-2002:214 20040818 ADDREF REDHAT:RHSA-2002:243 20040818 ADDREF REDHAT:RHSA-2002:244 20040818 ADDREF REDHAT:RHSA-2002:248 20040818 ADDREF REDHAT:RHSA-2003:159 20040818 ADDREF OSVDB:2111 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0985 ACCEPT_ACK (2 accept, 4 ack, 0 review) Current Votes: MODIFY(2) Frech, Cox NOOP(5) Foat, Cole, Armstrong, Christey, Wall Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] CHANGE> [Cox changed vote from ACCEPT to MODIFY] Cox> this should read "local script authors" not "remote attackers" (can be confirmed by checking the PHP advisory too). Christey> DEBIAN:DSA-168 Christey> SUSE:SuSE-SA:2002:036 Christey> REDHAT:RHSA-2002:213 URL:http://www.redhat.com/support/errata/RHSA-2002-213.html Christey> CONECTIVA:CLA-2002:545 Christey> Ummm... what is the relationship between this and CVE-2001-1246? The Debian advisory may help to make the distinction. XF:php-mail-safemode-bypass(9966) URL:http://www.iss.net/security_center/static/9966.php Christey> CALDERA:CSSA-2003-008.0 Frech> XF:php-mail-safemode-bypass(9966) Christey> BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2 Christey> MANDRAKE:MDKSA-2003:082 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:082 ====================================================== Candidate: CAN-2002-0986 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0986 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020830 Assigned: 20020823 Category: SF Reference: BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail() Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2 Reference: DEBIAN:DSA-168 Reference: URL:http://www.debian.org/security/2002/dsa-168 Reference: SUSE:SuSE-SA:2002:036 Reference: URL:http://www.suse.de/de/security/2002_036_modphp4.html Reference: REDHAT:RHSA-2002:213 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-213.html Reference: REDHAT:RHSA-2002:214 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-214.html Reference: REDHAT:RHSA-2002:243 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html Reference: REDHAT:RHSA-2002:244 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html Reference: REDHAT:RHSA-2002:248 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html Reference: REDHAT:RHSA-2003:159 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-159.html Reference: CONECTIVA:CLA-2002:545 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 Reference: CALDERA:CSSA-2003-008.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt Reference: MANDRAKE:MDKSA-2003:082 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 Reference: BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2 Reference: XF:php-mail-ascii-injection(9959) Reference: URL:http://xforce.iss.net/xforce/xfdb/9959 Reference: BID:5562 Reference: URL:http://www.securityfocus.com/bid/5562 Reference: OSVDB:2160 Reference: URL:http://www.osvdb.org/2160 The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." Modifications: 20040725 ADDREF DEBIAN:DSA-168 20040725 ADDREF SUSE:SuSE-SA:2002:036 20040725 ADDREF REDHAT:RHSA-2002:213 20040725 ADDREF CONECTIVA:CLA-2002:545 20040725 ADDREF CALDERA:CSSA-2003-008.0 20040725 ADDREF MANDRAKE:MDKSA-2003:082 20040725 ADDREF BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) 20040725 ADDREF XF:php-mail-ascii-injection(9959) 20040725 ADDREF BID:5562 20040818 ADDREF REDHAT:RHSA-2002:214 20040818 ADDREF REDHAT:RHSA-2002:243 20040818 ADDREF REDHAT:RHSA-2002:244 20040818 ADDREF REDHAT:RHSA-2002:248 20040818 ADDREF REDHAT:RHSA-2003:159 20040818 ADDREF OSVDB:2160 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0986 ACCEPT_ACK (2 accept, 4 ack, 0 review) Current Votes: ACCEPT(1) Cox MODIFY(1) Frech NOOP(5) Foat, Cole, Armstrong, Christey, Wall Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Christey> DEBIAN:DSA-168 Christey> SUSE:SuSE-SA:2002:036 Christey> REDHAT:RHSA-2002:213 URL:http://www.redhat.com/support/errata/RHSA-2002-213.html Christey> CONECTIVA:CLA-2002:545 Christey> XF:php-mail-ascii-injection(9959) URL:http://www.iss.net/security_center/static/9959.php BID:5562 URL:http://www.securityfocus.com/bid/5562 Christey> CALDERA:CSSA-2003-008.0 Frech> XF:php-mail-ascii-injection(9959) Christey> BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2 Christey> MANDRAKE:MDKSA-2003:082 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:082 ====================================================== Candidate: CAN-2002-0990 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0990 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20021014 Multiple Symantec Firewall Secure Webserver timeout DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103463869503124&w=2 Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html Reference: BID:5958 Reference: URL:http://www.securityfocus.com/bid/5958 Reference: XF:simple-webserver-url-dos(10364) Reference: URL:http://www.iss.net/security_center/static/10364.php The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0990 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1091 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1091 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134051120770&w=2 Reference: MISC:http://crash.ihug.co.nz/~Sneuro/zerogif/ Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=157989 Reference: MANDRAKE:MDKSA-2002:075 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075 Reference: REDHAT:RHSA-2002:192 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html Reference: REDHAT:RHSA-2003:046 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-046.html Reference: XF:netscape-zero-gif-bo(10058) Reference: URL:http://www.iss.net/security_center/static/10058.php Reference: BID:5665 Reference: URL:http://www.securityfocus.com/bid/5665 Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width. Modifications: 20040725 ADDREF REDHAT:RHSA-2003:046 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1091 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2003:046 Green> ACKNOWLEDGED IN REDHAT ERRATA ====================================================== Candidate: CAN-2002-1092 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1092 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-bypass-authentication(10017) Reference: URL:http://xforce.iss.net/xforce/xfdb/10017 Reference: BID:5613 Reference: URL:http://www.securityfocus.com/bid/5613 Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication. Modifications: 20040725 ADDREF XF:cisco-vpn-bypass-authentication(10017) 20040725 ADDREF BID:5613 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1092 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1093 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1093 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-html-parser-dos(10018) Reference: URL:http://www.iss.net/security_center/static/10018.php Reference: BID:5615 Reference: URL:http://www.securityfocus.com/bid/5615 HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1093 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1095 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-pptp-dos(10021) Reference: URL:http://www.iss.net/security_center/static/10021.php Reference: BID:5625 Reference: URL:http://www.securityfocus.com/bid/5625 Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1095 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1096 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1096 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: BID:5611 Reference: URL:http://www.securityfocus.com/bid/5611 Reference: XF:cisco-vpn-user-passwords(10019) Reference: URL:http://www.iss.net/security_center/static/10019.php Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1096 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1097 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1097 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-certificate-passwords(10022) Reference: URL:http://www.iss.net/security_center/static/10022.php Reference: BID:5612 Reference: URL:http://www.securityfocus.com/bid/5612 Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1097 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1098 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-xml-filter(10023) Reference: URL:http://www.iss.net/security_center/static/10023.php Reference: BID:5614 Reference: URL:http://www.securityfocus.com/bid/5614 Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1098 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1099 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-web-access(10024) Reference: URL:http://www.iss.net/security_center/static/10024.php Reference: BID:5616 Reference: URL:http://www.securityfocus.com/bid/5616 Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1099 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1102 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1102 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-lan-connection-dos(10027) Reference: URL:http://xforce.iss.net/xforce/xfdb/10027 Reference: BID:5622 Reference: URL:http://www.securityfocus.com/bid/5622 The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection. Modifications: 20040725 ADDREF XF:cisco-vpn-lan-connection-dos(10027) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1102 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1104 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1104 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml Reference: XF:cisco-vpn-tcp-dos(10042) Reference: URL:http://xforce.iss.net/xforce/xfdb/10042 Reference: BID:5649 Reference: URL:http://www.securityfocus.com/bid/5649 Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS). Modifications: 20040725 ADDREF XF:cisco-vpn-tcp-dos(10042) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1104 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1105 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1105 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml Reference: XF:cisco-vpn-obtain-password(10044) Reference: URL:http://xforce.iss.net/xforce/xfdb/10044 Reference: BID:5650 Reference: URL:http://www.securityfocus.com/bid/5650 Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password. Modifications: 20040725 desc - add "local users" 20040725 ADDREF XF:cisco-vpn-obtain-password(10044) 20040725 ADDREF BID:5650 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1105 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(1) Cox REVIEWING(1) Jones Voter Comments: Jones> [JHJ] "...allows local attackers..."? ====================================================== Candidate: CAN-2002-1106 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1106 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml Reference: XF:cisco-vpn-certificate-mitm(10045) Reference: URL:http://xforce.iss.net/xforce/xfdb/10045 Reference: BID:5652 Reference: URL:http://www.securityfocus.com/bid/5652 Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks. Modifications: 20040725 ADDREF XF:cisco-vpn-certificate-mitm(10045) 20040725 ADDREF BID:5652 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1106 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1107 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1107 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml Reference: XF:cisco-vpn-random-numbers(10046) Reference: URL:http://xforce.iss.net/xforce/xfdb/10046 Reference: BID:5653 Reference: URL:http://www.securityfocus.com/bid/5653 Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. Modifications: 20040725 ADDREF XF:cisco-vpn-random-numbers(10046) 20040725 ADDREF BID:5653 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1107 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole MODIFY(1) Jones NOOP(1) Cox Voter Comments: Jones> Suggest changing "...vulnerable to certain attacks such as spoofing." to "vulnerable to certain attacks which exploit this cryptographic weakness." Spoofing is a specific example of a broader class of attacks based on the weak RN generation. ====================================================== Candidate: CAN-2002-1108 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1108 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml Reference: XF:cisco-vpn-tcp-filter(10047) Reference: URL:http://xforce.iss.net/xforce/xfdb/10047 Reference: BID:5651 Reference: URL:http://www.securityfocus.com/bid/5651 Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel. Modifications: ADDREF 20040725 XF:cisco-vpn-tcp-filter(10047) ADDREF 20040725 BID:5651 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1108 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole MODIFY(1) Jones NOOP(1) Cox Voter Comments: Jones> Suggest adding quotes around "all tunnel", e.g., ...configured with "all tunnel" mode..., to remove amiguity. ====================================================== Candidate: CAN-2002-1109 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1109 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CONFIRM:http://marc.theaimsgroup.com/?l=amavis-announce&m=103121272122242&w=2 Reference: BUGTRAQ:20020905 GLSA: amavis Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103124270321404&w=2 Reference: XF:amavis-securetar-tar-dos(10056) Reference: URL:http://www.iss.net/security_center/static/10056.php securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1109 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1111 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978873620491&w=2 Reference: DEBIAN:DSA-153 Reference: URL:http://www.debian.org/security/2002/dsa-153 Reference: BID:5515 Reference: URL:http://www.securityfocus.com/bid/5515 Reference: XF:mantis-limit-reporters-bypass(9898) Reference: URL:http://xforce.iss.net/xforce/xfdb/9898 print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted. Modifications: 20040725 ADDREF XF:mantis-limit-reporters-bypass(9898) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1111 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1112 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1112 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978673018271&w=2 Reference: DEBIAN:DSA-153 Reference: URL:http://www.debian.org/security/2002/dsa-153 Reference: BID:5514 Reference: URL:http://www.securityfocus.com/bid/5514 Reference: XF:mantis-private-project-bug-listing(9899) Reference: URL:http://xforce.iss.net/xforce/xfdb/9899 Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page. Modifications: 20040725 ADDREF XF:mantis-private-project-bug-listing(9899) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1112 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1113 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1113 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020813 mantisbt security flaw Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102927873301965&w=2 Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-04] Arbitrary code execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978924821040&w=2 Reference: DEBIAN:DSA-153 Reference: URL:http://www.debian.org/security/2002/dsa-153 Reference: BID:5504 Reference: URL:http://www.securityfocus.com/bid/5504 Reference: XF:mantis-include-remote-files(9829) Reference: URL:http://xforce.iss.net/xforce/xfdb/9829 Reference: OSVDB:4858 Reference: URL:http://www.osvdb.org/4858 summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code. Modifications: 20040725 ADDREF XF:mantis-include-remote-files(9829) 20040818 ADDREF OSVDB:4858 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1113 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1116 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1116 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on 'View Bugs' Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103014152320112&w=2 Reference: DEBIAN:DSA-161 Reference: URL:http://www.debian.org/security/2002/dsa-161 The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1116 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1117 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1117 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020906 Veritas Backup Exec opens networks for NetBIOS based attacks? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134395124579&w=2 Reference: BUGTRAQ:20020906 UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134930629683&w=2 Reference: CONFIRM:http://seer.support.veritas.com/docs/238618.htm Reference: XF:veritas-backupexec-restrictanonymous-zero(10093) Reference: URL:http://xforce.iss.net/xforce/xfdb/10093 Reference: OSVDB:8230 Reference: URL:http://www.osvdb.org/8230 Reference: OVAL:OVAL1036 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1036.html Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares. Modifications: 20040804 ADDREF XF:veritas-backupexec-restrictanonymous-zero(10093) 20040818 ADDREF OSVDB:8230 20040824 ADDREF OVAL:OVAL1036 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-1117 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1118 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1118 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020909 Category: SF Reference: VULNWATCH:20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf Reference: XF:oracle-net-services-dos(10283) Reference: URL:http://www.iss.net/security_center/static/10283.php Reference: BID:5678 Reference: URL:http://www.securityfocus.com/bid/5678 TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command. Modifications: 20040804 ADDREF BID:5678 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1118 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1119 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1119 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020909 Category: SF Reference: MISC:http://mail.python.org/pipermail/python-dev/2002-August/027229.html Reference: DEBIAN:DSA-159 Reference: URL:http://www.debian.org/security/2002/dsa-159 Reference: CONECTIVA:CLA-2002:527 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000527 Reference: CALDERA:CSSA-2002-045.0 Reference: MANDRAKE:MDKSA-2002:082 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-082.php Reference: REDHAT:RHSA-2002:202 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-202.html Reference: REDHAT:RHSA-2003:048 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-048.html Reference: BUGTRAQ:20030123 [OpenPKG-SA-2003.006] OpenPKG Security Advisory (python) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104333092200589&w=2 Reference: XF:python-execvpe-tmpfile-symlink(10009) Reference: URL:http://www.iss.net/security_center/static/10009.php Reference: BID:5581 Reference: URL:http://www.securityfocus.com/bid/5581 os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:048 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1119 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2003:048 ====================================================== Candidate: CAN-2002-1122 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1122 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020911 Category: SF Reference: VULNWATCH:20020918 Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS Scanner Reference: ISS:20020918 Flaw in Internet Scanner Parsing Mechanism Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21165 Reference: XF:is-http-response-bo(10130) Reference: URL:http://www.iss.net/security_center/static/10130.php Reference: BID:5738 Reference: URL:http://www.securityfocus.com/bid/5738 Reference: OSVDB:3150 Reference: URL:http://www.osvdb.org/3150 Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response. Modifications: 20040818 ADDREF OSVDB:3150 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1122 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1123 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1123 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020911 Category: SF Reference: BUGTRAQ:20020806 SPIKE 2.5 and associated vulns Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865925419469&w=2 Reference: BUGTRAQ:20020807 MS SQL Server Hello Overflow NASL script Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102873609025020&w=2 Reference: MS:MS02-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp Reference: BID:5411 Reference: URL:http://online.securityfocus.com/bid/5411 Reference: XF:mssql-preauth-bo(9788) Reference: URL:http://www.iss.net/security_center/static/9788.php Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow. Modifications: 20040804 [refs] delete extra XF:mssql-preauth-bo(9788) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1123 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1126 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1126 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020917 Category: SF Reference: BUGTRAQ:20020911 Privacy leak in mozilla Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103176760004720&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=145579 Reference: REDHAT:RHSA-2002:192 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html Reference: REDHAT:RHSA-2003:046 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-046.html Reference: MANDRAKE:MDKSA-2002:075 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075 Reference: XF:mozilla-onunload-url-leak(10084) Reference: URL:http://www.iss.net/security_center/static/10084.php Reference: BID:5694 Reference: URL:http://www.securityfocus.com/bid/5694 Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:046 Analysis -------- Vendor Acknowledgement: yes patch INFERRED ACTION: CAN-2002-1126 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2003:046 ====================================================== Candidate: CAN-2002-1132 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1132 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020920 Category: SF Reference: BUGTRAQ:20020919 Squirrel Mail 1.2.7 XSS Exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html Reference: REDHAT:RHSA-2002:204 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-204.html Reference: DEBIAN:DSA-191 Reference: URL:http://www.debian.org/security/2002/dsa-191 Reference: XF:squirrelmail-options-path-disclosure(10345) Reference: URL:http://www.iss.net/security_center/static/10345.php SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. Modifications: 20040804 [desc] remove "and possibly later versions" Analysis -------- Vendor Acknowledgement: yes followup INFERRED ACTION: CAN-2002-1132 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> We have verified through source code inspection that the issue mentioned in CAN-2002-1132 was fixed in upstream Squirrelmail 1.2.8 ====================================================== Candidate: CAN-2002-1135 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1135 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020923 Category: SF Reference: BUGTRAQ:20020922 PHP source injection in phpWebSite Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103279980906880&w=2 Reference: CONFIRM:http://phpwebsite.appstate.edu/article.php?sid=400 Reference: XF:phpwebsite-modsecurity-file-include(10164) Reference: URL:http://www.iss.net/security_center/static/10164.php Reference: BID:5779 Reference: URL:http://www.securityfocus.com/bid/5779 Reference: OSVDB:3848 Reference: URL:http://www.osvdb.org/3848 modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code. Modifications: 20040818 ADDREF OSVDB:3848 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1135 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1137 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1137 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MISC:http://www.scan-associates.net/papers/foxpro.txt Reference: MS:MS02-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp Reference: XF:mssql-dbcc-bo-variant(10255) Reference: URL:http://xforce.iss.net/xforce/xfdb/10255 Reference: BID:5877 Reference: URL:http://www.securityfocus.com/bid/5877 Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. Modifications: 20040804 ADDREF XF:mssql-dbcc-bo-variant(10255) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1137 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1138 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1138 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp Reference: XF:mssql-agent-create-files(10257) Reference: URL:http://www.iss.net/security_center/static/10257.php Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1138 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1139 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1139 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-054 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-054.asp Reference: XF:win-zip-incorrect-path(10252) Reference: URL:http://www.iss.net/security_center/static/10252.php Reference: BID:5876 Reference: URL:http://www.securityfocus.com/bid/5876 The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression." Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1139 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1140 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1140 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-057.asp Reference: XF:sfu-rpc-parameter-bo(10258) Reference: URL:http://www.iss.net/security_center/static/10258.php Reference: BID:5879 Reference: URL:http://www.securityfocus.com/bid/5879 The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service." Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1140 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1141 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1141 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-057.asp Reference: XF:sfu-invalid-rpc-dos(10259) Reference: URL:http://www.iss.net/security_center/static/10259.php Reference: BID:5880 Reference: URL:http://www.securityfocus.com/bid/5880 An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request." Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1141 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1142 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1142 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-065 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-065.asp Reference: VULNWATCH:20021120 Foundstone Advisory Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html Reference: MISC:http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337 Reference: CERT:CA-2002-33 Reference: URL:http://www.cert.org/advisories/CA-2002-33.html Reference: CERT-VN:VU#542081 Reference: URL:http://www.kb.cert.org/vuls/id/542081 Reference: XF:mdac-rds-server-bo(10659) Reference: URL:http://xforce.iss.net/xforce/xfdb/10659 Reference: BID:6214 Reference: URL:http://www.securityfocus.com/bid/6214 Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub. Modifications: 20040804 ADDREF VULNWATCH:20021120 Foundstone Advisory 20040804 ADDREF MISC:http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337 20040804 ADDREF CERT:CA-2002-33 20040804 ADDREF CERT-VN:VU#542081 20040804 ADDREF XF:mdac-rds-server-bo(10659) 20040804 ADDREF BID:6214 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1142 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(2) Christey, Cox Voter Comments: Christey> VULNWATCH:20021120 Foundstone Advisory URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html MISC:http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337 CERT:CA-2002-33 URL:http://www.cert.org/advisories/CA-2002-33.html CERT-VN:VU#542081 URL:http://www.kb.cert.org/vuls/id/542081 XF:mdac-rds-server-bo(10659) URL:http://xforce.iss.net/xforce/xfdb/10659 BID:6214 URL:http://www.securityfocus.com/bid/6214 ====================================================== Candidate: CAN-2002-1146 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1146 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020923 Category: SF Reference: FREEBSD:FreeBSD-SA-02:42 Reference: MANDRAKE:MDKSA-2004:009 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:009 Reference: NETBSD:NetBSD-SA2002-015 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-015.txt.asc Reference: REDHAT:RHSA-2002:197 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-197.html Reference: REDHAT:RHSA-2002:258 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-258.html Reference: REDHAT:RHSA-2003:022 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-022.html Reference: REDHAT:RHSA-2003:212 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-212.html Reference: CERT-VN:VU#738331 Reference: URL:http://www.kb.cert.org/vuls/id/738331 Reference: XF:dns-resolver-lib-read-bo(10295) Reference: URL:http://www.iss.net/security_center/static/10295.php Reference: CONECTIVA:CLA-2002:535 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535 The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). Modifications: 20040804 ADDREF REDHAT:RHSA-2003:022 20040804 ADDREF REDHAT:RHSA-2002:258 20040804 ADDREF MANDRAKE:MDKSA-2004:009 20040818 ADDREF REDHAT:RHSA-2003:212 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1146 ACCEPT (5 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: RHSA-2003:022 Addref: RHSA-2002:258 Christey> MANDRAKE:MDKSA-2004:009 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:009 ====================================================== Candidate: CAN-2002-1147 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1147 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020924 Category: SF Reference: MISC:http://www.tech-serve.com/research/advisories/2002/a092302-1.txt Reference: BUGTRAQ:20020924 HP Procurve 4000M Stacked Switch HTTP Reset Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103287951910420&w=2 Reference: HP:HPSBUX0209-219 Reference: URL:http://online.securityfocus.com/advisories/4501 Reference: BID:5784 Reference: URL:http://www.securityfocus.com/bid/5784 Reference: XF:hp-procurve-http-reset-dos(10172) Reference: URL:http://www.iss.net/security_center/static/10172.php The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1147 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Cole, Armstrong NOOP(1) Cox REVIEWING(1) Green ====================================================== Candidate: CAN-2002-1148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1148 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020924 JSP source code exposure in Tomcat 4.x Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103288242014253&w=2 Reference: DEBIAN:DSA-170 Reference: URL:http://www.debian.org/security/2002/dsa-170 Reference: HP:HPSBUX0212-229 Reference: URL:http://online.securityfocus.com/advisories/4758 Reference: REDHAT:RHSA-2002:217 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-217.html Reference: REDHAT:RHSA-2002:218 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-218.html Reference: BID:5786 Reference: URL:http://www.securityfocus.com/bid/5786 Reference: XF:tomcat-servlet-source-code(10175) Reference: URL:http://www.iss.net/security_center/static/10175.php The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:217 20040804 ADDREF REDHAT:RHSA-2002:218 Analysis -------- Vendor Acknowledgement: unknown vague ACCURACY: The "DSA-169" number was inadvertently published for two separate issues. Debian confirmed via email that DSA-169 is intended for the htcheck issue (CAN-2002-1195), and DSA-170 is intended for the Tomcat issue (CAN-2002-1148). INFERRED ACTION: CAN-2002-1148 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Armstrong MODIFY(1) Cox NOOP(2) Christey, Cole Voter Comments: Christey> DEBIAN:DSA-170 Note: DSA-170 was originally published with the DSA-169 ID, but DSA-169 is really ht://Check, and DSA-170 is really tomcat, as confirmed by Debian via email. The online advisories at www.debian.org are authoritative. Cox> Addref: RHSA-2002:218 Addref: RHSA-2002:217 ====================================================== Candidate: CAN-2002-1151 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1151 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020910 KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103175850925395&w=2 Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020908-2.txt Reference: CALDERA:CSSA-2002-047.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt Reference: CONECTIVA:CLA-2002:525 Reference: DEBIAN:DSA-167 Reference: URL:http://www.debian.org/security/2002/dsa-167 Reference: MANDRAKE:MDKSA-2002:064 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-064.php Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: REDHAT:RHSA-2002:221 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-221.html Reference: BID:5689 Reference: URL:http://online.securityfocus.com/bid/5689 Reference: XF:ie-sameoriginpolicy-bypass(10039) Reference: URL:http://www.iss.net/security_center/static/10039.php Reference: OSVDB:7867 Reference: URL:http://www.osvdb.org/7867 The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:221 20040818 ADDREF OSVDB:7867 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1151 ACCEPT (4 accept, 4 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2002:221 ====================================================== Candidate: CAN-2002-1152 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1152 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020910 KDE Security Advisory: Secure Cookie Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103175827225044&w=2 Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020908-1.txt Reference: REDHAT:RHSA-2002:220 Reference: XF:kde-konqueror-cookie-hijacking(10083) Reference: URL:http://www.iss.net/security_center/static/10083.php Reference: BID:5691 Reference: URL:http://www.securityfocus.com/bid/5691 Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1152 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong ====================================================== Candidate: CAN-2002-1153 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1153 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020919 KPMG-2002035: IBM Websphere Large Header DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103244572803950&w=2 Reference: CONFIRM:ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/pq62144/readme.txt Reference: XF:websphere-host-header-bo(10140) Reference: URL:http://www.iss.net/security_center/static/10140.php Reference: BID:5749 Reference: URL:http://www.securityfocus.com/bid/5749 Reference: OSVDB:2092 Reference: URL:http://www.osvdb.org/2092 IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host". Modifications: 20040818 ADDREF OSVDB:2092 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-1153 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-1154 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1154 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020925 Category: SF Reference: CONFIRM:http://www.analog.cx/security5.html Reference: REDHAT:RHSA-2002:059 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-059.html Reference: XF:analog-anlgform-dos(10344) Reference: URL:http://www.iss.net/security_center/static/10344.php Reference: OSVDB:3779 Reference: URL:http://www.osvdb.org/3779 anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log. Modifications: 20040818 ADDREF REDHAT:RHSA-2002:059 20040818 ADDREF OSVDB:3779 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1154 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1156 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1156 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020926 Category: SF Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04 Reference: CONFIRM:http://www.apache.org/dist/httpd/CHANGES_2.0 Reference: HP:HPSBUX0210-224 Reference: URL:http://online.securityfocus.com/advisories/4617 Reference: CERT-VN:VU#910713 Reference: URL:http://www.kb.cert.org/vuls/id/910713 Reference: BID:6065 Reference: URL:http://online.securityfocus.com/bid/6065 Reference: XF:apache-webdav-cgi-source(10499) Reference: URL:http://xforce.iss.net/xforce/xfdb/10499 Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled. Modifications: 20040804 ADDREF XF:apache-webdav-cgi-source(10499) Analysis -------- Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The change log for 2.0.43 includes the item: "SECURITY: Allow POST requests and CGI scripts to work when DAV is enabled on the location." INFERRED ACTION: CAN-2002-1156 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Baker, Cox, Wall, Cole MODIFY(1) Frech Voter Comments: Frech> XF:apache-webdav-cgi-source(10499) ====================================================== Candidate: CAN-2002-1157 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1157 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020926 Category: SF Reference: CONECTIVA:CLA-2002:541 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541 Reference: DEBIAN:DSA-181 Reference: URL:http://www.debian.org/security/2002/dsa-181 Reference: ENGARDE:ESA-20021029-027 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2512.html Reference: MANDRAKE:MDKSA-2002:072 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php Reference: REDHAT:RHSA-2002:222 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-222.html Reference: REDHAT:RHSA-2002:243 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html Reference: REDHAT:RHSA-2002:244 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html Reference: REDHAT:RHSA-2002:248 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html Reference: REDHAT:RHSA-2002:251 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-251.html Reference: REDHAT:RHSA-2003:106 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-106.html Reference: BUGTRAQ:20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache) Reference: URL:http://online.securityfocus.com/archive/1/296753 Reference: BUGTRAQ:20021026 GLSA: mod_ssl Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html Reference: BID:6029 Reference: URL:http://www.securityfocus.com/bid/6029 Reference: XF:apache-modssl-host-xss(10457) Reference: URL:http://www.iss.net/security_center/static/10457.php Reference: OSVDB:2107 Reference: URL:http://www.osvdb.org/2107 Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:248 20040804 ADDREF REDHAT:RHSA-2002:251 20040804 ADDREF REDHAT:RHSA-2002:222 20040804 ADDREF REDHAT:RHSA-2002:243 20040804 ADDREF REDHAT:RHSA-2002:244 20040818 ADDREF REDHAT:RHSA-2003:106 20040818 ADDREF OSVDB:2107 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1157 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2002:251 Addref: RHSA-2002:248 Addref: RHSA-2002:244 Addref: RHSA-2002:243 Addref: RHSA-2002:222 ====================================================== Candidate: CAN-2002-1158 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1158 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020926 Category: SF Reference: CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt Reference: DEBIAN:DSA-224 Reference: URL:http://www.debian.org/security/2003/dsa-224 Reference: REDHAT:RHSA-2002:246 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-246.html Reference: REDHAT:RHSA-2002:261 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-261.html Reference: REDHAT:RHSA-2003:115 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-115.html Reference: BUGTRAQ:20021220 GLSA: canna Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104041812206344&w=2 Reference: BID:6351 Reference: URL:http://www.securityfocus.com/bid/6351 Reference: XF:canna-irwthrough-bo(10831) Reference: URL:http://xforce.iss.net/xforce/xfdb/10831 Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:261 20040804 ADDREF BID:6351 20040804 ADDREF XF:canna-irwthrough-bo(10831) 20040804 ADDREF DEBIAN:DSA-224 20040804 ADDREF BUGTRAQ:20021220 GLSA: canna 20040804 ADDREF CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt 20040804 [desc] add "irw_through" 20040818 ADDREF REDHAT:RHSA-2003:115 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1158 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2002:261 ====================================================== Candidate: CAN-2002-1159 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1159 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020926 Category: SF Reference: DEBIAN:DSA-224 Reference: URL:http://www.debian.org/security/2003/dsa-224 Reference: REDHAT:RHSA-2002:246 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-246.html Reference: REDHAT:RHSA-2002:261 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-261.html Reference: REDHAT:RHSA-2003:115 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-115.html Reference: CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt Reference: BID:6354 Reference: URL:http://www.securityfocus.com/bid/6354 Reference: XF:canna-improper-request-validation(10832) Reference: URL:http://xforce.iss.net/xforce/xfdb/10832 Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:261 20040804 ADDREF CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt 20040804 ADDREF DEBIAN:DSA-224 20040804 ADDREF BID:6354 20040804 ADDREF XF:canna-improper-request-validation(10832) 20040818 ADDREF REDHAT:RHSA-2003:115 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1159 ACCEPT_ACK (2 accept, 3 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Cox NOOP(1) Cole Voter Comments: Cox> Addref: RHSA-2002:261 ====================================================== Candidate: CAN-2002-1160 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1160 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020926 Category: CF Reference: BUGTRAQ:20021214 BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104431622818954&w=2 Reference: CONECTIVA:CLA-2003:693 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693 Reference: MANDRAKE:MDKSA-2003:017 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:017 Reference: REDHAT:RHSA-2003:028 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-028.html Reference: REDHAT:RHSA-2003:035 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-035.html Reference: SUNALERT:55760 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55760 Reference: CERT-VN:VU#911505 Reference: URL:http://www.kb.cert.org/vuls/id/911505 Reference: BID:6753 Reference: URL:http://www.securityfocus.com/bid/6753 Reference: XF:linux-pamxauth-gain-privileges(11254) Reference: URL:http://www.iss.net/security_center/static/11254.php The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su. Modifications: 20040804 ADDREF CONECTIVA:CLA-2003:693 20040804 ADDREF CERT-VN:VU#911505 20040804 ADDREF SUNALERT:55760 20040818 ADDREF REDHAT:RHSA-2003:028 Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: while the post from Andreas Beck appears to be dated December 14, 2002, it was not actually published until February 3, 2002, as reflected in the Vendor Response section. INFERRED ACTION: CAN-2002-1160 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Green, Cox NOOP(2) Christey, Cole Voter Comments: Green> CLEARLY ACKNOWLEDGED IN THE MANDRAKE SUPPORT ADVISORY Christey> CONECTIVA:CLA-2003:693 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693 ====================================================== Candidate: CAN-2002-1169 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1169 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20030317 Assigned: 20020927 Category: SF Reference: MISC:http://www.rapid7.com/advisories/R7-0007.txt Reference: VULNWATCH:20021023 R7-0007: IBM WebSphere Edge Server Caching Proxy Denial of Service Reference: AIXAPAR:IY35970 Reference: BID:6002 Reference: URL:http://online.securityfocus.com/bid/6002 Reference: XF:ibm-wte-helpout-dos(10452) Reference: URL:http://www.iss.net/security_center/static/10452.php Reference: OSVDB:2090 Reference: URL:http://www.osvdb.org/2090 IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash. Modifications: 20040818 ADDREF OSVDB:2090 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1169 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Green, Armstrong NOOP(2) Cox, Cole Voter Comments: Green> PATCH RELEASED BY VENDOR ====================================================== Candidate: CAN-2002-1170 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1170 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020930 Category: SF Reference: BUGTRAQ:20021002 iDEFENSE Security Advisory 10.02.2002: Net-SNMP DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359362020365&w=2 Reference: BUGTRAQ:20021014 GLSA: net-snmp Reference: MISC:http://www.idefense.com/advisory/10.02.02.txt Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=216532 Reference: REDHAT:RHSA-2002:228 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-228.html The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference. Analysis -------- Vendor Acknowledgement: unknown ACCURACY: While the initial iDEFENSE report said that 5.0.5 was fixed, a followup consultation with the developer indicated that the fix was incorrect, and 5.0.6 is the first fixed version. INFERRED ACTION: CAN-2002-1170 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong ====================================================== Candidate: CAN-2002-1178 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1178 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021003 Category: SF Reference: BUGTRAQ:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103358725813039&w=2 Reference: VULNWATCH:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution Reference: MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt Reference: CONFIRM:http://groups.yahoo.com/group/jetty-announce/message/45 Reference: XF:jetty-cgiservlet-directory-traversal(10246) Reference: URL:http://www.iss.net/security_center/static/10246.php Reference: BID:5852 Reference: URL:http://www.securityfocus.com/bid/5852 Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1178 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1179 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1179 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021004 Category: SF Reference: NTBUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103429637822920&w=2 Reference: NTBUGTRAQ:20021010 Re: Problems applying MS02-058 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103429681123297&w=2 Reference: BUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103435413105661&w=2 Reference: MS:MS02-058 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-058.asp Reference: XF:outlook-smime-bo(10338) Reference: URL:http://www.iss.net/security_center/static/10338.php Reference: BID:5944 Reference: URL:http://www.securityfocus.com/bid/5944 Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1179 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1180 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1180 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: MS:MS02-062 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp Reference: XF:iis-script-source-access-bypass(10504) Reference: URL:http://www.iss.net/security_center/static/10504.php Reference: BID:6071 Reference: URL:http://www.securityfocus.com/bid/6071 Reference: OVAL:OVAL931 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL931.html A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." Modifications: 20040804 ADDREF 20040824 ADDREF OVAL:OVAL931 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1180 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1182 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1182 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: VULNWATCH:20021031 Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0048.html Reference: MS:MS02-062 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp Reference: XF:iis-webdav-memory-allocation-dos(10503) Reference: URL:http://xforce.iss.net/xforce/xfdb/10503 Reference: BID:6070 Reference: URL:http://www.securityfocus.com/bid/6070 Reference: OVAL:OVAL1009 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1009.html Reference: OVAL:OVAL1011 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1011.html IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. Modifications: 20040804 ADDREF XF:iis-webdav-memory-allocation-dos(10503) 20040804 ADDREF BID:6070 20040824 ADDREF OVAL:OVAL1009 20040824 ADDREF OVAL:OVAL1011 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1182 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1183 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1183 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: MS:MS02-050 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-050.asp Reference: XF:ssl-ca-certificate-spoofing(9776) Reference: URL:http://xforce.iss.net/xforce/xfdb/9776 Reference: BID:5410 Reference: URL:http://www.securityfocus.com/bid/5410 Reference: OVAL:OVAL1059 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1059.html Reference: OVAL:OVAL1455 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1455.html Reference: OVAL:OVAL2108 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL2108.html Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). Modifications: 20040804 ADDREF XF:ssl-ca-certificate-spoofing(9776) 20040804 ADDREF BID:5410 20040824 ADDREF OVAL:OVAL1059 20040824 ADDREF OVAL:OVAL1455 20040824 ADDREF OVAL:OVAL2108 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1183 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1184 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1184 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021004 Category: CF Reference: MS:MS02-064 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-064.asp Reference: XF:win2k-partition-weak-permissions(9779) Reference: URL:http://xforce.iss.net/xforce/xfdb/9779 Reference: BID:5415 Reference: URL:http://www.securityfocus.com/bid/5415 The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. Modifications: 20040804 ADDREF XF:win2k-partition-weak-permissions(9779) 20040804 ADDREF BID:5415 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1184 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1185 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1185 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: VULNWATCH:20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html Reference: BUGTRAQ:20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103970996205091&w=2 Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: XF:ie-png-bo(10662) Reference: URL:http://www.iss.net/security_center/static/10662.php Reference: BID:6216 Reference: URL:http://online.securityfocus.com/bid/6216 Reference: OVAL:OVAL393 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL393.html Reference: OVAL:OVAL542 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL542.html Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." Modifications: 20040824 ADDREF OVAL:OVAL393 20040824 ADDREF OVAL:OVAL542 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1185 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1186 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1186 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: BUGTRAQ:20020903 MSIEv6 % encoding causes a problem again Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: XF:ie-sameoriginpolicy-bypass(10039) Reference: URL:http://www.iss.net/security_center/static/10039.php Reference: BID:5610 Reference: URL:http://online.securityfocus.com/bid/5610 Reference: OVAL:OVAL143 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL143.html Reference: OVAL:OVAL471 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL471.html Reference: OVAL:OVAL495 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL495.html Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." Modifications: 20040824 ADDREF OVAL:OVAL143 20040824 ADDREF OVAL:OVAL471 20040824 ADDREF OVAL:OVAL495 Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: Microsoft confirmed via email that this item addresses the specified Bugtraq post. INFERRED ACTION: CAN-2002-1186 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1187 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1187 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: BUGTRAQ:20020909 Who framed Internet Explorer (GM#010-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103158601431054&w=2 Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: XF:ie-frame-script-execution (10066) Reference: URL:http://www.iss.net/security_center/static/10066.php Reference: BID:5672 Reference: URL:http://online.securityfocus.com/bid/5672 Reference: OSVDB:2998 Reference: URL:http://www.osvdb.org/2998 Reference: OVAL:OVAL203 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL203.html Reference: OVAL:OVAL225 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL225.html Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource. Modifications: 20040818 ADDREF OSVDB:2998 20040824 ADDREF OVAL:OVAL203 20040824 ADDREF OVAL:OVAL225 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1187 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1188 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1188 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: BUGTRAQ:20020912 LEVERAGING CROSS-PROTOCOL SCRIPTING IN MSIE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184415307193&w=2 Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: BID:6217 Reference: URL:http://www.securityfocus.com/bid/6217 Reference: XF:ie-object-read-tif(10665) Reference: URL:http://www.iss.net/security_center/static/10665.php Reference: OVAL:OVAL444 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL444.html Reference: OVAL:OVAL690 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL690.html Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading." Modifications: 20040804 ADDREF BID:6217 20040824 ADDREF OVAL:OVAL444 20040824 ADDREF OVAL:OVAL690 Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: Microsoft confirmed via email that this item addresses the specified Bugtraq post. INFERRED ACTION: CAN-2002-1188 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1189 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1189 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021004 Category: SF Reference: CISCO:20021004 Predefined Restriction Tables Allow Calls to International Operator Reference: URL:http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml Reference: XF:cisco-unity-insecure-configuration(10282) Reference: URL:http://www.iss.net/security_center/static/10282.php Reference: BID:5896 Reference: URL:http://www.securityfocus.com/bid/5896 The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1189 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1193 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021008 Category: SF Reference: DEBIAN:DSA-172 Reference: URL:http://www.debian.org/security/2002/dsa-172 Reference: XF:tkmail-tmp-file-symlink(10307) Reference: URL:http://www.iss.net/security_center/static/10307.php Reference: BID:5911 Reference: URL:http://www.securityfocus.com/bid/5911 tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1193 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1195 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1195 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20020912 ht://Check XSS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184269605160&w=2 Reference: DEBIAN:DSA-169 Reference: URL:http://www.debian.org/security/2002/dsa-169 Reference: XF:htcheck-server-header-xss(10089) Reference: URL:http://www.iss.net/security_center/static/10089.php Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page. Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: The "DSA-169" number was inadvertently published for two separate issues. Debian confirmed via email that DSA-169 is intended for the htcheck issue (CAN-2002-1195), and DSA-170 is intended for the Tomcat issue (CAN-2002-1148). INFERRED ACTION: CAN-2002-1195 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> DEBIAN:DSA-169 Note: DSA-170 was originally published with the DSA-169 ID, but DSA-169 is really ht://Check, and DSA-170 is really tomcat, as confirmed by Debian via email. The online advisories at www.debian.org are authoritative. ====================================================== Candidate: CAN-2002-1196 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1196 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12 Reference: DEBIAN:DSA-173 Reference: URL:http://www.debian.org/security/2002/dsa-173 Reference: BID:5843 Reference: URL:http://www.securityfocus.com/bid/5843 Reference: XF:bugzilla-usebuggroups-permissions-leak(10233) Reference: URL:http://www.iss.net/security_center/static/10233.php editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. Modifications: 20040804 ADDREF BID:5843 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1196 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> ADDREF BID:5843 URL:http://www.securityfocus.com/bid/5843 ====================================================== Candidate: CAN-2002-1197 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1197 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=163024 Reference: XF:bugzilla-emailappend-command-injection(10234) Reference: URL:http://www.iss.net/security_center/static/10234.php bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1197 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(3) Christey, Cox, Wall Voter Comments: Christey> Via email, Debian said that they are NOT vulnerable to this issue, because the bug is in a "contrib" package and not part of the core product. ====================================================== Candidate: CAN-2002-1198 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1198 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=165221 Reference: XF:bugzilla-email-sql-injection(10235) Reference: URL:http://www.iss.net/security_center/static/10235.php Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1198 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(3) Christey, Cox, Wall Voter Comments: Christey> Via email, Debian said that they are NOT vulnerable to this issue. ====================================================== Candidate: CAN-2002-1199 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1199 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021011 Category: SF Reference: BUGTRAQ:20021010 Multiple vendor ypxfrd map handling vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103426842025029&w=2 Reference: CALDERA:CSSA-2002-SCO.40 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40 Reference: COMPAQ:SSRT2339 Reference: SUNALERT:47903 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47903 Reference: CERT-VN:VU#538033 Reference: URL:http://www.kb.cert.org/vuls/id/538033 Reference: XF:ypxfrd-file-disclosure(10329) Reference: URL:http://www.iss.net/security_center/static/10329.php Reference: BID:5937 Reference: URL:http://www.securityfocus.com/bid/5937 The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments. Modifications: 20040804 [refs] normalize SUNALERT ref Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1199 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1200 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1200 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021011 Category: SF Reference: CONFIRM:http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt Reference: BUGTRAQ:20021010 syslog-ng buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103426595021928&w=2 Reference: DEBIAN:DSA-175 Reference: URL:http://www.debian.org/security/2002/dsa-175 Reference: ENGARDE:ESA-20021016-025 Reference: ENGARDE:ESA-20021029-028 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2513.html Reference: CONECTIVA:CLA-2002:547 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000547 Reference: SUSE:SuSE-SA:2002:039 Reference: URL:http://www.suse.com/de/security/2002_039_syslog_ng.html Reference: BID:5934 Reference: URL:http://www.securityfocus.com/bid/5934 Reference: XF:syslogng-macro-expansion-bo(10339) Reference: URL:http://www.iss.net/security_center/static/10339.php Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1200 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1211 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1211 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021014 Category: SF Reference: MISC:http://www.idefense.com/advisory/10.31.02b.txt Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616306403031&w=2 Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0050.html Reference: XF:prometheus-php-file-include(10515) Reference: URL:http://www.iss.net/security_center/static/10515.php Reference: BID:6087 Reference: URL:http://www.securityfocus.com/bid/6087 Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.php, (2) install.php, or (3) various test_*.php scripts. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1211 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1214 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1214 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021014 Category: SF Reference: BUGTRAQ:20020926 Microsoft PPTP Server and Client remote vulnerability Reference: URL:http://online.securityfocus.com/archive/1/293146 Reference: MS:MS02-063 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-063.asp Reference: XF:win-pptp-packet-bo (10199) Reference: URL:http://www.iss.net/security_center/static/10199.php Reference: BID:5807 Reference: URL:http://online.securityfocus.com/bid/5807 Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1214 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox Voter Comments: Green> ACKNOWLEDGED IN http://www.microsoft.com/technet/security/bulletin/ms02-063.asp ====================================================== Candidate: CAN-2002-1219 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021016 Category: SF Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8 Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2 Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html Reference: CERT:CA-2002-31 Reference: URL:http://www.cert.org/advisories/CA-2002-31.html Reference: CERT-VN:VU#852283 Reference: URL:http://www.kb.cert.org/vuls/id/852283 Reference: FREEBSD:FreeBSD-SA-02:43 Reference: ENGARDE:ESA-20021114-029 Reference: SUSE:SuSE-SA:2002:044 Reference: MANDRAKE:MDKSA-2002:077 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php Reference: DEBIAN:DSA-196 Reference: URL:http://www.debian.org/security/2002/dsa-196 Reference: CONECTIVA:CLA-2002:546 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546 Reference: CALDERA:CSSA-2003-SCO.2 Reference: CIAC:N-013 Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) Reference: URL:http://online.securityfocus.com/archive/1/300019 Reference: COMPAQ:SSRT2408 Reference: URL:http://online.securityfocus.com/advisories/4999 Reference: SGI:20021201-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2 Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818 Reference: BID:6160 Reference: URL:http://www.securityfocus.com/bid/6160 Reference: XF:bind-sig-rr-bo(10304) Reference: URL:http://xforce.iss.net/xforce/xfdb/10304 Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). Modifications: 20040804 ADDREF XF:bind-sig-rr-bo(10304) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1219 ACCEPT (4 accept, 11 ack, 0 review) Current Votes: ACCEPT(4) Baker, Cox, Wall, Cole MODIFY(1) Frech Voter Comments: Frech> XF:bind-sig-rr-bo(10304) ====================================================== Candidate: CAN-2002-1220 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1220 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021016 Category: SF Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8 Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2 Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html Reference: CERT:CA-2002-31 Reference: URL:http://www.cert.org/advisories/CA-2002-31.html Reference: CERT-VN:VU#229595 Reference: URL:http://www.kb.cert.org/vuls/id/229595 Reference: FREEBSD:FreeBSD-SA-02:43 Reference: ENGARDE:ESA-20021114-029 Reference: SUSE:SuSE-SA:2002:044 Reference: MANDRAKE:MDKSA-2002:077 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php Reference: DEBIAN:DSA-196 Reference: URL:http://www.debian.org/security/2002/dsa-196 Reference: CALDERA:CSSA-2003-SCO.2 Reference: CIAC:N-013 Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) Reference: URL:http://online.securityfocus.com/archive/1/300019 Reference: COMPAQ:SSRT2408 Reference: URL:http://online.securityfocus.com/advisories/4999 Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2 Reference: XF:bind-opt-rr-dos(10332) Reference: URL:http://xforce.iss.net/xforce/xfdb/10332 Reference: BID:6161 Reference: URL:http://www.securityfocus.com/bid/6161 BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size. Modifications: 20040804 ADDREF XF:bind-opt-rr-dos(10332) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1220 ACCEPT (4 accept, 10 ack, 0 review) Current Votes: ACCEPT(4) Baker, Cox, Wall, Cole MODIFY(1) Frech Voter Comments: Frech> XF:bind-opt-rr-dos(10332) ====================================================== Candidate: CAN-2002-1221 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021016 Category: SF Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8 Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2 Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html Reference: CERT:CA-2002-31 Reference: URL:http://www.cert.org/advisories/CA-2002-31.html Reference: CERT-VN:VU#581682 Reference: URL:http://www.kb.cert.org/vuls/id/581682 Reference: FREEBSD:FreeBSD-SA-02:43 Reference: ENGARDE:ESA-20021114-029 Reference: SUSE:SuSE-SA:2002:044 Reference: MANDRAKE:MDKSA-2002:077 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php Reference: DEBIAN:DSA-196 Reference: URL:http://www.debian.org/security/2002/dsa-196 Reference: CONECTIVA:CLA-2002:546 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546 Reference: CALDERA:CSSA-2003-SCO.2 Reference: CIAC:N-013 Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) Reference: URL:http://online.securityfocus.com/archive/1/300019 Reference: COMPAQ:SSRT2408 Reference: URL:http://online.securityfocus.com/advisories/4999 Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2 Reference: XF:bind-null-dereference-dos(10333) Reference: URL:http://xforce.iss.net/xforce/xfdb/10333 Reference: BID:6159 Reference: URL:http://www.securityfocus.com/bid/6159 BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. Modifications: 20040804 ADDREF XF:bind-null-dereference-dos(10333) 20040804 ADDREF BID:6159 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1221 ACCEPT (4 accept, 10 ack, 0 review) Current Votes: ACCEPT(4) Baker, Cox, Wall, Cole MODIFY(1) Frech Voter Comments: Frech> XF:bind-null-dereference-dos(10333) ====================================================== Candidate: CAN-2002-1222 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1222 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: CISCO:20021016 Cisco CatOS Embedded HTTP Server Buffer Overflow Reference: URL:http://www.cisco.com/warp/public/707/catos-http-overflow-vuln.shtml Reference: XF:cisco-catalyst-ciscoview-bo(10382) Reference: URL:http://www.iss.net/security_center/static/10382.php Reference: BID:5976 Reference: URL:http://www.securityfocus.com/bid/5976 Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1222 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1223 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1223 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: BUGTRAQ:20021009 KDE Security Advisory: KGhostview Arbitary Code Execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0163.html Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-1.txt Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: MANDRAKE:MDKSA-2002:071 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:071 Reference: XF:gsview-dsc-ps-bo(11319) Reference: URL:http://www.iss.net/security_center/static/11319.php Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. Analysis -------- Vendor Acknowledgement: yes advisory ABSTRACTION: CAN-2002-0838 and CAN-2002-1223 are different overflows that stem from different packages. The KDE security advisory makes this clear. Therefore CD:SF-LOC suggests keeping them SPLIT. INFERRED ACTION: CAN-2002-1223 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cox, Cole ====================================================== Candidate: CAN-2002-1224 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1224 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-2.txt Reference: REDHAT:RHSA-2002:220 Reference: BUGTRAQ:20021009 KDE Security Advisory: kpf Directory traversal Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0164.html Reference: BUGTRAQ:20021011 Security hole in kpf - KDE personal fileserver. Reference: URL:http://online.securityfocus.com/archive/1/294991 Reference: XF:kpf-icon-view-files(10347) Reference: URL:http://www.iss.net/security_center/static/10347.php Reference: BID:5951 Reference: URL:http://www.securityfocus.com/bid/5951 Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1224 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong ====================================================== Candidate: CAN-2002-1227 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1227 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: DEBIAN:DSA-177 Reference: URL:http://www.debian.org/security/2002/dsa-177 Reference: XF:pam-disabled-bypass-authentication(10405) Reference: URL:http://www.iss.net/security_center/static/10405.php Reference: BID:5994 Reference: URL:http://www.securityfocus.com/bid/5994 PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1227 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2002-1230 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1230 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021021 Category: SF Reference: MISC:http://getad.chat.ru/ Reference: MISC:http://www.packetstormsecurity.nl/filedesc/GetAd.c.html Reference: MS:MS02-071 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-071.asp Reference: BID:5927 Reference: URL:http://online.securityfocus.com/bid/5927 Reference: XF:win-netdde-gain-privileges(10343) Reference: URL:http://www.iss.net/security_center/static/10343.php NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation." Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1230 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Green, Wall NOOP(2) Cox, Cole Voter Comments: Green> ACKNOWLEDGED IN http://www.microsoft.com/technet/security/bulletin/ms02-071.asp ====================================================== Candidate: CAN-2002-1231 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1231 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021021 Category: SF Reference: CALDERA:CSSA-2002-SCO.41 Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.41 Reference: XF:openunix-unixware-rcp-dos(10425) Reference: URL:http://www.iss.net/security_center/static/10425.php Reference: BID:6025 Reference: URL:http://www.securityfocus.com/bid/6025 SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1231 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1232 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1232 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021022 Category: SF Reference: CALDERA:CSSA-2002-054.0 Reference: CONECTIVA:CLA-2002:539 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539 Reference: DEBIAN:DSA-180 Reference: URL:http://www.debian.org/security/2002/dsa-180 Reference: HP:HPSBTL0210-074 Reference: URL:http://online.securityfocus.com/advisories/4605 Reference: MANDRAKE:MDKSA-2002:078 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php Reference: REDHAT:RHSA-2002:223 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-223.html Reference: REDHAT:RHSA-2002:224 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-224.html Reference: REDHAT:RHSA-2003:229 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-229.html Reference: BUGTRAQ:20021028 GLSA: ypserv Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103582692228894&w=2 Reference: BID:6016 Reference: URL:http://www.securityfocus.com/bid/6016 Reference: XF:ypserv-map-memory-leak(10423) Reference: URL:http://www.iss.net/security_center/static/10423.php Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:224 20040818 ADDREF REDHAT:RHSA-2003:229 Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: Via email, Thorsten Kukuk (the developer) clarified that this is a basic memory leak, and not an information leak of old domain/map names, which was suggested in some vendor advisories. ACCURACY: an early version of MANDRAKE:MDKSA-2002:078 included a description that discussed the ypserv issue, but its references were for other problems. Mandrake has confirmed that MDKSA-2002:078 is intended for CAN-2002-1232 only. INFERRED ACTION: CAN-2002-1232 ACCEPT (4 accept, 4 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref RHSA-2002:224 ====================================================== Candidate: CAN-2002-1236 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1236 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021024 Category: SF Reference: MISC:http://www.idefense.com/advisory/10.31.02a.txt Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616324103171&w=2 Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0049.html Reference: XF:linksys-etherfast-gozila-dos(10514) Reference: URL:http://www.iss.net/security_center/static/10514.php Reference: BID:6086 Reference: URL:http://www.securityfocus.com/bid/6086 The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1236 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall Voter Comments: Green> RELEASED IN DEC., 2002 IS REPORTED TO CORRECT THE PROBLEM ====================================================== Candidate: CAN-2002-1239 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1239 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: BUGTRAQ:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103679043232178&w=2 Reference: VULNWATCH:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0066.html Reference: MISC:http://www.idefense.com/advisory/11.08.02b.txt Reference: XF:qnx-rtos-gain-privileges(10564) Reference: URL:http://www.iss.net/security_center/static/10564.php Reference: BID:6146 Reference: URL:http://www.securityfocus.com/bid/6146 QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1239 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall Voter Comments: Green> QNX ACKNOWNLEDGED THE ISSUE AND CORRECTED IT IN CURRENT VERSION RELEASED JAN. 2003 ====================================================== Candidate: CAN-2002-1242 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1242 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/10.31.02c.txt Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616324103171&w=2 Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html Reference: XF:phpnuke-accountmanager-sql-injection(10516) Reference: URL:http://www.iss.net/security_center/static/10516.php Reference: BID:6088 Reference: URL:http://www.securityfocus.com/bid/6088 Reference: OSVDB:6244 Reference: URL:http://www.osvdb.org/6244 SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php. Modifications: 20040818 ADDREF OSVDB:6244 Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1242 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Baker, Balinsky, Cole, Armstrong NOOP(2) Cox, Wall Voter Comments: Balinsky> Vendor acknowledged problem in its fix: http://phpnuke.org/modules.php?name=News&file=article&sid=5647 ====================================================== Candidate: CAN-2002-1244 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1244 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021101 Category: SF Reference: BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103642642802889&w=2 Reference: VULNWATCH:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0057.html Reference: CONFIRM:http://www.pablovandermeer.nl/ftpserver.zip Reference: BID:6099 Reference: URL:http://www.securityfocus.com/bid/6099 Reference: XF:pablo-ftp-username-dos(10532) Reference: URL:http://www.iss.net/security_center/static/10532.php Reference: OSVDB:4996 Reference: URL:http://www.osvdb.org/4996 Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command. Modifications: 20040804 [refs] remove dupe XF:pablo-ftp-username-dos(10532) 20040818 ADDREF OSVDB:4996 Analysis -------- Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the "whatsnew.txt" file includes an item for version 1.51, dated 11/01/2002, which says "Fixed security vulnerability: sending %n%n%n (and other c-formating strings) c rashed the system (thanks to www.idefense.com) [the discloser]." INFERRED ACTION: CAN-2002-1244 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1245 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1245 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/11.06.02.txt Reference: BUGTRAQ:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103660334009855&w=2 Reference: VULNWATCH:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0062.html Reference: DEBIAN:DSA-189 Reference: URL:http://www.debian.org/security/2002/dsa-189 Reference: XF:luxman-maped-read-memory(10549) Reference: URL:http://www.iss.net/security_center/static/10549.php Reference: BID:6113 Reference: URL:http://www.securityfocus.com/bid/6113 Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1245 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1248 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1248 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103642597302308&w=2 Reference: MISC:http://www.idefense.com/advisory/11.04.02b.txt Reference: XF:xeneo-php-dos(10534) Reference: URL:http://www.iss.net/security_center/static/10534.php Reference: BID:6098 Reference: URL:http://www.securityfocus.com/bid/6098 Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1248 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1250 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1250 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/11.01.02.txt Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html Reference: XF:abuse-net-command-bo(10519) Reference: URL:http://www.iss.net/security_center/static/10519.php Reference: BID:6094 Reference: URL:http://www.securityfocus.com/bid/6094 Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1250 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Balinsky, Wall ====================================================== Candidate: CAN-2002-1251 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1251 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: DEBIAN:DSA-186 Reference: URL:http://www.debian.org/security/2002/dsa-186 Reference: XF:log2mail-log-file-bo(10527) Reference: URL:http://www.iss.net/security_center/static/10527.php Reference: BID:6089 Reference: URL:http://www.securityfocus.com/bid/6089 Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to execute arbitrary code via a long log message. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1251 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1252 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1252 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021101 Category: SF Reference: ISS:20030120 PeopleSoft XML External Entities Vulnerability Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811 Reference: BID:6647 Reference: URL:http://www.securityfocus.com/bid/6647 Reference: XF:peoplesoft-xxe-read-files(10520) Reference: URL:http://www.iss.net/security_center/static/10520.php The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler. Modifications: 20040804 ADDREF BID:6647 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1252 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Baker NOOP(4) Green, Cox, Wall, Cole ====================================================== Candidate: CAN-2002-1253 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1253 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/11.01.02.txt Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html Reference: XF:abuse-lisp-gain-privileges(11300) Reference: URL:http://www.iss.net/security_center/static/11300.php Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1253 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Balinsky, Wall ====================================================== Candidate: CAN-2002-1255 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1255 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-067 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-067.asp Reference: XF:outlook-email-header-dos(10763) Reference: URL:http://xforce.iss.net/xforce/xfdb/10763 Reference: BID:6319 Reference: URL:http://www.securityfocus.com/bid/6319 Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail." Modifications: 20040804 ADDREF XF:outlook-email-header-dos(10763) 20040804 ADDREF BID:6319 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1255 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1256 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1256 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-070 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-070.asp Reference: XF:win-smb-policy-modification(10843) Reference: URL:http://xforce.iss.net/xforce/xfdb/10843 Reference: BID:6367 Reference: URL:http://www.securityfocus.com/bid/6367 Reference: OVAL:OVAL277 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL277.html The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller. Modifications: 20040804 ADDREF XF:win-smb-policy-modification(10843) 20040804 ADDREF BID:6367 20040824 ADDREF OVAL:OVAL277 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1256 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(2) Christey, Cox Voter Comments: Christey> XF:win-smb-policy-modification (10843) URL:http://www.iss.net/security_center/static/10843.php BID:6367 URL:http://www.securityfocus.com/bid/6367 ====================================================== Candidate: CAN-2002-1257 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1257 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp Reference: BID:6371 Reference: URL:http://www.securityfocus.com/bid/6371 Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail. Modifications: 20040804 ADDREF BID:6371 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1257 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1260 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1260 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp Reference: XF:msvm-jdbc-gain-access(10833) Reference: URL:http://xforce.iss.net/xforce/xfdb/10833 Reference: BID:6379 Reference: URL:http://www.securityfocus.com/bid/6379 The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet. Modifications: 20040804 ADDREF XF:msvm-jdbc-gain-access(10833) 20040804 ADDREF BID:6379 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1260 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1264 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1264 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: BUGTRAQ:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103643298712284&w=2 Reference: VULNWATCH:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf Reference: XF:oracle-isqlplus-userid-bo(10524) Reference: URL:http://www.iss.net/security_center/static/10524.php Reference: BID:6085 Reference: URL:http://www.securityfocus.com/bid/6085 Reference: OSVDB:4013 Reference: URL:http://www.osvdb.org/4013 Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL. Modifications: 20040818 ADDREF OSVDB:4013 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1264 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-1265 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1265 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CERT-VN:VU#266817 Reference: URL:http://www.kb.cert.org/vuls/id/266817 Reference: HP:HPSBUX01020 Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0800.1 Reference: SGI:20021103-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021103-01-P Reference: SUNALERT:51082 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51082 Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: BID:6103 Reference: URL:http://www.securityfocus.com/bid/6103 Reference: XF:sun-rpc-libc-dos(10539) Reference: URL:http://www.iss.net/security_center/static/10539.php The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). Modifications: 20040804 ADDREF HP:HPSBUX01020 20040804 ADDREF SUNALERT:51082 20040804 ADDREF BID:6103 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1265 ACCEPT (4 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1266 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1266 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: XF:macos-disk-image-privileges(10818) Reference: URL:http://xforce.iss.net/xforce/xfdb/10818 Reference: OSVDB:7057 Reference: URL:http://www.osvdb.org/7057 Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File." Modifications: 20040804 ADDREF XF:macos-disk-image-privileges(10818) 20040818 ADDREF OSVDB:7057 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1266 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1267 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1267 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: XF:macos-cups-dos(10824) Reference: URL:http://xforce.iss.net/xforce/xfdb/10824 Reference: OSVDB:7058 Reference: URL:http://www.osvdb.org/7058 Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible." Modifications: 20040804 ADDREF XF:macos-cups-dos(10824) 20040818 ADDREF OSVDB:7058 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1267 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1268 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1268 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: XF:macos-iso9600-gain-privileges(10828) Reference: URL:http://xforce.iss.net/xforce/xfdb/10828 Reference: OSVDB:7059 Reference: URL:http://www.osvdb.org/7059 Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD." Modifications: 20040804 ADDREF XF:macos-iso9600-gain-privileges(10828) 20040818 ADDREF OSVDB:7059 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1268 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1270 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1270 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: XF:macos-mach-read-files(10829) Reference: URL:http://xforce.iss.net/xforce/xfdb/10829 Reference: OSVDB:7060 Reference: URL:http://www.osvdb.org/7060 Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call. Modifications: 20040804 ADDREF XF:macos-mach-read-files(10829) 20040818 ADDREF OSVDB:7060 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1270 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1271 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1271 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021105 Category: SF Reference: DEBIAN:DSA-386 Reference: URL:http://www.debian.org/security/2003/dsa-386 Reference: MANDRAKE:MDKSA-2002:076 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php Reference: SUSE:SuSE-SA:2002:041 Reference: URL:http://www.suse.de/de/security/2002_041_perl_mailtools.html Reference: BUGTRAQ:20021106 GLSA: MailTools Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103659723101369&w=2 Reference: BUGTRAQ:20021108 [Security Announce] Re: MDKSA-2002:076 - perl-MailTools update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103679569705086&w=2 Reference: XF:mail-mailer-command-execution(10548) Reference: URL:http://www.iss.net/security_center/static/10548.php Reference: BID:6104 Reference: URL:http://www.securityfocus.com/bid/6104 The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx. Modifications: 20040804 ADDREF DEBIAN:DSA-386 Analysis -------- Vendor Acknowledgement: yes advisory Note: Debian has stated that they are not vulnerable. INFERRED ACTION: CAN-2002-1271 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> DEBIAN:DSA-386 URL:http://www.debian.org/security/2003/dsa-386 ====================================================== Candidate: CAN-2002-1272 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1272 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021106 Category: SF Reference: CERT:CA-2002-32 Reference: URL:http://www.cert.org/advisories/CA-2002-32.html Reference: CERT-VN:VU#181721 Reference: URL:http://www.kb.cert.org/vuls/id/181721 Reference: BID:6220 Reference: URL:http://online.securityfocus.com/bid/6220 Reference: XF:alcatel-omniswitch-backdoor(10664) Reference: URL:http://xforce.iss.net/xforce/xfdb/10664 Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges. Modifications: 20040804 ADDREF XF:alcatel-omniswitch-backdoor(10664) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1272 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Cox, Wall Voter Comments: Frech> XF:alcatel-omniswitch-backdoor(10664) ====================================================== Candidate: CAN-2002-1277 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1277 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021108 Category: SF Reference: DEBIAN:DSA-190 Reference: URL:http://www.debian.org/security/2002/dsa-190 Reference: CONECTIVA:CLA-2002:548 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548 Reference: MANDRAKE:MDKSA-2002:085 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-085.php Reference: REDHAT:RHSA-2003:009 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-009.html Reference: REDHAT:RHSA-2003:043 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-043.html Reference: XF:window-maker-image-bo(10560) Reference: URL:http://www.iss.net/security_center/static/10560.php Reference: BID:6119 Reference: URL:http://www.securityfocus.com/bid/6119 Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1277 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong NOOP(1) Christey Voter Comments: Christey> REDHAT:RHSA-2003:009 URL:http://www.redhat.com/support/errata/RHSA-2003-009.html ====================================================== Candidate: CAN-2002-1278 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1278 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021108 Category: CF Reference: CONECTIVA:CLA-2002:544 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000544 Reference: XF:linuxconf-sendmail-mail-relay(10554) Reference: URL:http://www.iss.net/security_center/static/10554.php Reference: BID:6118 Reference: URL:http://www.securityfocus.com/bid/6118 Reference: OSVDB:6066 Reference: URL:http://www.osvdb.org/6066 The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email. Modifications: 20040804 [desc] add "and possibly other distros" and 1.28 20040818 ADDREF OSVDB:6066 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1278 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> This is an issue that does not just affect Conectiva Linux, so perhaps remove or add "and possibly other distributions". This is fixed in Linuxconf 1.28 ====================================================== Candidate: CAN-2002-1284 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1284 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021112 Category: SF Reference: CONFIRM:http://devel-home.kde.org/~kgpg/bug.html Reference: BUGTRAQ:20021110 GLSA: kgpg Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103702926611286&w=2 Reference: XF:kgpg-wizard-empty-password(10629) Reference: URL:http://xforce.iss.net/xforce/xfdb/10629 Reference: BID:6152 Reference: URL:http://www.securityfocus.com/bid/6152 The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers to steal the keys if they can be read. Modifications: 20040804 ADDREF XF:kgpg-wizard-empty-password(10629) 20040804 ADDREF BID:6152 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1284 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1296 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1296 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021113 Category: SF Reference: BUGTRAQ:20021127 Solaris priocntl exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103842619803173&w=2 Reference: CERT-VN:VU#683673 Reference: URL:http://www.kb.cert.org/vuls/id/683673 Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/49131 Reference: BID:6262 Reference: URL:http://online.securityfocus.com/bid/6262 Reference: XF:solaris-priocntl-pcclname-modules(10717) Reference: URL:http://www.iss.net/security_center/static/10717.php Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1296 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1307 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1307 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021115 Category: SF Reference: DEBIAN:DSA-199 Reference: URL:http://www.debian.org/security/2002/dsa-199 Reference: CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200210211713.g9LHDXE02256@mcguire.earlhood.com Reference: BID:6204 Reference: URL:http://online.securityfocus.com/bid/6204 Reference: XF:mhonarc-mime-header-xss(10666) Reference: URL:http://xforce.iss.net/xforce/xfdb/10666 Reference: OSVDB:7353 Reference: URL:http://www.osvdb.org/7353 Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name. Modifications: 20040804 ADDREF XF:mhonarc-mime-header-xss(10666) 20040818 ADDREF OSVDB:7353 Analysis -------- Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: an email posted by the author to the mhonarc-users mailing list on October 21, 2002 indicates acknowledgement. INFERRED ACTION: CAN-2002-1307 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1308 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1308 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021115 Category: SF Reference: BUGTRAQ:20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103730181813075&w=2 Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=157646 Reference: REDHAT:RHSA-2003:162 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-162.html Reference: REDHAT:RHSA-2003:163 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-163.html Reference: XF:mozilla-netscape-jar-bo(10636) Reference: URL:http://xforce.iss.net/xforce/xfdb/10636 Reference: BID:6185 Reference: URL:http://www.securityfocus.com/bid/6185 Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:162 20040804 ADDREF REDHAT:RHSA-2003:163 20040804 ADDREF XF:mozilla-netscape-jar-bo(10636) 20040804 ADDREF BID:6185 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1308 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Baker, Cox NOOP(3) Christey, Wall, Cole REVIEWING(1) Green Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Christey> REDHAT:RHSA-2003:162 URL:http://www.redhat.com/support/errata/RHSA-2003-162.html Christey> REDHAT:RHSA-2003:163 Christey> REDHAT:RHSA-2003:163 URL:http://www.redhat.com/support/errata/RHSA-2003-163.html ====================================================== Candidate: CAN-2002-1311 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1311 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021116 Category: SF Reference: DEBIAN:DSA-197 Reference: URL:http://www.debian.org/security/2002/dsa-197 Reference: BUGTRAQ:20021119 GLSA: courier Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103794021013436&w=2 Reference: XF:courier-mta-insecure-permissions(10643) Reference: URL:http://www.iss.net/security_center/static/10643.php Reference: BID:6189 Reference: URL:http://www.securityfocus.com/bid/6189 Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files. Modifications: 20040804 ADDREF BUGTRAQ:20021119 GLSA: courier 20040804 ADDREF XF:courier-mta-insecure-permissions(10643) 20040804 ADDREF BID:6189 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1311 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> BUGTRAQ:20021119 GLSA: courier URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103794021013436&w=2 XF:courier-mta-insecure-permissions(10643) URL:http://www.iss.net/security_center/static/10643.php BID:6189 URL:http://www.securityfocus.com/bid/6189 ====================================================== Candidate: CAN-2002-1313 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1313 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021118 Category: SF Reference: DEBIAN:DSA-198 Reference: URL:http://www.debian.org/security/2002/dsa-198 Reference: BID:6193 Reference: URL:http://www.securityfocus.com/bid/6193 Reference: XF:nullmailer-nonexistent-user-dos(10649) Reference: URL:http://xforce.iss.net/xforce/xfdb/10649 nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users. Modifications: 20040804 ADDREF XF:nullmailer-nonexistent-user-dos(10649) 20040804 ADDREF BID:6193 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1313 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1317 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1317 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021125 Category: SF Reference: ISS:20021125 Solaris fs.auto Remote Compromise Vulnerability Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541 Reference: BUGTRAQ:20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103825150527843&w=2 Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879 Reference: SGI:20021202-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I Reference: HP:HPSBUX0212-228 Reference: URL:http://www.securityfocus.com/advisories/4988 Reference: CERT:CA-2002-34 Reference: URL:http://www.cert.org/advisories/CA-2002-34.html Reference: CERT-VN:VU#312313 Reference: URL:http://www.kb.cert.org/vuls/id/312313 Reference: CIAC:N-024 Reference: URL:http://www.ciac.org/ciac/bulletins/n-024.shtml Reference: XF:solaris-fsauto-execute-code(10375) Reference: URL:http://www.iss.net/security_center/static/10375.php Reference: BID:6241 Reference: URL:http://www.securityfocus.com/bid/6241 Reference: OVAL:OVAL149 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL149.html Reference: OVAL:OVAL152 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL152.html Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. Modifications: 20040804 ADDREF BID:6241 20040804 ADDREF CERT-VN:VU#312313 20040804 ADDREF CIAC:N-024 20040804 ADDREF HP:HPSBUX0212-228 20040824 ADDREF OVAL:OVAL149 20040824 ADDREF OVAL:OVAL152 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1317 ACCEPT (3 accept, 7 ack, 0 review) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole NOOP(2) Christey, Cox Voter Comments: Christey> BID:6241 URL:http://www.securityfocus.com/bid/6241 CERT-VN:VU#312313 URL:http://www.kb.cert.org/vuls/id/312313 CIAC:N-024 URL:http://www.ciac.org/ciac/bulletins/n-024.shtml HP:HPSBUX0212-228 URL:http://www.securityfocus.com/advisories/4988 ====================================================== Candidate: CAN-2002-1318 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1318 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021125 Category: SF Reference: CONFIRM:http://us1.samba.org/samba/whatsnew/samba-2.2.7.html Reference: CONECTIVA:CLA-2002:550 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000550 Reference: DEBIAN:DSA-200 Reference: URL:http://www.debian.org/security/2002/dsa-200 Reference: HP:HPSBUX0212-230 Reference: URL:http://www.ciac.org/ciac/bulletins/n-023.shtml Reference: MANDRAKE:MDKSA-2002:081 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-081.php Reference: REDHAT:RHSA-2002:266 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-266.html Reference: SGI:20021204-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021204-01-I Reference: SUNALERT:53580 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/53580 Reference: SUSE:SuSE-SA:2002:045 Reference: URL:http://www.suse.de/de/security/2002_045_samba.html Reference: TURBO:TSLSA-2002-0080 Reference: BUGTRAQ:20021121 GLSA: samba Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103801986818076&w=2 Reference: BUGTRAQ:20021129 [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103859045302448&w=2 Reference: CERT-VN:VU#958321 Reference: URL:http://www.kb.cert.org/vuls/id/958321 Reference: XF:samba-password-change-bo(10683) Reference: URL:http://xforce.iss.net/xforce/xfdb/10683 Reference: BID:6210 Reference: URL:http://www.securityfocus.com/bid/6210 Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string. Modifications: 20040804 ADDREF XF:samba-password-change-bo(10683) 20040804 ADDREF BID:6210 20040804 ADDREF SUNALERT:53580 20040804 ADDREF CERT-VN:VU#958321 20040804 ADDREF HP:HPSBUX0212-230 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1318 ACCEPT (4 accept, 7 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong ====================================================== Candidate: CAN-2002-1319 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1319 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021125 Category: SF Reference: BUGTRAQ:20021111 i386 Linux kernel DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103714004623587&w=2 Reference: BUGTRAQ:20021114 Re: i386 Linux kernel DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103737292709297&w=2 Reference: CONECTIVA:CLA-2002:553 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000553 Reference: REDHAT:RHSA-2002:262 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-262.html Reference: REDHAT:RHSA-2002:263 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-263.html Reference: REDHAT:RHSA-2002:264 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-264.html The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:263 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1319 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref :RHSA-2002:263 ====================================================== Candidate: CAN-2002-1320 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1320 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021125 Category: SF Reference: BUGTRAQ:20021107 Remote pine Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103668430620531&w=2 Reference: CONECTIVA:CLA-2002:551 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000551 Reference: ENGARDE:ESA-20021127-032 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html Reference: MANDRAKE:MDKSA-2002:084 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-084.php Reference: REDHAT:RHSA-2002:270 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-270.html Reference: REDHAT:RHSA-2002:271 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-271.html Reference: SUSE:SuSE-SA:2002:046 Reference: URL:http://www.suse.de/de/security/2002_046_pine.html Reference: BUGTRAQ:20021202 GLSA: pine Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103884988306241&w=2 Reference: XF:pine-from-header-dos(10555) Reference: URL:http://www.iss.net/security_center/static/10555.php Reference: BID:6120 Reference: URL:http://www.securityfocus.com/bid/6120 Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a >From header that contains a large number of quotation marks ("). Modifications: 20040804 ADDREF REDHAT:RHSA-2002:271 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1320 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2002:271 ====================================================== Candidate: CAN-2002-1323 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021126 Category: SF Reference: CONFIRM:http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744 Reference: CONFIRM:http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5 Reference: DEBIAN:DSA-208 Reference: URL:http://www.debian.org/security/2002/dsa-208 Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005919814869&w=2 Reference: BUGTRAQ:20021219 TSLSA-2002-0087 - perl Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104033126305252&w=2 Reference: BUGTRAQ:20021220 GLSA: perl Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104040175522502&w=2 Reference: VULNWATCH:20021105 Perl Safe.pm compartment reuse vuln Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html Reference: REDHAT:RHSA-2003:256 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-256.html Reference: REDHAT:RHSA-2003:257 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-257.html Reference: SGI:20030606-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A Reference: CALDERA:CSSA-2004-007.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt Reference: SCO:SCOSA-2004.1 Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt Reference: BID:6111 Reference: URL:http://www.securityfocus.com/bid/6111 Reference: XF:safe-pm-bypass-restrictions(10574) Reference: URL:http://www.iss.net/security_center/static/10574.php Reference: OSVDB:2183 Reference: URL:http://www.osvdb.org/2183 Reference: OSVDB:3814 Reference: URL:http://www.osvdb.org/3814 Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls. Modifications: 20040804 ADDREF SGI:20030606-01-A 20040804 ADDREF REDHAT:RHSA-2003:256 20040804 ADDREF CALDERA:CSSA-2004-007.0 20040804 ADDREF SCO:SCOSA-2004.1 20040818 ADDREF REDHAT:RHSA-2003:257 20040818 ADDREF OSVDB:2183 20040818 ADDREF OSVDB:3814 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1323 ACCEPT (4 accept, 5 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong NOOP(1) Christey Voter Comments: Green> ACKNOWLEDGED BY PERL.ORG Christey> SGI:20030606-01-A URL:ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A Christey> REDHAT:RHSA-2003:256 Christey> CALDERA:CSSA-2004-007.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt Christey> SCO:SCOSA-2004.1 URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt ====================================================== Candidate: CAN-2002-1325 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1325 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021126 Category: SF Reference: MS:MS02-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp Reference: BID:6380 Reference: URL:http://online.securityfocus.com/bid/6380 Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability." Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1325 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Green, Wall NOOP(2) Cox, Cole ====================================================== Candidate: CAN-2002-1327 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1327 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021126 Category: SF Reference: BUGTRAQ:20021219 Foundstone Research Labs Advisory - Exploitable Windows XP Media Files Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104025849109384&w=2 Reference: MS:MS02-072 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-072.asp Reference: CERT:CA-2002-37 Reference: URL:http://www.cert.org/advisories/CA-2002-37.html Reference: CERT-VN:VU#591890 Reference: URL:http://www.kb.cert.org/vuls/id/591890 Reference: XF:winxp-windows-shell-bo(10892) Reference: URL:http://xforce.iss.net/xforce/xfdb/10892 Reference: BID:6427 Reference: URL:http://www.securityfocus.com/bid/6427 Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise." Modifications: 20040804 ADDREF XF:winxp-windows-shell-bo(10892) 20040804 ADDREF BID:6427 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1327 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Baker, Wall, Cole MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:winxp-windows-shell-bo(10892) ====================================================== Candidate: CAN-2002-1336 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1336 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021202 Category: SF Reference: BUGTRAQ:20020724 VNC authentication weakness Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102753170201524&w=2 Reference: BUGTRAQ:20020726 RE: VNC authentication weakness Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102769183913594&w=2 Reference: CONFIRM:http://www.tightvnc.com/WhatsNew.txt Reference: CONECTIVA:CLA-2003:640 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 Reference: MANDRAKE:MDKSA-2003:022 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022 Reference: REDHAT:RHSA-2002:287 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-287.html Reference: REDHAT:RHSA-2003:041 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-041.html Reference: BID:5296 Reference: URL:http://online.securityfocus.com/bid/5296 Reference: XF:vnc-weak-authentication(5992) Reference: URL:http://xforce.iss.net/xforce/xfdb/5992 TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:287 20040804 ADDREF REDHAT:RHSA-2003:041 20040804 ADDREF CONECTIVA:CLA-2003:640 20040804 ADDREF XF:vnc-weak-authentication(5992) Analysis -------- Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: The changelog for 1.2.6 says that it "Fixed a repeated challenge replay attack vulnerability, bugtraq id 5296." INFERRED ACTION: CAN-2002-1336 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: RHSA-2002:287 Addref: RHSA-2003:041 Christey> CONECTIVA:CLA-2003:640 ====================================================== Candidate: CAN-2002-1337 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021203 Category: SF Reference: ISS:20030303 Remote Sendmail Header Processing Vulnerability Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 Reference: CONFIRM:http://www.sendmail.org/8.12.8.html Reference: BUGTRAQ:20030303 sendmail 8.12.8 available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104673778105192&w=2 Reference: BUGTRAQ:20030304 [LSD] Technical analysis of the remote sendmail vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678739608479&w=2 Reference: CERT:CA-2003-07 Reference: URL:http://www.cert.org/advisories/CA-2003-07.html Reference: FREEBSD:FreeBSD-SA-03:04 Reference: REDHAT:RHSA-2003:073 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-073.html Reference: REDHAT:RHSA-2003:074 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-074.html Reference: REDHAT:RHSA-2003:227 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-227.html Reference: SGI:20030301-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P Reference: AIXAPAR:IY40500 Reference: AIXAPAR:IY40501 Reference: AIXAPAR:IY40502 Reference: SUSE:SuSE-SA:2003:013 Reference: MANDRAKE:MDKSA-2003:028 Reference: NETBSD:NetBSD-SA2003-002 Reference: CONECTIVA:CLA-2003:571 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 Reference: DEBIAN:DSA-257 Reference: URL:http://www.debian.org/security/2003/dsa-257 Reference: HP:HPSBUX0302-246 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104679411316818&w=2 Reference: CALDERA:CSSA-2003-SCO.6 Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 Reference: CALDERA:CSSA-2003-SCO.5 Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 Reference: BUGTRAQ:20030304 GLSA: sendmail (200303-4) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678862409849&w=2 Reference: BUGTRAQ:20030303 Fwd: APPLE-SA-2003-03-03 sendmail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678862109841&w=2 Reference: CERT-VN:VU#398025 Reference: URL:http://www.kb.cert.org/vuls/id/398025 Reference: BID:6991 Reference: URL:http://www.securityfocus.com/bid/6991 Reference: XF:sendmail-header-processing-bo(10748) Reference: URL:http://www.iss.net/security_center/static/10748.php Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:074 20040804 ADDREF BID:6991 20040818 ADDREF REDHAT:RHSA-2003:227 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1337 ACCEPT (5 accept, 13 ack, 0 review) Current Votes: ACCEPT(5) Baker, Bollinger, Frech, Wall, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2003:074 ====================================================== Candidate: CAN-2002-1348 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1348 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021210 Category: SF Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=126233 Reference: DEBIAN:DSA-249 Reference: URL:http://www.debian.org/security/2003/dsa-249 Reference: DEBIAN:DSA-250 Reference: URL:http://www.debian.org/security/2003/dsa-250 Reference: DEBIAN:DSA-251 Reference: URL:http://www.debian.org/security/2003/dsa-251 Reference: REDHAT:RHSA-2003:044 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-044.html Reference: REDHAT:RHSA-2003:045 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-045.html Reference: BUGTRAQ:20030217 GLSA: w3m Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104552193927323&w=2 Reference: BID:6794 Reference: URL:http://www.securityfocus.com/bid/6794 Reference: XF:w3m-img-alt-xss(11266) Reference: URL:http://www.iss.net/security_center/static/11266.php w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:045 20040804 ADDREF BID:6794 20040804 ADDREF DEBIAN:DSA-250 20040804 ADDREF DEBIAN:DSA-251 20040818 ADDREF DEBIAN:DSA-249 Analysis -------- Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The changelog for 0.3.2.2 describes "another security vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag in img alt attribute, so malicious frame html may deceive you to access your local files, cookies and so on." NOTE: CAN-2002-1404 was also assigned to this issue. However, it is being rejected in favor of CAN-2002-1348. INFERRED ACTION: CAN-2002-1348 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2003:045 ====================================================== Candidate: CAN-2002-1349 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1349 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021210 Category: SF Reference: BUGTRAQ:20021210 Unchecked buffer in PC-cillin Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103953822705917&w=2 Reference: MISC:http://www.texonet.com/advisories/TEXONET-20021210.txt Reference: CONFIRM:http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982 Reference: CERT-VN:VU#157961 Reference: URL:http://www.kb.cert.org/vuls/id/157961 Reference: BID:6350 Reference: URL:http://www.securityfocus.com/bid/6350 Reference: XF:pccillin-pop3trap-bo(10814) Reference: URL:http://xforce.iss.net/xforce/xfdb/10814 Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3). Modifications: 20040804 ADDREF XF:pccillin-pop3trap-bo(10814) 20040804 ADDREF CERT-VN:VU#157961 20040804 ADDREF BID:6350 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1349 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1350 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1350 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021213 Category: SF Reference: DEBIAN:DSA-206 Reference: URL:http://www.debian.org/security/2002/dsa-206 Reference: MANDRAKE:MDKSA-2003:027 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027 Reference: REDHAT:RHSA-2003:032 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html Reference: REDHAT:RHSA-2003:033 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-033.html Reference: REDHAT:RHSA-2003:214 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html Reference: BUGTRAQ:20021219 TSLSA-2002-0084 - tcpdump Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032975103398&w=2 Reference: MLIST:[tcpdump-workers] 20011015 Bug in print-bgp.c? Reference: URL:http://www.tcpdump.org/lists/workers/2001/10/msg00101.html Reference: BID:6213 Reference: URL:http://www.securityfocus.com/bid/6213 Reference: XF:tcpdump-sizeof-memory-corruption(10695) Reference: URL:http://xforce.iss.net/xforce/xfdb/10695 The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash). Modifications: 20040804 [desc] fix affected versions 20040804 ADDREF REDHAT:RHSA-2003:032 20040804 ADDREF REDHAT:RHSA-2003:033 20040804 ADDREF MANDRAKE:MDKSA-2003:027 20040804 ADDREF MLIST:[tcpdump-workers] 20011015 Bug in print-bgp.c? 20040804 ADDREF XF:tcpdump-sizeof-memory-corruption(10695) 20040804 ADDREF BID:6213 20040818 ADDREF REDHAT:RHSA-2003:214 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1350 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Note that the -2.2 implies a Debian package version where they have backported a security fix to their 3.6.2-2.2 packages. Upstream tcpdump 3.6.* was vulnerable to this issue, it was fixed in 3.7 Addref: RHSA-2003:033 Christey> REDHAT:RHSA-2003:032 URL:http://www.redhat.com/support/errata/RHSA-2003-032.html Christey> MANDRAKE:MDKSA-2003:027 (as suggested by Vincent Danen of Mandrake) Cox> ADDREF: http://www.tcpdump.org/lists/workers/2001/10/msg00101.html This issue is a safety check that is triggered because of a bug; therefore this is soley a Denial of Service vulnerability and would not be able to result in arbitrary code execution. ====================================================== Candidate: CAN-2002-1361 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1361 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021214 Category: SF Reference: BUGTRAQ:20021205 Cobalt RaQ4 Remote root exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103912513522807&w=2 Reference: SUNALERT:49377 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/49377 Reference: CERT:CA-2002-35 Reference: URL:http://www.cert.org/advisories/CA-2002-35.html Reference: CERT-VN:VU#810921 Reference: URL:http://www.kb.cert.org/vuls/id/810921 Reference: CIAC:N-025 Reference: URL:http://www.ciac.org/ciac/bulletins/n-025.shtml Reference: BID:6326 Reference: URL:http://www.securityfocus.com/bid/6326 Reference: XF:cobalt-shp-overflow-privileges(10776) Reference: URL:http://xforce.iss.net/xforce/xfdb/10776 overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter. Modifications: 20040804 ADDREF XF:cobalt-shp-overflow-privileges(10776) 20040804 ADDREF BID:6326 20040804 ADDREF CIAC:N-025 20040804 [refs] normalize SUNALERT Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1361 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Cox, Wall Voter Comments: Frech> XF:cobalt-shp-overflow-privileges(10776) ====================================================== Candidate: CAN-2002-1362 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1362 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021214 Category: SF Reference: DEBIAN:DSA-211 Reference: URL:http://www.debian.org/security/2002/dsa-211 Reference: REDHAT:RHSA-2003:118 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-118.html Reference: XF:micq-0xfe-dos(10872) Reference: URL:http://xforce.iss.net/xforce/xfdb/10872 Reference: BID:6392 Reference: URL:http://www.securityfocus.com/bid/6392 mICQ 0.4.9 and earlier allows remote attackers to cause a denial of service (crash) via malformed ICQ message types without a 0xFE separator character. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:118 20040804 ADDREF XF:micq-0xfe-dos(10872) 20040804 ADDREF BID:6392 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1362 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Christey> REDHAT:RHSA-2003:118 ====================================================== Candidate: CAN-2002-1363 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021214 Category: SF Reference: DEBIAN:DSA-213 Reference: URL:http://www.debian.org/security/2002/dsa-213 Reference: MANDRAKE:MDKSA-2004:063 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063 Reference: REDHAT:RHSA-2003:006 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-006.html Reference: REDHAT:RHSA-2003:007 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-007.html Reference: REDHAT:RHSA-2003:119 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-119.html Reference: REDHAT:RHSA-2003:157 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-157.html Reference: REDHAT:RHSA-2004:249 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-249.html Reference: REDHAT:RHSA-2004:402 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-402.html Reference: SUSE:SUSE-SA:2003:0004 Reference: URL:http://www.suse.com/de/security/2003_004_libpng.html Reference: XF:libpng-file-offset-bo(10925) Reference: URL:http://xforce.iss.net/xforce/xfdb/10925 Reference: BID:6431 Reference: URL:http://www.securityfocus.com/bid/6431 Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers. Modifications: 20040810 desc - modify affected versions 20040810 ADDREF GENTOO:GLSA-200407-06 20040810 ADDREF MANDRAKE:MDKSA-2004:063 20040810 ADDREF REDHAT:RHSA-2003:007 20040810 ADDREF REDHAT:RHSA-2003:119 20040810 ADDREF REDHAT:RHSA-2004:249 20040810 ADDREF XF:libpng-file-offset-bo(10925) 20040810 ADDREF BID:6431 20040818 ADDREF REDHAT:RHSA-2003:157 20040818 ADDREF REDHAT:RHSA-2004:402 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1363 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: REDHAT:RHSA-2003:007 Cox> ADDREF REDHAT:RHSA-2003:119 Cox> There is only one upstream version of libpng, and so the description should be "Portable Network Graphics (PNG) libraries libpng 1.2.5 and earlier does not correctly calculate offsets" Christey> REDHAT:RHSA-2004:249 URL:http://www.redhat.com/support/errata/RHSA-2004-249.html Christey> MANDRAKE:MDKSA-2004:063 URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063 Christey> GENTOO:GLSA-200407-06 URL:http://www.gentoo.org/security/en/glsa/glsa-200407-06.xml Christey> Consider REDHAT:RHSA-2004:402, although that advisory may in fact be addressing a variant. Christey> APPLE:APPLE-SA-2004-09-09 URL:http://lists.apple.com/mhonarc/security-announce/msg00056.html ====================================================== Candidate: CAN-2002-1364 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1364 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: DEBIAN:DSA-254 Reference: URL:http://www.debian.org/security/2003/dsa-254 Reference: SUSE:SuSE-SA:2002:043 Reference: URL:http://www.suse.de/de/security/2002_043_traceroute_nanog_nkitb.html Reference: BUGTRAQ:20021129 Exploit for traceroute-nanog overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103858895600963&w=2 Reference: BID:6166 Reference: URL:http://www.securityfocus.com/bid/6166 Reference: XF:traceroute-nanog-getorigin-bo(10778) Reference: URL:http://xforce.iss.net/xforce/xfdb/10778 Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses. Modifications: 20040810 ADDREF XF:traceroute-nanog-getorigin-bo(10778) 20040818 ADDREF DEBIAN:DSA-254 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1364 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1365 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1365 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021213 Advisory 05/2002: Another Fetchmail Remote Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103979751818638&w=2 Reference: MISC:http://security.e-matters.de/advisories/052002.html Reference: BUGTRAQ:20021215 GLSA: fetchmail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004858802000&w=2 Reference: CALDERA:CSSA-2003-001.0 Reference: CONECTIVA:CLA-2002:554 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000554 Reference: DEBIAN:DSA-216 Reference: URL:http://www.debian.org/security/2002/dsa-216 Reference: ENGARDE:ESA-20030127-002 Reference: IMMUNIX:IMNX-2003-7+-023-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106674887826149&w=2 Reference: MANDRAKE:MDKSA-2003:011 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:011 Reference: REDHAT:RHSA-2002:293 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-293.html Reference: REDHAT:RHSA-2002:294 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-294.html Reference: REDHAT:RHSA-2003:155 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-155.html Reference: SUSE:SuSE-SA:2003:001 Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses. Modifications: 20040810 ADDREF REDHAT:RHSA-2002:294 20040810 ADDREF IMMUNIX:IMNX-2003-7+-023-01 20040818 ADDREF REDHAT:RHSA-2003:155 20040818 ADDREF DEBIAN:DSA-216 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1365 ACCEPT (3 accept, 4 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: REDHAT:RHSA-2002:294 Christey> BUGTRAQ:20031020 Immunix Secured OS 7+ fetchmail update URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106674887826149&w=2 ====================================================== Candidate: CAN-2002-1366 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1366 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: SUSE:SuSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: XF:cups-certs-race-condition(10907) Reference: URL:http://xforce.iss.net/xforce/xfdb/10907 Reference: BID:6435 Reference: URL:http://www.securityfocus.com/bid/6435 Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream. Modifications: 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF SUSE:SuSE-SA:2003:002 20040810 ADDREF XF:cups-certs-race-condition(10907) 20040810 ADDREF BID:6435 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1366 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Cox> Is it usual to name some arbitrary exploit in CVE descriptions? Christey> MANDRAKE:MDKSA-2003:001 Christey> CVE rarely mentions exploits or other malware by name, except where a vulnerability is often referred to by that exploit name, or if there is some evidence that it would be used in a keyword search. This makes it easier for people to be certain that they have found the correct CVE identifier for a particular issue. In this case, there was a large number of CUPS vulnerabilities reported all at once, so the "ice-cream" keyword would be useful to clarify which bug is being discussed. ====================================================== Candidate: CAN-2002-1367 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1367 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt Reference: CONECTIVA:CLSA-2003:702 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: SUSE:SuSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: XF:cups-udp-add-printers(10908) Reference: URL:http://xforce.iss.net/xforce/xfdb/10908 Reference: BID:6436 Reference: URL:http://www.securityfocus.com/bid/6436 Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke. Modifications: 20040810 ADDREF CONECTIVA:CLSA-2003:702 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF SUSE:SuSE-SA:2003:002 20040810 ADDREF XF:cups-udp-add-printers(10908) 20040810 ADDREF BID:6436 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1367 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Cox> Is it usual to name some arbitrary exploit in CVE descriptions? Christey> MANDRAKE:MDKSA-2003:001 ====================================================== Candidate: CAN-2002-1369 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1369 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt Reference: CONECTIVA:CLSA-2003:702 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: SUSE:SuSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: BID:6438 Reference: URL:http://www.securityfocus.com/bid/6438 Reference: XF:cups-strncat-options-bo(10910) Reference: URL:http://xforce.iss.net/xforce/xfdb/10910 jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack. Modifications: 20040810 ADDREF CONECTIVA:CLSA-2003:702 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF SUSE:SuSE-SA:2003:002 20040810 ADDREF BID:6438 20040810 ADDREF XF:cups-strncat-options-bo(10910) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1369 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Christey> MANDRAKE:MDKSA-2003:001 ====================================================== Candidate: CAN-2002-1371 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1371 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt Reference: CONECTIVA:CLSA-2003:702 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: SUSE:SuSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: BID:6439 Reference: URL:http://www.securityfocus.com/bid/6439 Reference: XF:cups-zero-width-images(10911) Reference: URL:http://xforce.iss.net/xforce/xfdb/10911 filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif. Modifications: 20040810 ADDREF CONECTIVA:CLSA-2003:702 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF SUSE:SuSE-SA:2003:002 20040810 ADDREF BID:6439 20040810 ADDREF XF:cups-zero-width-images(10911) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1371 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Cox> Is it usual to name some arbitrary exploit in CVE descriptions? Christey> MANDRAKE:MDKSA-2003:001 ====================================================== Candidate: CAN-2002-1372 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1372 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt Reference: CONECTIVA:CLSA-2003:702 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: SUSE:SuSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: BID:6440 Reference: URL:http://www.securityfocus.com/bid/6440 Reference: XF:cups-file-descriptor-dos(10912) Reference: URL:http://xforce.iss.net/xforce/xfdb/10912 Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta. Modifications: 20040810 ADDREF CONECTIVA:CLSA-2003:702 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF SUSE:SuSE-SA:2003:002 20040810 ADDREF BID:6440 20040810 ADDREF XF:cups-file-descriptor-dos(10912) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1372 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Cox> Is it usual to name some arbitrary exploit in CVE descriptions? Christey> MANDRAKE:MDKSA-2003:001 ====================================================== Candidate: CAN-2002-1373 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1373 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2 Reference: MISC:http://security.e-matters.de/advisories/042002.html Reference: DEBIAN:DSA-212 Reference: URL:http://www.debian.org/security/2002/dsa-212 Reference: ENGARDE:ESA-20030127-001 Reference: GENTOO:200212-2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2 Reference: IMMUNIX:IMNX-2003-7+-008-01 Reference: URL:http://www.securityfocus.com/advisories/5269 Reference: REDHAT:RHSA-2002:288 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html Reference: REDHAT:RHSA-2002:289 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-289.html Reference: REDHAT:RHSA-2003:166 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html Reference: SUSE:SUSE-SA:2003:003 Reference: URL:http://www.suse.com/de/security/2003_003_mysql.html Reference: TRUSTIX:2002-0086 Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt Reference: BID:6368 Reference: URL:http://www.securityfocus.com/bid/6368 Reference: XF:mysql-comtabledump-dos(10846) Reference: URL:http://xforce.iss.net/xforce/xfdb/10846 Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. Modifications: 20040810 ADDREF DEBIAN:DSA-212 20040810 ADDREF IMMUNIX:IMNX-2003-7+-008-01 20040810 ADDREF MANDRAKE:MDKSA-2002:087 20040810 ADDREF SUSE:SUSE-SA:2003:003 20040810 ADDREF REDHAT:RHSA-2002:289 20040810 ADDREF BID:6368 20040810 ADDREF XF:mysql-comtabledump-dos(10846) 20040810 [ref] normalize TRUSTIX 20040810 [ref] normalize GENTOO 20040818 ADDREF REDHAT:RHSA-2003:166 Analysis -------- Vendor Acknowledgement: unknown ACCURACY: a MySQL developer (Sergei Golubchik) confirmed via email that the only the 3.23 branch was affected. INFERRED ACTION: CAN-2002-1373 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2002:289 ====================================================== Candidate: CAN-2002-1374 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1374 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2 Reference: MISC:http://security.e-matters.de/advisories/042002.html Reference: DEBIAN:DSA-212 Reference: URL:http://www.debian.org/security/2002/dsa-212 Reference: ENGARDE:ESA-20021213-033 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html Reference: GENTOO:GLSA-200212-2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2 Reference: IMMUNIX:IMNX-2003-7+-008-01 Reference: URL:http://www.securityfocus.com/advisories/5269 Reference: REDHAT:RHSA-2002:288 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html Reference: REDHAT:RHSA-2002:289 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-289.html Reference: REDHAT:RHSA-2003:166 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html Reference: SUSE:SUSE-SA:2003:003 Reference: URL:http://www.suse.com/de/security/2003_003_mysql.html Reference: TRUSTIX:2002-0086 Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005886114500&w=2 Reference: BID:6373 Reference: URL:http://www.securityfocus.com/bid/6373 Reference: XF:mysql-comchangeuser-password-bypass(10847) Reference: URL:http://xforce.iss.net/xforce/xfdb/10847 The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. Modifications: 20040810 ADDREF DEBIAN:DSA-212 20040810 ADDREF IMMUNIX:IMNX-2003-7+-008-01 20040810 ADDREF MANDRAKE:MDKSA-2002:087 20040810 ADDREF SUSE:SUSE-SA:2003:003 20040810 ADDREF REDHAT:RHSA-2002:289 20040810 ADDREF BID:6373 20040810 ADDREF XF:mysql-comchangeuser-password-bypass(10847) 20040810 [ref] normalize TRUSTIX 20040810 [ref] normalize GENTOO 20040818 ADDREF REDHAT:RHSA-2003:166 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1374 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2002:289 Green> ACKNOWLEDGED IN THE RED HAT ERRATA ====================================================== Candidate: CAN-2002-1375 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1375 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2 Reference: MISC:http://security.e-matters.de/advisories/042002.html Reference: DEBIAN:DSA-212 Reference: URL:http://www.debian.org/security/2002/dsa-212 Reference: ENGARDE:ESA-20021213-033 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html Reference: GENTOO:GLSA-200212-2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2 Reference: IMMUNIX:IMNX-2003-7+-008-01 Reference: URL:http://www.securityfocus.com/advisories/5269 Reference: REDHAT:RHSA-2002:288 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html Reference: REDHAT:RHSA-2002:289 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-289.html Reference: REDHAT:RHSA-2003:166 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html Reference: SUSE:SUSE-SA:2003:003 Reference: URL:http://www.suse.com/de/security/2003_003_mysql.html Reference: TRUSTIX:2002-0086 Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005886114500&w=2 Reference: BID:6375 Reference: URL:http://www.securityfocus.com/bid/6375 Reference: XF:mysql-comchangeuser-password-bo(10848) Reference: URL:http://xforce.iss.net/xforce/xfdb/10848 The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. Modifications: 20040810 ADDREF DEBIAN:DSA-212 20040810 ADDREF IMMUNIX:IMNX-2003-7+-008-01 20040810 ADDREF MANDRAKE:MDKSA-2002:087 20040810 ADDREF SUSE:SUSE-SA:2003:003 20040810 ADDREF REDHAT:RHSA-2002:289 20040810 ADDREF BID:6375 20040810 ADDREF XF:mysql-comchangeuser-password-bo(10848) 20040810 [ref] normalize TRUSTIX 20040810 [ref] normalize GENTOO 20040818 ADDREF REDHAT:RHSA-2003:166 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1375 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2002:289 Green> ACKNOWLEDGED IN THE RED HAT ERRATA ====================================================== Candidate: CAN-2002-1377 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1377 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: FULLDISC:20021213 Some vim problems, yet still vim much better than windows Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2002-December/002948.html Reference: MISC:http://www.guninski.com/vim1.html Reference: BUGTRAQ:20040331 OpenLinux: vim arbitrary commands execution through modelines Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108077992208690&w=2 Reference: CONECTIVA:CLA-2004:812 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812 Reference: MANDRAKE:MDKSA-2003:012 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:012 Reference: REDHAT:RHSA-2002:297 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-297.html Reference: REDHAT:RHSA-2002:302 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-302.html Reference: SUNALERT:55700 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55700 Reference: BID:6384 Reference: URL:http://www.securityfocus.com/bid/6384 Reference: XF:vim-modeline-command-execution(10835) Reference: URL:http://xforce.iss.net/xforce/xfdb/10835 vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. Modifications: 20040810 ADDREF CONECTIVA:CLA-2004:812 20040810 ADDREF SUNALERT:55700 20040810 ADDREF BID:6384 20040810 ADDREF XF:vim-modeline-command-execution(10835) 20040810 ADDREF BUGTRAQ:20040331 OpenLinux: vim arbitrary commands execution through modelines 20040810 [refs] normalize FULLDISC 20040810 [desc] clarify 20040818 ADDREF REDHAT:RHSA-2002:302 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1377 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> The mention of mutt in the original advisory is used to give one indication of a possible attack vector. It should be 'but may be executed when vim is used to edit a malicious file' Addref: REDHAT:RHSA-2002:302 Green> ACKNOWLEDGED IN REDHAT ERRATA Christey> CONECTIVA:CLA-2004:812 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812 Christey> BUGTRAQ:20040331 OpenLinux: vim arbitrary commands execution through modelines URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108077992208690&w=2 ====================================================== Candidate: CAN-2002-1380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1380 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: VULNWATCH:20021217 RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability Reference: DEBIAN:DSA-336 Reference: URL:http://www.debian.org/security/2003/dsa-336 Reference: ENGARDE:ESA-20030318-009 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html Reference: MANDRAKE:MDKSA-2003:039 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:039 Reference: REDHAT:RHSA-2003:088 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-088.html Reference: TRUSTIX:2002-0083 Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0083-kernel.asc.txt Reference: BID:6420 Reference: URL:http://www.securityfocus.com/bid/6420 Reference: XF:linux-protread-mmap-dos(10884) Reference: URL:http://xforce.iss.net/xforce/xfdb/10884 Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. Modifications: 20040810 ADDREF DEBIAN:DSA-336 20040810 ADDREF ENGARDE:ESA-20030318-009 20040810 ADDREF MANDRAKE:MDKSA-2003:039 20040810 ADDREF REDHAT:RHSA-2003:088 20040810 ADDREF BID:6420 20040810 ADDREF XF:linux-protread-mmap-dos(10884) 20040810 [refs] normalize TRUSTIX Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1380 ACCEPT_ACK_REV (2 accept, 2 ack, 2 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Cox NOOP(2) Christey, Cole REVIEWING(2) Green, Wall Voter Comments: Christey> ENGARDE:ESA-20030318-009 URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html CHANGE> [Cox changed vote from ACCEPT to MODIFY] Cox> Addref: RHSA-2003:088 Christey> MANDRAKE:MDKSA-2003:039 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:039 Christey> DEBIAN:DSA-336 URL:http://www.debian.org/security/2003/dsa-336 ====================================================== Candidate: CAN-2002-1381 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1381 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021204 Local root vulnerability found in exim 4.x (and 3.x) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103903403527788&w=2 Reference: CONFIRM:http://groups.yahoo.com/group/exim-users/message/42358 Reference: GENTOO:GLSA-200212-5 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104006219018664&w=2 Reference: BID:6314 Reference: URL:http://www.securityfocus.com/bid/6314 Reference: XF:exim-daemonc-format-string(10761) Reference: URL:http://xforce.iss.net/xforce/xfdb/10761 Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value. Modifications: 20040810 ADDREF BID:6314 20040810 ADDREF XF:exim-daemonc-format-string(10761) 20040810 [refs] normalize GENTOO Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1381 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Cox, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2002-1382 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1382 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021217 Category: SF Reference: BUGTRAQ:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104014220727109&w=2 Reference: VULNWATCH:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2 Reference: URL:http://marc.theaimsgroup.com/?l=vulnwatch&m=104013370116670 Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23569 Reference: BID:6383 Reference: URL:http://www.securityfocus.com/bid/6383 Reference: XF:flash-swf-bo(10861) Reference: URL:http://xforce.iss.net/xforce/xfdb/10861 Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846. Modifications: 20040810 ADDREF BID:6383 20040810 ADDREF XF:flash-swf-bo(10861) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1382 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1384 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1384 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021218 Category: SF Reference: VULNWATCH:20021223 iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops Reference: MISC:http://www.idefense.com/advisory/12.23.02.txt Reference: DEBIAN:DSA-222 Reference: URL:http://www.debian.org/security/2003/dsa-222 Reference: DEBIAN:DSA-226 Reference: URL:http://www.debian.org/security/2003/dsa-226 Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: GENTOO:GLSA-200301-1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104152282309980&w=2 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: MANDRAKE:MDKSA-2003:002 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:002 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: REDHAT:RHSA-2002:307 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-307.html Reference: REDHAT:RHSA-2003:037 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-037.html Reference: REDHAT:RHSA-2003:216 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-216.html Reference: SUSE:SUSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: BID:6475 Reference: URL:http://www.securityfocus.com/bid/6475 Reference: XF:pdftops-integer-overflow(10937) Reference: URL:http://xforce.iss.net/xforce/xfdb/10937 Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf. Modifications: 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF MANDRAKE:MDKSA-2003:002 20040810 ADDREF REDHAT:RHSA-2002:307 20040810 ADDREF SUSE:SUSE-SA:2003:002 20040810 ADDREF XF:pdftops-integer-overflow(10937) 20040810 ADDREF BID:6475 20040810 [refs] normalize GENTOO 20040818 ADDREF REDHAT:RHSA-2003:216 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-1384 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: REDHAT:RHSA-2002:307 Christey> MANDRAKE:MDKSA-2003:001 MANDRAKE:MDKSA-2003:002 ====================================================== Candidate: CAN-2002-1385 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1385 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021219 Category: SF Reference: BUGTRAQ:20021218 Openwebmail 1.71 remote root compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104031696120743&w=2 Reference: BUGTRAQ:20021219 [Fix] Openwebmail 1.71 remote root compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032263328026&w=2 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435 Reference: BID:6425 Reference: URL:http://www.securityfocus.com/bid/6425 Reference: XF:open-webmail-command-execution(10904) Reference: URL:http://xforce.iss.net/xforce/xfdb/10904 openwebmail_init in Open WebMail 1.81 and earlier allows local users attackers to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed. Modifications: 20040810 ADDREF BID:6425 20040810 ADDREF XF:open-webmail-command-execution(10904) Analysis -------- Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: the announce page for Open WebMail includes an item "Security Advisory 20021219," which describes the problem and credits the Bugtraq poster. INFERRED ACTION: CAN-2002-1385 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1388 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1388 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021230 Category: SF Reference: CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200212220120.gBM1K8502180@mcguire.earlhood.com Reference: DEBIAN:DSA-221 Reference: URL:http://www.debian.org/security/2002/dsa-221 Reference: XF:mhonarc-m2htexthtml-filter-xss(10950) Reference: URL:http://xforce.iss.net/xforce/xfdb/10950 Reference: BID:6479 Reference: URL:http://www.securityfocus.com/bid/6479 Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages. Modifications: 20 | ||||