|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 480 candidates (Final Decision September 1)
I have made an Interim Decision to ACCEPT the following 480 candidates. I will make a Final Decision on September 1. The candidates came from the following clusters: 1 RECENT-48 2 RECENT-49 1 MISC-99 1 RECENT-60 1 RECENT-61 1 RECENT-62 1 RECENT-65 1 RECENT-66 1 RECENT-67 1 LEGACY-UNIX-ADV 1 LEGACY-MISC-1997 1 LEGACY-MISC-1998-A 1 LEGACY-MISC-1998-B 3 LEGACY-MISC-1999-A 3 LEGACY-MISC-1999-B 1 LEGACY-MISC-1999-C 2 RECENT-69 1 RECENT-72 1 RECENT-73 3 RECENT-75 2 RECENT-76 2 RECENT-77 3 RECENT-78 1 RECENT-79 1 RECENT-80 1 RECENT-81 2 RECENT-82 1 RECENT-84 2 MISC-2001-001 3 MISC-2001-002 1 RECENT-86 1 RECENT-87 1 RECENT-88 4 MISC-2001-004 2 RECENT-89 1 RECENT-90 1 RECENT-91 10 RECENT-93 2 RECENT-96 6 RECENT-97 3 MISC-2001-005 2 RECENT-98 2 RECENT-103 2 RECENT-104 24 CERT-2003a 17 CISCO-2003a 27 UNIX-2002a 35 UNIX-2002b 22 UNIX-2002c 21 UNIX-2003a 36 MS-2002a 31 CONFIRM-2002a 28 CONFIRM-2002b 39 CONFIRM-2003a 23 MISC-2002b 1 RECENT-14 3 RECENT-31 1 RECENT-32 Voters: Renaud NOOP(1) Ziese ACCEPT(2) NOOP(6) REVIEWING(6) Dik ACCEPT(2) Levy ACCEPT(3) REVIEWING(2) Green ACCEPT(253) MODIFY(1) NOOP(5) REVIEWING(3) Magdych NOOP(1) Frech ACCEPT(36) MODIFY(76) Cole ACCEPT(418) NOOP(62) Alderson ACCEPT(6) REVIEWING(1) Jones ACCEPT(27) MODIFY(6) NOOP(2) REVIEWING(5) Stracener ACCEPT(6) NOOP(1) Balinsky ACCEPT(13) MODIFY(2) NOOP(4) Foat ACCEPT(33) MODIFY(1) NOOP(43) Bollinger ACCEPT(8) Cox ACCEPT(89) MODIFY(55) NOOP(290) REVIEWING(1) Williams ACCEPT(16) MODIFY(4) NOOP(1) REVIEWING(2) Baker ACCEPT(294) MODIFY(1) Bishop ACCEPT(1) NOOP(2) Christey MODIFY(4) NOOP(155) Armstrong ACCEPT(212) NOOP(24) Wall ACCEPT(116) NOOP(206) REVIEWING(30) ====================================================== Candidate: CAN-1999-0718 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0718 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20010214 Assigned: 19991125 Category: unknown Reference: NTBUGTRAQ:19990823 IBM Gina security warning Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=&S=&P=5534 Reference: BID:608 Reference: URL:http://www.securityfocus.com/bid/608 Reference: XF:ibm-gina-group-add Reference: URL:http://xforce.iss.net/static/3166.php IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-1999-0718 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Baker, Frech, Cole Voter Comments: Frech> XF:ibm-gina-group-add ====================================================== Candidate: CAN-1999-1189 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1189 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991124 Netscape Communicator 4.7 - Navigator Overflows Reference: URL:http://www.securityfocus.com/archive/1/36306 Reference: BUGTRAQ:19991127 Netscape Communicator 4.7 - Navigator Overflows Reference: URL:http://www.securityfocus.com/archive/1/36608 Reference: BID:822 Reference: URL:http://www.securityfocus.com/bid/822 Reference: XF:netscape-long-argument-bo(7884) Reference: URL:http://xforce.iss.net/xforce/xfdb/7884 Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file. Modifications: 20040723 ADDREF XF:netscape-long-argument-bo(7884) Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-1999-1189 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:netscape-long-argument-bo(7884) ====================================================== Candidate: CAN-1999-1199 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1199 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980807 YA Apache DoS attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90252779826784&w=2 Reference: BUGTRAQ:19980808 Debian Apache Security Update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90276683825862&w=2 Reference: BUGTRAQ:19980810 Apache DoS Attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90286768232093&w=2 Reference: BUGTRAQ:19980811 Apache 'sioux' DOS fix for TurboLinux Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90280517007869&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#apache Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. Modifications: 20040723 ADDREF CONFIRM Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-1999-1199 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cox, Cole NOOP(3) Christey, Wall, Foat Voter Comments: Christey> CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#apache ====================================================== Candidate: CAN-1999-1201 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1201 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990206 New Windows 9x Bug: TCP Chorusing Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91849617221319&w=2 Reference: BID:225 Reference: URL:http://www.securityfocus.com/bid/225 Reference: XF:win-multiple-ip-dos(7542) Reference: URL:http://xforce.iss.net/xforce/xfdb/7542 Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing. Modifications: 20040723 ADDREF XF:win-multiple-ip-dos(7542) Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-1999-1201 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:win-multiple-ip-dos(7542) ====================================================== Candidate: CAN-1999-1217 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1217 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19970725 Re: NT security - why bother? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319435&w=2 Reference: NTBUGTRAQ:19970723 NT security - why bother? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319426&w=2 Reference: XF:nt-path(526) Reference: URL:http://xforce.iss.net/static/526.php The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-1999-1217 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Foat, Cole Voter Comments: CHANGE> [Foat changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-1999-1365 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1365 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990628 NT runs Explorer.exe, Taskmgr.exe etc. from wrong location Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93069418400856&w=2 Reference: NTBUGTRAQ:19990630 Update: NT runs explorer.exe, etc... Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93127894731200&w=2 Reference: XF:nt-login-default-folder(2336) Reference: URL:http://xforce.iss.net/xforce/xfdb/2336 Reference: BID:0515 Reference: URL:http://www.securityfocus.com/bid/0515 Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. Modifications: 20040723 ADDREF XF:nt-login-default-folder(2336) Analysis -------- Vendor Acknowledgement: The %systemroot% being writable by users is contrary to Microsoft recommended configuration. So, is this just one implication of a bad configuration problem? INFERRED ACTION: CAN-1999-1365 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-login-default-folder(2336) CHANGE> [Foat changed vote from NOOP to ACCEPT] Frech> XF:nt-login-default-folder(2336) ====================================================== Candidate: CAN-1999-1397 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1397 Final-Decision: Interim-Decision: 20040825 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990323 Index Server 2.0 and the Registry Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92242671024118&w=2 Reference: NTBUGTRAQ:19990323 Index Server 2.0 and the Registry Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92223293409756&w=2 Reference: BID:476 Reference: URL:http://www.securityfocus.com/bid/476 Reference: XF:iis-indexserver-reveal-path(7559) Reference: URL:http://www.iss.net/security_center/static/7559.php Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. Modifications: ADDREF XF:iis-indexserver-reveal-path(7559) Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-1999-1397 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:iis-indexserver-reveal-path(7559) ====================================================== Candidate: CAN-1999-1486 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1486 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CONFIRM:http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info Reference: AIXAPAR:IX75554 Reference: AIXAPAR:IX76853 Reference: AIXAPAR:IX76330 Reference: BID:408 Reference: URL:http://www.securityfocus.com/bid/408 Reference: XF:aix-sadc-timex(7675) Reference: URL:http://xforce.iss.net/xforce/xfdb/7675 sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack. Modifications: 20040723 fix desc. to show linkage with timex 20040723 ADDREF CONFIRM Analysis -------- Vendor Acknowledgement: yes patch ABSTRACTION: This could be related to the sadc problem in other UNIXes as discovered by 8lgm in 1994, but there are insufficient details to be sure. INFERRED ACTION: CAN-1999-1486 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Bollinger, Foat, Cole, Stracener NOOP(1) Christey Voter Comments: Christey> The description needs to be modified to mention the role of timex. The one-line description for the IX75554 APAR mentions timex instead of sadc, but the BID mentions sadc and not timex. This apparent discrepancy is resolved by a README file for the fileset that is used by IX75554: CONFIRM:http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info This clearly shows the relationship between timex and sadc. Bollinger> The one line abstract is somewhat misleading. The timex command calls sadc with a filename and it's the sadc command that can be tricked into modifying files owned by the adm group. Since sadc is only executable by group adm, a local attacker would need to use timex to exploit this. (timex is setgid adm.) So the vulnerability is really in sadc and that's where the fix was made. ====================================================== Candidate: CAN-1999-1520 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1520 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19990511 [ALERT] Site Server 3.0 May Expose SQL IDs and PSWs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92647407227303&w=2 Reference: BID:256 Reference: URL:http://www.securityfocus.com/bid/256 Reference: XF:siteserver-site-csc(2270) Reference: URL:http://xforce.iss.net/static/2270.php A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information. Modifications: 20040723 update desc style Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-1999-1520 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Wall, Cole NOOP(1) Foat ====================================================== Candidate: CAN-1999-1537 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1537 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990707 SSL and IIS. Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827329577&w=2 Reference: BID:521 Reference: URL:http://www.securityfocus.com/bid/521 Reference: XF:ssl-iis-dos(2352) Reference: URL:http://xforce.iss.net/static/2352.php IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-1999-1537 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Wall, Cole NOOP(1) Foat ====================================================== Candidate: CAN-1999-1556 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1556 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19980629 MS SQL Server 6.5 stores password in unprotected registry keys Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222453431645&w=2 Reference: BID:109 Reference: URL:http://www.securityfocus.com/bid/109 Reference: XF:mssql-sqlexecutivecmdexec-password(7354) Reference: URL:http://xforce.iss.net/xforce/xfdb/7354 Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. Modifications: 20040723 ADDREF XF:mssql-sqlexecutivecmdexec-password(7354) 20040723 desc: fix typo "andd" Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-1999-1556 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(2) Christey, Foat Voter Comments: Frech> XF:mssql-sqlexecutivecmdexec-password(7354) Christey> Need to consult MS on this issue. ====================================================== Candidate: CAN-1999-1568 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1568 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990223 NcFTPd remote buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91981352617720&w=2 Reference: BUGTRAQ:19990223 Comments on NcFTPd "theoretical root compromise" Reference: URL:http://www.securityfocus.com/archive/1/12699 Reference: XF:ncftpd-port-bo(1833) Reference: URL:http://xforce.iss.net/static/1833.php Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command. Analysis -------- Vendor Acknowledgement: yes followup INCLUSION: This is a UNIX based server. The process that crashes is a child process whose resources are released appropriately, according to reports. Since it's also an off-by-one error instead of a buffer overflow, perhaps this is not "exploitable" and as such should not be included in CVE. INFERRED ACTION: CAN-1999-1568 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Frech, Foat, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2000-0247 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0247 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000322 Local root compromise in GNQS 3.50.6 and 3.50.7 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0236.html Reference: MISC:http://ftp.gnqs.org/pub/gnqs/source/by-version-number/v3.50/Generic-NQS-3.50.8-ChangeLog.txt Reference: FREEBSD:FreeBSD-SA-00:13 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:13.generic-nqs.asc Reference: BID:1842 Reference: URL:http://www.securityfocus.com/bid/1842 Reference: XF:generic-nqs-local-root(4306) Reference: URL:http://xforce.iss.net/xforce/xfdb/4306 Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges. Modifications: 20040723 desc: add "unknown" 20040723 ADDREF BID:1842 20040723 ADDREF XF:generic-nqs-local-root(4306) 20040723 ADDREF FREEBSD:FreeBSD-SA-00:13 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2000-0247 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(1) Baker MODIFY(2) Frech, Christey NOOP(2) Magdych, Cole REVIEWING(1) Levy Voter Comments: Christey> ADDREF FREEBSD:FreeBSD-SA-00:13 ADDREF ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A13-generic-nqs.asc CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:generic-nqs-local-root CHANGE> [Magdych changed vote from REVIEWING to NOOP] CHANGE> [Christey changed vote from NOOP to MODIFY] Christey> BID:1842 XF:generic-nqs-local-root(4306) ====================================================== Candidate: CAN-2000-0747 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0747 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000726 CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENLDAP Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0379.html Reference: XF:openldap-logrotate-script-dos(5036) Reference: URL:http://xforce.iss.net/xforce/xfdb/5036 The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it. Modifications: 20040723 ADDREF XF:openldap-logrotate-script-dos(5036) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2000-0747 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(1) Wall REVIEWING(1) Levy ====================================================== Candidate: CAN-2000-0773 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0773 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000731 Two security flaws in Bajie Webserver Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0426.html Reference: BID:1522 Reference: URL:http://www.securityfocus.com/bid/1522 Reference: XF:bajie-view-arbitrary-files(5021) Reference: URL:http://xforce.iss.net/xforce/xfdb/5021 Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack. Modifications: 20040723 XF:bajie-view-arbitrary-files(5021) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2000-0773 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Baker, Levy, Williams MODIFY(1) Christey NOOP(2) Wall, Cole Voter Comments: Baker> Apparently the vendor fixed this issue, as it doesn't appear in later versions of the software. Christey> XF:bajie-view-arbitrary-files(5021) ====================================================== Candidate: CAN-2000-0781 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0781 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000728 Client Agent 6.62 for Unix Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0431.html Reference: BID:1519 Reference: URL:http://www.securityfocus.com/bid/1519 Reference: XF:arcserveit-clientagent-temp-file(5023) Reference: URL:http://xforce.iss.net/xforce/xfdb/5023 uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved. Modifications: 20040723 desc fix "the the" 20040723 XF:arcserveit-clientagent-temp-file(5023) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2000-0781 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Williams MODIFY(2) Baker, Christey NOOP(2) Wall, Cole Voter Comments: Christey> fix typo: "the the" Baker> Can't really access the CA website to get info on this. CHANGE> [Christey changed vote from NOOP to MODIFY] Christey> XF:arcserveit-clientagent-temp-file(5023) ====================================================== Candidate: CAN-2000-0797 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0797 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl Reference: SGI:20040104-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc Reference: BID:1526 Reference: URL:http://www.securityfocus.com/bid/1526 Reference: XF:irix-grosview-bo(5062) Reference: URL:http://xforce.iss.net/xforce/xfdb/5062 Reference: OSVDB:3815 Reference: URL:http://www.osvdb.org/3815 Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option. Modifications: 20040723 ADDREF XF:irix-grosview-bo(5062) 20040723 ADDREF SGI:20040104-01-P 20040818 ADDREF OSVDB:3815 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2000-0797 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Levy NOOP(4) Williams, Wall, Cole, Christey Voter Comments: Christey> XF:irix-grosview-bo http://xforce.iss.net/static/5062.php Christey> SGI:20040104-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc ====================================================== Candidate: CAN-2000-0894 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0894 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20010202 Assigned: 20001114 Category: SF Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall Reference: URL:http://xforce.iss.net/alerts/advise70.php Reference: XF:watchguard-soho-web-auth(5554) Reference: URL:http://xforce.iss.net/xforce/xfdb/5554 Reference: BID:2119 Reference: URL:http://www.securityfocus.com/bid/2119 Reference: OSVDB:4404 Reference: URL:http://www.osvdb.org/4404 HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities. Modifications: 20040818 ADDREF OSVDB:4404 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2000-0894 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey REVIEWING(1) Ziese Voter Comments: Frech> XF:watchguard-soho-web-auth(5554) Christey> Consider adding BID:2119 ====================================================== Candidate: CAN-2000-0895 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0895 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20010202 Assigned: 20001114 Category: SF Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall Reference: URL:http://xforce.iss.net/alerts/advise70.php Reference: BID:2114 Reference: URL:http://www.securityfocus.com/bid/2114 Reference: XF:watchguard-soho-web-dos(5218) Reference: URL:http://xforce.iss.net/xforce/xfdb/5218 Reference: OSVDB:4403 Reference: URL:http://www.osvdb.org/4403 Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request. Modifications: 20040723 ADDREF XF:watchguard-soho-web-dos(5218) 20040723 desc normalize to "arbitrary code" 20040818 ADDREF OSVDB:4403 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2000-0895 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall REVIEWING(1) Ziese Voter Comments: Frech> XF:watchguard-soho-web-dos(5218) ====================================================== Candidate: CAN-2000-1203 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1203 Final-Decision: Interim-Decision: 20040825 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020131 Category: SF Reference: VULN-DEV:20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=95886062521327&w=2 Reference: BUGTRAQ:20010820 Lotus Domino DoS Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-21&end=2002-01-27&mid=209116&threads=1 Reference: BUGTRAQ:20010823 Lotus Domino DoS solution Reference: URL:http://www.securityfocus.com/archive/1/209754 Reference: BID:3212 Reference: URL:http://www.securityfocus.com/bid/3212 Reference: XF:lotus-domino-bounced-message-dos(7012) Reference: URL:http://xforce.iss.net/xforce/xfdb/7012 Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop. Modifications: ADDREF XF:lotus-domino-bounced-message-dos(7012) Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2000-1203 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Baker, Armstrong, Green MODIFY(1) Frech NOOP(5) Cox, Wall, Foat, Cole, Christey Voter Comments: Green> Since a work around involving configuration settings exists the presenting problem should also exist. Frech> XF:lotus-domino-bounced-message-dos(7012) CONFIRM: http://www-1.ibm.com/support/docview.wss?rs=0&org=sims&doc=DA18AA221C3 B982085256B84000033EB Christey> The CONFIRM URL provided by Andre is broken ====================================================== Candidate: CAN-2001-0042 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0042 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001206 CHINANSL Security Advisory(CSA-200011) Reference: URL:http://www.securityfocus.com/archive/1/149210 Reference: BID:2060 Reference: URL:http://www.securityfocus.com/bid/2060 Reference: XF:apache-php-disclose-files Reference: URL:http://xforce.iss.net/static/5659.php PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences. Modifications: 20040723 desc normalize, add "%5c" detail Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-0042 ACCEPT_REV (3 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Cole, Baker, Frech NOOP(1) Wall REVIEWING(1) Ziese ====================================================== Candidate: CAN-2001-0375 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0375 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010406 PIX Firewall 5.1 DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98658271707833&w=2 Reference: CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml Reference: XF:cisco-pix-tacacs-dos(6353) Reference: URL:http://xforce.iss.net/xforce/xfdb/6353 Reference: BID:2551 Reference: URL:http://www.securityfocus.com/bid/2551 Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. Modifications: 20040723 desc normalize 20040723 XF:cisco-pix-tacacs-dos(6353) 20040723 CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-0375 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Christey REVIEWING(1) Ziese Voter Comments: Frech> XF:cisco-pix-tacacs-dos(6353) Christey> CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability URL:http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml ====================================================== Candidate: CAN-2001-0423 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0423 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010412 Solaris ipcs vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0217.html Reference: BID:2581 Reference: URL:http://www.securityfocus.com/bid/2581 Reference: XF:solaris-ipcs-bo(6369) Reference: URL:http://xforce.iss.net/xforce/xfdb/6369 Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093. Modifications: 20040723 desc add "different from CAN-2002-0093" 20040723 ADDREF XF:solaris-ipcs-bo(6369) Analysis -------- Vendor Acknowledgement: yes cve-vote INFERRED ACTION: CAN-2001-0423 ACCEPT_ACK_REV (2 accept, 1 ack, 2 review) Current Votes: ACCEPT(1) Dik MODIFY(1) Frech NOOP(3) Wall, Cole, Christey REVIEWING(2) Ziese, Williams Voter Comments: Frech> XF:solaris-ipcs-bo(6369) Dik> sun bug: 4448598 Christey> This might be a duplicate of CAN-2002-0093, which is for Compaq IPCS. Christey> An authoritative source confirmed that this issue is in fact different from CAN-2002-0093. ====================================================== Candidate: CAN-2001-0485 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0485 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010426 IRIX /usr/lib/print/netprint local root symbols exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0475.html Reference: BUGTRAQ:20010427 Re: IRIX /usr/lib/print/netprint local root symbols exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0502.html Reference: SGI:20010701-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010701-01-P Reference: BID:2656 Reference: URL:http://www.securityfocus.com/bid/2656 Reference: XF:irix-netprint-shared-library(6473) Reference: URL:http://xforce.iss.net/xforce/xfdb/6473 Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option. Modifications: 20040723 ADDREF SGI:20010701-01-P 20040723 ADDREF BID:2656 20040723 ADDREF XF:irix-netprint-shared-library(6473) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-0485 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(5) Wall, Cole, Christey, Ziese, Renaud REVIEWING(1) Williams Voter Comments: Williams> Apply the following patch: 2022? See advisory 19961203-01-PX for more information? Frech> XF:irix-netprint-shared-library(6473) Christey> SGI:20010701-01-P Baker> SGI Patch 20010701-01-P Christey> ADDREF BID:2656 ====================================================== Candidate: CAN-2001-0548 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0548 Final-Decision: Interim-Decision: 20040825 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010717 Category: SF Reference: BUGTRAQ:20010724 NSFOCUS SA2001-04 : Solaris dtmail Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99598918914068&w=2 Reference: XF:solaris-dtmail-bo(6879) Reference: URL:http://xforce.iss.net/static/6879.php Reference: BID:3081 Reference: URL:http://www.securityfocus.com/bid/3081 Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable. Modifications: ADDREF XF:solaris-dtmail-bo(6879) DESC remove "possibly other OSes" Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-0548 ACCEPT (5 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Foat, Armstrong, Stracener MODIFY(2) Frech, Balinsky NOOP(4) Wall, Cole, Christey, Ziese Voter Comments: Frech> XF:solaris-dtmail-bo(6879) Balinsky> Delete "and possibly other operating systems" because that is not verifiable, and add the following references from Sun, which acknowledge the problem: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/105338 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/105339 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/107200 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/107201 Christey> BID:3081 URL:http://www.securityfocus.com/bid/3081 Christey> It is not clear from the patch list whether these *particular* dtmail overflows have been addressed. ====================================================== Candidate: CAN-2001-0612 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0612 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010516 Remote Desktop DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0158.html Reference: XF:remote-desktop-dos(6547) Reference: URL:http://xforce.iss.net/static/6547.php Reference: BID:2726 Reference: URL:http://www.securityfocus.com/bid/2726 Reference: OSVDB:6288 Reference: URL:http://www.osvdb.org/6288 McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045. Modifications: 20040723 desc normalize 20040818 ADDREF OSVDB:6288 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-0612 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Frech, Ziese NOOP(3) Wall, Foat, Bishop Voter Comments: CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0643 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0643 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010829 Assigned: 20010806 Category: SF Reference: BUGTRAQ:20010416 Double clicking on innocent looking files may be dangerous Reference: URL:http://www.securityfocus.com/archive/1/176909 Reference: MISC:http://www.guninski.com/clsidext.html Reference: MISC:http://vil.nai.com/vil/virusSummary.asp?virus_k=99048 Reference: MISC:http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html Reference: XF:ie-clsid-execute-files(6426) Reference: URL:http://xforce.iss.net/static/6426.php Reference: BID:2612 Reference: URL:http://www.securityfocus.com/bid/2612 A type-check flaw in Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type. Modifications: 20040723 ADDREF MISC:http://www.guninski.com/clsidext.html 20040723 ADDREF BID:2612 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-0643 ACCEPT (5 accept, 0 ack, 0 review) Current Votes: ACCEPT(5) Wall, Foat, Cole, Baker, Frech NOOP(2) Stracener, Ziese Voter Comments: CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0741 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0741 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20011012 Assigned: 20011012 Category: CF Reference: BUGTRAQ:20010503 Cisco HSRP Weakness/DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0035.html Reference: MISC:http://www.cisco.com/networkers/nw00/pres/2402.pdf Reference: XF:cisco-hsrp-dos(6497) Reference: URL:http://xforce.iss.net/static/6497.php Reference: BID:2684 Reference: URL:http://www.securityfocus.com/bid/2684 Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-0741 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Foat, Armstrong, Frech NOOP(2) Wall, Cole ====================================================== Candidate: CAN-2001-0749 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0749 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010524 IPC@Chip Security Reference: URL:http://www.securityfocus.com/archive/1/186418 Reference: BID:2775 Reference: URL:http://www.securityfocus.com/bid/2775 Reference: XF:ipcchip-web-root-system(8922) Reference: URL:http://xforce.iss.net/xforce/xfdb/8922 Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attacker to retrieve arbitrary files via webserver root directory set to system root. Modifications: 20040723 ADDREF XF:ipcchip-web-root-system(8922) Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-0749 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Armstrong Voter Comments: Frech> XF:ipcchip-web-root-system(8922) ====================================================== Candidate: CAN-2001-0792 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0792 Final-Decision: Interim-Decision: 20040825 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: MISC:http://www.securiteam.com/exploits/5AP0Q2A4AQ.html Reference: XF:xchat-nickname-format-string(7416) Reference: URL:http://xforce.iss.net/static/7416.php Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname. Modifications: ADDREF XF:xchat-nickname-format-string(7416) Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-0792 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Armstrong MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Frech> XF:xchat-nickname-format-string(7416) Christey> Inquiry sent to xchat developer on 2/25/2002. Christey> Received a reply 2/26/2002: "I don't know... It doesn't seem to effect [sic] any recent versions though." This vulnerability was reported for a *MUCH* older version. ====================================================== Candidate: CAN-2001-0825 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0825 Final-Decision: Interim-Decision: 20040825 Modified: 20020821-02 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: SUSE:SuSE-SA:2001:022 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Jun/0002.html Reference: CONECTIVA:CLA-2001:406 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406 Reference: REDHAT:RHSA-2001:092 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-092.html Reference: IMMUNIX:IMNX-2001-70-029-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-029-01 Reference: BID:2971 Reference: URL:http://www.securityfocus.com/bid/2971 Reference: XF:xinetd-zero-length-bo(6804) Reference: URL:http://xforce.iss.net/static/6804.php Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. Modifications: ADDREF XF:xinetd-zero-length-bo(6804) ADDREF IMMUNIX:IMNX-2001-70-024-01 DELREF IMMUNIX:IMNX-2001-70-024-01 DELREF BUGTRAQ:20010629 xinetd update [normalize to IMMUNIX] DELREF BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-0825 ACCEPT (7 accept, 2 ack, 0 review) Current Votes: ACCEPT(6) Wall, Foat, Cole, Armstrong, Baker, Bishop MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:xinetd-zero-length-bo(6804) Christey> Need to sift through the references to make sure they're correct and appropriately distinguish from CAN-2001-0763. Christey> DELREF IMMUNIX:IMNX-2001-70-024-01 - it does not explicitly mention this issue. DELREF BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1 That's for CAN-2001-0763. Change affected version to 2.1.8, I have no idea where 2.3.1 came from. ====================================================== Candidate: CAN-2001-0837 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0837 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011025 Pc-to-Phone vulnerability - broken by design Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100403691432052&w=2 Reference: XF:pc2phone-temp-account-readable(7393) Reference: URL:http://xforce.iss.net/xforce/xfdb/7393 Reference: BID:3475 Reference: URL:http://www.securityfocus.com/bid/3475 DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder. Modifications: 20040723 ADDREF XF:pc2phone-temp-account-readable(7393) Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2001-0837 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Armstrong, Baker MODIFY(1) Frech NOOP(4) Wall, Foat, Cole, Bishop Voter Comments: Frech> XF:pc2phone-temp-account-readable(7393) Armstrong> http://www.securiteam.com/windowsntfocus/6V00P202UC.html ====================================================== Candidate: CAN-2001-0902 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0902 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011120 IIS logging issue Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626531103946&w=2 Reference: NTBUGTRAQ:20011120 IIS logging issue Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100627497122247&w=2 Reference: XF:iis-fake-log-entry(7613) Reference: URL:http://xforce.iss.net/xforce/xfdb/7613 Reference: BID:6795 Reference: URL:http://www.securityfocus.com/bid/6795 Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. Modifications: 20040723 ADDREF XF:iis-fake-log-entry(7613) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-0902 ACCEPT_REV (3 accept, 0 ack, 1 review) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(1) Armstrong REVIEWING(1) Wall Voter Comments: Frech> XF:iis-fake-log-entry(7613) ====================================================== Candidate: CAN-2001-0907 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0907 Final-Decision: Interim-Decision: 20040825 Modified: 20020817-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011018 Flaws in recent Linux kernels Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337 Reference: MANDRAKE:MDKSA-2001:082 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082-1.php3 Reference: SUSE:SuSE-SA:2001:036 Reference: URL:http://www.suse.de/de/support/security/2001_036_kernel_txt.html Reference: IMMUNIX:IMNX-2001-70-035-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01 Reference: CALDERA:CSSA-2001-036.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt Reference: MANDRAKE:MDKSA-2001:079 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-079.php Reference: ENGARDE:ESA-20011019-02 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1650.html Reference: BUGTRAQ:20011019 TSLSA-2001-0028 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100350685431610&w=2 Reference: XF:linux-multiple-symlink-dos(7312) Reference: URL:http://www.iss.net/security_center/static/7312.php Reference: BID:3444 Reference: URL:http://www.securityfocus.com/bid/3444 Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link. Modifications: ADDREF SUSE:SuSE-SA:2001:036 ADDREF IMMUNIX:IMNX-2001-70-035-01 ADDREF CALDERA:CSSA-2001-036.0 ADDREF MANDRAKE:MDKSA-2001:079 ADDREF ENGARDE:ESA-20011019-02 ADDREF BUGTRAQ:20011019 TSLSA-2001-0028 ADDREF XF:linux-multiple-symlink-dos(7312) ADDREF BID:3444 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-0907 ACCEPT_REV (5 accept, 2 ack, 1 review) Current Votes: ACCEPT(4) Foat, Cole, Green, Baker MODIFY(1) Frech NOOP(1) Christey REVIEWING(1) Wall Voter Comments: Frech> XF:linux-multiple-symlink-dos(7312) Christey> SUSE:SuSE-SA:2001:036 URL:http://www.suse.de/de/support/security/2001_036_kernel_txt.html IMMUNIX:IMNX-2001-70-035-01 URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01 CALDERA:CSSA-2001-036.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt MANDRAKE:MDKSA-2001:079 ENGARDE:ESA-20011019-02 URL:http://www.linuxsecurity.com/advisories/other_advisory-1650.html BUGTRAQ:20011019 TSLSA-2001-0028 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100350685431610&w=2 ====================================================== Candidate: CAN-2001-0909 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0909 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 Buffer overflow in Windows XP "helpctr.exe" Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638955422011&w=2 Reference: XF:winxp-helpctr-bo(7605) Reference: URL:http://xforce.iss.net/static/7605.php Reference: BID:6802 Reference: URL:http://www.securityfocus.com/bid/6802 Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL. Modifications: 20040723 BID:6802 Analysis -------- Vendor Acknowledgement: no INFERRED ACTION: CAN-2001-0909 ACCEPT_REV (3 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Armstrong REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-0914 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0914 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 SuSE 7.3 : Kernel 2.4.10-4GB Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638584813349&w=2 Reference: BUGTRAQ:20011122 Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654787226869&w=2L:2 Reference: XF:linux-vmlinux-dos(7591) Reference: URL:http://xforce.iss.net/xforce/xfdb/7591 Reference: BID:3570 Reference: URL:http://www.securityfocus.com/bid/3570 Linux kernel before 2.4.11pre3 in multiple Linux distributions allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, possibly related to poor error checking during ELF loading. Modifications: 20040723 ADDREF XF:linux-vmlinux-dos(7591) 20040723 ADDREF BID:3570 Analysis -------- Vendor Acknowledgement: yes followup ABSTRACTION: There could be a rediscovery of CVE-2000-0729, but there is insufficient information to be certain. INFERRED ACTION: CAN-2001-0914 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Baker MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-vmlinux-dos(7591) ====================================================== Candidate: CAN-2001-0951 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0951 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011207 UDP DoS attack in Win2k via IKE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100774842520403&w=2 Reference: BUGTRAQ:20011211 UDP DoS attack in Win2k via IKE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100813081913496&w=2 Reference: XF:win2k-ike-dos(7667) Reference: URL:http://xforce.iss.net/static/7667.php Reference: BID:3652 Reference: URL:http://www.securityfocus.com/bid/3652 Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. Modifications: 20040723 desc normalize DoS term Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-0951 ACCEPT_REV (3 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(1) Cole REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1029 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1029 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html Reference: XF:bsd-libutil-privilege-dropping(8697) Reference: URL:http://xforce.iss.net/xforce/xfdb/8697 Reference: OSVDB:6073 Reference: URL:http://www.osvdb.org/6073 libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. Modifications: 20040723 ADDREF XF:bsd-libutil-privilege-dropping(8697) 20040818 ADDREF OSVDB:6073 Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2001-1029 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Foat, Green MODIFY(1) Frech NOOP(2) Wall, Cole Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:bsd-libutil-privilege-dropping(8697) ====================================================== Candidate: CAN-2001-1055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1055 Final-Decision: Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010730 ARPNuke - 80 kb/s kills a whole subnet Reference: URL:http://www.securityfocus.com/archive/1/200323 Reference: BID:3113 Reference: URL:http://www.securityfocus.com/bid/3113 Reference: XF:win-arp-packet-flooding-dos(6924) Reference: URL:http://xforce.iss.net/xforce/xfdb/6924 The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. Modifications: 20040723 ADDREF XF:win-arp-packet-flooding-dos(6924) 20040723 desc - add ARPNuke Analysis -------- Vendor Acknowledgement: There is insufficient information to be able to narrow down which operating systems are affected; the disclosers did not mention these specifics. INFERRED ACTION: CAN-2001-1055 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Foat MODIFY(2) Green, Frech NOOP(3) Wall, Cole, Armstrong Voter Comments: Green> TOO VAGUE TO REACH ANY CONCLUSION Frech> XF:win-arp-packet-flooding-dos(6924) ====================================================== Candidate: CAN-2001-1066 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1066 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010827 Dangerous temp file creation during installation of Netscape 6. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99893667921216&w=2 Reference: VULNWATCH:20010827 Dangerous temp file creation during installation of Netscape 6. Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0036.html Reference: SUNBUG:4633888 Reference: BID:3243 Reference: URL:http://www.securityfocus.com/bid/3243 Reference: XF:netscape-install-tmpfile-symlink(7042) Reference: URL:http://xforce.iss.net/static/7042.php ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack. Modifications: 20040725 ADDREF SUNBUG:4633888 20040725 ADDREF BID:3243 20040725 ADDREF XF:netscape-install-tmpfile-symlink(7042) 20040725 ADDREF VULNWATCH:20010827 [VulnWatch] Dangerous temp file creation during installation of Netscape 6. Analysis -------- Vendor Acknowledgement: yes cve-vote INFERRED ACTION: CAN-2001-1066 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Dik, Green MODIFY(1) Frech NOOP(4) Foat, Cole, Armstrong, Christey REVIEWING(1) Wall Voter Comments: Dik> Verified by code inspection of ns6install from netscape 6.2.1 beta Sun bug: 4633888 (just filed) Christey> BID:3243 URL:http://www.securityfocus.com/bid/3243 XF:netscape-install-tmpfile-symlink(7042) URL:http://xforce.iss.net/static/7042.php Christey> VULNWATCH:20010827 [VulnWatch] Dangerous temp file creation during installation of Netscape 6. URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0036.html Frech> XF:netscape-install-tmpfile-symlink(7042) ====================================================== Candidate: CAN-2001-1069 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1069 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20010822 Adobe Acrobat creates world writable ~/AdobeFnt.lst files Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99849121502399&w=2 Reference: MISC:http://lists.debian.org/debian-security/2001/debian-security-200101/msg00085.html Reference: BID:3225 Reference: URL:http://www.securityfocus.com/bid/3225 Reference: XF:adobe-acrobat-insecure-permissions(7024) Reference: URL:http://xforce.iss.net/static/7024.php libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1069 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(3) Cole, Armstrong, Christey REVIEWING(1) Wall Voter Comments: Christey> SGI:20020806-01-I points to this candidate, but I'm not so sure that's correct; the SGI advisory discusses symlink attacks, but this CAN is related to permissions. ====================================================== Candidate: CAN-2001-1081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1081 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CONFIRM:http://freshmeat.net/releases/52020/ Reference: MLIST:[fm-news] 20010713 Newsletter for Friday, July 13th 2001 Reference: URL:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0009.html Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html Reference: BID:2994 Reference: URL:http://www.securityfocus.com/bid/2994 Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages. Modifications: 20040725 VULNWATCH:20010719 Changelog maddness (14 various broken apps) 20040725 MLIST:[fm-news] 20010713 Newsletter for Friday, July 13th 2001 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1081 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Baker MODIFY(2) Christey, Frech NOOP(2) Wall, Foat Voter Comments: Frech> ISS: ISS Security Advisory: Remote Buffer Overflow in Multiple RADIUS Implementations XF:lucent-radius-authentication-bo(6794) CONFIRM reference is no longer available. Christey> VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html MISC:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0009.html Christey> XF:lucent-radius-authentication-bo(6794) does not seem appropriate, as it deals with buffer overflows; however, this is a format string issue. XF:lucent-radius-authentication-bo(6794) is really about CAN-2001-0534. ====================================================== Candidate: CAN-2001-1098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1098 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011010 Vulnerability: Cisco PIX Firewall Manager Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0071.html Reference: CERT-VN:VU#639507 Reference: URL:http://www.kb.cert.org/vuls/id/639507 Reference: XF:cisco-pfm-plaintext-password(7265) Reference: URL:http://xforce.iss.net/static/7265.php Reference: BID:3419 Reference: URL:http://www.securityfocus.com/bid/3419 Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file. Modifications: 20040725 ADDREF BID:3419 20040725 ADDREF CERT-VN:VU#639507 Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2001-1098 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(3) Wall, Cole, Armstrong REVIEWING(1) Ziese Voter Comments: CHANGE> [Armstrong changed vote from REVIEWING to NOOP] Frech> HAS-INDEPENDENT-CONFIRMATION:http://www.kb.cert.org/vuls/id/6 39507 ====================================================== Candidate: CAN-2001-1103 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1103 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CERT-VN:VU#320944 Reference: URL:http://www.kb.cert.org/vuls/id/320944 Reference: XF:ftp-voyager-embedded-script-execution(7119) Reference: URL:http://xforce.iss.net/static/7119.php FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-1103 ACCEPT_REV (4 accept, 1 ack, 1 review) Current Votes: ACCEPT(4) Green, Baker, Frech, Ziese NOOP(3) Foat, Cole, Armstrong REVIEWING(1) Wall Voter Comments: Green> Vendor appears to have acknowledged with a new release of the product, although there is no explicit citing of the vulnerability on the vendor's website ====================================================== Candidate: CAN-2001-1186 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1186 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug. Reference: URL:http://www.securityfocus.com/archive/1/244892 Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug Memory attack Reference: URL:http://online.securityfocus.com/archive/1/244931 Reference: BUGTRAQ:20011212 Microsoft IIS/5.0 Content-Length DoS (proved) Reference: URL:http://online.securityfocus.com/archive/1/245100 Reference: BID:3667 Reference: URL:http://www.securityfocus.com/bid/3667 Reference: XF:iis-false-content-length-dos(7691) Reference: URL:http://www.iss.net/security_center/static/7691.php Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-1186 ACCEPT_REV (3 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(2) Foat, Ziese REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1200 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1200 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011217 Hot keys permissions bypass under XP Reference: URL:http://www.securityfocus.com/archive/1/246014 Reference: BID:3703 Reference: URL:http://www.securityfocus.com/bid/3703 Reference: XF:winxp-hotkey-execute-programs(7713) Reference: URL:http://www.iss.net/security_center/static/7713.php Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-1200 ACCEPT_REV (3 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(2) Cole, Ziese REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1267 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1267 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers Reference: URL:http://online.securityfocus.com/archive/1/196445 Reference: CONFIRM:ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz Reference: MANDRAKE:MDKSA-2002:066 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:066 Reference: REDHAT:RHSA-2002:096 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-096.html Reference: REDHAT:RHSA-2002:138 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-138.html Reference: REDHAT:RHSA-2003:218 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-218.html Reference: CONECTIVA:CLA-2002:538 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 Reference: HP:HPSBTL0209-068 Reference: URL:http://online.securityfocus.com/advisories/4514 Reference: XF:archive-extraction-directory-traversal(10224) Reference: URL:http://www.iss.net/security_center/static/10224.php Reference: BID:3024 Reference: URL:http://www.securityfocus.com/bid/3024 Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). Modifications: ADDREF MANDRAKE:MDKSA-2002:066 ADDREF REDHAT:RHSA-2002:096 ADDREF CONECTIVA:CLA-2002:538 ADDREF HP:HPSBTL0209-068 ADDREF XF:archive-extraction-directory-traversal(10224) 20040725 BID:3024 20040818 ADDREF REDHAT:RHSA-2002:138 20040818 ADDREF REDHAT:RHSA-2003:218 Analysis -------- Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: in the ChangeLog file for 1.13.25, the entry dated 2001-08-27 says "(extract_archive): Fix test for absolute pathnames and/or '..'." INFERRED ACTION: CAN-2001-1267 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Cole, Green MODIFY(2) Frech, Cox NOOP(3) Wall, Foat, Christey Voter Comments: Christey> MANDRAKE:MDKSA-2002:066 CHANGE> [Cox changed vote from REVIEWING to MODIFY] Cox> ADDREF: RHSA-2002:096 Frech> XF:archive-extraction-directory-traversal(10224) Christey> MANDRAKE:MDKSA-2002:066 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:066 CONECTIVA:CLA-2002:538 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 HP:HPSBTL0209-068 URL:http://online.securityfocus.com/advisories/4514 REDHAT:RHSA-2002:096 URL:http://www.redhat.com/support/errata/RHSA-2002-096.html Christey> There are a couple directory traversal variants for GNU tar out there. Can we be sure the references line up correctly? ====================================================== Candidate: CAN-2001-1279 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1279 Final-Decision: Interim-Decision: 20040825 Modified: 20030318-02 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: REDHAT:RHSA-2001:089 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-089.html Reference: FREEBSD:FreeBSD-SA-01:48 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc Reference: CONECTIVA:CLA-2002:480 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480 Reference: MANDRAKE:MDKSA-2002:032 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-032.php Reference: CALDERA:CSSA-2002-025.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt Reference: XF:tcpdump-afs-rpc-bo(7006) Reference: URL:http://www.iss.net/security_center/static/7006.php Reference: BID:3065 Reference: URL:http://online.securityfocus.com/bid/3065 Reference: CERT-VN:VU#797201 Reference: URL:http://www.kb.cert.org/vuls/id/797201 Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026. Modifications: ADDREF CONECTIVA:CLA-2002:480 ADDREF MANDRAKE:MDKSA-2002:032 ADDREF CALDERA:CSSA-2002-025.0 ADDREF XF:tcpdump-afs-rpc-bo(7006) ADDREF CERT-VN:VU#797201 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1279 ACCEPT (4 accept, 4 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Cox MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Christey> ADDREF CONECTIVA:CLA-2002:480 The Conectiva advisory references the FreeBSD advisory used in this CAN, along with other issues that are addressed. Christey> CONECTIVA:CLA-2002:480 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480 Christey> MANDRAKE:MDKSA-2002:032 CONECTIVA:CLA-2002:480 CALDERA:CSSA-2002-025.0 Frech> XF:tcpdump-afs-rpc-bo(7006) Christey> Consider whether SUSE:SuSE-SA:2002:020 addresses this issue or not. ====================================================== Candidate: CAN-2001-1302 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1302 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: NTBUGTRAQ:20010718 Changing NT/2000 accounts password from the command line Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1911 Reference: BID:3063 Reference: URL:http://www.securityfocus.com/bid/3063 Reference: XF:win2k-change-network-passwords(6876) Reference: URL:http://xforce.iss.net/static/6876.php The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-1302 ACCEPT_REV (4 accept, 0 ack, 1 review) Current Votes: ACCEPT(4) Foat, Cole, Green, Frech NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1328 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1328 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020502 Assigned: 20020501 Category: Reference: CIAC:L-103 Reference: AUSCERT:AA-2001.03 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2001.03 Reference: SUN:00203 Reference: XF:solaris-ypbind-bo(6828) Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-1328 ACCEPT_ACK_REV (2 accept, 3 ack, 1 review) Current Votes: ACCEPT(2) Green, Frech NOOP(3) Foat, Cole, Cox REVIEWING(1) Wall Voter Comments: Green> Sun Security bulletin 00203 ====================================================== Candidate: CAN-2001-1347 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1347 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010524 Elevation of privileges with debug registers on Win2K Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html Reference: XF:win2k-debug-elevate-privileges(6590) Reference: URL:http://www.iss.net/security_center/static/6590.php Reference: BID:2764 Reference: URL:http://www.securityfocus.com/bid/2764 Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2001-1347 ACCEPT_REV (4 accept, 0 ack, 1 review) Current Votes: ACCEPT(4) Foat, Cole, Green, Frech NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1350 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1350 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020602 Category: SF Reference: REDHAT:RHSA-2001:162 Reference: MISC:http://search.namazu.org/ml/namazu-devel-ja/msg02114.html Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter. Modifications: 20040725 XF:linux-namazu-css(7875) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1350 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Cole, Green, Cox MODIFY(1) Frech NOOP(2) Foat, Christey Voter Comments: Frech> XF:linux-namazu-bo(7876) Christey> This is not a buffer overflow as suggested by the XF reference, it's a CSS/XSS issue (XF:linux-namazu-css(7875)) ====================================================== Candidate: CAN-2001-1351 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1351 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020602 Category: SF Reference: REDHAT:RHSA-2001:162 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&w=2&r=1&s=namazu&q=b Reference: XF:linux-namazu-css(7875) Reference: URL:http://www.iss.net/security_center/static/7875.php Reference: OSVDB:5690 Reference: URL:http://www.osvdb.org/5690 Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers. Modifications: ADDREF XF:linux-namazu-css(7875) 20040818 ADDREF OSVDB:5690 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1351 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Alderson, Green, Cox MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:linux-namazu-css(7875) ====================================================== Candidate: CAN-2001-1352 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1352 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020602 Category: SF Reference: REDHAT:RHSA-2001:179 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101060476404565&w=2 Reference: BUGTRAQ:20011227 Re: [RHSA-2001:162-04] Updated namazu packages are available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100947261916155&w=2 Reference: BUGTRAQ:20020109 Details on the updated namazu packages that are available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101068116016472&w=2 Reference: XF:linux-namazu-css(7875) Reference: URL:http://xforce.iss.net/xforce/xfdb/7875 Reference: OSVDB:5691 Reference: URL:http://www.osvdb.org/5691 Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter. Modifications: 20040725 ADDREF XF:linux-namazu-css(7875) 20040818 ADDREF OSVDB:5691 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1352 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Wall, Cole, Alderson, Green, Cox MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:linux-namazu-css(7875) ====================================================== Candidate: CAN-2001-1367 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1367 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:http://phpslice.org/comments.php?aid=1031&; Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html Reference: XF:phpslice-checkaccess-function-privileges(9649) Reference: URL:http://xforce.iss.net/xforce/xfdb/9649 The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges. Modifications: 20040725 ADDREF XF:phpslice-checkaccess-function-privileges(9649) Analysis -------- Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: a post on the vendor web page states "Due to a stupid mistake on a line in the checkAccess() function, PHPSlice 0.1.4 (and potentially all earlier releases as well) has a gaping security hole that allows any user to perform administrative tasks if they enter the correct URL." ACCURACY: while the vendor's statement implies that the problem was fixed after 0.1.4, a review of the source code indicates that it actually wasn't fixed until 0.1.7. INFERRED ACTION: CAN-2001-1367 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Cox REVIEWING(1) Alderson Voter Comments: Alderson> Is there a candidate already in existence for the problem as it relates to 0.1.4? If so, since this problem was not fixed, perhaps that one needs to be modified to include 0.1.7. Frech> XF:phpslice-checkaccess-function-privileges(9649) ====================================================== Candidate: CAN-2001-1386 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1386 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20010701 WFTPD v3.00 R5 Directory Traversal Reference: URL:http://www.securityfocus.com/archive/1/194442 Reference: XF:ftp-lnk-directory-traversal(6760) Reference: URL:http://www.iss.net/security_center/static/6760.php Reference: BID:2957 Reference: URL:http://www.securityfocus.com/bid/2957 WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-1386 ACCEPT_REV (4 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Green, Baker, Frech MODIFY(1) Foat NOOP(3) Cole, Armstrong, Cox REVIEWING(1) Wall Voter Comments: Foat> If a windows shortcut file (*.lnk) linked to a directory is uploaded, an ftp user would be3 able to have access to the directory link points by typing 'cd <file>.lnk'. If an ftp user uploads a *.lnk file to a known file for which the user does not have access and then does a 'GET' on the link, the file will be downloaded. ====================================================== Candidate: CAN-2001-1391 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1391 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2 Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html Reference: IMMUNIX:IMNX-2001-70-010-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2 Reference: CALDERA:CSSA-2001-012.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2 Reference: MANDRAKE:MDKSA-2001:037 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2 Reference: DEBIAN:DSA-047 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2 Reference: SUSE:SuSE-SA:2001:018 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2 Reference: CONECTIVA:CLA-2001:394 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2 Reference: REDHAT:RHSA-2001:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html Reference: XF:linux-cpia-memory-overwrite(11162) Reference: URL:http://xforce.iss.net/xforce/xfdb/11162 Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory. Modifications: 20040725 desc fix small typo 20040725 XF:linux-cpia-memory-overwrite(11162) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1391 ACCEPT (7 accept, 5 ack, 0 review) Current Votes: ACCEPT(6) Wall, Cole, Armstrong, Green, Baker, Cox MODIFY(1) Frech NOOP(2) Foat, Christey Voter Comments: Frech> XF:linux-ptrace-modify-process(6080) Christey> fix typo: "off-by-one" should be "Off-by-one" Christey> XF:linux-cpia-memory-overwrite(11162) is clearly the correct reference here. ====================================================== Candidate: CAN-2002-0036 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0036 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020116 Category: SF Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt Reference: CERT-VN:VU#587579 Reference: URL:http://www.kb.cert.org/vuls/id/587579 Reference: CONECTIVA:CLA-2003:639 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639 Reference: MANDRAKE:MDKSA-2003:043 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043 Reference: REDHAT:RHSA-2003:051 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html Reference: REDHAT:RHSA-2003:052 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html Reference: REDHAT:RHSA-2003:168 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html Reference: XF:kerberos-kdc-neglength-bo(11190) Reference: URL:http://xforce.iss.net/xforce/xfdb/11190 Reference: BID:6713 Reference: URL:http://www.securityfocus.com/bid/6713 Reference: OSVDB:4896 Reference: URL:http://www.osvdb.org/4896 Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. Modifications: 20040725 ADDREF REDHAT:RHSA-2003:051 20040725 ADDREF REDHAT:RHSA-2003:052 20040725 ADDREF MANDRAKE:MDKSA-2003:043 20040725 ADDREF CONECTIVA:CLA-2003:639 20040725 ADDREF XF:kerberos-kdc-neglength-bo(11190) 20040725 ADDREF BID:6713 20040818 ADDREF REDHAT:RHSA-2003:168 20040818 ADDREF OSVDB:4896 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0036 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Baker, Wall, Cole MODIFY(2) Frech, Cox NOOP(1) Christey Voter Comments: Cox> This is fixed in krb5 version 1.2.5 Cox> Addref RHSA-2003:051 Cox> Addref REDHAT:RHSA-2003:052 Christey> MANDRAKE:MDKSA-2003:043 (as suggested by Vincent Danen of Mandrake) Frech> XF:kerberos-kdc-neglength-bo(11190) ====================================================== Candidate: CAN-2002-0090 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0090 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20020315 Assigned: 20020306 Category: SF Reference: MISC:http://www.esecurityonline.com/advisories/eSO3761.asp Reference: VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0041.html Reference: BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability Reference: URL:http://online.securityfocus.com/archive/1/270149 Reference: SUNALERT:44842 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/44842 Reference: CERT-VN:VU#188507 Reference: URL:http://www.kb.cert.org/vuls/id/188507 Reference: BID:4633 Reference: URL:http://www.securityfocus.com/bid/4633 Reference: XF:solaris-lbxproxy-display-bo(8958) Reference: URL:http://www.iss.net/security_center/static/8958.php Reference: OVAL:OVAL179 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL179.html Reference: OVAL:OVAL86 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL86.html Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option. Modifications: ADDREF VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability ADDREF BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability ADDREF BID:4633 ADDREF CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44842&zone_32=category%3Asecurity%20lbxproxy ADDREF XF:solaris-lbxproxy-display-bo(8958) ADDREF CERT-VN:VU#188507 DESC expanded "lbx" term 20040725 Normalize SUNALERT reference 20040824 ADDREF OVAL:OVAL179 20040824 ADDREF OVAL:OVAL86 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-0090 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Balinsky, Wall, Cole, Green NOOP(3) Ziese, Foat, Christey Voter Comments: Balinsky> Patch at http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 resolves an lbxproxy buffer overflow. Christey> VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0041.html BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability URL:http://online.securityfocus.com/archive/1/270149 BID:4633 URL:http://www.securityfocus.com/bid/4633 ====================================================== Candidate: CAN-2002-0158 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0158 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20020502 Assigned: 20020327 Category: SF Reference: BUGTRAQ:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2 Reference: VULNWATCH:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 Reference: OVAL:OVAL14 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL14.html Reference: OVAL:OVAL33 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL33.html Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. Modifications: ADDREF CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 20040824 ADDREF OVAL:OVAL14 20040824 ADDREF OVAL:OVAL33 Analysis -------- Vendor Acknowledgement: yes patch ACKNOWLEDGEMENT: the description for patch 108652-52, bug 4661987, explicitly references CAN-2002-0158. INFERRED ACTION: CAN-2002-0158 ACCEPT_REV (5 accept, 1 ack, 1 review) Current Votes: ACCEPT(4) Baker, Foat, Armstrong, Green MODIFY(1) Frech NOOP(3) Christey, Cox, Cole REVIEWING(1) Wall Voter Comments: Green> The documentation of this vulnerability is compelling Christey> CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 the description for patch 108652-52, bug 4661987, explicitly references CAN-2002-0158. Green> The documentation of this vulnerability is compelling Frech> XF:solaris-xsun-co-bo(8703) Christey> I received an email on Oct 10, 2003, that suggested that other non-Sun operating systems may be affected. Christey> XSco is also affected: BUGTRAQ:20020611 SCO Openserver Xsco heap overflow. URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102380830430665&w=2 VULN-DEV:20020611 SCO Openserver Xsco heap overflow. URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102381771109722&w=2 CALDERA:CSSA-2003-SCO.26 ====================================================== Candidate: CAN-2002-0188 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0188 Final-Decision: Interim-Decision: 20040825 Modified: 20030320-01 Proposed: 20020611 Assigned: 20020420 Category: SF Reference: BUGTRAQ:20020516 [SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0126.html Reference: MS:MS02-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp Reference: MISC:http://www.lac.co.jp/security/english/snsadv_e/48_e.html Reference: XF:ie-content-disposition-variant2(9086) Reference: URL:http://www.iss.net/security_center/static/9086.php Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. Modifications: ADDREF BUGTRAQ:20020516 [SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically ADDREF MISC:http://www.lac.co.jp/security/english/snsadv_e/48_e.html ADDREF XF:ie-content-disposition-variant2(9086) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0188 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:ie-content-disposition-variant2(9086) ====================================================== Candidate: CAN-2002-0193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0193 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20020611 Assigned: 20020420 Category: SF Reference: MS:MS02-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp Reference: XF:ie-content-disposition-variant(9085) Reference: URL:http://xforce.iss.net/xforce/xfdb/9085 Reference: BID:4752 Reference: URL:http://www.securityfocus.com/bid/4752 Reference: OVAL:OVAL27 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL27.html Reference: OVAL:OVAL99 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL99.html Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. Modifications: 20040725 XF:ie-content-disposition-variant(9085) 20040725 BID:4752 20040824 ADDREF OVAL:OVAL27 20040824 ADDREF OVAL:OVAL99 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0193 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:ie-content-disposition-variant(9085) ====================================================== Candidate: CAN-2002-0275 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0275 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020213 Falcon Web Server Authentication Circumvention Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363946626951&w=2 Reference: VULNWATCH:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0082.html Reference: BUGTRAQ:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102253858809370&w=2 Reference: BID:4099 Reference: URL:http://online.securityfocus.com/bid/4099 Reference: XF:falcon-protected-dir-access(8189) Reference: URL:http://xforce.iss.net/xforce/xfdb/8189 Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL. Modifications: 20040725 XF:falcon-protected-dir-access(8189) 20040725 VULNWATCH:20020526 [VulnWatch] [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability 20040725 BUGTRAQ:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability Analysis -------- Vendor Acknowledgement: yes via-email ACKNOWLEDGEMENT: the vendor confirmed the issue via email. INFERRED ACTION: CAN-2002-0275 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(6) Christey, Cox, Wall, Foat, Cole, Armstrong Voter Comments: Frech> XF:falcon-protected-dir-access(8189) Christey> This issue was rediscovered a few months later: VULNWATCH:20020526 [VulnWatch] [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0082.html BUGTRAQ:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102253858809370&w=2 ====================================================== Candidate: CAN-2002-0313 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0313 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch) Reference: URL:http://online.securityfocus.com/archive/1/258365 Reference: BUGTRAQ:20020221 SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440530023617&w=2 Reference: FULLDISC:20030704 Essentia Web Server 2.12 (Linux) Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2003-July/006231.html Reference: XF:essentia-server-long-request-dos(8249) Reference: URL:http://www.iss.net/security_center/static/8249.php Reference: BID:4159 Reference: URL:http://www.securityfocus.com/bid/4159 Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL. Modifications: 20040725 ADDREF FULLDISC:20030704 Essentia Web Server 2.12 (Linux) Analysis -------- Vendor Acknowledgement: yes followup INFERRED ACTION: CAN-2002-0313 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> FULLDISC:20030704 Essentia Web Server 2.12 (Linux) URL:http://lists.netsys.com/pipermail/full-disclosure/2003-July/010909.html ====================================================== Candidate: CAN-2002-0357 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0357 Final-Decision: Interim-Decision: 20040825 Modified: 20030320-01 Proposed: 20020611 Assigned: 20020502 Category: SF Reference: SGI:20020601-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020601-01-P Reference: XF:irix-rpcpasswd-gain-privileges(9261) Reference: URL:http://www.iss.net/security_center/static/9261.php Reference: BID:4939 Reference: URL:http://online.securityfocus.com/bid/4939 Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges. Modifications: ADDREF XF:irix-rpcpasswd-gain-privileges(9261) ADDREF BID:4939 Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: SecurityFocus' title for the BID implies that the problem is due to a buffer overflow, but there does not seem to be specific information about the type of problem in the SGI advisory, which appears to be the only public information regarding this vulnerability. INFERRED ACTION: CAN-2002-0357 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> XF:irix-rpcpasswd-gain-privileges(9261) URL:http://www.iss.net/security_center/static/9261.php BID:4939 URL:http://online.securityfocus.com/bid/4939 SecurityFocus' title for the BID implies that the problem is due to a buffer overflow, but there does not seem to be specific information about the type of problem in the SGI advisory, which appears to be the only public information regarding this vulnerability. Frech> XF:irix-rpcpasswd-gain-privileges(9261) ====================================================== Candidate: CAN-2002-0362 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0362 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020506 Category: SF Reference: VULNWATCH:20020506 [VulnWatch] w00w00 on AOL Instant Messenger remote overflow #2 Reference: BUGTRAQ:20020506 w00w00 on AOL Instant Messenger remote overflow #2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102071080509955&w=2 Reference: BID:4677 Reference: URL:http://www.securityfocus.com/bid/4677 Reference: XF:aim-addexternalapp-bo(9017) Reference: URL:http://www.iss.net/security_center/static/9017.php Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711. Modifications: 20040725 ADDREF XF:aim-addexternalapp-bo(9017) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0362 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Baker, Wall MODIFY(1) Frech NOOP(5) Christey, Cox, Foat, Cole, Armstrong Voter Comments: Frech> XF:aim-addexternalapp-bo(9017) Christey> XF:aim-addexternalapp-bo(9017) URL:http://www.iss.net/security_center/static/9017.php ====================================================== Candidate: CAN-2002-0376 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0376 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020513 Category: SF Reference: ATSTAKE:A091002-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a091002-1.txt Reference: BUGTRAQ:20020925 Fwd: QuickTime for Windows ActiveX security advisory Reference: URL:http://online.securityfocus.com/archive/1/293095 Reference: XF:quicktime-activex-pluginspage-bo(10077) Reference: URL:http://www.iss.net/security_center/static/10077.php Reference: BID:5685 Reference: URL:http://www.securityfocus.com/bid/5685 Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0376 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-0380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0380 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020517 Category: SF Reference: REDHAT:RHSA-2002:094 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-094.html Reference: REDHAT:RHSA-2002:121 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-121.html Reference: REDHAT:RHSA-2003:214 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html Reference: FREEBSD:FreeBSD-SA-02:29 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102650721503642&w=2 Reference: CONECTIVA:CLA-2002:491 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000491 Reference: CALDERA:CSSA-2002-025.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt Reference: DEBIAN:DSA-255 Reference: URL:http://www.debian.org/security/2003/dsa-255 Reference: BUGTRAQ:20020606 TSLSA-2002-0055 - tcpdump Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102339541014226&w=2 Reference: XF:tcpdump-nfs-bo(9216) Reference: URL:http://www.iss.net/security_center/static/9216.php Reference: BID:4890 Reference: URL:http://online.securityfocus.com/bid/4890 Reference: HP:HPSBTL0205-044 Reference: URL:http://online.securityfocus.com/advisories/4169 Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet. Modifications: CHANGEREF REDHAT:RHSA-2002:094 (advisory ID was wrong) ADDREF FREEBSD:FreeBSD-SA-02:29 ADDREF CONECTIVA:CLA-2002:491 ADDREF CALDERA:CSSA-2002-025.0 ADDREF XF:tcpdump-nfs-bo(9216) ADDREF BID:4890 ADDREF BUGTRAQ:20020606 TSLSA-2002-0055 - tcpdump ADDREF HP:HPSBTL0205-044 20040818 ADDREF REDHAT:RHSA-2002:121 20040818 ADDREF REDHAT:RHSA-2003:214 20040818 ADDREF DEBIAN:DSA-255 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0380 ACCEPT (6 accept, 5 ack, 0 review) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong MODIFY(2) Frech, Cox NOOP(2) Christey, Foat Voter Comments: Cox> ADDREF: CLA-2002:491 TSLSA-2002-0055 Christey> I clearly screwed up the references here. This is supposed to be REDHAT:RHSA-2002:094. #089 is already covered by CAN-2001-1279. ADDREF FREEBSD:FreeBSD-SA-02:29 Christey> CALDERA:CSSA-2002-025.0 CONECTIVA:CLA-2002:491 Consider SUSE:SuSE-SA:2002:020, but beware that it upgrades *to* 3.6.2, and it mentions *AFS* packets. There are no cross-references to know for sure whether they meant this tcpdump vulnerability or an older one. Frech> XF:tcpdump-nfs-bo(9216) Christey> HP:HPSBTL0205-044 URL:http://online.securityfocus.com/advisories/4169 Christey> I'm not going to add the SuSE reference, which may be describing CAN-2001-1279. I don't want to hold this CAN back from promotion to an entry any further. ====================================================== Candidate: CAN-2002-0384 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0384 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020522 Category: SF Reference: REDHAT:RHSA-2002:098 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-098.html Reference: REDHAT:RHSA-2002:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-107.html Reference: REDHAT:RHSA-2002:122 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-122.html Reference: REDHAT:RHSA-2003:156 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-156.html Reference: MANDRAKE:MDKSA-2002:054 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-054.php Reference: HP:HPSBTL0208-057 Reference: URL:http://online.securityfocus.com/advisories/4358 Reference: XF:gaim-jabber-module-bo(9766) Reference: URL:http://www.iss.net/security_center/static/9766.php Reference: BID:5406 Reference: URL:http://www.securityfocus.com/bid/5406 Reference: OSVDB:3729 Reference: URL:http://www.osvdb.org/3729 Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code. Modifications: 20040725 ADDREF REDHAT:RHSA-2003:122 20040818 ADDREF REDHAT:RHSA-2002:122 20040818 ADDREF REDHAT:RHSA-2003:156 20040725 DELREF REDHAT:RHSA-2003:122 [does not exist] 20040818 ADDREF OSVDB:3729 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0384 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Cox, Cole, Armstrong, Green NOOP(1) Christey Voter Comments: Christey> ADDREF MANDRAKE:MDKSA-2002:054 Cox> Addref: RHSA-2003:122 ====================================================== Candidate: CAN-2002-0387 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0387 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020522 Category: SF Reference: ATSTAKE:A031303-1 Reference: URL:http://www.atstake.com/research/advisories/2003/a031303-1.txt Reference: SUNALERT:52022 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/52022 Reference: CIAC:N-064 Reference: URL:http://www.ciac.org/ciac/bulletins/n-064.shtml Reference: XF:sunone-gxnsapi6-bo(11529) Reference: URL:http://xforce.iss.net/xforce/xfdb/11529 Reference: BID:7082 Reference: URL:http://www.securityfocus.com/bid/7082 Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL. Modifications: 20040725 ADDREF XF:sunone-gxnsapi6-bo(11529) 20040725 ADDREF SUNALERT:52022 20040725 CIAC:N-064 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0387 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Stracener, Green NOOP(3) Cox, Wall, Cole Voter Comments: Green> ACKNOWLEDGED IN SP1 AVAILABLE AT http://wwws.sun.com/software/download/products/3e3afb89.html Stracener> cf. Sun[tm] ONE Application Server, Enterprise Edition 6.5 Service Pack 1 ====================================================== Candidate: CAN-2002-0395 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0395 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Reference: XF:redm-1050ap-tftp-bruteforce(9264) Reference: URL:http://xforce.iss.net/xforce/xfdb/9264 The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods. Modifications: 20040725 ADDREF XF:redm-1050ap-tftp-bruteforce(9264) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0395 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Baker, Foat MODIFY(1) Frech NOOP(4) Cox, Wall, Cole, Armstrong Voter Comments: Frech> XF:redm-1050ap-tftp-bruteforce (9264) ====================================================== Candidate: CAN-2002-0396 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0396 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Reference: XF:redm-1050ap-insecure-session(9265) Reference: URL:http://xforce.iss.net/xforce/xfdb/9265 The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session. Modifications: 20040725 ADDREF XF:redm-1050ap-insecure-session(9265) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0396 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Baker, Foat MODIFY(1) Frech NOOP(4) Cox, Wall, Cole, Armstrong Voter Comments: Frech> XF:redm-1050ap-insecure-session(9265) ====================================================== Candidate: CAN-2002-0397 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0397 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Reference: XF:redm-1050ap-device-existence(9266) Reference: URL:http://xforce.iss.net/xforce/xfdb/9266 Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887. Modifications: 20040725 ADDREF XF:redm-1050ap-device-existence(9266) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0397 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Baker, Foat MODIFY(1) Frech NOOP(4) Cox, Wall, Cole, Armstrong Voter Comments: Frech> XF:redm-1050ap-device-existence (9266) ====================================================== Candidate: CAN-2002-0398 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0398 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Reference: XF:redm-1050ap-ppp-dos(9267) Reference: URL:http://xforce.iss.net/xforce/xfdb/9267 Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name. Modifications: 20040725 ADDREF XF:redm-1050ap-ppp-dos(9267) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0398 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Baker, Foat MODIFY(1) Frech NOOP(4) Cox, Wall, Cole, Armstrong Voter Comments: Frech> XF:redm-1050ap-ppp-dos(9267) ====================================================== Candidate: CAN-2002-0400 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0400 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020603 Category: SF Reference: CERT:CA-2002-15 Reference: URL:http://www.cert.org/advisories/CA-2002-15.html Reference: CERT-VN:VU#739123 Reference: URL:http://www.kb.cert.org/vuls/id/739123 Reference: ISS:20020604 Remote Denial of Service Vulnerability in ISC BIND Reference: CALDERA:CSSA-2002-SCO.24 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt Reference: CONECTIVA:CLA-2002:494 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494 Reference: HP:HPSBUX0207-202 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0022.html Reference: MANDRAKE:MDKSA-2002:038 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-038.php Reference: REDHAT:RHSA-2002:105 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-105.html Reference: REDHAT:RHSA-2002:119 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-119.html Reference: REDHAT:RHSA-2003:154 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-154.html Reference: SUSE:SuSE-SA:2002:021 Reference: URL:http://www.suse.de/de/security/2002_21_bind9.html Reference: BID:4936 Reference: URL:http://www.securityfocus.com/bid/4936 Reference: XF:bind-findtype-dos(9250) Reference: URL:http://www.iss.net/security_center/static/9250.php ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL. Modifications: ADDREF CALDERA:CSSA-2002-SCO.24 ADDREF CONECTIVA:CLA-2002:494 ADDREF SUSE:SuSE-SA:2002:021 ADDREF REDHAT:RHSA-2002:105 ADDREF MANDRAKE:MDKSA-2002:038 ADDREF BID:4936 ADDREF XF:bind-findtype-dos(9250) ADDREF HP:HPSBUX0207-202 20040725 ADDREF REDHAT:RHSA-2003:154 20040818 ADDREF REDHAT:RHSA-2002:119 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0400 ACCEPT (6 accept, 7 ack, 0 review) Current Votes: ACCEPT(6) Baker, Cox, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> CALDERA:CSSA-2002-SCO.24 Christey> CALDERA:CSSA-2002-SCO.24 URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt CONECTIVA:CLA-2002:494 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494 SUSE:SuSE-SA:2002:021 URL:http://www.suse.de/de/support/security/2002_21_bind9.html XF:bind-findtype-dos(9250) URL:http://www.iss.net/security_center/static/9250.php BID:4936 URL:http://www.securityfocus.com/bid/4936 Christey> REDHAT:RHSA-2002:105 Frech> XF:bind-findtype-dos(9250) Christey> MANDRAKE:MDKSA-2002:038 Christey> HP:HPSBUX0207-202 URL:http://archives.neohapsis.com/archives/hp/2002-q3/0022.html Christey> REDHAT:RHSA-2003:154 ====================================================== Candidate: CAN-2002-0443 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0443 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020307 Windows 2000 password policy bypass possibility Reference: URL:http://online.securityfocus.com/archive/1/260704 Reference: XF:win2k-password-bypass-policy(8402) Reference: URL:http://www.iss.net/security_center/static/8402.php Reference: BID:4256 Reference: URL:http://www.securityfocus.com/bid/4256 Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2002-0443 ACCEPT_REV (4 accept, 0 ack, 1 review) Current Votes: ACCEPT(4) Frech, Foat, Cole, Alderson NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-0444 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0444 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020408 Vulnerability: Windows2000Server running Terminalservices Reference: URL:http://www.securityfocus.com/archive/1/266729 Reference: BID:4464 Reference: URL:http://www.securityfocus.com/bid/4464 Reference: XF:win2k-terminal-bypass-policies(8813) Reference: URL:http://www.iss.net/security_center/static/8813.php Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2002-0444 ACCEPT_REV (4 accept, 0 ack, 1 review) Current Votes: ACCEPT(4) Frech, Foat, Cole, Alderson NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-0445 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0445 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020312 [ARL02-A05] PHP FirstPost System Information Path Disclosure Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/261337 Reference: XF:phpfirstpost-path-disclosure(8434) Reference: URL:http://www.iss.net/security_center/static/8434.php Reference: BID:4274 Reference: URL:http://www.securityfocus.com/bid/4274 Reference: OSVDB:7170 Reference: URL:http://www.osvdb.org/7170 article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message. Modifications: 20040818 ADDREF OSVDB:7170 Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INCLUSION: CD:EX-BETA suggests that beta software should not be included in CVE unless it is popular or in permanent beta. The home page for PHP FirstPost implies that the product is in beta; however, the discloser suggests that the developer has stopped maintaining the code, so it could be argued that this software is in "permanent beta" and should be included in CVE. INFERRED ACTION: CAN-2002-0445 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Green, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0546 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0546 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020403 Winamp: Mp3 file can control the minibrowser Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html Reference: BUGTRAQ:20020403 Re: Winamp: Mp3 file can control the minibrowser Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html Reference: XF:winamp-mp3-browser-css(8753) Reference: URL:http://www.iss.net/security_center/static/8753.php Reference: BID:4414 Reference: URL:http://www.securityfocus.com/bid/4414 Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file. Analysis -------- Vendor Acknowledgement: yes followup ACKNOWLEDGEMENT: the vendor's changelog for version 2.80 says "minibrowser security fix," but it is not clear that the vendor is fixing *this* vulnerability, as there are several issues that affect 2.79 (at least CAN-2002-0546 and CAN-2002-0547, and possibly CAN-2002-0284). INFERRED ACTION: CAN-2002-0546 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(4) Cox, Wall, Foat, Armstrong ====================================================== Candidate: CAN-2002-0615 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0615 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020726 Assigned: 20020612 Category: SF Reference: MS:MS02-032 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp Reference: XF:mediaplayer-playlist-script-execution(9422) Reference: URL:http://www.iss.net/security_center/static/9422.php Reference: BID:5110 Reference: URL:http://www.securityfocus.com/bid/5110 The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". Modifications: 20040725 ADDREF XF:mediaplayer-playlist-script-execution(9422) 20040725 ADDREF BID:5110 20040725 DELREF BID:4821 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0615 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole NOOP(2) Christey, Cox Voter Comments: Christey> XF:mediaplayer-playlist-script-execution(9422) URL:http://www.iss.net/security_center/static/9422.php BID:5110 URL:http://www.securityfocus.com/bid/5110 Christey> DELREF BID:4821 (that BID is for CVE-2002-0618) ====================================================== Candidate: CAN-2002-0627 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0627 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020617 Category: SF Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089 Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf Reference: CIAC:M-123 Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml Reference: XF:viewstation-unicode-retrieve-password(9348) Reference: URL:http://www.iss.net/security_center/static/9348.php Reference: BID:5632 Reference: URL:http://www.securityfocus.com/bid/5632 The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0627 ACCEPT_ACK (2 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0630 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0630 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020617 Category: SF Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089 Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf Reference: CIAC:M-123 Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml Reference: XF:viewstation-icmp-dos(9350) Reference: URL:http://www.iss.net/security_center/static/9350.php Reference: BID:5637 Reference: URL:http://www.securityfocus.com/bid/5637 The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0630 ACCEPT_ACK (2 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0651 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0651 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020726 Assigned: 20020628 Category: SF Reference: BUGTRAQ:20020626 Remote buffer overflow in resolver code of libc Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102513011311504&w=2 Reference: NTBUGTRAQ:20020703 Buffer overflow and DoS i BIND Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html Reference: MISC:http://www.pine.nl/advisories/pine-cert-20020601.txt Reference: CERT:CA-2002-19 Reference: URL:http://www.cert.org/advisories/CA-2002-19.html Reference: CERT-VN:VU#803539 Reference: URL:http://www.kb.cert.org/vuls/id/803539 Reference: AIXAPAR:IY32719 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0001.html Reference: AIXAPAR:IY32746 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0001.html Reference: CALDERA:CSSA-2002-SCO.37 Reference: URL:ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37 Reference: CALDERA:CSSA-2002-SCO.39 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39 Reference: CONECTIVA:CLSA-2002:507 Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507 Reference: ENGARDE:ESA-20020724-018 Reference: URL:http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html Reference: FREEBSD:FreeBSD-SA-02:28 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102520962320134&w=2 Reference: MANDRAKE:MDKSA-2002:038 Reference: URL:http://online.securityfocus.com/advisories/4397 Reference: MANDRAKE:MDKSA-2002:043 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php Reference: NETBSD:NetBSD-SA2002-006 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc Reference: REDHAT:RHSA-2002:119 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-119.html Reference: REDHAT:RHSA-2002:133 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-133.html Reference: REDHAT:RHSA-2002:139 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-139.html Reference: REDHAT:RHSA-2002:167 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-167.html Reference: REDHAT:RHSA-2003:154 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-154.html Reference: SGI:20020701-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/ Reference: BUGTRAQ:20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102579743329251&w=2 Reference: XF:dns-resolver-lib-bo(9432) Reference: URL:http://www.iss.net/security_center/static/9432.php Reference: BID:5100 Reference: URL:http://online.securityfocus.com/bid/5100 Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers. Modifications: ADDREF REDHAT:RHSA-2002:133 ADDREF MANDRAKE:MDKSA-2002:038 ADDREF CONECTIVA:CLSA-2002:507 ADDREF XF:dns-resolver-lib-bo(9432) ADDREF BUGTRAQ:20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind) ADDREF BID:5100 ADDREF SGI:20020701-01-I ADDREF REDHAT:RHSA-2002:139 ADDREF AIXAPAR:IY32719 ADDREF AIXAPAR:IY32746 ADDREF ENGARDE:ESA-20020724-018 20040725 ADDREF CALDERA:CSSA-2002-SCO.37 20040725 ADDREF CALDERA:CSSA-2002-SCO.39 20040725 ADDREF MISC:http://www.pine.nl/advisories/pine-cert-20020601.txt 20040725 ADDREF REDHAT:RHSA-2003:154 20040725 CHANGEREF CERT:VU#803539 (use CERT-VN source) 20040818 ADDREF REDHAT:RHSA-2002:119 20040818 ADDREF REDHAT:RHSA-2002:167 20040818 ADDREF REDHAT:RHSA-2003:154 20040818 DELREF REDHAT:RHSA-2002:154 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0651 ACCEPT (5 accept, 8 ack, 0 review) Current Votes: ACCEPT(5) Baker, Cox, Wall, Foat, Cole NOOP(1) Christey Voter Comments: Christey> There are actually 2 closely related issues, one in gethostbyname/etc. responses related to dn_expand(), and another in the getnetbyX functions. The getnetby* functions apparently don't affect BIND 8.x, so they should get a different CAN. See: http://marc.theaimsgroup.com/?l=bugtraq&m=102581482511612&w=2 Christey> Need to beef up the description to more clearly distinguish it from CAN-2002-0684. The NetBSD reference has details, related to padding and getanswer() and getnetanswer(). Also need to closely check each reference to see which issue(s) the reference is *really* referring to. Christey> REDHAT:RHSA-2002:133 Christey> MANDRAKE:MDKSA-2002:038 Christey> MANDRAKE:MDKSA-2002:050 Christey> The getnet* functions were assigned to CAN-2002-0684. Note: MANDRAKE:MDKSA-2002:038-1 explicitly acknowledges this issue, but the Mandrake site doesn't have this new revision yet. Don't add MANDRAKE:MDKSA-2002:050, that's for CAN-2002-0684 Christey> XF:dns-resolver-lib-bo(9432) URL:http://www.iss.net/security_center/static/9432.php CONECTIVA:CLSA-2002:507 BUGTRAQ:20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind) BID:5100 URL:http://online.securityfocus.com/bid/5100 SGI:20020701-01-I REDHAT:RHSA-2002:139 AIXAPAR:IY32719 AIXAPAR:IY32746 ENGARDE:ESA-20020724-018 Christey> CALDERA:CSSA-2002-SCO.37 URL:ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37 Christey> Change the CERT:VU#803539 to a CERT-VN reference. Christey> MISC:http://www.pine.nl/advisories/pine-cert-20020601.txt CALDERA:CSSA-2002-SCO.39 Christey> REDHAT:RHSA-2003:154 ====================================================== Candidate: CAN-2002-0662 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0662 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020702 Category: SF Reference: BUGTRAQ:20020902 The ScrollKeeper Root Trap Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103098575826031&w=2 Reference: DEBIAN:DSA-160 Reference: URL:http://www.debian.org/security/2002/dsa-160 Reference: REDHAT:RHSA-2002:186 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-186.html Reference: BUGTRAQ:20020904 GLSA: scrollkeeper Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103115387102294&w=2 Reference: XF:scrollkeeper-tmp-file-symlink(10002) Reference: URL:http://www.iss.net/security_center/static/10002.php Reference: BID:5602 Reference: URL:http://www.securityfocus.com/bid/5602 scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files. Modifications: 20040725 ADDREF XF:scrollkeeper-tmp-file-symlink(10002) 20040725 ADDREF BID:5602 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0662 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong NOOP(1) Christey Voter Comments: Christey> XF:scrollkeeper-tmp-file-symlink(10002) URL:http://www.iss.net/security_center/static/10002.php BID:5602 URL:http://www.securityfocus.com/bid/5602 ====================================================== Candidate: CAN-2002-0668 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0668 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020726 Assigned: 20020709 Category: SF Reference: ATSTAKE:A071202-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp Reference: XF:pingtel-xpressa-call-hijacking(9563) Reference: URL:http://xforce.iss.net/xforce/xfdb/9563 Reference: OSVDB:5144 Reference: URL:http://www.osvdb.org/5144 The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls. Modifications: 20040725 ADDREF XF:pingtel-xpressa-call-hijacking(9563) 20040818 ADDREF OSVDB:5144 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0668 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(5) Cox, Wall, Foat, Cole, Armstrong Voter Comments: Frech> XF:pingtel-xpressa-call-hijacking(9563) ====================================================== Candidate: CAN-2002-0672 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0672 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020726 Assigned: 20020709 Category: SF Reference: ATSTAKE:A071202-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp Reference: XF:pingtel-xpressa-factory-defaults(9567) Reference: URL:http://www.iss.net/security_center/static/9567.php Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null. Modifications: 20040725 XF:pingtel-xpressa-factory-defaults(9567) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0672 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(6) Christey, Cox, Wall, Foat, Cole, Armstrong Voter Comments: Christey> XF:pingtel-xpressa-factory-defaults(9567) URL:http://www.iss.net/security_center/static/9567.php Frech> XF:pingtel-xpressa-factory-defaults(9567) ====================================================== Candidate: CAN-2002-0673 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0673 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020726 Assigned: 20020709 Category: SF Reference: ATSTAKE:A071202-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp Reference: XF:pingtel-xpressa-phone-reregister(9568) Reference: URL:http://www.iss.net/security_center/static/9568.php The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions. Modifications: 20040725 ADDREF XF:pingtel-xpressa-phone-reregister(9568) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0673 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(6) Christey, Cox, Wall, Foat, Cole, Armstrong Voter Comments: Christey> XF:pingtel-xpressa-phone-reregister(9568) URL:http://www.iss.net/security_center/static/9568.php Frech> XF:pingtel-xpressa-phone-reregister(9568) ====================================================== Candidate: CAN-2002-0674 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0674 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020726 Assigned: 20020709 Category: SF Reference: ATSTAKE:A071202-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp Reference: XF:pingtel-xpressa-admin-timeout(9569) Reference: URL:http://xforce.iss.net/xforce/xfdb/9569 Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication. Modifications: 20040725 ADDREF XF:pingtel-xpressa-admin-timeout(9569) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0674 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(5) Cox, Wall, Foat, Cole, Armstrong Voter Comments: Frech> XF:pingtel-xpressa-admin-timeout(9569) ====================================================== Candidate: CAN-2002-0682 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0682 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020726 Assigned: 20020710 Category: SF Reference: BUGTRAQ:20020710 wp-02-0008: Apache Tomcat Cross Site Scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102631703811297&w=2 Reference: VULNWATCH:20020710 [VulnWatch] wp-02-0008: Apache Tomcat Cross Site Scripting Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0014.html Reference: XF:tomcat-servlet-xss(9520) Reference: URL:http://xforce.iss.net/xforce/xfdb/9520 Reference: BID:5193 Reference: URL:http://www.securityfocus.com/bid/5193 Reference: OSVDB:4973 Reference: URL:http://www.osvdb.org/4973 Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet. Modifications: 20040725 ADDREF XF:tomcat-servlet-xss(9520) 20040725 ADDREF BID:5193 20040818 ADDREF OSVDB:4973 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0682 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(5) Christey, Cox, Balinsky, Wall, Foat Voter Comments: Christey> XF:tomcat-servlet-xss(9520) URL:http://www.iss.net/security_center/static/9520.php BID:5193 URL:http://www.securityfocus.com/bid/5193 Frech> XF:tomcat-servlet-xss(9520) ====================================================== Candidate: CAN-2002-0692 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0692 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020712 Category: SF Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2002-September/002252.html Reference: MS:MS02-053 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-053.asp Reference: CERT-VN:VU#723537 Reference: URL:http://www.kb.cert.org/vuls/id/723537 Reference: XF:fpse-smarthtml-interpreter-dos(10194) Reference: URL:http://www.iss.net/security_center/static/10194.php Reference: XF:fpse-smarthtml-interpreter-bo(10195) Reference: URL:http://www.iss.net/security_center/static/10195.php Reference: BID:5804 Reference: URL:http://www.securityfocus.com/bid/5804 Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request. Modifications: 20040725 ADDREF CERT-VN:VU#723537 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0692 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(2) Christey, Cox Voter Comments: Christey> ADDREF CERT-VN:VU#723537 URL:http://www.kb.cert.org/vuls/id/723537 ====================================================== Candidate: CAN-2002-0694 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0694 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20020712 Category: SF Reference: MS:MS02-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-055.asp Reference: XF:win-chm-code-execution(10254) Reference: URL:http://www.iss.net/security_center/static/10254.php Reference: OVAL:OVAL403 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL403.html The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." Modifications: 20040824 ADDREF OVAL:OVAL403 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0694 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-0696 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0696 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020712 Category: SF Reference: MS:MS02-049 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-049.asp Reference: XF:ms-foxpro-app-execution(10035) Reference: URL:http://www.iss.net/security_center/static/10035.php Reference: BID:5633 Reference: URL:http://www.securityfocus.com/bid/5633 Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0696 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-0729 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0729 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102760196931518&w=2 Reference: NTBUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102760479902411&w=2 Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-0729 ACCEPT_REV (5 accept, 0 ack, 1 review) Current Votes: ACCEPT(4) Baker, Balinsky, Cole, Armstrong MODIFY(1) Frech NOOP(3) Christey, Cox, Foat REVIEWING(1) Wall Voter Comments: Balinsky> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp Frech> XF:mssql-resolution-service-bo(9661) Christey> Microsoft MS02-039 does not mention this issue, therefore it is uncertain whether they acknowledged it or not. The XF reference is for an overflow, not a malformed packet. ====================================================== Candidate: CAN-2002-0835 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0835 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020808 Category: SF Reference: REDHAT:RHSA-2002:162 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-162.html Reference: REDHAT:RHSA-2002:165 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-165.html Reference: CALDERA:CSSA-2002-044.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt Reference: HP:HPSBTL0209-066 Reference: URL:http://online.securityfocus.com/advisories/4449 Reference: BID:5596 Reference: URL:http://www.securityfocus.com/bid/5596 Reference: XF:pxe-dhcp-dos(10003) Reference: URL:http://www.iss.net/security_center/static/10003.php Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0835 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Cox ====================================================== Candidate: CAN-2002-0836 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0836 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020808 Category: SF Reference: REDHAT:RHSA-2002:194 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-194.html Reference: REDHAT:RHSA-2002:195 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-195.html Reference: MANDRAKE:MDKSA-2002:070 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php Reference: DEBIAN:DSA-207 Reference: URL:http://www.debian.org/security/2002/dsa-207 Reference: BUGTRAQ:20021018 GLSA: tetex Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103497852330838&w=2 Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005975415582&w=2 Reference: CONECTIVA:CLA-2002:537 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537 Reference: HP:HPSBTL0210-073 Reference: URL:http://www.securityfocus.com/advisories/4567 Reference: CERT-VN:VU#169841 Reference: URL:http://www.kb.cert.org/vuls/id/169841 Reference: BID:5978 Reference: URL:http://www.securityfocus.com/bid/5978 Reference: XF:dvips-system-execute-commands(10365) Reference: URL:http://www.iss.net/security_center/static/10365.php dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. Modifications: 20040725 ADDREF REDHAT:RHSA-2002:195 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0836 ACCEPT (5 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Cole, Baker, Frech, Wall MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2002:195 ====================================================== Candidate: CAN-2002-0840 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020808 Category: SF Reference: BUGTRAQ:20021002 Apache 2 Cross-Site Scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103357160425708&w=2 Reference: VULNWATCH:20021002 Apache 2 Cross-Site Scripting Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2 Reference: CONECTIVA:CLA-2002:530 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 Reference: ENGARDE:ESA-20021007-024 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2414.html Reference: MANDRAKE:MDKSA-2002:068 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php Reference: DEBIAN:DSA-187 Reference: URL:http://www.debian.org/security/2002/dsa-187 Reference: DEBIAN:DSA-188 Reference: URL:http://www.debian.org/security/2002/dsa-188 Reference: DEBIAN:DSA-195 Reference: URL:http://www.debian.org/security/2002/dsa-195 Reference: HP:HPSBUX0210-224 Reference: URL:http://online.securityfocus.com/advisories/4617 Reference: BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103376585508776&w=2 Reference: BUGTRAQ:20021017 TSLSA-2002-0069-apache Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html Reference: REDHAT:RHSA-2002:222 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-222.html Reference: REDHAT:RHSA-2002:243 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html Reference: REDHAT:RHSA-2002:244 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html Reference: REDHAT:RHSA-2002:248 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html Reference: REDHAT:RHSA-2002:251 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-251.html Reference: REDHAT:RHSA-2003:106 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-106.html Reference: SGI:20021105-02-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I Reference: CERT-VN:VU#240329 Reference: URL:http://www.kb.cert.org/vuls/id/240329 Reference: XF:apache-http-host-xss(10241) Reference: URL:http://xforce.iss.net/xforce/xfdb/10241 Reference: BID:5847 Reference: URL:http://www.securityfocus.com/bid/5847 Reference: OSVDB:862 Reference: URL:http://www.osvdb.org/862 Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Modifications: 20040725 ADDREF REDHAT:RHSA-2002:222 20040725 ADDREF REDHAT:RHSA-2002:243 20040725 ADDREF REDHAT:RHSA-2002:244 20040725 ADDREF REDHAT:RHSA-2002:248 20040725 ADDREF REDHAT:RHSA-2002:251 20040725 ADDREF SGI:20021105-02-I 20040725 ADDREF XF:apache-http-host-xss(10241) 20040725 ADDREF BID:5847 20040818 ADDREF REDHAT:RHSA-2003:106 20040818 ADDREF OSVDB:862 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-0840 ACCEPT (5 accept, 6 ack, 0 review) Current Votes: ACCEPT(3) Cole, Baker, Wall MODIFY(2) Frech, Cox NOOP(1) Christey Voter Comments: Christey> CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Cox> Addref: RHSA-2002:251 Addref: RHSA-2002:248 Addref: RHSA-2002:244 Addref: RHSA-2002:243 Addref: RHSA-2002:222 Frech> XF:apache-http-host-xss(10241) Christey> SGI:20021105-02-I URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I ====================================================== Candidate: CAN-2002-0842 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0842 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020808 Category: SF Reference: BUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549708626309&w=2 Reference: NTBUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549708626309&w=2 Reference: VULNWATCH:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0076.html Reference: MISC:http://www.nextgenss.com/advisories/ora-appservfmtst.txt Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf Reference: CERT:CA-2003-05 Reference: URL:http://www.cert.org/advisories/CA-2003-05.html Reference: CERT-VN:VU#849993 Reference: URL:http://www.kb.cert.org/vuls/id/849993 Reference: CIAC:N-046 Reference: URL:http://www.ciac.org/ciac/bulletins/n-046.shtml Reference: BUGTRAQ:20030218 CSSA-2003-007.0 Advisory withdrawn. Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav mo Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104559446010858&w=2 Reference: BUGTRAQ:20030218 Re: CSSA-2003-007.0 Advisory withdrawn. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104560577227981&w=2 Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2003-February/004258.html Reference: XF:oracle-appserver-davpublic-dos(11330) Reference: URL:http://www.iss.net/security_center/static/11330.php Reference: BID:6846 Reference: URL:http://www.securityfocus.com/bid/6846 Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror(). Modifications: 20040725 ADDREF CERT:CA-2003-05 20040725 ADDREF CIAC:N-046 20040725 ADDREF BID:6846 20040725 ADDREF MISC:http://www.nextgenss.com/advisories/ora-appservfmtst.txt Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: a SCO advisory was released which mentioned this CAN, but it was quickly rescinded. This CAN is for the issue addressed by Oracle only. NOTE: This CAN was public in 2003. It has a 2002 identifier because the CNA (Red Hat) originally assigned the CAN to the issue in 2002; but due to some early confusion regarding the "location" of the bug, and the fact that it only affected certain modifications to the package, and not the original package itself, it was a while before the bug was published. INFERRED ACTION: CAN-2002-0842 ACCEPT (5 accept, 4 ack, 0 review) Current Votes: ACCEPT(5) Cole, Baker, Frech, Cox, Wall NOOP(1) Christey Voter Comments: Christey> CERT:CA-2003-05 URL:http://www.cert.org/advisories/CA-2003-05.html CIAC:N-046 URL:http://www.ciac.org/ciac/bulletins/n-046.shtml BID:6846 URL:http://www.securityfocus.com/bid/6846 MISC:http://www.nextgenss.com/advisories/ora-appservfmtst.txt ====================================================== Candidate: CAN-2002-0844 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0844 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020830 Assigned: 20020809 Category: SF Reference: BUGTRAQ:20020525 [DER ADV#8] - Local off by one in CVSD Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102233767925177&w=2 Reference: VULNWATCH:20020525 [DER ADV#8] - Local off by one in CVSD Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html Reference: CALDERA:CSSA-2002-035.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt Reference: REDHAT:RHSA-2004:004 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-004.html Reference: SGI:20040103-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc Reference: XF:cvs-rcs-offbyone-bo(9175) Reference: URL:http://xforce.iss.net/xforce/xfdb/9175 Reference: BID:4829 Reference: URL:http://www.securityfocus.com/bid/4829 Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. Modifications: 20040725 ADDREF XF:cvs-rcs-offbyone-bo(9175) 20040725 ADDREF REDHAT:RHSA-2004:004 20040725 ADDREF SGI:20040103-01-U Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0844 ACCEPT_REV (6 accept, 3 ack, 1 review) Current Votes: ACCEPT(5) Cole, Armstrong, Alderson, Baker, Cox MODIFY(1) Frech NOOP(2) Christey, Foat REVIEWING(1) Jones Voter Comments: Jones> Vulnerable version unclear. CVE description says 1.11.2, Caldera reference says 1.11-8 is both vulnerable AND is the version of the patched code. Frech> XF:cvs-rcs-offbyone-bo(9175) Christey> REDHAT:RHSA-2004:004 URL:http://www.redhat.com/support/errata/RHSA-2004-004.html Christey> SGI:20040103-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc ====================================================== Candidate: CAN-2002-0850 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0850 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020809 Category: SF Reference: BUGTRAQ:20020906 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103133995920090&w=2 Reference: VULNWATCH:20020905 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0106.html Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/ReadMe.txt Reference: XF:pgp-long-filename-bo(10043) Reference: URL:http://xforce.iss.net/xforce/xfdb/10043 Reference: BID:5656 Reference: URL:http://www.securityfocus.com/bid/5656 Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted. Modifications: 20040725 ADDREF XF:pgp-long-filename-bo(10043) 20040725 ADDREF BID:5656 Analysis -------- Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The release notes for PGP Corporate Desktop 7.1.x state: "While PGP supports long file names, it encounters problems when it tries to encrypt or decrypt files that have names longer than 200 characters... For more information on this issue, see Foundstone Labs Advisory - 080202-PCRO." While the advisory ID is different than the one in Foundstone's Bugtraq post, Foundstone did confirm via email that both ID's reference the same issue. INFERRED ACTION: CAN-2002-0850 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0864 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0864 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020815 Category: SF Reference: BUGTRAQ:20020916 Microsoft Windows XP Remote Desktop denial of service vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103235745116592&w=2 Reference: BUGTRAQ:20020918 Microsoft Windows Terminal Services vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103236181522253&w=2 Reference: MS:MS02-051 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-051.asp Reference: XF:winxp-remote-desktop-dos(10120) Reference: URL:http://www.iss.net/security_center/static/10120.php Reference: BID:5713 Reference: URL:http://www.securityfocus.com/bid/5713 The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0864 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Wall NOOP(1) Cox ====================================================== Candidate: CAN-2002-0865 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0865 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020815 Category: SF Reference: MS:MS02-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp Reference: CERT-VN:VU#140898 Reference: URL:http://www.kb.cert.org/vuls/id/140898 Reference: XF:msvm-xml-methods-access(10135) Reference: URL:http://www.iss.net/security_center/static/10135.php Reference: BID:5752 Reference: URL:http://online.securityfocus.com/bid/5752 A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes." Modifications: 20040725 ADDREF CERT-VN:VU#140898 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0865 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Wall NOOP(2) Christey, Cox Voter Comments: Christey> ADDREF CERT-VN:VU#140898 URL:http://www.kb.cert.org/vuls/id/140898 This VU# also explicitly mentions the com.ms.osp.ospmrshl class. ====================================================== Candidate: CAN-2002-0866 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0866 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020815 Category: SF Reference: BUGTRAQ:20020923 Technical information about the vulnerabilities fixed by MS-02-52 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0271.html Reference: MS:MS02-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp Reference: CERT-VN:VU#307306 Reference: URL:http://www.kb.cert.org/vuls/id/307306 Reference: XF:msvm-jdbc-dll-execution(10133) Reference: URL:http://www.iss.net/security_center/static/10133.php Reference: BID:5751 Reference: URL:http://online.securityfocus.com/bid/5751 Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes." Modifications: 20040725 ADDREF CERT-VN:VU#307306 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0866 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Wall NOOP(2) Christey, Cox Voter Comments: Christey> ADDREF CERT-VN:VU#307306 URL:http://www.kb.cert.org/vuls/id/307306 ====================================================== Candidate: CAN-2002-0867 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0867 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020815 Category: SF Reference: MS:MS02-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp Reference: CERT-VN:VU#792881 Reference: URL:http://www.kb.cert.org/vuls/id/792881 Reference: XF:msvm-jdbc-ie-dos(10134) Reference: URL:http://www.iss.net/security_center/static/10134.php Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw." Modifications: 20040725 CERT-VN:VU#792881 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0867 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Wall NOOP(2) Christey, Cox Voter Comments: Christey> ADDREF CERT-VN:VU#792881 URL:http://www.kb.cert.org/vuls/id/792881 Consider adding BID:5670 ====================================================== Candidate: CAN-2002-0895 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0895 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020522 MatuFtpServer Remote Buffer Overflow and Possible DoS Reference: URL:http://online.securityfocus.com/archive/1/273581 Reference: BID:4792 Reference: URL:http://www.securityfocus.com/bid/4792 Reference: XF:matuftpserver-pass-bo(9138) Reference: URL:http://www.iss.net/security_center/static/9138.php Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PASS (password) command. Analysis -------- Vendor Acknowledgement: ACKNOWLEDGEMENT: vendor web page is in Japanese, so acknowledgement could not be determined. INFERRED ACTION: CAN-2002-0895 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Alderson, Frech, Jones NOOP(4) Cole, Armstrong, Cox, Foat Voter Comments: Alderson> The fact that the vendor page is in Japanese and therefore couldnt be verified may highlight future problems of a similar nature. ====================================================== Candidate: CAN-2002-0969 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0969 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020820 Category: SF Reference: VULNWATCH:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html Reference: BUGTRAQ:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103358628011935&w=2 Reference: MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt Reference: CONFIRM:http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x Reference: XF:mysql-myini-datadir-bo(10243) Reference: URL:http://www.iss.net/security_center/static/10243.php Reference: BID:5853 Reference: URL:http://www.securityfocus.com/bid/5853 Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. Modifications: 20040725 desc - add Win32 Analysis -------- Vendor Acknowledgement: unknown ACKNOWLEDGEMENT: The changelog for "Changes in release 3.23.50 (21 Apr 2002)" says: "Fixed buffer overflow problem if someone specified a too long datadir parameter to mysqld." INFERRED ACTION: CAN-2002-0969 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Cox, Wall Voter Comments: Cox> Note that description should refer to Win32 platform Green> THE VENDOR'S STATEMENTS IN THE CHANGELOG SHOULD SURFICE AS ACKNOWLEDGEMENT ====================================================== Candidate: CAN-2002-0970 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0970 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020812 Re: IE SSL Vulnerability (Konqueror affected too) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918241005893&w=2 Reference: BUGTRAQ:20020818 KDE Security Advisory: Konqueror SSL vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0170.html Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020818-1.txt Reference: DEBIAN:DSA-155 Reference: URL:http://www.debian.org/security/2002/dsa-155 Reference: MANDRAKE:MDKSA-2002:058 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:058 Reference: CALDERA:CSSA-2002-047.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt Reference: CONECTIVA:CLA-2002:519 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000519 Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: REDHAT:RHSA-2002:221 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-221.html Reference: XF:ssl-ca-certificate-spoofing(9776) Reference: URL:http://xforce.iss.net/xforce/xfdb/9776 Reference: BID:5410 Reference: URL:http://www.securityfocus.com/bid/5410 The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. Modifications: ADDREF BUGTRAQ:20020818 KDE Security Advisory: Konqueror SSL vulnerability ADDREF CONFIRM:http://www.kde.org/info/security/advisory-20020818-1.txt ADDREF MANDRAKE:MDKSA-2002:058 ADDREF CALDERA:CSSA-2002-047.0 ADDREF CONECTIVA:CLA-2002:519 ADDREF REDHAT:RHSA-2002:220 20040725 ADDREF XF:ssl-ca-certificate-spoofing(9776) 20040725 ADDREF BID:5410 20040818 ADDREF REDHAT:RHSA-2002:221 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0970 ACCEPT (5 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox MODIFY(1) Frech NOOP(3) Foat, Christey, Wall Voter Comments: Christey> CAN-2002-0970 and CAN-2002-0828 are treated differently because, as I understand it, the SSL design requires that you verify Basic Constraints. Here, we have 2 separate implementations that had the same implementation error, just like the 20+ FTP servers have the "buffer overflow in USER command" implementation error. It is assumed that CAN-2002-0970 and CAN-2002-0828 don't share the same codebases. Christey> BUGTRAQ:20020818 KDE Security Advisory: Konqueror SSL vulnerability URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0170.html Christey> CONFIRM:http://www.kde.org/info/security/advisory-20020818-1.txt MANDRAKE:MDKSA-2002:058 Christey> CALDERA:CSSA-2002-047.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt Christey> CONECTIVA:CLA-2002:519 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000519 Christey> REDHAT:RHSA-2002:220 Frech> XF:ssl-ca-certificate-spoofing(9776) ====================================================== Candidate: CAN-2002-0974 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0974 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020815 Delete arbitrary files using Help and Support Center [MSRC 1198dg] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102942549832077&w=2 Reference: MS:MS02-060 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-060.asp Reference: MSKB:Q328940 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q328940 Reference: XF:winxp-helpctr-delete-files(9878) Reference: URL:http://www.iss.net/security_center/static/9878.php Reference: BID:5478 Reference: URL:http://www.securityfocus.com/bid/5478 Reference: OSVDB:3001 Reference: URL:http://www.osvdb.org/3001 Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm. Modifications: 20040725 ADDREF MS:MS02-060 20040725 ADDREF MSKB:Q328940 20040725 ADDREF XF:winxp-helpctr-delete-files(9878) 20040725 ADDREF BID:5478 20040818 ADDREF OSVDB:3001 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-0974 ACCEPT_REV (3 accept, 2 ack, 1 review) Current Votes: ACCEPT(2) Foat, Armstrong MODIFY(1) Frech NOOP(3) Cole, Christey, Cox REVIEWING(1) Wall Voter Comments: Christey> MSKB:Q328940 Christey> MS:MS02-060 URL:http://www.microsoft.com/technet/security/bulletin/ms02-060.asp XF:winxp-helpctr-delete-files(9878) URL:http://www.iss.net/security_center/static/9878.php BID:5478 URL:http://www.securityfocus.com/bid/5478 Frech> XF:winxp-helpctr-delete-files(9878) ====================================================== Candidate: CAN-2002-0985 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0985 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020830 Assigned: 20020823 Category: SF Reference: BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail() Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2 Reference: DEBIAN:DSA-168 Reference: URL:http://www.debian.org/security/2002/dsa-168 Reference: REDHAT:RHSA-2002:213 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-213.html Reference: REDHAT:RHSA-2002:214 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-214.html Reference: REDHAT:RHSA-2002:243 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html Reference: REDHAT:RHSA-2002:244 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html Reference: REDHAT:RHSA-2002:248 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html Reference: REDHAT:RHSA-2003:159 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-159.html Reference: SUSE:SuSE-SA:2002:036 Reference: URL:http://www.suse.de/de/security/2002_036_modphp4.html Reference: CONECTIVA:CLA-2002:545 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 Reference: CALDERA:CSSA-2003-008.0 Reference: XF:php-mail-safemode-bypass(9966) Reference: URL:http://xforce.iss.net/xforce/xfdb/9966 Reference: BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2 Reference: MANDRAKE:MDKSA-2003:082 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:0 Reference: OSVDB:2111 Reference: URL:http://www.osvdb.org/2111 Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. Modifications: 20040725 desc change "remote attackers" 20040725 desc say "argument injection" 20040725 ADDREF DEBIAN:DSA-168 20040725 ADDREF SUSE:SuSE-SA:2002:036 20040725 ADDREF REDHAT:RHSA-2002:213 20040725 ADDREF CONECTIVA:CLA-2002:545 20040725 ADDREF CALDERA:CSSA-2003-008.0 20040725 ADDREF XF:php-mail-safemode-bypass(9966) 20040725 ADDREF BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) 20040725 ADDREF MANDRAKE:MDKSA-2003:082 20040818 ADDREF REDHAT:RHSA-2002:214 20040818 ADDREF REDHAT:RHSA-2002:243 20040818 ADDREF REDHAT:RHSA-2002:244 20040818 ADDREF REDHAT:RHSA-2002:248 20040818 ADDREF REDHAT:RHSA-2003:159 20040818 ADDREF OSVDB:2111 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0985 ACCEPT_ACK (2 accept, 4 ack, 0 review) Current Votes: MODIFY(2) Frech, Cox NOOP(5) Foat, Cole, Armstrong, Christey, Wall Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] CHANGE> [Cox changed vote from ACCEPT to MODIFY] Cox> this should read "local script authors" not "remote attackers" (can be confirmed by checking the PHP advisory too). Christey> DEBIAN:DSA-168 Christey> SUSE:SuSE-SA:2002:036 Christey> REDHAT:RHSA-2002:213 URL:http://www.redhat.com/support/errata/RHSA-2002-213.html Christey> CONECTIVA:CLA-2002:545 Christey> Ummm... what is the relationship between this and CVE-2001-1246? The Debian advisory may help to make the distinction. XF:php-mail-safemode-bypass(9966) URL:http://www.iss.net/security_center/static/9966.php Christey> CALDERA:CSSA-2003-008.0 Frech> XF:php-mail-safemode-bypass(9966) Christey> BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2 Christey> MANDRAKE:MDKSA-2003:082 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:082 ====================================================== Candidate: CAN-2002-0986 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0986 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020830 Assigned: 20020823 Category: SF Reference: BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail() Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2 Reference: DEBIAN:DSA-168 Reference: URL:http://www.debian.org/security/2002/dsa-168 Reference: SUSE:SuSE-SA:2002:036 Reference: URL:http://www.suse.de/de/security/2002_036_modphp4.html Reference: REDHAT:RHSA-2002:213 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-213.html Reference: REDHAT:RHSA-2002:214 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-214.html Reference: REDHAT:RHSA-2002:243 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html Reference: REDHAT:RHSA-2002:244 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html Reference: REDHAT:RHSA-2002:248 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html Reference: REDHAT:RHSA-2003:159 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-159.html Reference: CONECTIVA:CLA-2002:545 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 Reference: CALDERA:CSSA-2003-008.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt Reference: MANDRAKE:MDKSA-2003:082 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 Reference: BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2 Reference: XF:php-mail-ascii-injection(9959) Reference: URL:http://xforce.iss.net/xforce/xfdb/9959 Reference: BID:5562 Reference: URL:http://www.securityfocus.com/bid/5562 Reference: OSVDB:2160 Reference: URL:http://www.osvdb.org/2160 The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." Modifications: 20040725 ADDREF DEBIAN:DSA-168 20040725 ADDREF SUSE:SuSE-SA:2002:036 20040725 ADDREF REDHAT:RHSA-2002:213 20040725 ADDREF CONECTIVA:CLA-2002:545 20040725 ADDREF CALDERA:CSSA-2003-008.0 20040725 ADDREF MANDRAKE:MDKSA-2003:082 20040725 ADDREF BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) 20040725 ADDREF XF:php-mail-ascii-injection(9959) 20040725 ADDREF BID:5562 20040818 ADDREF REDHAT:RHSA-2002:214 20040818 ADDREF REDHAT:RHSA-2002:243 20040818 ADDREF REDHAT:RHSA-2002:244 20040818 ADDREF REDHAT:RHSA-2002:248 20040818 ADDREF REDHAT:RHSA-2003:159 20040818 ADDREF OSVDB:2160 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0986 ACCEPT_ACK (2 accept, 4 ack, 0 review) Current Votes: ACCEPT(1) Cox MODIFY(1) Frech NOOP(5) Foat, Cole, Armstrong, Christey, Wall Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Christey> DEBIAN:DSA-168 Christey> SUSE:SuSE-SA:2002:036 Christey> REDHAT:RHSA-2002:213 URL:http://www.redhat.com/support/errata/RHSA-2002-213.html Christey> CONECTIVA:CLA-2002:545 Christey> XF:php-mail-ascii-injection(9959) URL:http://www.iss.net/security_center/static/9959.php BID:5562 URL:http://www.securityfocus.com/bid/5562 Christey> CALDERA:CSSA-2003-008.0 Frech> XF:php-mail-ascii-injection(9959) Christey> BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2 Christey> MANDRAKE:MDKSA-2003:082 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:082 ====================================================== Candidate: CAN-2002-0990 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0990 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20021014 Multiple Symantec Firewall Secure Webserver timeout DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103463869503124&w=2 Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html Reference: BID:5958 Reference: URL:http://www.securityfocus.com/bid/5958 Reference: XF:simple-webserver-url-dos(10364) Reference: URL:http://www.iss.net/security_center/static/10364.php The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0990 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1091 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1091 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134051120770&w=2 Reference: MISC:http://crash.ihug.co.nz/~Sneuro/zerogif/ Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=157989 Reference: MANDRAKE:MDKSA-2002:075 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075 Reference: REDHAT:RHSA-2002:192 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html Reference: REDHAT:RHSA-2003:046 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-046.html Reference: XF:netscape-zero-gif-bo(10058) Reference: URL:http://www.iss.net/security_center/static/10058.php Reference: BID:5665 Reference: URL:http://www.securityfocus.com/bid/5665 Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width. Modifications: 20040725 ADDREF REDHAT:RHSA-2003:046 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1091 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2003:046 Green> ACKNOWLEDGED IN REDHAT ERRATA ====================================================== Candidate: CAN-2002-1092 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1092 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-bypass-authentication(10017) Reference: URL:http://xforce.iss.net/xforce/xfdb/10017 Reference: BID:5613 Reference: URL:http://www.securityfocus.com/bid/5613 Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication. Modifications: 20040725 ADDREF XF:cisco-vpn-bypass-authentication(10017) 20040725 ADDREF BID:5613 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1092 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1093 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1093 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-html-parser-dos(10018) Reference: URL:http://www.iss.net/security_center/static/10018.php Reference: BID:5615 Reference: URL:http://www.securityfocus.com/bid/5615 HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1093 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1095 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-pptp-dos(10021) Reference: URL:http://www.iss.net/security_center/static/10021.php Reference: BID:5625 Reference: URL:http://www.securityfocus.com/bid/5625 Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1095 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1096 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1096 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: BID:5611 Reference: URL:http://www.securityfocus.com/bid/5611 Reference: XF:cisco-vpn-user-passwords(10019) Reference: URL:http://www.iss.net/security_center/static/10019.php Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1096 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1097 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1097 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-certificate-passwords(10022) Reference: URL:http://www.iss.net/security_center/static/10022.php Reference: BID:5612 Reference: URL:http://www.securityfocus.com/bid/5612 Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1097 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1098 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-xml-filter(10023) Reference: URL:http://www.iss.net/security_center/static/10023.php Reference: BID:5614 Reference: URL:http://www.securityfocus.com/bid/5614 Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1098 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1099 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-web-access(10024) Reference: URL:http://www.iss.net/security_center/static/10024.php Reference: BID:5616 Reference: URL:http://www.securityfocus.com/bid/5616 Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1099 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1102 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1102 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-lan-connection-dos(10027) Reference: URL:http://xforce.iss.net/xforce/xfdb/10027 Reference: BID:5622 Reference: URL:http://www.securityfocus.com/bid/5622 The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection. Modifications: 20040725 ADDREF XF:cisco-vpn-lan-connection-dos(10027) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1102 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1104 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1104 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml Reference: XF:cisco-vpn-tcp-dos(10042) Reference: URL:http://xforce.iss.net/xforce/xfdb/10042 Reference: BID:5649 Reference: URL:http://www.securityfocus.com/bid/5649 Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS). Modifications: 20040725 ADDREF XF:cisco-vpn-tcp-dos(10042) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1104 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1105 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1105 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml Reference: XF:cisco-vpn-obtain-password(10044) Reference: URL:http://xforce.iss.net/xforce/xfdb/10044 Reference: BID:5650 Reference: URL:http://www.securityfocus.com/bid/5650 Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password. Modifications: 20040725 desc - add "local users" 20040725 ADDREF XF:cisco-vpn-obtain-password(10044) 20040725 ADDREF BID:5650 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1105 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(1) Cox REVIEWING(1) Jones Voter Comments: Jones> [JHJ] "...allows local attackers..."? ====================================================== Candidate: CAN-2002-1106 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1106 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml Reference: XF:cisco-vpn-certificate-mitm(10045) Reference: URL:http://xforce.iss.net/xforce/xfdb/10045 Reference: BID:5652 Reference: URL:http://www.securityfocus.com/bid/5652 Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks. Modifications: 20040725 ADDREF XF:cisco-vpn-certificate-mitm(10045) 20040725 ADDREF BID:5652 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1106 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1107 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1107 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml Reference: XF:cisco-vpn-random-numbers(10046) Reference: URL:http://xforce.iss.net/xforce/xfdb/10046 Reference: BID:5653 Reference: URL:http://www.securityfocus.com/bid/5653 Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. Modifications: 20040725 ADDREF XF:cisco-vpn-random-numbers(10046) 20040725 ADDREF BID:5653 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1107 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole MODIFY(1) Jones NOOP(1) Cox Voter Comments: Jones> Suggest changing "...vulnerable to certain attacks such as spoofing." to "vulnerable to certain attacks which exploit this cryptographic weakness." Spoofing is a specific example of a broader class of attacks based on the weak RN generation. ====================================================== Candidate: CAN-2002-1108 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1108 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml Reference: XF:cisco-vpn-tcp-filter(10047) Reference: URL:http://xforce.iss.net/xforce/xfdb/10047 Reference: BID:5651 Reference: URL:http://www.securityfocus.com/bid/5651 Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel. Modifications: ADDREF 20040725 XF:cisco-vpn-tcp-filter(10047) ADDREF 20040725 BID:5651 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1108 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole MODIFY(1) Jones NOOP(1) Cox Voter Comments: Jones> Suggest adding quotes around "all tunnel", e.g., ...configured with "all tunnel" mode..., to remove amiguity. ====================================================== Candidate: CAN-2002-1109 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1109 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CONFIRM:http://marc.theaimsgroup.com/?l=amavis-announce&m=103121272122242&w=2 Reference: BUGTRAQ:20020905 GLSA: amavis Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103124270321404&w=2 Reference: XF:amavis-securetar-tar-dos(10056) Reference: URL:http://www.iss.net/security_center/static/10056.php securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1109 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1111 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978873620491&w=2 Reference: DEBIAN:DSA-153 Reference: URL:http://www.debian.org/security/2002/dsa-153 Reference: BID:5515 Reference: URL:http://www.securityfocus.com/bid/5515 Reference: XF:mantis-limit-reporters-bypass(9898) Reference: URL:http://xforce.iss.net/xforce/xfdb/9898 print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted. Modifications: 20040725 ADDREF XF:mantis-limit-reporters-bypass(9898) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1111 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1112 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1112 Final-Decision: Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978673018271&w=2 Reference: DEBIAN:DSA-153 Reference: URL:http://www.debian.org/security/2002/dsa-153 Reference: BID:5514 Reference: URL:http://www.securityfocus.com/bid/5514 Reference: XF:mantis-private-project-bug-listing(9899) Reference: URL:http://xforce.iss.net/xforce/xfdb/9899 Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page. Modifications: 20040725 ADDREF XF:mantis-private-project-bug-listing(9899) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1112 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1113 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1113 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020813 mantisbt security flaw Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102927873301965&w=2 Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-04] Arbitrary code execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978924821040&w=2 Reference: DEBIAN:DSA-153 Reference: URL:http://www.debian.org/security/2002/dsa-153 Reference: BID:5504 Reference: URL:http://www.securityfocus.com/bid/5504 Reference: XF:mantis-include-remote-files(9829) Reference: URL:http://xforce.iss.net/xforce/xfdb/9829 Reference: OSVDB:4858 Reference: URL:http://www.osvdb.org/4858 summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code. Modifications: 20040725 ADDREF XF:mantis-include-remote-files(9829) 20040818 ADDREF OSVDB:4858 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1113 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1116 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1116 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on 'View Bugs' Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103014152320112&w=2 Reference: DEBIAN:DSA-161 Reference: URL:http://www.debian.org/security/2002/dsa-161 The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1116 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1117 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1117 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020906 Veritas Backup Exec opens networks for NetBIOS based attacks? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134395124579&w=2 Reference: BUGTRAQ:20020906 UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134930629683&w=2 Reference: CONFIRM:http://seer.support.veritas.com/docs/238618.htm Reference: XF:veritas-backupexec-restrictanonymous-zero(10093) Reference: URL:http://xforce.iss.net/xforce/xfdb/10093 Reference: OSVDB:8230 Reference: URL:http://www.osvdb.org/8230 Reference: OVAL:OVAL1036 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1036.html Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares. Modifications: 20040804 ADDREF XF:veritas-backupexec-restrictanonymous-zero(10093) 20040818 ADDREF OSVDB:8230 20040824 ADDREF OVAL:OVAL1036 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-1117 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1118 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1118 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020909 Category: SF Reference: VULNWATCH:20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf Reference: XF:oracle-net-services-dos(10283) Reference: URL:http://www.iss.net/security_center/static/10283.php Reference: BID:5678 Reference: URL:http://www.securityfocus.com/bid/5678 TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command. Modifications: 20040804 ADDREF BID:5678 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1118 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1119 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1119 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020909 Category: SF Reference: MISC:http://mail.python.org/pipermail/python-dev/2002-August/027229.html Reference: DEBIAN:DSA-159 Reference: URL:http://www.debian.org/security/2002/dsa-159 Reference: CONECTIVA:CLA-2002:527 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000527 Reference: CALDERA:CSSA-2002-045.0 Reference: MANDRAKE:MDKSA-2002:082 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-082.php Reference: REDHAT:RHSA-2002:202 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-202.html Reference: REDHAT:RHSA-2003:048 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-048.html Reference: BUGTRAQ:20030123 [OpenPKG-SA-2003.006] OpenPKG Security Advisory (python) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104333092200589&w=2 Reference: XF:python-execvpe-tmpfile-symlink(10009) Reference: URL:http://www.iss.net/security_center/static/10009.php Reference: BID:5581 Reference: URL:http://www.securityfocus.com/bid/5581 os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:048 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1119 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2003:048 ====================================================== Candidate: CAN-2002-1122 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1122 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020911 Category: SF Reference: VULNWATCH:20020918 Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS Scanner Reference: ISS:20020918 Flaw in Internet Scanner Parsing Mechanism Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21165 Reference: XF:is-http-response-bo(10130) Reference: URL:http://www.iss.net/security_center/static/10130.php Reference: BID:5738 Reference: URL:http://www.securityfocus.com/bid/5738 Reference: OSVDB:3150 Reference: URL:http://www.osvdb.org/3150 Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response. Modifications: 20040818 ADDREF OSVDB:3150 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1122 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1123 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1123 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020911 Category: SF Reference: BUGTRAQ:20020806 SPIKE 2.5 and associated vulns Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865925419469&w=2 Reference: BUGTRAQ:20020807 MS SQL Server Hello Overflow NASL script Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102873609025020&w=2 Reference: MS:MS02-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp Reference: BID:5411 Reference: URL:http://online.securityfocus.com/bid/5411 Reference: XF:mssql-preauth-bo(9788) Reference: URL:http://www.iss.net/security_center/static/9788.php Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow. Modifications: 20040804 [refs] delete extra XF:mssql-preauth-bo(9788) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1123 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1126 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1126 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020917 Category: SF Reference: BUGTRAQ:20020911 Privacy leak in mozilla Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103176760004720&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=145579 Reference: REDHAT:RHSA-2002:192 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html Reference: REDHAT:RHSA-2003:046 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-046.html Reference: MANDRAKE:MDKSA-2002:075 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075 Reference: XF:mozilla-onunload-url-leak(10084) Reference: URL:http://www.iss.net/security_center/static/10084.php Reference: BID:5694 Reference: URL:http://www.securityfocus.com/bid/5694 Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:046 Analysis -------- Vendor Acknowledgement: yes patch INFERRED ACTION: CAN-2002-1126 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2003:046 ====================================================== Candidate: CAN-2002-1132 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1132 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020920 Category: SF Reference: BUGTRAQ:20020919 Squirrel Mail 1.2.7 XSS Exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html Reference: REDHAT:RHSA-2002:204 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-204.html Reference: DEBIAN:DSA-191 Reference: URL:http://www.debian.org/security/2002/dsa-191 Reference: XF:squirrelmail-options-path-disclosure(10345) Reference: URL:http://www.iss.net/security_center/static/10345.php SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. Modifications: 20040804 [desc] remove "and possibly later versions" Analysis -------- Vendor Acknowledgement: yes followup INFERRED ACTION: CAN-2002-1132 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> We have verified through source code inspection that the issue mentioned in CAN-2002-1132 was fixed in upstream Squirrelmail 1.2.8 ====================================================== Candidate: CAN-2002-1135 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1135 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020923 Category: SF Reference: BUGTRAQ:20020922 PHP source injection in phpWebSite Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103279980906880&w=2 Reference: CONFIRM:http://phpwebsite.appstate.edu/article.php?sid=400 Reference: XF:phpwebsite-modsecurity-file-include(10164) Reference: URL:http://www.iss.net/security_center/static/10164.php Reference: BID:5779 Reference: URL:http://www.securityfocus.com/bid/5779 Reference: OSVDB:3848 Reference: URL:http://www.osvdb.org/3848 modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code. Modifications: 20040818 ADDREF OSVDB:3848 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1135 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1137 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1137 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MISC:http://www.scan-associates.net/papers/foxpro.txt Reference: MS:MS02-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp Reference: XF:mssql-dbcc-bo-variant(10255) Reference: URL:http://xforce.iss.net/xforce/xfdb/10255 Reference: BID:5877 Reference: URL:http://www.securityfocus.com/bid/5877 Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. Modifications: 20040804 ADDREF XF:mssql-dbcc-bo-variant(10255) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1137 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1138 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1138 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp Reference: XF:mssql-agent-create-files(10257) Reference: URL:http://www.iss.net/security_center/static/10257.php Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1138 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1139 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1139 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-054 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-054.asp Reference: XF:win-zip-incorrect-path(10252) Reference: URL:http://www.iss.net/security_center/static/10252.php Reference: BID:5876 Reference: URL:http://www.securityfocus.com/bid/5876 The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression." Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1139 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1140 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1140 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-057.asp Reference: XF:sfu-rpc-parameter-bo(10258) Reference: URL:http://www.iss.net/security_center/static/10258.php Reference: BID:5879 Reference: URL:http://www.securityfocus.com/bid/5879 The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service." Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1140 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1141 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1141 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-057.asp Reference: XF:sfu-invalid-rpc-dos(10259) Reference: URL:http://www.iss.net/security_center/static/10259.php Reference: BID:5880 Reference: URL:http://www.securityfocus.com/bid/5880 An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request." Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1141 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1142 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1142 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-065 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-065.asp Reference: VULNWATCH:20021120 Foundstone Advisory Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html Reference: MISC:http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337 Reference: CERT:CA-2002-33 Reference: URL:http://www.cert.org/advisories/CA-2002-33.html Reference: CERT-VN:VU#542081 Reference: URL:http://www.kb.cert.org/vuls/id/542081 Reference: XF:mdac-rds-server-bo(10659) Reference: URL:http://xforce.iss.net/xforce/xfdb/10659 Reference: BID:6214 Reference: URL:http://www.securityfocus.com/bid/6214 Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub. Modifications: 20040804 ADDREF VULNWATCH:20021120 Foundstone Advisory 20040804 ADDREF MISC:http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337 20040804 ADDREF CERT:CA-2002-33 20040804 ADDREF CERT-VN:VU#542081 20040804 ADDREF XF:mdac-rds-server-bo(10659) 20040804 ADDREF BID:6214 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1142 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(2) Christey, Cox Voter Comments: Christey> VULNWATCH:20021120 Foundstone Advisory URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html MISC:http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337 CERT:CA-2002-33 URL:http://www.cert.org/advisories/CA-2002-33.html CERT-VN:VU#542081 URL:http://www.kb.cert.org/vuls/id/542081 XF:mdac-rds-server-bo(10659) URL:http://xforce.iss.net/xforce/xfdb/10659 BID:6214 URL:http://www.securityfocus.com/bid/6214 ====================================================== Candidate: CAN-2002-1146 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1146 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020923 Category: SF Reference: FREEBSD:FreeBSD-SA-02:42 Reference: MANDRAKE:MDKSA-2004:009 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:009 Reference: NETBSD:NetBSD-SA2002-015 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-015.txt.asc Reference: REDHAT:RHSA-2002:197 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-197.html Reference: REDHAT:RHSA-2002:258 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-258.html Reference: REDHAT:RHSA-2003:022 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-022.html Reference: REDHAT:RHSA-2003:212 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-212.html Reference: CERT-VN:VU#738331 Reference: URL:http://www.kb.cert.org/vuls/id/738331 Reference: XF:dns-resolver-lib-read-bo(10295) Reference: URL:http://www.iss.net/security_center/static/10295.php Reference: CONECTIVA:CLA-2002:535 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535 The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). Modifications: 20040804 ADDREF REDHAT:RHSA-2003:022 20040804 ADDREF REDHAT:RHSA-2002:258 20040804 ADDREF MANDRAKE:MDKSA-2004:009 20040818 ADDREF REDHAT:RHSA-2003:212 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1146 ACCEPT (5 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: RHSA-2003:022 Addref: RHSA-2002:258 Christey> MANDRAKE:MDKSA-2004:009 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:009 ====================================================== Candidate: CAN-2002-1147 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1147 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020924 Category: SF Reference: MISC:http://www.tech-serve.com/research/advisories/2002/a092302-1.txt Reference: BUGTRAQ:20020924 HP Procurve 4000M Stacked Switch HTTP Reset Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103287951910420&w=2 Reference: HP:HPSBUX0209-219 Reference: URL:http://online.securityfocus.com/advisories/4501 Reference: BID:5784 Reference: URL:http://www.securityfocus.com/bid/5784 Reference: XF:hp-procurve-http-reset-dos(10172) Reference: URL:http://www.iss.net/security_center/static/10172.php The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1147 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Cole, Armstrong NOOP(1) Cox REVIEWING(1) Green ====================================================== Candidate: CAN-2002-1148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1148 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020924 JSP source code exposure in Tomcat 4.x Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103288242014253&w=2 Reference: DEBIAN:DSA-170 Reference: URL:http://www.debian.org/security/2002/dsa-170 Reference: HP:HPSBUX0212-229 Reference: URL:http://online.securityfocus.com/advisories/4758 Reference: REDHAT:RHSA-2002:217 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-217.html Reference: REDHAT:RHSA-2002:218 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-218.html Reference: BID:5786 Reference: URL:http://www.securityfocus.com/bid/5786 Reference: XF:tomcat-servlet-source-code(10175) Reference: URL:http://www.iss.net/security_center/static/10175.php The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:217 20040804 ADDREF REDHAT:RHSA-2002:218 Analysis -------- Vendor Acknowledgement: unknown vague ACCURACY: The "DSA-169" number was inadvertently published for two separate issues. Debian confirmed via email that DSA-169 is intended for the htcheck issue (CAN-2002-1195), and DSA-170 is intended for the Tomcat issue (CAN-2002-1148). INFERRED ACTION: CAN-2002-1148 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Armstrong MODIFY(1) Cox NOOP(2) Christey, Cole Voter Comments: Christey> DEBIAN:DSA-170 Note: DSA-170 was originally published with the DSA-169 ID, but DSA-169 is really ht://Check, and DSA-170 is really tomcat, as confirmed by Debian via email. The online advisories at www.debian.org are authoritative. Cox> Addref: RHSA-2002:218 Addref: RHSA-2002:217 ====================================================== Candidate: CAN-2002-1151 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1151 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020910 KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103175850925395&w=2 Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020908-2.txt Reference: CALDERA:CSSA-2002-047.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt Reference: CONECTIVA:CLA-2002:525 Reference: DEBIAN:DSA-167 Reference: URL:http://www.debian.org/security/2002/dsa-167 Reference: MANDRAKE:MDKSA-2002:064 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-064.php Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: REDHAT:RHSA-2002:221 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-221.html Reference: BID:5689 Reference: URL:http://online.securityfocus.com/bid/5689 Reference: XF:ie-sameoriginpolicy-bypass(10039) Reference: URL:http://www.iss.net/security_center/static/10039.php Reference: OSVDB:7867 Reference: URL:http://www.osvdb.org/7867 The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:221 20040818 ADDREF OSVDB:7867 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1151 ACCEPT (4 accept, 4 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2002:221 ====================================================== Candidate: CAN-2002-1152 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1152 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020910 KDE Security Advisory: Secure Cookie Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103175827225044&w=2 Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020908-1.txt Reference: REDHAT:RHSA-2002:220 Reference: XF:kde-konqueror-cookie-hijacking(10083) Reference: URL:http://www.iss.net/security_center/static/10083.php Reference: BID:5691 Reference: URL:http://www.securityfocus.com/bid/5691 Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1152 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong ====================================================== Candidate: CAN-2002-1153 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1153 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020919 KPMG-2002035: IBM Websphere Large Header DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103244572803950&w=2 Reference: CONFIRM:ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/pq62144/readme.txt Reference: XF:websphere-host-header-bo(10140) Reference: URL:http://www.iss.net/security_center/static/10140.php Reference: BID:5749 Reference: URL:http://www.securityfocus.com/bid/5749 Reference: OSVDB:2092 Reference: URL:http://www.osvdb.org/2092 IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host". Modifications: 20040818 ADDREF OSVDB:2092 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-1153 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-1154 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1154 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020925 Category: SF Reference: CONFIRM:http://www.analog.cx/security5.html Reference: REDHAT:RHSA-2002:059 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-059.html Reference: XF:analog-anlgform-dos(10344) Reference: URL:http://www.iss.net/security_center/static/10344.php Reference: OSVDB:3779 Reference: URL:http://www.osvdb.org/3779 anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log. Modifications: 20040818 ADDREF REDHAT:RHSA-2002:059 20040818 ADDREF OSVDB:3779 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1154 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1156 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1156 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020926 Category: SF Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04 Reference: CONFIRM:http://www.apache.org/dist/httpd/CHANGES_2.0 Reference: HP:HPSBUX0210-224 Reference: URL:http://online.securityfocus.com/advisories/4617 Reference: CERT-VN:VU#910713 Reference: URL:http://www.kb.cert.org/vuls/id/910713 Reference: BID:6065 Reference: URL:http://online.securityfocus.com/bid/6065 Reference: XF:apache-webdav-cgi-source(10499) Reference: URL:http://xforce.iss.net/xforce/xfdb/10499 Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled. Modifications: 20040804 ADDREF XF:apache-webdav-cgi-source(10499) Analysis -------- Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The change log for 2.0.43 includes the item: "SECURITY: Allow POST requests and CGI scripts to work when DAV is enabled on the location." INFERRED ACTION: CAN-2002-1156 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Baker, Cox, Wall, Cole MODIFY(1) Frech Voter Comments: Frech> XF:apache-webdav-cgi-source(10499) ====================================================== Candidate: CAN-2002-1157 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1157 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020926 Category: SF Reference: CONECTIVA:CLA-2002:541 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541 Reference: DEBIAN:DSA-181 Reference: URL:http://www.debian.org/security/2002/dsa-181 Reference: ENGARDE:ESA-20021029-027 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2512.html Reference: MANDRAKE:MDKSA-2002:072 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php Reference: REDHAT:RHSA-2002:222 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-222.html Reference: REDHAT:RHSA-2002:243 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html Reference: REDHAT:RHSA-2002:244 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html Reference: REDHAT:RHSA-2002:248 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html Reference: REDHAT:RHSA-2002:251 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-251.html Reference: REDHAT:RHSA-2003:106 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-106.html Reference: BUGTRAQ:20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache) Reference: URL:http://online.securityfocus.com/archive/1/296753 Reference: BUGTRAQ:20021026 GLSA: mod_ssl Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html Reference: BID:6029 Reference: URL:http://www.securityfocus.com/bid/6029 Reference: XF:apache-modssl-host-xss(10457) Reference: URL:http://www.iss.net/security_center/static/10457.php Reference: OSVDB:2107 Reference: URL:http://www.osvdb.org/2107 Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:248 20040804 ADDREF REDHAT:RHSA-2002:251 20040804 ADDREF REDHAT:RHSA-2002:222 20040804 ADDREF REDHAT:RHSA-2002:243 20040804 ADDREF REDHAT:RHSA-2002:244 20040818 ADDREF REDHAT:RHSA-2003:106 20040818 ADDREF OSVDB:2107 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1157 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2002:251 Addref: RHSA-2002:248 Addref: RHSA-2002:244 Addref: RHSA-2002:243 Addref: RHSA-2002:222 ====================================================== Candidate: CAN-2002-1158 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1158 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020926 Category: SF Reference: CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt Reference: DEBIAN:DSA-224 Reference: URL:http://www.debian.org/security/2003/dsa-224 Reference: REDHAT:RHSA-2002:246 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-246.html Reference: REDHAT:RHSA-2002:261 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-261.html Reference: REDHAT:RHSA-2003:115 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-115.html Reference: BUGTRAQ:20021220 GLSA: canna Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104041812206344&w=2 Reference: BID:6351 Reference: URL:http://www.securityfocus.com/bid/6351 Reference: XF:canna-irwthrough-bo(10831) Reference: URL:http://xforce.iss.net/xforce/xfdb/10831 Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:261 20040804 ADDREF BID:6351 20040804 ADDREF XF:canna-irwthrough-bo(10831) 20040804 ADDREF DEBIAN:DSA-224 20040804 ADDREF BUGTRAQ:20021220 GLSA: canna 20040804 ADDREF CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt 20040804 [desc] add "irw_through" 20040818 ADDREF REDHAT:RHSA-2003:115 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1158 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2002:261 ====================================================== Candidate: CAN-2002-1159 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1159 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020926 Category: SF Reference: DEBIAN:DSA-224 Reference: URL:http://www.debian.org/security/2003/dsa-224 Reference: REDHAT:RHSA-2002:246 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-246.html Reference: REDHAT:RHSA-2002:261 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-261.html Reference: REDHAT:RHSA-2003:115 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-115.html Reference: CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt Reference: BID:6354 Reference: URL:http://www.securityfocus.com/bid/6354 Reference: XF:canna-improper-request-validation(10832) Reference: URL:http://xforce.iss.net/xforce/xfdb/10832 Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:261 20040804 ADDREF CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt 20040804 ADDREF DEBIAN:DSA-224 20040804 ADDREF BID:6354 20040804 ADDREF XF:canna-improper-request-validation(10832) 20040818 ADDREF REDHAT:RHSA-2003:115 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1159 ACCEPT_ACK (2 accept, 3 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Cox NOOP(1) Cole Voter Comments: Cox> Addref: RHSA-2002:261 ====================================================== Candidate: CAN-2002-1160 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1160 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020926 Category: CF Reference: BUGTRAQ:20021214 BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104431622818954&w=2 Reference: CONECTIVA:CLA-2003:693 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693 Reference: MANDRAKE:MDKSA-2003:017 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:017 Reference: REDHAT:RHSA-2003:028 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-028.html Reference: REDHAT:RHSA-2003:035 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-035.html Reference: SUNALERT:55760 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55760 Reference: CERT-VN:VU#911505 Reference: URL:http://www.kb.cert.org/vuls/id/911505 Reference: BID:6753 Reference: URL:http://www.securityfocus.com/bid/6753 Reference: XF:linux-pamxauth-gain-privileges(11254) Reference: URL:http://www.iss.net/security_center/static/11254.php The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su. Modifications: 20040804 ADDREF CONECTIVA:CLA-2003:693 20040804 ADDREF CERT-VN:VU#911505 20040804 ADDREF SUNALERT:55760 20040818 ADDREF REDHAT:RHSA-2003:028 Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: while the post from Andreas Beck appears to be dated December 14, 2002, it was not actually published until February 3, 2002, as reflected in the Vendor Response section. INFERRED ACTION: CAN-2002-1160 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Green, Cox NOOP(2) Christey, Cole Voter Comments: Green> CLEARLY ACKNOWLEDGED IN THE MANDRAKE SUPPORT ADVISORY Christey> CONECTIVA:CLA-2003:693 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693 ====================================================== Candidate: CAN-2002-1169 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1169 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20030317 Assigned: 20020927 Category: SF Reference: MISC:http://www.rapid7.com/advisories/R7-0007.txt Reference: VULNWATCH:20021023 R7-0007: IBM WebSphere Edge Server Caching Proxy Denial of Service Reference: AIXAPAR:IY35970 Reference: BID:6002 Reference: URL:http://online.securityfocus.com/bid/6002 Reference: XF:ibm-wte-helpout-dos(10452) Reference: URL:http://www.iss.net/security_center/static/10452.php Reference: OSVDB:2090 Reference: URL:http://www.osvdb.org/2090 IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash. Modifications: 20040818 ADDREF OSVDB:2090 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1169 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Green, Armstrong NOOP(2) Cox, Cole Voter Comments: Green> PATCH RELEASED BY VENDOR ====================================================== Candidate: CAN-2002-1170 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1170 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020930 Category: SF Reference: BUGTRAQ:20021002 iDEFENSE Security Advisory 10.02.2002: Net-SNMP DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359362020365&w=2 Reference: BUGTRAQ:20021014 GLSA: net-snmp Reference: MISC:http://www.idefense.com/advisory/10.02.02.txt Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=216532 Reference: REDHAT:RHSA-2002:228 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-228.html The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference. Analysis -------- Vendor Acknowledgement: unknown ACCURACY: While the initial iDEFENSE report said that 5.0.5 was fixed, a followup consultation with the developer indicated that the fix was incorrect, and 5.0.6 is the first fixed version. INFERRED ACTION: CAN-2002-1170 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong ====================================================== Candidate: CAN-2002-1178 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1178 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021003 Category: SF Reference: BUGTRAQ:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103358725813039&w=2 Reference: VULNWATCH:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution Reference: MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt Reference: CONFIRM:http://groups.yahoo.com/group/jetty-announce/message/45 Reference: XF:jetty-cgiservlet-directory-traversal(10246) Reference: URL:http://www.iss.net/security_center/static/10246.php Reference: BID:5852 Reference: URL:http://www.securityfocus.com/bid/5852 Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1178 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1179 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1179 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021004 Category: SF Reference: NTBUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103429637822920&w=2 Reference: NTBUGTRAQ:20021010 Re: Problems applying MS02-058 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103429681123297&w=2 Reference: BUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103435413105661&w=2 Reference: MS:MS02-058 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-058.asp Reference: XF:outlook-smime-bo(10338) Reference: URL:http://www.iss.net/security_center/static/10338.php Reference: BID:5944 Reference: URL:http://www.securityfocus.com/bid/5944 Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1179 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1180 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1180 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: MS:MS02-062 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp Reference: XF:iis-script-source-access-bypass(10504) Reference: URL:http://www.iss.net/security_center/static/10504.php Reference: BID:6071 Reference: URL:http://www.securityfocus.com/bid/6071 Reference: OVAL:OVAL931 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL931.html A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." Modifications: 20040804 ADDREF 20040824 ADDREF OVAL:OVAL931 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1180 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1182 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1182 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: VULNWATCH:20021031 Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0048.html Reference: MS:MS02-062 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp Reference: XF:iis-webdav-memory-allocation-dos(10503) Reference: URL:http://xforce.iss.net/xforce/xfdb/10503 Reference: BID:6070 Reference: URL:http://www.securityfocus.com/bid/6070 Reference: OVAL:OVAL1009 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1009.html Reference: OVAL:OVAL1011 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1011.html IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. Modifications: 20040804 ADDREF XF:iis-webdav-memory-allocation-dos(10503) 20040804 ADDREF BID:6070 20040824 ADDREF OVAL:OVAL1009 20040824 ADDREF OVAL:OVAL1011 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1182 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1183 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1183 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: MS:MS02-050 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-050.asp Reference: XF:ssl-ca-certificate-spoofing(9776) Reference: URL:http://xforce.iss.net/xforce/xfdb/9776 Reference: BID:5410 Reference: URL:http://www.securityfocus.com/bid/5410 Reference: OVAL:OVAL1059 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1059.html Reference: OVAL:OVAL1455 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1455.html Reference: OVAL:OVAL2108 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL2108.html Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). Modifications: 20040804 ADDREF XF:ssl-ca-certificate-spoofing(9776) 20040804 ADDREF BID:5410 20040824 ADDREF OVAL:OVAL1059 20040824 ADDREF OVAL:OVAL1455 20040824 ADDREF OVAL:OVAL2108 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1183 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1184 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1184 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021004 Category: CF Reference: MS:MS02-064 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-064.asp Reference: XF:win2k-partition-weak-permissions(9779) Reference: URL:http://xforce.iss.net/xforce/xfdb/9779 Reference: BID:5415 Reference: URL:http://www.securityfocus.com/bid/5415 The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. Modifications: 20040804 ADDREF XF:win2k-partition-weak-permissions(9779) 20040804 ADDREF BID:5415 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1184 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1185 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1185 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: VULNWATCH:20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html Reference: BUGTRAQ:20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103970996205091&w=2 Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: XF:ie-png-bo(10662) Reference: URL:http://www.iss.net/security_center/static/10662.php Reference: BID:6216 Reference: URL:http://online.securityfocus.com/bid/6216 Reference: OVAL:OVAL393 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL393.html Reference: OVAL:OVAL542 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL542.html Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." Modifications: 20040824 ADDREF OVAL:OVAL393 20040824 ADDREF OVAL:OVAL542 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1185 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1186 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1186 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: BUGTRAQ:20020903 MSIEv6 % encoding causes a problem again Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: XF:ie-sameoriginpolicy-bypass(10039) Reference: URL:http://www.iss.net/security_center/static/10039.php Reference: BID:5610 Reference: URL:http://online.securityfocus.com/bid/5610 Reference: OVAL:OVAL143 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL143.html Reference: OVAL:OVAL471 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL471.html Reference: OVAL:OVAL495 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL495.html Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." Modifications: 20040824 ADDREF OVAL:OVAL143 20040824 ADDREF OVAL:OVAL471 20040824 ADDREF OVAL:OVAL495 Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: Microsoft confirmed via email that this item addresses the specified Bugtraq post. INFERRED ACTION: CAN-2002-1186 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1187 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1187 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: BUGTRAQ:20020909 Who framed Internet Explorer (GM#010-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103158601431054&w=2 Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: XF:ie-frame-script-execution (10066) Reference: URL:http://www.iss.net/security_center/static/10066.php Reference: BID:5672 Reference: URL:http://online.securityfocus.com/bid/5672 Reference: OSVDB:2998 Reference: URL:http://www.osvdb.org/2998 Reference: OVAL:OVAL203 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL203.html Reference: OVAL:OVAL225 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL225.html Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource. Modifications: 20040818 ADDREF OSVDB:2998 20040824 ADDREF OVAL:OVAL203 20040824 ADDREF OVAL:OVAL225 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1187 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1188 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1188 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: BUGTRAQ:20020912 LEVERAGING CROSS-PROTOCOL SCRIPTING IN MSIE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184415307193&w=2 Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: BID:6217 Reference: URL:http://www.securityfocus.com/bid/6217 Reference: XF:ie-object-read-tif(10665) Reference: URL:http://www.iss.net/security_center/static/10665.php Reference: OVAL:OVAL444 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL444.html Reference: OVAL:OVAL690 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL690.html Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading." Modifications: 20040804 ADDREF BID:6217 20040824 ADDREF OVAL:OVAL444 20040824 ADDREF OVAL:OVAL690 Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: Microsoft confirmed via email that this item addresses the specified Bugtraq post. INFERRED ACTION: CAN-2002-1188 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1189 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1189 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021004 Category: SF Reference: CISCO:20021004 Predefined Restriction Tables Allow Calls to International Operator Reference: URL:http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml Reference: XF:cisco-unity-insecure-configuration(10282) Reference: URL:http://www.iss.net/security_center/static/10282.php Reference: BID:5896 Reference: URL:http://www.securityfocus.com/bid/5896 The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1189 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1193 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021008 Category: SF Reference: DEBIAN:DSA-172 Reference: URL:http://www.debian.org/security/2002/dsa-172 Reference: XF:tkmail-tmp-file-symlink(10307) Reference: URL:http://www.iss.net/security_center/static/10307.php Reference: BID:5911 Reference: URL:http://www.securityfocus.com/bid/5911 tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1193 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1195 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1195 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20020912 ht://Check XSS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184269605160&w=2 Reference: DEBIAN:DSA-169 Reference: URL:http://www.debian.org/security/2002/dsa-169 Reference: XF:htcheck-server-header-xss(10089) Reference: URL:http://www.iss.net/security_center/static/10089.php Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page. Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: The "DSA-169" number was inadvertently published for two separate issues. Debian confirmed via email that DSA-169 is intended for the htcheck issue (CAN-2002-1195), and DSA-170 is intended for the Tomcat issue (CAN-2002-1148). INFERRED ACTION: CAN-2002-1195 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> DEBIAN:DSA-169 Note: DSA-170 was originally published with the DSA-169 ID, but DSA-169 is really ht://Check, and DSA-170 is really tomcat, as confirmed by Debian via email. The online advisories at www.debian.org are authoritative. ====================================================== Candidate: CAN-2002-1196 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1196 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12 Reference: DEBIAN:DSA-173 Reference: URL:http://www.debian.org/security/2002/dsa-173 Reference: BID:5843 Reference: URL:http://www.securityfocus.com/bid/5843 Reference: XF:bugzilla-usebuggroups-permissions-leak(10233) Reference: URL:http://www.iss.net/security_center/static/10233.php editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. Modifications: 20040804 ADDREF BID:5843 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1196 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> ADDREF BID:5843 URL:http://www.securityfocus.com/bid/5843 ====================================================== Candidate: CAN-2002-1197 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1197 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=163024 Reference: XF:bugzilla-emailappend-command-injection(10234) Reference: URL:http://www.iss.net/security_center/static/10234.php bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1197 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(3) Christey, Cox, Wall Voter Comments: Christey> Via email, Debian said that they are NOT vulnerable to this issue, because the bug is in a "contrib" package and not part of the core product. ====================================================== Candidate: CAN-2002-1198 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1198 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=165221 Reference: XF:bugzilla-email-sql-injection(10235) Reference: URL:http://www.iss.net/security_center/static/10235.php Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1198 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(3) Christey, Cox, Wall Voter Comments: Christey> Via email, Debian said that they are NOT vulnerable to this issue. ====================================================== Candidate: CAN-2002-1199 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1199 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021011 Category: SF Reference: BUGTRAQ:20021010 Multiple vendor ypxfrd map handling vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103426842025029&w=2 Reference: CALDERA:CSSA-2002-SCO.40 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40 Reference: COMPAQ:SSRT2339 Reference: SUNALERT:47903 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47903 Reference: CERT-VN:VU#538033 Reference: URL:http://www.kb.cert.org/vuls/id/538033 Reference: XF:ypxfrd-file-disclosure(10329) Reference: URL:http://www.iss.net/security_center/static/10329.php Reference: BID:5937 Reference: URL:http://www.securityfocus.com/bid/5937 The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments. Modifications: 20040804 [refs] normalize SUNALERT ref Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1199 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1200 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1200 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021011 Category: SF Reference: CONFIRM:http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt Reference: BUGTRAQ:20021010 syslog-ng buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103426595021928&w=2 Reference: DEBIAN:DSA-175 Reference: URL:http://www.debian.org/security/2002/dsa-175 Reference: ENGARDE:ESA-20021016-025 Reference: ENGARDE:ESA-20021029-028 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2513.html Reference: CONECTIVA:CLA-2002:547 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000547 Reference: SUSE:SuSE-SA:2002:039 Reference: URL:http://www.suse.com/de/security/2002_039_syslog_ng.html Reference: BID:5934 Reference: URL:http://www.securityfocus.com/bid/5934 Reference: XF:syslogng-macro-expansion-bo(10339) Reference: URL:http://www.iss.net/security_center/static/10339.php Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1200 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1211 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1211 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021014 Category: SF Reference: MISC:http://www.idefense.com/advisory/10.31.02b.txt Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616306403031&w=2 Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0050.html Reference: XF:prometheus-php-file-include(10515) Reference: URL:http://www.iss.net/security_center/static/10515.php Reference: BID:6087 Reference: URL:http://www.securityfocus.com/bid/6087 Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.php, (2) install.php, or (3) various test_*.php scripts. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1211 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1214 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1214 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021014 Category: SF Reference: BUGTRAQ:20020926 Microsoft PPTP Server and Client remote vulnerability Reference: URL:http://online.securityfocus.com/archive/1/293146 Reference: MS:MS02-063 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-063.asp Reference: XF:win-pptp-packet-bo (10199) Reference: URL:http://www.iss.net/security_center/static/10199.php Reference: BID:5807 Reference: URL:http://online.securityfocus.com/bid/5807 Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1214 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox Voter Comments: Green> ACKNOWLEDGED IN http://www.microsoft.com/technet/security/bulletin/ms02-063.asp ====================================================== Candidate: CAN-2002-1219 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021016 Category: SF Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8 Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2 Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html Reference: CERT:CA-2002-31 Reference: URL:http://www.cert.org/advisories/CA-2002-31.html Reference: CERT-VN:VU#852283 Reference: URL:http://www.kb.cert.org/vuls/id/852283 Reference: FREEBSD:FreeBSD-SA-02:43 Reference: ENGARDE:ESA-20021114-029 Reference: SUSE:SuSE-SA:2002:044 Reference: MANDRAKE:MDKSA-2002:077 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php Reference: DEBIAN:DSA-196 Reference: URL:http://www.debian.org/security/2002/dsa-196 Reference: CONECTIVA:CLA-2002:546 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546 Reference: CALDERA:CSSA-2003-SCO.2 Reference: CIAC:N-013 Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) Reference: URL:http://online.securityfocus.com/archive/1/300019 Reference: COMPAQ:SSRT2408 Reference: URL:http://online.securityfocus.com/advisories/4999 Reference: SGI:20021201-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2 Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818 Reference: BID:6160 Reference: URL:http://www.securityfocus.com/bid/6160 Reference: XF:bind-sig-rr-bo(10304) Reference: URL:http://xforce.iss.net/xforce/xfdb/10304 Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). Modifications: 20040804 ADDREF XF:bind-sig-rr-bo(10304) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1219 ACCEPT (4 accept, 11 ack, 0 review) Current Votes: ACCEPT(4) Baker, Cox, Wall, Cole MODIFY(1) Frech Voter Comments: Frech> XF:bind-sig-rr-bo(10304) ====================================================== Candidate: CAN-2002-1220 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1220 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021016 Category: SF Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8 Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2 Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html Reference: CERT:CA-2002-31 Reference: URL:http://www.cert.org/advisories/CA-2002-31.html Reference: CERT-VN:VU#229595 Reference: URL:http://www.kb.cert.org/vuls/id/229595 Reference: FREEBSD:FreeBSD-SA-02:43 Reference: ENGARDE:ESA-20021114-029 Reference: SUSE:SuSE-SA:2002:044 Reference: MANDRAKE:MDKSA-2002:077 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php Reference: DEBIAN:DSA-196 Reference: URL:http://www.debian.org/security/2002/dsa-196 Reference: CALDERA:CSSA-2003-SCO.2 Reference: CIAC:N-013 Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) Reference: URL:http://online.securityfocus.com/archive/1/300019 Reference: COMPAQ:SSRT2408 Reference: URL:http://online.securityfocus.com/advisories/4999 Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2 Reference: XF:bind-opt-rr-dos(10332) Reference: URL:http://xforce.iss.net/xforce/xfdb/10332 Reference: BID:6161 Reference: URL:http://www.securityfocus.com/bid/6161 BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size. Modifications: 20040804 ADDREF XF:bind-opt-rr-dos(10332) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1220 ACCEPT (4 accept, 10 ack, 0 review) Current Votes: ACCEPT(4) Baker, Cox, Wall, Cole MODIFY(1) Frech Voter Comments: Frech> XF:bind-opt-rr-dos(10332) ====================================================== Candidate: CAN-2002-1221 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021016 Category: SF Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8 Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2 Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html Reference: CERT:CA-2002-31 Reference: URL:http://www.cert.org/advisories/CA-2002-31.html Reference: CERT-VN:VU#581682 Reference: URL:http://www.kb.cert.org/vuls/id/581682 Reference: FREEBSD:FreeBSD-SA-02:43 Reference: ENGARDE:ESA-20021114-029 Reference: SUSE:SuSE-SA:2002:044 Reference: MANDRAKE:MDKSA-2002:077 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php Reference: DEBIAN:DSA-196 Reference: URL:http://www.debian.org/security/2002/dsa-196 Reference: CONECTIVA:CLA-2002:546 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546 Reference: CALDERA:CSSA-2003-SCO.2 Reference: CIAC:N-013 Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) Reference: URL:http://online.securityfocus.com/archive/1/300019 Reference: COMPAQ:SSRT2408 Reference: URL:http://online.securityfocus.com/advisories/4999 Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2 Reference: XF:bind-null-dereference-dos(10333) Reference: URL:http://xforce.iss.net/xforce/xfdb/10333 Reference: BID:6159 Reference: URL:http://www.securityfocus.com/bid/6159 BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. Modifications: 20040804 ADDREF XF:bind-null-dereference-dos(10333) 20040804 ADDREF BID:6159 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1221 ACCEPT (4 accept, 10 ack, 0 review) Current Votes: ACCEPT(4) Baker, Cox, Wall, Cole MODIFY(1) Frech Voter Comments: Frech> XF:bind-null-dereference-dos(10333) ====================================================== Candidate: CAN-2002-1222 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1222 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: CISCO:20021016 Cisco CatOS Embedded HTTP Server Buffer Overflow Reference: URL:http://www.cisco.com/warp/public/707/catos-http-overflow-vuln.shtml Reference: XF:cisco-catalyst-ciscoview-bo(10382) Reference: URL:http://www.iss.net/security_center/static/10382.php Reference: BID:5976 Reference: URL:http://www.securityfocus.com/bid/5976 Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1222 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1223 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1223 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: BUGTRAQ:20021009 KDE Security Advisory: KGhostview Arbitary Code Execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0163.html Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-1.txt Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: MANDRAKE:MDKSA-2002:071 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:071 Reference: XF:gsview-dsc-ps-bo(11319) Reference: URL:http://www.iss.net/security_center/static/11319.php Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. Analysis -------- Vendor Acknowledgement: yes advisory ABSTRACTION: CAN-2002-0838 and CAN-2002-1223 are different overflows that stem from different packages. The KDE security advisory makes this clear. Therefore CD:SF-LOC suggests keeping them SPLIT. INFERRED ACTION: CAN-2002-1223 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cox, Cole ====================================================== Candidate: CAN-2002-1224 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1224 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-2.txt Reference: REDHAT:RHSA-2002:220 Reference: BUGTRAQ:20021009 KDE Security Advisory: kpf Directory traversal Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0164.html Reference: BUGTRAQ:20021011 Security hole in kpf - KDE personal fileserver. Reference: URL:http://online.securityfocus.com/archive/1/294991 Reference: XF:kpf-icon-view-files(10347) Reference: URL:http://www.iss.net/security_center/static/10347.php Reference: BID:5951 Reference: URL:http://www.securityfocus.com/bid/5951 Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1224 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong ====================================================== Candidate: CAN-2002-1227 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1227 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: DEBIAN:DSA-177 Reference: URL:http://www.debian.org/security/2002/dsa-177 Reference: XF:pam-disabled-bypass-authentication(10405) Reference: URL:http://www.iss.net/security_center/static/10405.php Reference: BID:5994 Reference: URL:http://www.securityfocus.com/bid/5994 PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1227 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2002-1230 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1230 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021021 Category: SF Reference: MISC:http://getad.chat.ru/ Reference: MISC:http://www.packetstormsecurity.nl/filedesc/GetAd.c.html Reference: MS:MS02-071 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-071.asp Reference: BID:5927 Reference: URL:http://online.securityfocus.com/bid/5927 Reference: XF:win-netdde-gain-privileges(10343) Reference: URL:http://www.iss.net/security_center/static/10343.php NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation." Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1230 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Green, Wall NOOP(2) Cox, Cole Voter Comments: Green> ACKNOWLEDGED IN http://www.microsoft.com/technet/security/bulletin/ms02-071.asp ====================================================== Candidate: CAN-2002-1231 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1231 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021021 Category: SF Reference: CALDERA:CSSA-2002-SCO.41 Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.41 Reference: XF:openunix-unixware-rcp-dos(10425) Reference: URL:http://www.iss.net/security_center/static/10425.php Reference: BID:6025 Reference: URL:http://www.securityfocus.com/bid/6025 SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1231 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1232 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1232 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021022 Category: SF Reference: CALDERA:CSSA-2002-054.0 Reference: CONECTIVA:CLA-2002:539 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539 Reference: DEBIAN:DSA-180 Reference: URL:http://www.debian.org/security/2002/dsa-180 Reference: HP:HPSBTL0210-074 Reference: URL:http://online.securityfocus.com/advisories/4605 Reference: MANDRAKE:MDKSA-2002:078 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php Reference: REDHAT:RHSA-2002:223 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-223.html Reference: REDHAT:RHSA-2002:224 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-224.html Reference: REDHAT:RHSA-2003:229 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-229.html Reference: BUGTRAQ:20021028 GLSA: ypserv Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103582692228894&w=2 Reference: BID:6016 Reference: URL:http://www.securityfocus.com/bid/6016 Reference: XF:ypserv-map-memory-leak(10423) Reference: URL:http://www.iss.net/security_center/static/10423.php Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:224 20040818 ADDREF REDHAT:RHSA-2003:229 Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: Via email, Thorsten Kukuk (the developer) clarified that this is a basic memory leak, and not an information leak of old domain/map names, which was suggested in some vendor advisories. ACCURACY: an early version of MANDRAKE:MDKSA-2002:078 included a description that discussed the ypserv issue, but its references were for other problems. Mandrake has confirmed that MDKSA-2002:078 is intended for CAN-2002-1232 only. INFERRED ACTION: CAN-2002-1232 ACCEPT (4 accept, 4 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref RHSA-2002:224 ====================================================== Candidate: CAN-2002-1236 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1236 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021024 Category: SF Reference: MISC:http://www.idefense.com/advisory/10.31.02a.txt Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616324103171&w=2 Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0049.html Reference: XF:linksys-etherfast-gozila-dos(10514) Reference: URL:http://www.iss.net/security_center/static/10514.php Reference: BID:6086 Reference: URL:http://www.securityfocus.com/bid/6086 The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1236 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall Voter Comments: Green> RELEASED IN DEC., 2002 IS REPORTED TO CORRECT THE PROBLEM ====================================================== Candidate: CAN-2002-1239 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1239 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: BUGTRAQ:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103679043232178&w=2 Reference: VULNWATCH:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0066.html Reference: MISC:http://www.idefense.com/advisory/11.08.02b.txt Reference: XF:qnx-rtos-gain-privileges(10564) Reference: URL:http://www.iss.net/security_center/static/10564.php Reference: BID:6146 Reference: URL:http://www.securityfocus.com/bid/6146 QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1239 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall Voter Comments: Green> QNX ACKNOWNLEDGED THE ISSUE AND CORRECTED IT IN CURRENT VERSION RELEASED JAN. 2003 ====================================================== Candidate: CAN-2002-1242 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1242 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/10.31.02c.txt Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616324103171&w=2 Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html Reference: XF:phpnuke-accountmanager-sql-injection(10516) Reference: URL:http://www.iss.net/security_center/static/10516.php Reference: BID:6088 Reference: URL:http://www.securityfocus.com/bid/6088 Reference: OSVDB:6244 Reference: URL:http://www.osvdb.org/6244 SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php. Modifications: 20040818 ADDREF OSVDB:6244 Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1242 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Baker, Balinsky, Cole, Armstrong NOOP(2) Cox, Wall Voter Comments: Balinsky> Vendor acknowledged problem in its fix: http://phpnuke.org/modules.php?name=News&file=article&sid=5647 ====================================================== Candidate: CAN-2002-1244 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1244 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021101 Category: SF Reference: BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103642642802889&w=2 Reference: VULNWATCH:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0057.html Reference: CONFIRM:http://www.pablovandermeer.nl/ftpserver.zip Reference: BID:6099 Reference: URL:http://www.securityfocus.com/bid/6099 Reference: XF:pablo-ftp-username-dos(10532) Reference: URL:http://www.iss.net/security_center/static/10532.php Reference: OSVDB:4996 Reference: URL:http://www.osvdb.org/4996 Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command. Modifications: 20040804 [refs] remove dupe XF:pablo-ftp-username-dos(10532) 20040818 ADDREF OSVDB:4996 Analysis -------- Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the "whatsnew.txt" file includes an item for version 1.51, dated 11/01/2002, which says "Fixed security vulnerability: sending %n%n%n (and other c-formating strings) c rashed the system (thanks to www.idefense.com) [the discloser]." INFERRED ACTION: CAN-2002-1244 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1245 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1245 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/11.06.02.txt Reference: BUGTRAQ:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103660334009855&w=2 Reference: VULNWATCH:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0062.html Reference: DEBIAN:DSA-189 Reference: URL:http://www.debian.org/security/2002/dsa-189 Reference: XF:luxman-maped-read-memory(10549) Reference: URL:http://www.iss.net/security_center/static/10549.php Reference: BID:6113 Reference: URL:http://www.securityfocus.com/bid/6113 Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1245 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1248 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1248 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103642597302308&w=2 Reference: MISC:http://www.idefense.com/advisory/11.04.02b.txt Reference: XF:xeneo-php-dos(10534) Reference: URL:http://www.iss.net/security_center/static/10534.php Reference: BID:6098 Reference: URL:http://www.securityfocus.com/bid/6098 Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1248 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1250 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1250 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/11.01.02.txt Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html Reference: XF:abuse-net-command-bo(10519) Reference: URL:http://www.iss.net/security_center/static/10519.php Reference: BID:6094 Reference: URL:http://www.securityfocus.com/bid/6094 Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1250 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Balinsky, Wall ====================================================== Candidate: CAN-2002-1251 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1251 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: DEBIAN:DSA-186 Reference: URL:http://www.debian.org/security/2002/dsa-186 Reference: XF:log2mail-log-file-bo(10527) Reference: URL:http://www.iss.net/security_center/static/10527.php Reference: BID:6089 Reference: URL:http://www.securityfocus.com/bid/6089 Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to execute arbitrary code via a long log message. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1251 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1252 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1252 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021101 Category: SF Reference: ISS:20030120 PeopleSoft XML External Entities Vulnerability Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811 Reference: BID:6647 Reference: URL:http://www.securityfocus.com/bid/6647 Reference: XF:peoplesoft-xxe-read-files(10520) Reference: URL:http://www.iss.net/security_center/static/10520.php The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler. Modifications: 20040804 ADDREF BID:6647 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1252 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Baker NOOP(4) Green, Cox, Wall, Cole ====================================================== Candidate: CAN-2002-1253 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1253 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/11.01.02.txt Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html Reference: XF:abuse-lisp-gain-privileges(11300) Reference: URL:http://www.iss.net/security_center/static/11300.php Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1253 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Balinsky, Wall ====================================================== Candidate: CAN-2002-1255 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1255 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-067 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-067.asp Reference: XF:outlook-email-header-dos(10763) Reference: URL:http://xforce.iss.net/xforce/xfdb/10763 Reference: BID:6319 Reference: URL:http://www.securityfocus.com/bid/6319 Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail." Modifications: 20040804 ADDREF XF:outlook-email-header-dos(10763) 20040804 ADDREF BID:6319 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1255 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1256 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1256 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-070 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-070.asp Reference: XF:win-smb-policy-modification(10843) Reference: URL:http://xforce.iss.net/xforce/xfdb/10843 Reference: BID:6367 Reference: URL:http://www.securityfocus.com/bid/6367 Reference: OVAL:OVAL277 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL277.html The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller. Modifications: 20040804 ADDREF XF:win-smb-policy-modification(10843) 20040804 ADDREF BID:6367 20040824 ADDREF OVAL:OVAL277 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1256 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(2) Christey, Cox Voter Comments: Christey> XF:win-smb-policy-modification (10843) URL:http://www.iss.net/security_center/static/10843.php BID:6367 URL:http://www.securityfocus.com/bid/6367 ====================================================== Candidate: CAN-2002-1257 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1257 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp Reference: BID:6371 Reference: URL:http://www.securityfocus.com/bid/6371 Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail. Modifications: 20040804 ADDREF BID:6371 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1257 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1260 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1260 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp Reference: XF:msvm-jdbc-gain-access(10833) Reference: URL:http://xforce.iss.net/xforce/xfdb/10833 Reference: BID:6379 Reference: URL:http://www.securityfocus.com/bid/6379 The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet. Modifications: 20040804 ADDREF XF:msvm-jdbc-gain-access(10833) 20040804 ADDREF BID:6379 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1260 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1264 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1264 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: BUGTRAQ:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103643298712284&w=2 Reference: VULNWATCH:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf Reference: XF:oracle-isqlplus-userid-bo(10524) Reference: URL:http://www.iss.net/security_center/static/10524.php Reference: BID:6085 Reference: URL:http://www.securityfocus.com/bid/6085 Reference: OSVDB:4013 Reference: URL:http://www.osvdb.org/4013 Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL. Modifications: 20040818 ADDREF OSVDB:4013 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1264 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-1265 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1265 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CERT-VN:VU#266817 Reference: URL:http://www.kb.cert.org/vuls/id/266817 Reference: HP:HPSBUX01020 Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0800.1 Reference: SGI:20021103-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021103-01-P Reference: SUNALERT:51082 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51082 Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: BID:6103 Reference: URL:http://www.securityfocus.com/bid/6103 Reference: XF:sun-rpc-libc-dos(10539) Reference: URL:http://www.iss.net/security_center/static/10539.php The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). Modifications: 20040804 ADDREF HP:HPSBUX01020 20040804 ADDREF SUNALERT:51082 20040804 ADDREF BID:6103 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1265 ACCEPT (4 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1266 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1266 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: XF:macos-disk-image-privileges(10818) Reference: URL:http://xforce.iss.net/xforce/xfdb/10818 Reference: OSVDB:7057 Reference: URL:http://www.osvdb.org/7057 Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File." Modifications: 20040804 ADDREF XF:macos-disk-image-privileges(10818) 20040818 ADDREF OSVDB:7057 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1266 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1267 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1267 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: XF:macos-cups-dos(10824) Reference: URL:http://xforce.iss.net/xforce/xfdb/10824 Reference: OSVDB:7058 Reference: URL:http://www.osvdb.org/7058 Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible." Modifications: 20040804 ADDREF XF:macos-cups-dos(10824) 20040818 ADDREF OSVDB:7058 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1267 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1268 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1268 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: XF:macos-iso9600-gain-privileges(10828) Reference: URL:http://xforce.iss.net/xforce/xfdb/10828 Reference: OSVDB:7059 Reference: URL:http://www.osvdb.org/7059 Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD." Modifications: 20040804 ADDREF XF:macos-iso9600-gain-privileges(10828) 20040818 ADDREF OSVDB:7059 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1268 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1270 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1270 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: XF:macos-mach-read-files(10829) Reference: URL:http://xforce.iss.net/xforce/xfdb/10829 Reference: OSVDB:7060 Reference: URL:http://www.osvdb.org/7060 Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call. Modifications: 20040804 ADDREF XF:macos-mach-read-files(10829) 20040818 ADDREF OSVDB:7060 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1270 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1271 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1271 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021105 Category: SF Reference: DEBIAN:DSA-386 Reference: URL:http://www.debian.org/security/2003/dsa-386 Reference: MANDRAKE:MDKSA-2002:076 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php Reference: SUSE:SuSE-SA:2002:041 Reference: URL:http://www.suse.de/de/security/2002_041_perl_mailtools.html Reference: BUGTRAQ:20021106 GLSA: MailTools Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103659723101369&w=2 Reference: BUGTRAQ:20021108 [Security Announce] Re: MDKSA-2002:076 - perl-MailTools update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103679569705086&w=2 Reference: XF:mail-mailer-command-execution(10548) Reference: URL:http://www.iss.net/security_center/static/10548.php Reference: BID:6104 Reference: URL:http://www.securityfocus.com/bid/6104 The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx. Modifications: 20040804 ADDREF DEBIAN:DSA-386 Analysis -------- Vendor Acknowledgement: yes advisory Note: Debian has stated that they are not vulnerable. INFERRED ACTION: CAN-2002-1271 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> DEBIAN:DSA-386 URL:http://www.debian.org/security/2003/dsa-386 ====================================================== Candidate: CAN-2002-1272 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1272 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021106 Category: SF Reference: CERT:CA-2002-32 Reference: URL:http://www.cert.org/advisories/CA-2002-32.html Reference: CERT-VN:VU#181721 Reference: URL:http://www.kb.cert.org/vuls/id/181721 Reference: BID:6220 Reference: URL:http://online.securityfocus.com/bid/6220 Reference: XF:alcatel-omniswitch-backdoor(10664) Reference: URL:http://xforce.iss.net/xforce/xfdb/10664 Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges. Modifications: 20040804 ADDREF XF:alcatel-omniswitch-backdoor(10664) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1272 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Cox, Wall Voter Comments: Frech> XF:alcatel-omniswitch-backdoor(10664) ====================================================== Candidate: CAN-2002-1277 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1277 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021108 Category: SF Reference: DEBIAN:DSA-190 Reference: URL:http://www.debian.org/security/2002/dsa-190 Reference: CONECTIVA:CLA-2002:548 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548 Reference: MANDRAKE:MDKSA-2002:085 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-085.php Reference: REDHAT:RHSA-2003:009 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-009.html Reference: REDHAT:RHSA-2003:043 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-043.html Reference: XF:window-maker-image-bo(10560) Reference: URL:http://www.iss.net/security_center/static/10560.php Reference: BID:6119 Reference: URL:http://www.securityfocus.com/bid/6119 Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1277 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong NOOP(1) Christey Voter Comments: Christey> REDHAT:RHSA-2003:009 URL:http://www.redhat.com/support/errata/RHSA-2003-009.html ====================================================== Candidate: CAN-2002-1278 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1278 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021108 Category: CF Reference: CONECTIVA:CLA-2002:544 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000544 Reference: XF:linuxconf-sendmail-mail-relay(10554) Reference: URL:http://www.iss.net/security_center/static/10554.php Reference: BID:6118 Reference: URL:http://www.securityfocus.com/bid/6118 Reference: OSVDB:6066 Reference: URL:http://www.osvdb.org/6066 The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email. Modifications: 20040804 [desc] add "and possibly other distros" and 1.28 20040818 ADDREF OSVDB:6066 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1278 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> This is an issue that does not just affect Conectiva Linux, so perhaps remove or add "and possibly other distributions". This is fixed in Linuxconf 1.28 ====================================================== Candidate: CAN-2002-1284 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1284 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021112 Category: SF Reference: CONFIRM:http://devel-home.kde.org/~kgpg/bug.html Reference: BUGTRAQ:20021110 GLSA: kgpg Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103702926611286&w=2 Reference: XF:kgpg-wizard-empty-password(10629) Reference: URL:http://xforce.iss.net/xforce/xfdb/10629 Reference: BID:6152 Reference: URL:http://www.securityfocus.com/bid/6152 The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers to steal the keys if they can be read. Modifications: 20040804 ADDREF XF:kgpg-wizard-empty-password(10629) 20040804 ADDREF BID:6152 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1284 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1296 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1296 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021113 Category: SF Reference: BUGTRAQ:20021127 Solaris priocntl exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103842619803173&w=2 Reference: CERT-VN:VU#683673 Reference: URL:http://www.kb.cert.org/vuls/id/683673 Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/49131 Reference: BID:6262 Reference: URL:http://online.securityfocus.com/bid/6262 Reference: XF:solaris-priocntl-pcclname-modules(10717) Reference: URL:http://www.iss.net/security_center/static/10717.php Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1296 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1307 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1307 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021115 Category: SF Reference: DEBIAN:DSA-199 Reference: URL:http://www.debian.org/security/2002/dsa-199 Reference: CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200210211713.g9LHDXE02256@mcguire.earlhood.com Reference: BID:6204 Reference: URL:http://online.securityfocus.com/bid/6204 Reference: XF:mhonarc-mime-header-xss(10666) Reference: URL:http://xforce.iss.net/xforce/xfdb/10666 Reference: OSVDB:7353 Reference: URL:http://www.osvdb.org/7353 Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name. Modifications: 20040804 ADDREF XF:mhonarc-mime-header-xss(10666) 20040818 ADDREF OSVDB:7353 Analysis -------- Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: an email posted by the author to the mhonarc-users mailing list on October 21, 2002 indicates acknowledgement. INFERRED ACTION: CAN-2002-1307 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1308 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1308 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021115 Category: SF Reference: BUGTRAQ:20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103730181813075&w=2 Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=157646 Reference: REDHAT:RHSA-2003:162 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-162.html Reference: REDHAT:RHSA-2003:163 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-163.html Reference: XF:mozilla-netscape-jar-bo(10636) Reference: URL:http://xforce.iss.net/xforce/xfdb/10636 Reference: BID:6185 Reference: URL:http://www.securityfocus.com/bid/6185 Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:162 20040804 ADDREF REDHAT:RHSA-2003:163 20040804 ADDREF XF:mozilla-netscape-jar-bo(10636) 20040804 ADDREF BID:6185 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1308 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Baker, Cox NOOP(3) Christey, Wall, Cole REVIEWING(1) Green Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Christey> REDHAT:RHSA-2003:162 URL:http://www.redhat.com/support/errata/RHSA-2003-162.html Christey> REDHAT:RHSA-2003:163 Christey> REDHAT:RHSA-2003:163 URL:http://www.redhat.com/support/errata/RHSA-2003-163.html ====================================================== Candidate: CAN-2002-1311 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1311 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021116 Category: SF Reference: DEBIAN:DSA-197 Reference: URL:http://www.debian.org/security/2002/dsa-197 Reference: BUGTRAQ:20021119 GLSA: courier Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103794021013436&w=2 Reference: XF:courier-mta-insecure-permissions(10643) Reference: URL:http://www.iss.net/security_center/static/10643.php Reference: BID:6189 Reference: URL:http://www.securityfocus.com/bid/6189 Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files. Modifications: 20040804 ADDREF BUGTRAQ:20021119 GLSA: courier 20040804 ADDREF XF:courier-mta-insecure-permissions(10643) 20040804 ADDREF BID:6189 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1311 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> BUGTRAQ:20021119 GLSA: courier URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103794021013436&w=2 XF:courier-mta-insecure-permissions(10643) URL:http://www.iss.net/security_center/static/10643.php BID:6189 URL:http://www.securityfocus.com/bid/6189 ====================================================== Candidate: CAN-2002-1313 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1313 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021118 Category: SF Reference: DEBIAN:DSA-198 Reference: URL:http://www.debian.org/security/2002/dsa-198 Reference: BID:6193 Reference: URL:http://www.securityfocus.com/bid/6193 Reference: XF:nullmailer-nonexistent-user-dos(10649) Reference: URL:http://xforce.iss.net/xforce/xfdb/10649 nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users. Modifications: 20040804 ADDREF XF:nullmailer-nonexistent-user-dos(10649) 20040804 ADDREF BID:6193 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1313 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1317 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1317 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021125 Category: SF Reference: ISS:20021125 Solaris fs.auto Remote Compromise Vulnerability Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541 Reference: BUGTRAQ:20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103825150527843&w=2 Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879 Reference: SGI:20021202-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I Reference: HP:HPSBUX0212-228 Reference: URL:http://www.securityfocus.com/advisories/4988 Reference: CERT:CA-2002-34 Reference: URL:http://www.cert.org/advisories/CA-2002-34.html Reference: CERT-VN:VU#312313 Reference: URL:http://www.kb.cert.org/vuls/id/312313 Reference: CIAC:N-024 Reference: URL:http://www.ciac.org/ciac/bulletins/n-024.shtml Reference: XF:solaris-fsauto-execute-code(10375) Reference: URL:http://www.iss.net/security_center/static/10375.php Reference: BID:6241 Reference: URL:http://www.securityfocus.com/bid/6241 Reference: OVAL:OVAL149 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL149.html Reference: OVAL:OVAL152 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL152.html Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. Modifications: 20040804 ADDREF BID:6241 20040804 ADDREF CERT-VN:VU#312313 20040804 ADDREF CIAC:N-024 20040804 ADDREF HP:HPSBUX0212-228 20040824 ADDREF OVAL:OVAL149 20040824 ADDREF OVAL:OVAL152 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1317 ACCEPT (3 accept, 7 ack, 0 review) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole NOOP(2) Christey, Cox Voter Comments: Christey> BID:6241 URL:http://www.securityfocus.com/bid/6241 CERT-VN:VU#312313 URL:http://www.kb.cert.org/vuls/id/312313 CIAC:N-024 URL:http://www.ciac.org/ciac/bulletins/n-024.shtml HP:HPSBUX0212-228 URL:http://www.securityfocus.com/advisories/4988 ====================================================== Candidate: CAN-2002-1318 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1318 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021125 Category: SF Reference: CONFIRM:http://us1.samba.org/samba/whatsnew/samba-2.2.7.html Reference: CONECTIVA:CLA-2002:550 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000550 Reference: DEBIAN:DSA-200 Reference: URL:http://www.debian.org/security/2002/dsa-200 Reference: HP:HPSBUX0212-230 Reference: URL:http://www.ciac.org/ciac/bulletins/n-023.shtml Reference: MANDRAKE:MDKSA-2002:081 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-081.php Reference: REDHAT:RHSA-2002:266 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-266.html Reference: SGI:20021204-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021204-01-I Reference: SUNALERT:53580 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/53580 Reference: SUSE:SuSE-SA:2002:045 Reference: URL:http://www.suse.de/de/security/2002_045_samba.html Reference: TURBO:TSLSA-2002-0080 Reference: BUGTRAQ:20021121 GLSA: samba Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103801986818076&w=2 Reference: BUGTRAQ:20021129 [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103859045302448&w=2 Reference: CERT-VN:VU#958321 Reference: URL:http://www.kb.cert.org/vuls/id/958321 Reference: XF:samba-password-change-bo(10683) Reference: URL:http://xforce.iss.net/xforce/xfdb/10683 Reference: BID:6210 Reference: URL:http://www.securityfocus.com/bid/6210 Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string. Modifications: 20040804 ADDREF XF:samba-password-change-bo(10683) 20040804 ADDREF BID:6210 20040804 ADDREF SUNALERT:53580 20040804 ADDREF CERT-VN:VU#958321 20040804 ADDREF HP:HPSBUX0212-230 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1318 ACCEPT (4 accept, 7 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong ====================================================== Candidate: CAN-2002-1319 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1319 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021125 Category: SF Reference: BUGTRAQ:20021111 i386 Linux kernel DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103714004623587&w=2 Reference: BUGTRAQ:20021114 Re: i386 Linux kernel DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103737292709297&w=2 Reference: CONECTIVA:CLA-2002:553 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000553 Reference: REDHAT:RHSA-2002:262 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-262.html Reference: REDHAT:RHSA-2002:263 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-263.html Reference: REDHAT:RHSA-2002:264 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-264.html The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:263 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1319 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref :RHSA-2002:263 ====================================================== Candidate: CAN-2002-1320 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1320 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021125 Category: SF Reference: BUGTRAQ:20021107 Remote pine Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103668430620531&w=2 Reference: CONECTIVA:CLA-2002:551 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000551 Reference: ENGARDE:ESA-20021127-032 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html Reference: MANDRAKE:MDKSA-2002:084 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-084.php Reference: REDHAT:RHSA-2002:270 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-270.html Reference: REDHAT:RHSA-2002:271 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-271.html Reference: SUSE:SuSE-SA:2002:046 Reference: URL:http://www.suse.de/de/security/2002_046_pine.html Reference: BUGTRAQ:20021202 GLSA: pine Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103884988306241&w=2 Reference: XF:pine-from-header-dos(10555) Reference: URL:http://www.iss.net/security_center/static/10555.php Reference: BID:6120 Reference: URL:http://www.securityfocus.com/bid/6120 Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a >From header that contains a large number of quotation marks ("). Modifications: 20040804 ADDREF REDHAT:RHSA-2002:271 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1320 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2002:271 ====================================================== Candidate: CAN-2002-1323 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021126 Category: SF Reference: CONFIRM:http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744 Reference: CONFIRM:http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5 Reference: DEBIAN:DSA-208 Reference: URL:http://www.debian.org/security/2002/dsa-208 Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005919814869&w=2 Reference: BUGTRAQ:20021219 TSLSA-2002-0087 - perl Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104033126305252&w=2 Reference: BUGTRAQ:20021220 GLSA: perl Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104040175522502&w=2 Reference: VULNWATCH:20021105 Perl Safe.pm compartment reuse vuln Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html Reference: REDHAT:RHSA-2003:256 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-256.html Reference: REDHAT:RHSA-2003:257 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-257.html Reference: SGI:20030606-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A Reference: CALDERA:CSSA-2004-007.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt Reference: SCO:SCOSA-2004.1 Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt Reference: BID:6111 Reference: URL:http://www.securityfocus.com/bid/6111 Reference: XF:safe-pm-bypass-restrictions(10574) Reference: URL:http://www.iss.net/security_center/static/10574.php Reference: OSVDB:2183 Reference: URL:http://www.osvdb.org/2183 Reference: OSVDB:3814 Reference: URL:http://www.osvdb.org/3814 Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls. Modifications: 20040804 ADDREF SGI:20030606-01-A 20040804 ADDREF REDHAT:RHSA-2003:256 20040804 ADDREF CALDERA:CSSA-2004-007.0 20040804 ADDREF SCO:SCOSA-2004.1 20040818 ADDREF REDHAT:RHSA-2003:257 20040818 ADDREF OSVDB:2183 20040818 ADDREF OSVDB:3814 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1323 ACCEPT (4 accept, 5 ack, 0 review) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong NOOP(1) Christey Voter Comments: Green> ACKNOWLEDGED BY PERL.ORG Christey> SGI:20030606-01-A URL:ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A Christey> REDHAT:RHSA-2003:256 Christey> CALDERA:CSSA-2004-007.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt Christey> SCO:SCOSA-2004.1 URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt ====================================================== Candidate: CAN-2002-1325 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1325 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021126 Category: SF Reference: MS:MS02-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp Reference: BID:6380 Reference: URL:http://online.securityfocus.com/bid/6380 Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability." Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1325 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Green, Wall NOOP(2) Cox, Cole ====================================================== Candidate: CAN-2002-1327 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1327 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021126 Category: SF Reference: BUGTRAQ:20021219 Foundstone Research Labs Advisory - Exploitable Windows XP Media Files Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104025849109384&w=2 Reference: MS:MS02-072 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-072.asp Reference: CERT:CA-2002-37 Reference: URL:http://www.cert.org/advisories/CA-2002-37.html Reference: CERT-VN:VU#591890 Reference: URL:http://www.kb.cert.org/vuls/id/591890 Reference: XF:winxp-windows-shell-bo(10892) Reference: URL:http://xforce.iss.net/xforce/xfdb/10892 Reference: BID:6427 Reference: URL:http://www.securityfocus.com/bid/6427 Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise." Modifications: 20040804 ADDREF XF:winxp-windows-shell-bo(10892) 20040804 ADDREF BID:6427 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1327 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Baker, Wall, Cole MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:winxp-windows-shell-bo(10892) ====================================================== Candidate: CAN-2002-1336 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1336 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021202 Category: SF Reference: BUGTRAQ:20020724 VNC authentication weakness Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102753170201524&w=2 Reference: BUGTRAQ:20020726 RE: VNC authentication weakness Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102769183913594&w=2 Reference: CONFIRM:http://www.tightvnc.com/WhatsNew.txt Reference: CONECTIVA:CLA-2003:640 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 Reference: MANDRAKE:MDKSA-2003:022 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022 Reference: REDHAT:RHSA-2002:287 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-287.html Reference: REDHAT:RHSA-2003:041 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-041.html Reference: BID:5296 Reference: URL:http://online.securityfocus.com/bid/5296 Reference: XF:vnc-weak-authentication(5992) Reference: URL:http://xforce.iss.net/xforce/xfdb/5992 TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:287 20040804 ADDREF REDHAT:RHSA-2003:041 20040804 ADDREF CONECTIVA:CLA-2003:640 20040804 ADDREF XF:vnc-weak-authentication(5992) Analysis -------- Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: The changelog for 1.2.6 says that it "Fixed a repeated challenge replay attack vulnerability, bugtraq id 5296." INFERRED ACTION: CAN-2002-1336 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: RHSA-2002:287 Addref: RHSA-2003:041 Christey> CONECTIVA:CLA-2003:640 ====================================================== Candidate: CAN-2002-1337 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021203 Category: SF Reference: ISS:20030303 Remote Sendmail Header Processing Vulnerability Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 Reference: CONFIRM:http://www.sendmail.org/8.12.8.html Reference: BUGTRAQ:20030303 sendmail 8.12.8 available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104673778105192&w=2 Reference: BUGTRAQ:20030304 [LSD] Technical analysis of the remote sendmail vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678739608479&w=2 Reference: CERT:CA-2003-07 Reference: URL:http://www.cert.org/advisories/CA-2003-07.html Reference: FREEBSD:FreeBSD-SA-03:04 Reference: REDHAT:RHSA-2003:073 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-073.html Reference: REDHAT:RHSA-2003:074 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-074.html Reference: REDHAT:RHSA-2003:227 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-227.html Reference: SGI:20030301-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P Reference: AIXAPAR:IY40500 Reference: AIXAPAR:IY40501 Reference: AIXAPAR:IY40502 Reference: SUSE:SuSE-SA:2003:013 Reference: MANDRAKE:MDKSA-2003:028 Reference: NETBSD:NetBSD-SA2003-002 Reference: CONECTIVA:CLA-2003:571 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 Reference: DEBIAN:DSA-257 Reference: URL:http://www.debian.org/security/2003/dsa-257 Reference: HP:HPSBUX0302-246 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104679411316818&w=2 Reference: CALDERA:CSSA-2003-SCO.6 Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 Reference: CALDERA:CSSA-2003-SCO.5 Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 Reference: BUGTRAQ:20030304 GLSA: sendmail (200303-4) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678862409849&w=2 Reference: BUGTRAQ:20030303 Fwd: APPLE-SA-2003-03-03 sendmail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678862109841&w=2 Reference: CERT-VN:VU#398025 Reference: URL:http://www.kb.cert.org/vuls/id/398025 Reference: BID:6991 Reference: URL:http://www.securityfocus.com/bid/6991 Reference: XF:sendmail-header-processing-bo(10748) Reference: URL:http://www.iss.net/security_center/static/10748.php Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:074 20040804 ADDREF BID:6991 20040818 ADDREF REDHAT:RHSA-2003:227 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1337 ACCEPT (5 accept, 13 ack, 0 review) Current Votes: ACCEPT(5) Baker, Bollinger, Frech, Wall, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2003:074 ====================================================== Candidate: CAN-2002-1348 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1348 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021210 Category: SF Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=126233 Reference: DEBIAN:DSA-249 Reference: URL:http://www.debian.org/security/2003/dsa-249 Reference: DEBIAN:DSA-250 Reference: URL:http://www.debian.org/security/2003/dsa-250 Reference: DEBIAN:DSA-251 Reference: URL:http://www.debian.org/security/2003/dsa-251 Reference: REDHAT:RHSA-2003:044 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-044.html Reference: REDHAT:RHSA-2003:045 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-045.html Reference: BUGTRAQ:20030217 GLSA: w3m Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104552193927323&w=2 Reference: BID:6794 Reference: URL:http://www.securityfocus.com/bid/6794 Reference: XF:w3m-img-alt-xss(11266) Reference: URL:http://www.iss.net/security_center/static/11266.php w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:045 20040804 ADDREF BID:6794 20040804 ADDREF DEBIAN:DSA-250 20040804 ADDREF DEBIAN:DSA-251 20040818 ADDREF DEBIAN:DSA-249 Analysis -------- Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The changelog for 0.3.2.2 describes "another security vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag in img alt attribute, so malicious frame html may deceive you to access your local files, cookies and so on." NOTE: CAN-2002-1404 was also assigned to this issue. However, it is being rejected in favor of CAN-2002-1348. INFERRED ACTION: CAN-2002-1348 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2003:045 ====================================================== Candidate: CAN-2002-1349 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1349 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021210 Category: SF Reference: BUGTRAQ:20021210 Unchecked buffer in PC-cillin Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103953822705917&w=2 Reference: MISC:http://www.texonet.com/advisories/TEXONET-20021210.txt Reference: CONFIRM:http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982 Reference: CERT-VN:VU#157961 Reference: URL:http://www.kb.cert.org/vuls/id/157961 Reference: BID:6350 Reference: URL:http://www.securityfocus.com/bid/6350 Reference: XF:pccillin-pop3trap-bo(10814) Reference: URL:http://xforce.iss.net/xforce/xfdb/10814 Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3). Modifications: 20040804 ADDREF XF:pccillin-pop3trap-bo(10814) 20040804 ADDREF CERT-VN:VU#157961 20040804 ADDREF BID:6350 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1349 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1350 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1350 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021213 Category: SF Reference: DEBIAN:DSA-206 Reference: URL:http://www.debian.org/security/2002/dsa-206 Reference: MANDRAKE:MDKSA-2003:027 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027 Reference: REDHAT:RHSA-2003:032 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html Reference: REDHAT:RHSA-2003:033 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-033.html Reference: REDHAT:RHSA-2003:214 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html Reference: BUGTRAQ:20021219 TSLSA-2002-0084 - tcpdump Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032975103398&w=2 Reference: MLIST:[tcpdump-workers] 20011015 Bug in print-bgp.c? Reference: URL:http://www.tcpdump.org/lists/workers/2001/10/msg00101.html Reference: BID:6213 Reference: URL:http://www.securityfocus.com/bid/6213 Reference: XF:tcpdump-sizeof-memory-corruption(10695) Reference: URL:http://xforce.iss.net/xforce/xfdb/10695 The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash). Modifications: 20040804 [desc] fix affected versions 20040804 ADDREF REDHAT:RHSA-2003:032 20040804 ADDREF REDHAT:RHSA-2003:033 20040804 ADDREF MANDRAKE:MDKSA-2003:027 20040804 ADDREF MLIST:[tcpdump-workers] 20011015 Bug in print-bgp.c? 20040804 ADDREF XF:tcpdump-sizeof-memory-corruption(10695) 20040804 ADDREF BID:6213 20040818 ADDREF REDHAT:RHSA-2003:214 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1350 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Note that the -2.2 implies a Debian package version where they have backported a security fix to their 3.6.2-2.2 packages. Upstream tcpdump 3.6.* was vulnerable to this issue, it was fixed in 3.7 Addref: RHSA-2003:033 Christey> REDHAT:RHSA-2003:032 URL:http://www.redhat.com/support/errata/RHSA-2003-032.html Christey> MANDRAKE:MDKSA-2003:027 (as suggested by Vincent Danen of Mandrake) Cox> ADDREF: http://www.tcpdump.org/lists/workers/2001/10/msg00101.html This issue is a safety check that is triggered because of a bug; therefore this is soley a Denial of Service vulnerability and would not be able to result in arbitrary code execution. ====================================================== Candidate: CAN-2002-1361 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1361 Final-Decision: Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021214 Category: SF Reference: BUGTRAQ:20021205 Cobalt RaQ4 Remote root exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103912513522807&w=2 Reference: SUNALERT:49377 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/49377 Reference: CERT:CA-2002-35 Reference: URL:http://www.cert.org/advisories/CA-2002-35.html Reference: CERT-VN:VU#810921 Reference: URL:http://www.kb.cert.org/vuls/id/810921 Reference: CIAC:N-025 Reference: URL:http://www.ciac.org/ciac/bulletins/n-025.shtml Reference: BID:6326 Reference: URL:http://www.securityfocus.com/bid/6326 Reference: XF:cobalt-shp-overflow-privileges(10776) Reference: URL:http://xforce.iss.net/xforce/xfdb/10776 overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter. Modifications: 20040804 ADDREF XF:cobalt-shp-overflow-privileges(10776) 20040804 ADDREF BID:6326 20040804 ADDREF CIAC:N-025 20040804 [refs] normalize SUNALERT Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1361 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Cox, Wall Voter Comments: Frech> XF:cobalt-shp-overflow-privileges(10776) ====================================================== Candidate: CAN-2002-1362 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1362 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021214 Category: SF Reference: DEBIAN:DSA-211 Reference: URL:http://www.debian.org/security/2002/dsa-211 Reference: REDHAT:RHSA-2003:118 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-118.html Reference: XF:micq-0xfe-dos(10872) Reference: URL:http://xforce.iss.net/xforce/xfdb/10872 Reference: BID:6392 Reference: URL:http://www.securityfocus.com/bid/6392 mICQ 0.4.9 and earlier allows remote attackers to cause a denial of service (crash) via malformed ICQ message types without a 0xFE separator character. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:118 20040804 ADDREF XF:micq-0xfe-dos(10872) 20040804 ADDREF BID:6392 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1362 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Christey> REDHAT:RHSA-2003:118 ====================================================== Candidate: CAN-2002-1363 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021214 Category: SF Reference: DEBIAN:DSA-213 Reference: URL:http://www.debian.org/security/2002/dsa-213 Reference: MANDRAKE:MDKSA-2004:063 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063 Reference: REDHAT:RHSA-2003:006 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-006.html Reference: REDHAT:RHSA-2003:007 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-007.html Reference: REDHAT:RHSA-2003:119 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-119.html Reference: REDHAT:RHSA-2003:157 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-157.html Reference: REDHAT:RHSA-2004:249 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-249.html Reference: REDHAT:RHSA-2004:402 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-402.html Reference: SUSE:SUSE-SA:2003:0004 Reference: URL:http://www.suse.com/de/security/2003_004_libpng.html Reference: XF:libpng-file-offset-bo(10925) Reference: URL:http://xforce.iss.net/xforce/xfdb/10925 Reference: BID:6431 Reference: URL:http://www.securityfocus.com/bid/6431 Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers. Modifications: 20040810 desc - modify affected versions 20040810 ADDREF GENTOO:GLSA-200407-06 20040810 ADDREF MANDRAKE:MDKSA-2004:063 20040810 ADDREF REDHAT:RHSA-2003:007 20040810 ADDREF REDHAT:RHSA-2003:119 20040810 ADDREF REDHAT:RHSA-2004:249 20040810 ADDREF XF:libpng-file-offset-bo(10925) 20040810 ADDREF BID:6431 20040818 ADDREF REDHAT:RHSA-2003:157 20040818 ADDREF REDHAT:RHSA-2004:402 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1363 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: REDHAT:RHSA-2003:007 Cox> ADDREF REDHAT:RHSA-2003:119 Cox> There is only one upstream version of libpng, and so the description should be "Portable Network Graphics (PNG) libraries libpng 1.2.5 and earlier does not correctly calculate offsets" Christey> REDHAT:RHSA-2004:249 URL:http://www.redhat.com/support/errata/RHSA-2004-249.html Christey> MANDRAKE:MDKSA-2004:063 URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063 Christey> GENTOO:GLSA-200407-06 URL:http://www.gentoo.org/security/en/glsa/glsa-200407-06.xml Christey> Consider REDHAT:RHSA-2004:402, although that advisory may in fact be addressing a variant. Christey> APPLE:APPLE-SA-2004-09-09 URL:http://lists.apple.com/mhonarc/security-announce/msg00056.html ====================================================== Candidate: CAN-2002-1364 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1364 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: DEBIAN:DSA-254 Reference: URL:http://www.debian.org/security/2003/dsa-254 Reference: SUSE:SuSE-SA:2002:043 Reference: URL:http://www.suse.de/de/security/2002_043_traceroute_nanog_nkitb.html Reference: BUGTRAQ:20021129 Exploit for traceroute-nanog overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103858895600963&w=2 Reference: BID:6166 Reference: URL:http://www.securityfocus.com/bid/6166 Reference: XF:traceroute-nanog-getorigin-bo(10778) Reference: URL:http://xforce.iss.net/xforce/xfdb/10778 Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses. Modifications: 20040810 ADDREF XF:traceroute-nanog-getorigin-bo(10778) 20040818 ADDREF DEBIAN:DSA-254 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1364 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1365 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1365 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021213 Advisory 05/2002: Another Fetchmail Remote Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103979751818638&w=2 Reference: MISC:http://security.e-matters.de/advisories/052002.html Reference: BUGTRAQ:20021215 GLSA: fetchmail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004858802000&w=2 Reference: CALDERA:CSSA-2003-001.0 Reference: CONECTIVA:CLA-2002:554 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000554 Reference: DEBIAN:DSA-216 Reference: URL:http://www.debian.org/security/2002/dsa-216 Reference: ENGARDE:ESA-20030127-002 Reference: IMMUNIX:IMNX-2003-7+-023-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106674887826149&w=2 Reference: MANDRAKE:MDKSA-2003:011 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:011 Reference: REDHAT:RHSA-2002:293 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-293.html Reference: REDHAT:RHSA-2002:294 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-294.html Reference: REDHAT:RHSA-2003:155 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-155.html Reference: SUSE:SuSE-SA:2003:001 Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses. Modifications: 20040810 ADDREF REDHAT:RHSA-2002:294 20040810 ADDREF IMMUNIX:IMNX-2003-7+-023-01 20040818 ADDREF REDHAT:RHSA-2003:155 20040818 ADDREF DEBIAN:DSA-216 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1365 ACCEPT (3 accept, 4 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: REDHAT:RHSA-2002:294 Christey> BUGTRAQ:20031020 Immunix Secured OS 7+ fetchmail update URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106674887826149&w=2 ====================================================== Candidate: CAN-2002-1366 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1366 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: SUSE:SuSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: XF:cups-certs-race-condition(10907) Reference: URL:http://xforce.iss.net/xforce/xfdb/10907 Reference: BID:6435 Reference: URL:http://www.securityfocus.com/bid/6435 Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream. Modifications: 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF SUSE:SuSE-SA:2003:002 20040810 ADDREF XF:cups-certs-race-condition(10907) 20040810 ADDREF BID:6435 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1366 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Cox> Is it usual to name some arbitrary exploit in CVE descriptions? Christey> MANDRAKE:MDKSA-2003:001 Christey> CVE rarely mentions exploits or other malware by name, except where a vulnerability is often referred to by that exploit name, or if there is some evidence that it would be used in a keyword search. This makes it easier for people to be certain that they have found the correct CVE identifier for a particular issue. In this case, there was a large number of CUPS vulnerabilities reported all at once, so the "ice-cream" keyword would be useful to clarify which bug is being discussed. ====================================================== Candidate: CAN-2002-1367 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1367 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt Reference: CONECTIVA:CLSA-2003:702 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: SUSE:SuSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: XF:cups-udp-add-printers(10908) Reference: URL:http://xforce.iss.net/xforce/xfdb/10908 Reference: BID:6436 Reference: URL:http://www.securityfocus.com/bid/6436 Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke. Modifications: 20040810 ADDREF CONECTIVA:CLSA-2003:702 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF SUSE:SuSE-SA:2003:002 20040810 ADDREF XF:cups-udp-add-printers(10908) 20040810 ADDREF BID:6436 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1367 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Cox> Is it usual to name some arbitrary exploit in CVE descriptions? Christey> MANDRAKE:MDKSA-2003:001 ====================================================== Candidate: CAN-2002-1369 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1369 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt Reference: CONECTIVA:CLSA-2003:702 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: SUSE:SuSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: BID:6438 Reference: URL:http://www.securityfocus.com/bid/6438 Reference: XF:cups-strncat-options-bo(10910) Reference: URL:http://xforce.iss.net/xforce/xfdb/10910 jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack. Modifications: 20040810 ADDREF CONECTIVA:CLSA-2003:702 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF SUSE:SuSE-SA:2003:002 20040810 ADDREF BID:6438 20040810 ADDREF XF:cups-strncat-options-bo(10910) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1369 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Christey> MANDRAKE:MDKSA-2003:001 ====================================================== Candidate: CAN-2002-1371 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1371 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt Reference: CONECTIVA:CLSA-2003:702 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: SUSE:SuSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: BID:6439 Reference: URL:http://www.securityfocus.com/bid/6439 Reference: XF:cups-zero-width-images(10911) Reference: URL:http://xforce.iss.net/xforce/xfdb/10911 filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif. Modifications: 20040810 ADDREF CONECTIVA:CLSA-2003:702 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF SUSE:SuSE-SA:2003:002 20040810 ADDREF BID:6439 20040810 ADDREF XF:cups-zero-width-images(10911) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1371 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Cox> Is it usual to name some arbitrary exploit in CVE descriptions? Christey> MANDRAKE:MDKSA-2003:001 ====================================================== Candidate: CAN-2002-1372 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1372 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt Reference: CONECTIVA:CLSA-2003:702 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: SUSE:SuSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: BID:6440 Reference: URL:http://www.securityfocus.com/bid/6440 Reference: XF:cups-file-descriptor-dos(10912) Reference: URL:http://xforce.iss.net/xforce/xfdb/10912 Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta. Modifications: 20040810 ADDREF CONECTIVA:CLSA-2003:702 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF SUSE:SuSE-SA:2003:002 20040810 ADDREF BID:6440 20040810 ADDREF XF:cups-file-descriptor-dos(10912) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1372 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Cox> Is it usual to name some arbitrary exploit in CVE descriptions? Christey> MANDRAKE:MDKSA-2003:001 ====================================================== Candidate: CAN-2002-1373 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1373 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2 Reference: MISC:http://security.e-matters.de/advisories/042002.html Reference: DEBIAN:DSA-212 Reference: URL:http://www.debian.org/security/2002/dsa-212 Reference: ENGARDE:ESA-20030127-001 Reference: GENTOO:200212-2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2 Reference: IMMUNIX:IMNX-2003-7+-008-01 Reference: URL:http://www.securityfocus.com/advisories/5269 Reference: REDHAT:RHSA-2002:288 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html Reference: REDHAT:RHSA-2002:289 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-289.html Reference: REDHAT:RHSA-2003:166 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html Reference: SUSE:SUSE-SA:2003:003 Reference: URL:http://www.suse.com/de/security/2003_003_mysql.html Reference: TRUSTIX:2002-0086 Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt Reference: BID:6368 Reference: URL:http://www.securityfocus.com/bid/6368 Reference: XF:mysql-comtabledump-dos(10846) Reference: URL:http://xforce.iss.net/xforce/xfdb/10846 Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. Modifications: 20040810 ADDREF DEBIAN:DSA-212 20040810 ADDREF IMMUNIX:IMNX-2003-7+-008-01 20040810 ADDREF MANDRAKE:MDKSA-2002:087 20040810 ADDREF SUSE:SUSE-SA:2003:003 20040810 ADDREF REDHAT:RHSA-2002:289 20040810 ADDREF BID:6368 20040810 ADDREF XF:mysql-comtabledump-dos(10846) 20040810 [ref] normalize TRUSTIX 20040810 [ref] normalize GENTOO 20040818 ADDREF REDHAT:RHSA-2003:166 Analysis -------- Vendor Acknowledgement: unknown ACCURACY: a MySQL developer (Sergei Golubchik) confirmed via email that the only the 3.23 branch was affected. INFERRED ACTION: CAN-2002-1373 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2002:289 ====================================================== Candidate: CAN-2002-1374 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1374 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2 Reference: MISC:http://security.e-matters.de/advisories/042002.html Reference: DEBIAN:DSA-212 Reference: URL:http://www.debian.org/security/2002/dsa-212 Reference: ENGARDE:ESA-20021213-033 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html Reference: GENTOO:GLSA-200212-2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2 Reference: IMMUNIX:IMNX-2003-7+-008-01 Reference: URL:http://www.securityfocus.com/advisories/5269 Reference: REDHAT:RHSA-2002:288 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html Reference: REDHAT:RHSA-2002:289 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-289.html Reference: REDHAT:RHSA-2003:166 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html Reference: SUSE:SUSE-SA:2003:003 Reference: URL:http://www.suse.com/de/security/2003_003_mysql.html Reference: TRUSTIX:2002-0086 Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005886114500&w=2 Reference: BID:6373 Reference: URL:http://www.securityfocus.com/bid/6373 Reference: XF:mysql-comchangeuser-password-bypass(10847) Reference: URL:http://xforce.iss.net/xforce/xfdb/10847 The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. Modifications: 20040810 ADDREF DEBIAN:DSA-212 20040810 ADDREF IMMUNIX:IMNX-2003-7+-008-01 20040810 ADDREF MANDRAKE:MDKSA-2002:087 20040810 ADDREF SUSE:SUSE-SA:2003:003 20040810 ADDREF REDHAT:RHSA-2002:289 20040810 ADDREF BID:6373 20040810 ADDREF XF:mysql-comchangeuser-password-bypass(10847) 20040810 [ref] normalize TRUSTIX 20040810 [ref] normalize GENTOO 20040818 ADDREF REDHAT:RHSA-2003:166 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1374 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2002:289 Green> ACKNOWLEDGED IN THE RED HAT ERRATA ====================================================== Candidate: CAN-2002-1375 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1375 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2 Reference: MISC:http://security.e-matters.de/advisories/042002.html Reference: DEBIAN:DSA-212 Reference: URL:http://www.debian.org/security/2002/dsa-212 Reference: ENGARDE:ESA-20021213-033 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html Reference: GENTOO:GLSA-200212-2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2 Reference: IMMUNIX:IMNX-2003-7+-008-01 Reference: URL:http://www.securityfocus.com/advisories/5269 Reference: REDHAT:RHSA-2002:288 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html Reference: REDHAT:RHSA-2002:289 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-289.html Reference: REDHAT:RHSA-2003:166 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html Reference: SUSE:SUSE-SA:2003:003 Reference: URL:http://www.suse.com/de/security/2003_003_mysql.html Reference: TRUSTIX:2002-0086 Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005886114500&w=2 Reference: BID:6375 Reference: URL:http://www.securityfocus.com/bid/6375 Reference: XF:mysql-comchangeuser-password-bo(10848) Reference: URL:http://xforce.iss.net/xforce/xfdb/10848 The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. Modifications: 20040810 ADDREF DEBIAN:DSA-212 20040810 ADDREF IMMUNIX:IMNX-2003-7+-008-01 20040810 ADDREF MANDRAKE:MDKSA-2002:087 20040810 ADDREF SUSE:SUSE-SA:2003:003 20040810 ADDREF REDHAT:RHSA-2002:289 20040810 ADDREF BID:6375 20040810 ADDREF XF:mysql-comchangeuser-password-bo(10848) 20040810 [ref] normalize TRUSTIX 20040810 [ref] normalize GENTOO 20040818 ADDREF REDHAT:RHSA-2003:166 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1375 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2002:289 Green> ACKNOWLEDGED IN THE RED HAT ERRATA ====================================================== Candidate: CAN-2002-1377 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1377 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: FULLDISC:20021213 Some vim problems, yet still vim much better than windows Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2002-December/002948.html Reference: MISC:http://www.guninski.com/vim1.html Reference: BUGTRAQ:20040331 OpenLinux: vim arbitrary commands execution through modelines Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108077992208690&w=2 Reference: CONECTIVA:CLA-2004:812 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812 Reference: MANDRAKE:MDKSA-2003:012 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:012 Reference: REDHAT:RHSA-2002:297 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-297.html Reference: REDHAT:RHSA-2002:302 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-302.html Reference: SUNALERT:55700 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55700 Reference: BID:6384 Reference: URL:http://www.securityfocus.com/bid/6384 Reference: XF:vim-modeline-command-execution(10835) Reference: URL:http://xforce.iss.net/xforce/xfdb/10835 vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. Modifications: 20040810 ADDREF CONECTIVA:CLA-2004:812 20040810 ADDREF SUNALERT:55700 20040810 ADDREF BID:6384 20040810 ADDREF XF:vim-modeline-command-execution(10835) 20040810 ADDREF BUGTRAQ:20040331 OpenLinux: vim arbitrary commands execution through modelines 20040810 [refs] normalize FULLDISC 20040810 [desc] clarify 20040818 ADDREF REDHAT:RHSA-2002:302 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1377 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> The mention of mutt in the original advisory is used to give one indication of a possible attack vector. It should be 'but may be executed when vim is used to edit a malicious file' Addref: REDHAT:RHSA-2002:302 Green> ACKNOWLEDGED IN REDHAT ERRATA Christey> CONECTIVA:CLA-2004:812 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812 Christey> BUGTRAQ:20040331 OpenLinux: vim arbitrary commands execution through modelines URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108077992208690&w=2 ====================================================== Candidate: CAN-2002-1380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1380 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: VULNWATCH:20021217 RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability Reference: DEBIAN:DSA-336 Reference: URL:http://www.debian.org/security/2003/dsa-336 Reference: ENGARDE:ESA-20030318-009 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html Reference: MANDRAKE:MDKSA-2003:039 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:039 Reference: REDHAT:RHSA-2003:088 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-088.html Reference: TRUSTIX:2002-0083 Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0083-kernel.asc.txt Reference: BID:6420 Reference: URL:http://www.securityfocus.com/bid/6420 Reference: XF:linux-protread-mmap-dos(10884) Reference: URL:http://xforce.iss.net/xforce/xfdb/10884 Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. Modifications: 20040810 ADDREF DEBIAN:DSA-336 20040810 ADDREF ENGARDE:ESA-20030318-009 20040810 ADDREF MANDRAKE:MDKSA-2003:039 20040810 ADDREF REDHAT:RHSA-2003:088 20040810 ADDREF BID:6420 20040810 ADDREF XF:linux-protread-mmap-dos(10884) 20040810 [refs] normalize TRUSTIX Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1380 ACCEPT_ACK_REV (2 accept, 2 ack, 2 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Cox NOOP(2) Christey, Cole REVIEWING(2) Green, Wall Voter Comments: Christey> ENGARDE:ESA-20030318-009 URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html CHANGE> [Cox changed vote from ACCEPT to MODIFY] Cox> Addref: RHSA-2003:088 Christey> MANDRAKE:MDKSA-2003:039 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:039 Christey> DEBIAN:DSA-336 URL:http://www.debian.org/security/2003/dsa-336 ====================================================== Candidate: CAN-2002-1381 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1381 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021204 Local root vulnerability found in exim 4.x (and 3.x) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103903403527788&w=2 Reference: CONFIRM:http://groups.yahoo.com/group/exim-users/message/42358 Reference: GENTOO:GLSA-200212-5 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104006219018664&w=2 Reference: BID:6314 Reference: URL:http://www.securityfocus.com/bid/6314 Reference: XF:exim-daemonc-format-string(10761) Reference: URL:http://xforce.iss.net/xforce/xfdb/10761 Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value. Modifications: 20040810 ADDREF BID:6314 20040810 ADDREF XF:exim-daemonc-format-string(10761) 20040810 [refs] normalize GENTOO Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1381 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Cox, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2002-1382 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1382 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021217 Category: SF Reference: BUGTRAQ:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104014220727109&w=2 Reference: VULNWATCH:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2 Reference: URL:http://marc.theaimsgroup.com/?l=vulnwatch&m=104013370116670 Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23569 Reference: BID:6383 Reference: URL:http://www.securityfocus.com/bid/6383 Reference: XF:flash-swf-bo(10861) Reference: URL:http://xforce.iss.net/xforce/xfdb/10861 Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846. Modifications: 20040810 ADDREF BID:6383 20040810 ADDREF XF:flash-swf-bo(10861) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1382 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1384 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1384 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021218 Category: SF Reference: VULNWATCH:20021223 iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops Reference: MISC:http://www.idefense.com/advisory/12.23.02.txt Reference: DEBIAN:DSA-222 Reference: URL:http://www.debian.org/security/2003/dsa-222 Reference: DEBIAN:DSA-226 Reference: URL:http://www.debian.org/security/2003/dsa-226 Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: GENTOO:GLSA-200301-1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104152282309980&w=2 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: MANDRAKE:MDKSA-2003:002 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:002 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: REDHAT:RHSA-2002:307 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-307.html Reference: REDHAT:RHSA-2003:037 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-037.html Reference: REDHAT:RHSA-2003:216 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-216.html Reference: SUSE:SUSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: BID:6475 Reference: URL:http://www.securityfocus.com/bid/6475 Reference: XF:pdftops-integer-overflow(10937) Reference: URL:http://xforce.iss.net/xforce/xfdb/10937 Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf. Modifications: 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF MANDRAKE:MDKSA-2003:002 20040810 ADDREF REDHAT:RHSA-2002:307 20040810 ADDREF SUSE:SUSE-SA:2003:002 20040810 ADDREF XF:pdftops-integer-overflow(10937) 20040810 ADDREF BID:6475 20040810 [refs] normalize GENTOO 20040818 ADDREF REDHAT:RHSA-2003:216 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-1384 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: REDHAT:RHSA-2002:307 Christey> MANDRAKE:MDKSA-2003:001 MANDRAKE:MDKSA-2003:002 ====================================================== Candidate: CAN-2002-1385 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1385 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021219 Category: SF Reference: BUGTRAQ:20021218 Openwebmail 1.71 remote root compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104031696120743&w=2 Reference: BUGTRAQ:20021219 [Fix] Openwebmail 1.71 remote root compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032263328026&w=2 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435 Reference: BID:6425 Reference: URL:http://www.securityfocus.com/bid/6425 Reference: XF:open-webmail-command-execution(10904) Reference: URL:http://xforce.iss.net/xforce/xfdb/10904 openwebmail_init in Open WebMail 1.81 and earlier allows local users attackers to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed. Modifications: 20040810 ADDREF BID:6425 20040810 ADDREF XF:open-webmail-command-execution(10904) Analysis -------- Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: the announce page for Open WebMail includes an item "Security Advisory 20021219," which describes the problem and credits the Bugtraq poster. INFERRED ACTION: CAN-2002-1385 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1388 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1388 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021230 Category: SF Reference: CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200212220120.gBM1K8502180@mcguire.earlhood.com Reference: DEBIAN:DSA-221 Reference: URL:http://www.debian.org/security/2002/dsa-221 Reference: XF:mhonarc-m2htexthtml-filter-xss(10950) Reference: URL:http://xforce.iss.net/xforce/xfdb/10950 Reference: BID:6479 Reference: URL:http://www.securityfocus.com/bid/6479 Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages. Modifications: 20040810 ADDREF XF:mhonarc-m2htexthtml-filter-xss(10950) 20040810 ADDREF BID:6479 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1388 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1389 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1389 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021230 Category: SF Reference: DEBIAN:DSA-217 Reference: URL:http://www.debian.org/security/2002/dsa-217 Reference: BID:6485 Reference: URL:http://www.securityfocus.com/bid/6485 Reference: XF:typespeed-command-line-bo(10936) Reference: URL:http://xforce.iss.net/xforce/xfdb/10936 Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input. Modifications: 20040810 BID:6485 20040810 XF:typespeed-command-line-bo(10936) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1389 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1390 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1390 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20030106 Category: SF Reference: CONFIRM:http://cristal.inria.fr/~ddr/GeneWeb/en/version/4.09.html Reference: DEBIAN:DSA-223 Reference: URL:http://www.debian.org/security/2003/dsa-223 Reference: BID:6549 Reference: URL:http://www.securityfocus.com/bid/6549 Reference: XF:geneweb-absolute-information-disclosure(11021) Reference: URL:http://xforce.iss.net/xforce/xfdb/11021 The daemon for GeneWeb before 4.09 does not properly handle requested paths, which allows remote attackers to read arbitrary files via a crafted URL. Modifications: 20040810 ADDREF BID:6549 20040810 ADDREF XF:geneweb-absolute-information-disclosure(11021) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1390 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Green, Cole NOOP(2) Christey, Cox Voter Comments: Christey> BID:6549 URL:http://www.securityfocus.com/bid/6549 XF:geneweb-absolute-information-disclosure(11021) URL:http://www.iss.net/security_center/static/11021.php ====================================================== Candidate: CAN-2002-1391 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1391 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20030106 Category: SF Reference: CONFIRM:http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty Reference: CALDERA:CSSA-2003-021.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt Reference: GENTOO:GLSA-200304-09 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154413326136&w=2 Reference: REDHAT:RHSA-2003:008 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-008.html Reference: REDHAT:RHSA-2003:036 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-036.html Reference: BID:7303 Reference: URL:http://www.securityfocus.com/bid/7303 Reference: XF:mgetty-cndprogram-callername-bo(11072) Reference: URL:http://xforce.iss.net/xforce/xfdb/11072 Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument. Modifications: 20040810 ADDREF CALDERA:CSSA-2003-021.0 20040810 ADDREF GENTOO:GLSA-200304-09 20040810 ADDREF REDHAT:RHSA-2003:008 20040810 ADDREF REDHAT:RHSA-2003:036 20040810 ADDREF BID:7303 20040810 ADDREF XF:mgetty-cndprogram-callername-bo(11072) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1391 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole MODIFY(1) Cox NOOP(2) Christey, Wall Voter Comments: Cox> ADDREF: RHSA-2003:0008 Christey> BUGTRAQ:20030428 GLSA: mgetty (200304-09) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154413326136&w=2 Christey> CALDERA:CSSA-2003-021.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt ====================================================== Candidate: CAN-2002-1392 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1392 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20030106 Category: CF Reference: CONFIRM:http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty Reference: CALDERA:CSSA-2003-021.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt Reference: GENTOO:GLSA-200304-09 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154413326136&w=2 Reference: REDHAT:RHSA-2003:008 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-008.html Reference: REDHAT:RHSA-2003:036 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-036.html Reference: BID:7302 Reference: URL:http://www.securityfocus.com/bid/7302 Reference: XF:mgetty-faxspool-worldwritable-directory(11070) Reference: URL:http://xforce.iss.net/xforce/xfdb/11070 faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges. Modifications: 20040810 ADDREF CALDERA:CSSA-2003-021.0 20040810 ADDREF GENTOO:GLSA-200304-09 20040810 ADDREF REDHAT:RHSA-2003:008 20040810 ADDREF REDHAT:RHSA-2003:036 20040810 ADDREF BID:7302 20040810 ADDREF XF:mgetty-faxspool-worldwritable-directory(11070) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1392 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Baker, Cole MODIFY(1) Cox NOOP(2) Christey, Wall Voter Comments: Cox> ADDREF: RHSA-2003:0008 Christey> BUGTRAQ:20030428 GLSA: mgetty (200304-09) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154413326136&w=2 Christey> CALDERA:CSSA-2003-021.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt ====================================================== Candidate: CAN-2002-1394 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1394 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20030106 Category: SF Reference: DEBIAN:DSA-225 Reference: URL:http://www.debian.org/security/2003/dsa-225 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=tomcat-dev&m=103417249325526&w=2 Reference: CONFIRM:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13365 Reference: REDHAT:RHSA-2003:075 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-075.html Reference: REDHAT:RHSA-2003:082 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-082.html Reference: GENTOO:GLSA-200210-001 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103470282514938&w=2 Reference: BID:6562 Reference: URL:http://www.securityfocus.com/bid/6562 Reference: XF:tomcat-invoker-source-code(10376) Reference: URL:http://xforce.iss.net/xforce/xfdb/10376 Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148. Modifications: 20040810 ADDREF REDHAT:RHSA-2003:075 20040810 ADDREF REDHAT:RHSA-2003:082 20040810 ADDREF BID:6562 20040810 ADDREF XF:tomcat-invoker-source-code(10376) 20040810 [refs] normalize GENTOO Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1394 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2003:082 Cox> ADDREF REDHAT:RHSA-2003:075 ====================================================== Candidate: CAN-2002-1396 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20030107 Category: SF Reference: BUGTRAQ:20021227 Buffer overflow in PHP "wordwrap" function Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104102689503192&w=2 Reference: CONFIRM:http://bugs.php.net/bug.php?id=20927 Reference: ENGARDE:ESA-20030219-003 Reference: URL:http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0003.html Reference: GENTOO:200301-8 Reference: URL:http://www.securityfocus.com/advisories/4862 Reference: MANDRAKE:MDKSA-2003:019 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:019 Reference: REDHAT:RHSA-2003:017 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-017.html Reference: SCO:CSSA-2003-SCO.28 Reference: SUSE:SuSE-SA:2003:0009 Reference: URL:http://www.suse.com/de/security/2003_009_mod_php4.html Reference: BID:6488 Reference: URL:http://www.securityfocus.com/bid/6488 Reference: XF:php-wordwrap-bo(10944) Reference: URL:http://xforce.iss.net/xforce/xfdb/10944 Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code. Modifications: 20040810 ADDREF GENTOO:200301-8 20040810 ADDREF SCO:CSSA-2003-SCO.28 20040810 ADDREF BID:6488 20040810 ADDREF XF:php-wordwrap-bo(10944) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1396 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Green> ACKNOWLEDGED IN http://bugs.php.net/bug.php?id=20927 Christey> SCO:CSSA-2003-SCO.28 ====================================================== Candidate: CAN-2002-1403 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1403 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20030110 Category: SF Reference: CONECTIVA:CLA-2002:549 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000549 Reference: DEBIAN:DSA-219 Reference: URL:http://www.debian.org/security/2002/dsa-219 Reference: GENTOO:GLSA-200301-3 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104189546709447&w=2 Reference: MANDRAKE:MDKSA-2003:003 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003 Reference: BID:6200 Reference: URL:http://online.securityfocus.com/bid/6200 Reference: XF:dhcpcd-info-execute-commands(10663) Reference: URL:http://xforce.iss.net/xforce/xfdb/10663 dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script. Modifications: 20040810 ADDREF XF:dhcpcd-info-execute-commands(10663) 20040810 [refs] normalize GENTOO Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1403 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Cox NOOP(1) Christey Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Christey> XF:dhcpcd-info-execute-commands(10663) ====================================================== Candidate: CAN-2002-1405 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1405 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20030204 Category: SF Reference: BUGTRAQ:20020819 Lynx CRLF Injection Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978118411977&w=2 Reference: BUGTRAQ:20020822 Lynx CRLF Injection, part two Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103003793418021&w=2 Reference: DEBIAN:DSA-210 Reference: URL:http://www.debian.org/security/2002/dsa-210 Reference: CALDERA:CSSA-2002-049.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt Reference: REDHAT:RHSA-2003:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-029.html Reference: REDHAT:RHSA-2003:030 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-030.html Reference: TRUSTIX:2002-0085 Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt Reference: MANDRAKE:MDKSA-2003:023 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023 Reference: BID:5499 Reference: URL:http://www.securityfocus.com/bid/5499 Reference: XF:lynx-crlf-injection(9887) Reference: URL:http://www.iss.net/security_center/static/9887.php CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters. Modifications: 20040810 ADDREF BID:5499 20040810 ADDREF REDHAT:RHSA-2003:030 20040810 [refs] normalize TRUSTIX Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1405 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: RHSA-2003:030 Christey> BID:5499 URL:http://www.securityfocus.com/bid/5499 ====================================================== Candidate: CAN-2002-1407 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1407 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020805 IE SSL Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102866120821995&w=2 Reference: BUGTRAQ:20020810 TinySSL Vendor Statement: Basic Constraints Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0096.html Reference: BID:5410 Reference: URL:http://www.securityfocus.com/bid/5410 Reference: XF:ssl-ca-certificate-spoofing(9776) Reference: URL:http://xforce.iss.net/xforce/xfdb/9776 TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. Modifications: 20040810 ADDREF XF:ssl-ca-certificate-spoofing(9776) Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-1407 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1412 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1412 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020801 code injection in gallery Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0471.html Reference: CONFIRM:http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=50&mode=thread&order=0&thold=0 Reference: DEBIAN:DSA-138 Reference: URL:http://www.debian.org/security/2002/dsa-138 Reference: BID:5375 Reference: URL:http://www.securityfocus.com/bid/5375 Reference: XF:gallery-basedir-execute-commands(9737) Reference: URL:http://xforce.iss.net/xforce/xfdb/9737 Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script. Modifications: 20040810 ADDREF BID:5375 20040810 ADDREF XF:gallery-basedir-execute-commands(9737) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1412 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green NOOP(2) Christey, Cox Voter Comments: Christey> BID:5375 ====================================================== Candidate: CAN-2002-1413 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1413 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020821 NOVL-2002-2963349 - Rconag6 Secure IP Login Vulnerability - NW6SP2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0216.html Reference: CERT-VN:VU#746251 Reference: URL:http://www.kb.cert.org/vuls/id/746251 Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963349 Reference: XF:netware-rconj-no-password(9928) Reference: URL:http://www.iss.net/security_center/static/9928.php Reference: BID:5541 Reference: URL:http://www.securityfocus.com/bid/5541 RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1413 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Baker, Frech NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1414 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1414 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: VULN-DEV:20020806 qmailadmin SUID buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102859603029424&w=2 Reference: BUGTRAQ:20020724 Re: qmailadmin SUID buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0016.html Reference: CONFIRM:http://www.inter7.com/qmailadmin/ChangeLog Reference: BID:5404 Reference: URL:http://www.securityfocus.com/bid/5404 Reference: XF:qmailadmin-templatedir-bo(9786) Reference: URL:http://www.iss.net/security_center/static/9786.php Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable. Analysis -------- Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The changelog includes an item dated August 6, 2002, which states "Fixed local overflow in template code." INFERRED ACTION: CAN-2002-1414 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1417 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1417 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0199.html Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963297 Reference: BID:5523 Reference: URL:http://www.securityfocus.com/bid/5523 Reference: XF:novell-netbasic-directory-traversal(9910) Reference: URL:http://www.iss.net/security_center/static/9910.php Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the directory separator. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1417 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1418 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1418 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0199.html Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963297 Reference: XF:novell-netbasic-interpreter-bo(9911) Reference: URL:http://www.iss.net/security_center/static/9911.php Reference: BID:5524 Reference: URL:http://www.securityfocus.com/bid/5524 Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (ABEND) via a long module name. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1418 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1419 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1419 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: SGI:20020805-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020805-01-I Reference: BID:5467 Reference: URL:http://www.securityfocus.com/bid/5467 Reference: XF:irix-origin-bypass-filtering(9868) Reference: URL:http://www.iss.net/security_center/static/9868.php The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC address. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1419 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green NOOP(1) Cox ====================================================== Candidate: CAN-2002-1420 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1420 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020812 OpenBSD Security Advisory: Select Boundary Condition (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918817012863&w=2 Reference: BID:5442 Reference: URL:http://www.securityfocus.com/bid/5442 Reference: XF:openbsd-select-bo(9809) Reference: URL:http://www.iss.net/security_center/static/9809.php Reference: OSVDB:7554 Reference: URL:http://www.osvdb.org/7554 Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation. Modifications: 20040818 ADDREF OSVDB:7554 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1420 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1424 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1424 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: DEBIAN:DSA-141 Reference: URL:http://www.debian.org/security/2002/dsa-141 Reference: BID:5385 Reference: URL:http://www.securityfocus.com/bid/5385 Reference: XF:munpack-mime-bo(9747) Reference: URL:http://www.iss.net/security_center/static/9747.php Buffer overflow in munpack in mpack 1.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1424 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green NOOP(1) Cox ====================================================== Candidate: CAN-2002-1425 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1425 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: DEBIAN:DSA-141 Reference: URL:http://www.debian.org/security/2002/dsa-141 Reference: BID:5386 Reference: URL:http://www.securityfocus.com/bid/5386 Reference: XF:munpack-dotdot-directory-traversal(9748) Reference: URL:http://www.iss.net/security_center/static/9748.php Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1425 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green NOOP(1) Cox ====================================================== Candidate: CAN-2002-1430 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1430 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020730 [ADVISORY]: Arbitrary file disclosure vulnerability in Sympoll 1.2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0401.html Reference: CONFIRM:http://www.ralusp.net/downloads/sympoll/changelog.txt Reference: BID:5360 Reference: URL:http://www.securityfocus.com/bid/5360 Reference: XF:sympoll-php-view-files(9723) Reference: URL:http://www.iss.net/security_center/static/9723.php Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters. Analysis -------- Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the vendor's changelog for version 1.3 includes an item labeled "IMPORTANT SECURITY FIX" and crediting an individual who is also credited by the author of the Bugtraq post. The dates of the Bugtraq post and vendor changelog are also the same (July 30). ACCURACY: while neither the Bugtraq poster nor the vendor say that PHP variables are directly modified through URL parameters, that is the behavior that is otherwise prevented by the register_globals feature, and typical of vulnerabilities in many PHP scripts. INFERRED ACTION: CAN-2002-1430 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1435 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1435 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020822 Arbitrary code execution problem in Achievo Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html Reference: CONFIRM:http://www.achievo.org/lists/2002/Aug/msg00092.html Reference: XF:achievo-php-execute-code(9947) Reference: URL:http://www.iss.net/security_center/static/9947.php Reference: BID:5552 Reference: URL:http://www.securityfocus.com/bid/5552 class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1435 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1436 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1436 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963307 Reference: XF:netware-perl-code-execution(9916) Reference: URL:http://www.iss.net/security_center/static/9916.php Reference: BID:5520 Reference: URL:http://www.securityfocus.com/bid/5520 The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1436 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1437 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1437 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963307 Reference: BID:5522 Reference: URL:http://www.securityfocus.com/bid/5522 Reference: XF:netware-perl-directory-traversal(9915) Reference: URL:http://www.iss.net/security_center/static/9915.php Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1437 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1438 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1438 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963307 Reference: XF:netware-perl-information-disclosure(9917) Reference: URL:http://www.iss.net/security_center/static/9917.php Reference: BID:5521 Reference: URL:http://www.securityfocus.com/bid/5521 The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1438 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1443 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1443 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC) Reference: URL:http://online.securityfocus.com/archive/1/286527 Reference: NTBUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC) Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html Reference: MISC:http://sec.greymagic.com/adv/gm001-mc/ Reference: CONFIRM:http://toolbar.google.com/whatsnew.php3 Reference: BID:5426 Reference: URL:http://www.securityfocus.com/bid/5426 Reference: XF:google-toolbar-keypress-monitoring(10054) Reference: URL:http://xforce.iss.net/xforce/xfdb/10054 The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler. Modifications: 20040810 ADDREF XF:google-toolbar-keypress-monitoring(10054) Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1443 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1446 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1446 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020819 nCipher Advisory #5: C_Verify validates incorrect symmetric signatures Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0172.html Reference: CONFIRM:http://www.ncipher.com/support/advisories/advisory5_c_verify.html Reference: BID:5498 Reference: URL:http://www.securityfocus.com/bid/5498 Reference: XF:ncipher-cverify-improper-verification(9895) Reference: URL:http://www.iss.net/security_center/static/9895.php The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1446 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1447 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1447 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020619 [AP] Cisco vpnclient buffer overflow Reference: URL:http://online.securityfocus.com/archive/1/277653 Reference: CISCO:20020619 Buffer Overflow in UNIX VPN Client Reference: URL:http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml Reference: MISC:http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txt Reference: XF:ciscovpn-profile-name-bo(9376) Reference: URL:http://www.iss.net/security_center/static/9376.php Reference: BID:5056 Reference: URL:http://www.securityfocus.com/bid/5056 Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1447 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Jones NOOP(1) Cox ====================================================== Candidate: CAN-2002-1448 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1448 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: CF Reference: BUGTRAQ:20020805 SNMP vulnerability in AVAYA Cajun firmware Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0519.html Reference: CONFIRM:http://support.avaya.com/security/Unauthorized_SNMP/index.jhtml Reference: XF:avaya-cajun-default-snmp(9769) Reference: URL:http://www.iss.net/security_center/static/9769.php Reference: BID:5396 Reference: URL:http://www.securityfocus.com/bid/5396 An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges. Analysis -------- Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: the vendor's security advisory credits Jacek Lipkowski, the author of the Bugtraq post. INFERRED ACTION: CAN-2002-1448 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1463 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1463 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020802 Security Advisory: Raptor Firewall Weak ISN Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0492.html Reference: CONFIRM:http://www.symantec.com/techsupp/bulletin/archive/firewall/082002firewall.html Reference: BID:5387 Reference: URL:http://www.securityfocus.com/bid/5387 Reference: XF:symantec-tcp-seq-predict(12836) Reference: URL:http://xforce.iss.net/xforce/xfdb/12836 Reference: OSVDB:855 Reference: URL:http://www.osvdb.org/855 Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections. Modifications: 20040810 ADDREF BID:5387 20040810 ADDREF XF:symantec-tcp-seq-predict(12836) 20040818 ADDREF OSVDB:855 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1463 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1468 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1468 Final-Decision: Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20030205 Category: SF Reference: AIXAPAR:IY31997 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0007.html Reference: BID:5885 Reference: URL:http://www.securityfocus.com/bid/5885 Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root. Modifications: 20040810 [desc] clarify based on Bollinger's vote 20040810 ADDREF BID:5885 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-1468 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Bollinger NOOP(1) Cox Voter Comments: Bollinger> This buffer overflow allows a local attacker to execute arbitrary code as root. ====================================================== Candidate: CAN-2002-1469 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1469 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020820 vulnerabilities in scponly Reference: URL:http://online.securityfocus.com/archive/1/288245 Reference: CONFIRM:http://www.sublimation.org/scponly/ Reference: BID:5526 Reference: URL:http://www.securityfocus.com/bid/5526 Reference: XF:scponly-ssh-env-upload(9913) Reference: URL:http://www.iss.net/security_center/static/9913.php scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs. Analysis -------- Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: on the release notes for scponly is an item titled "aug 2002 addendum" and states "Derek D. Martin [the discloser] sent me an exploitable vulnerability condition that can be used to run arbitrary commands, thus circumventing scponly!" INFERRED ACTION: CAN-2002-1469 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1471 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1471 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20021003 SSL certificate validation problems in Ximian Evolution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0045.html Reference: XF:evolution-camel-certificate-mitm(10292) Reference: URL:http://www.iss.net/security_center/static/10292.php Reference: BID:5875 Reference: URL:http://www.securityfocus.com/bid/5875 The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2002-1471 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall Voter Comments: CHANGE> [Cox changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2002-1472 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1472 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030205 Category: SF Reference: CONECTIVA:CLA-2002:529 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529 Reference: REDHAT:RHSA-2003:066 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-066.html Reference: REDHAT:RHSA-2003:067 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-067.html Reference: SUSE:SuSE-SA:2002:032 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html Reference: BID:5735 Reference: URL:http://www.securityfocus.com/bid/5735 Reference: XF:xfree86-x11-program-execution(10137) Reference: URL:http://www.iss.net/security_center/static/10137.php libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module. Modifications: 20040810 ADDREF REDHAT:RHSA-2003:067 20040810 [desc] clarify role of setuid/setgid programs 20040818 ADDREF REDHAT:RHSA-2003:066 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1472 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green MODIFY(1) Cox NOOP(1) Christey Voter Comments: Christey> REDHAT:RHSA-2003:067 URL:http://www.redhat.com/support/errata/RHSA-2003-067.html CHANGE> [Cox changed vote from REVIEWING to MODIFY] Cox> The description should be updated to show that this is exploitable only in setuid/gid programs that happen to link libX11.so. This is important as many distributions did not ship with any setuid programs linked to libX11.so. Perhaps "setuid/gid programs linked to the xfree86 libX11.so allows local users to gain privileges via a modified LD_PRELOAD environment variable that points to a malicious module." ====================================================== Candidate: CAN-2002-1476 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1476 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030205 Category: SF Reference: NETBSD:NetBSD-SA2002-012 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc Reference: BID:5724 Reference: URL:http://www.securityfocus.com/bid/5724 Reference: XF:netbsd-libc-setlocale-bo(10159) Reference: URL:http://www.iss.net/security_center/static/10159.php Reference: OSVDB:7565 Reference: URL:http://www.osvdb.org/7565 Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh. Modifications: 20040818 ADDREF OSVDB:7565 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1476 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green NOOP(1) Cox ====================================================== Candidate: CAN-2002-1477 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1477 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020903 Cacti security issues Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html Reference: DEBIAN:DSA-164 Reference: URL:http://www.debian.org/security/2002/dsa-164 Reference: MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt Reference: XF:cacti-graph-label-commands(10048) Reference: URL:http://www.iss.net/security_center/static/10048.php Reference: BID:5627 Reference: URL:http://www.securityfocus.com/bid/5627 graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1477 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green NOOP(1) Cox ====================================================== Candidate: CAN-2002-1478 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1478 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020903 Cacti security issues Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html Reference: MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt Reference: DEBIAN:DSA-164 Reference: URL:http://www.debian.org/security/2002/dsa-164 Reference: XF:cacti-console-mode-commands(10050) Reference: URL:http://www.iss.net/security_center/static/10050.php Reference: BID:5630 Reference: URL:http://www.securityfocus.com/bid/5630 Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode. Modifications: 20040811 ADDREF DEBIAN:DSA-164 Analysis -------- Vendor Acknowledgement: ACCURACY: it is not clear from the report whether the "console mode" is remote or not; if only accessible on the command line, this may not be a vulnerability unless Cacti is setuid. INFERRED ACTION: CAN-2002-1478 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(3) Christey, Cox, Wall Voter Comments: Christey> Sounds like DEBIAN:DSA-164 is a match. Baker> http://www.dsinet.org/textfiles/advisories/Debian/DSA-164-1 ====================================================== Candidate: CAN-2002-1479 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1479 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020903 Cacti security issues Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html Reference: MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt Reference: XF:cacti-config-world-readable(10049) Reference: URL:http://www.iss.net/security_center/static/10049.php Reference: BID:5628 Reference: URL:http://www.securityfocus.com/bid/5628 Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users modify databases as the Cacti user and possibly gain privileges. Analysis -------- Vendor Acknowledgement: ACCURACY: it is not clear from the report whether the "console mode" is remote or not; if only accessible on the command line, this may not be a vulnerability unless Cacti is setuid. INFERRED ACTION: CAN-2002-1479 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1490 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1490 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030205 Category: SF Reference: NETBSD:NetBSD-SA2002-007 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-007.txt.asc Reference: XF:netbsd-tiocsctty-ioctl-bo(10115) Reference: URL:http://www.iss.net/security_center/static/10115.php Reference: BID:5722 Reference: URL:http://www.securityfocus.com/bid/5722 Reference: OSVDB:7566 Reference: URL:http://www.osvdb.org/7566 NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes. Modifications: 20040818 ADDREF OSVDB:7566 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1490 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green NOOP(1) Cox ====================================================== Candidate: CAN-2002-1491 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1491 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030205 Category: SF Reference: CISCO:20020918 Cisco VPN 5000 Client Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml Reference: XF:cisco-vpn5000-defaultconnection-password(10129) Reference: URL:http://www.iss.net/security_center/static/10129.php Reference: BID:5736 Reference: URL:http://www.securityfocus.com/bid/5736 Reference: OSVDB:7041 Reference: URL:http://www.osvdb.org/7041 The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges. Modifications: 20040818 ADDREF OSVDB:7041 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1491 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker MODIFY(1) Jones NOOP(1) Cox Voter Comments: Jones> Change "...to gain privileges." to "...to gain additional privileges." ====================================================== Candidate: CAN-2002-1493 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1493 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020914 Lycos HTMLGear Guestbook Script Injection Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0198.html Reference: VULNWATCH:20020926 [VulnWatch] BugTraq ID: 5728 Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0132.html Reference: BID:5728 Reference: URL:http://www.securityfocus.com/bid/5728 Reference: XF:guestgear-img-xss(12235) Reference: URL:http://xforce.iss.net/xforce/xfdb/12235 Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag. Modifications: 20040811 ADDREF XF:guestgear-img-xss(12235) Analysis -------- Vendor Acknowledgement: yes followup INFERRED ACTION: CAN-2002-1493 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1494 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1494 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020903 Cross-Site Scripting in Aestiva's HTML/OS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0026.html Reference: BID:5618 Reference: URL:http://www.securityfocus.com/bid/5618 Reference: XF:aestiva-htmlos-cgi-xss(10029) Reference: URL:http://www.iss.net/security_center/static/10029.php Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message. Modifications: 20040811 [refs] fix Bugtraq post subject Analysis -------- Vendor Acknowledgement: no INFERRED ACTION: CAN-2002-1494 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(3) Christey, Cox, Wall Voter Comments: Christey> Fix Bugtraq subject line: BUGTRAQ:20020903 Cross-Site Scripting in Aestiva's HTML/OS ====================================================== Candidate: CAN-2002-1496 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1496 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020922 remote exploitable heap overflow in Null HTTPd 0.5.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0284.html Reference: CONFIRM:http://freshmeat.net/releases/97910/ Reference: BID:5774 Reference: URL:http://www.securityfocus.com/bid/5774 Reference: XF:null-httpd-contentlength-bo(10160) Reference: URL:http://www.iss.net/security_center/static/10160.php Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header. Analysis -------- Vendor Acknowledgement: yes changelog INFERRED ACTION: CAN-2002-1496 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1497 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1497 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030205 Category: SF Reference: CONFIRM:http://freshmeat.net/releases/97910/ Reference: BID:5603 Reference: URL:http://www.securityfocus.com/bid/5603 Reference: XF:null-httpd-xss(10004) Reference: URL:http://xforce.iss.net/xforce/xfdb/10004 Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response. Modifications: 20040811 ADDREF BID:5603 20040811 ADDREF XF:null-httpd-xss(10004) Analysis -------- Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the changelog for 0.5.1 includes a statement that the new version "fixes XSS filtering in 404 responses." INFERRED ACTION: CAN-2002-1497 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1501 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1501 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020913 Scan against Enterasys SSR8000 crash the system Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0141.html Reference: MISC:http://www.enterasys.com/support/techtips/tk0659-9.html Reference: BID:5703 Reference: URL:http://www.securityfocus.com/bid/5703 Reference: XF:smartswitch-portscan-dos(10096) Reference: URL:http://www.iss.net/security_center/static/10096.php The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1501 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall Voter Comments: Baker> http://www.enterasys.com/support/techtips/tk0659-9.html ====================================================== Candidate: CAN-2002-1502 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1502 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020912 xbreaky symlink vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0131.html Reference: CONFIRM:http://xbreaky.sourceforge.net/ Reference: BID:5700 Reference: URL:http://www.securityfocus.com/bid/5700 Reference: XF:xbreaky-breakyhighscores-symlink(10078) Reference: URL:http://www.iss.net/security_center/static/10078.php Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file. Analysis -------- Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: on the front page for xbreaky, a changelog dated September 12, 2002, says "Marco van Berkum [the discloser] discovered a bug in xbreaky" and includes a short description of the problem. INFERRED ACTION: CAN-2002-1502 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1505 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1505 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020908 sql injection vulnerability in WBB 2.0 RC1 and below Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0083.html Reference: BID:5675 Reference: URL:http://www.securityfocus.com/bid/5675 Reference: XF:wbb-board-sql-injection(10069) Reference: URL:http://www.iss.net/security_center/static/10069.php SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed fixed INFERRED ACTION: CAN-2002-1505 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall Voter Comments: Baker> http://www.woltlab.de/documentation/54.html Release notes for RC2 indicate the "safety problem" with the parameters. ====================================================== Candidate: CAN-2002-1509 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1509 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030213 Category: SF Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418 Reference: MANDRAKE:MDKSA-2003:026 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:026 Reference: REDHAT:RHSA-2003:057 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-057.html Reference: REDHAT:RHSA-2003:058 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-058.html A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email. Modifications: 20040811 [desc] fix affected version 20040811 REDHAT:RHSA-2003:058 Analysis -------- Vendor Acknowledgement: yes patch INFERRED ACTION: CAN-2002-1509 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Jones MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2003:058 "20000902-7" should just be "20000902", the -7 being a Red Hat specific release number. ====================================================== Candidate: CAN-2002-1510 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1510 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030219 Category: SF Reference: CONECTIVA:CLA-2002:533 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533 Reference: MISC:http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG Reference: REDHAT:RHSA-2003:064 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-064.html Reference: REDHAT:RHSA-2003:065 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-065.html Reference: SUNALERT:55602 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602 Reference: XF:xfree86-xdm-unauth-access(11389) Reference: URL:http://www.iss.net/security_center/static/11389.php xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist. Modifications: 20040811 ADDREF SUNALERT:55602 20040818 ADDREF REDHAT:RHSA-2003:064 20040818 ADDREF REDHAT:RHSA-2003:065 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1510 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Cox ====================================================== Candidate: CAN-2002-1511 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1511 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030219 Category: SF Reference: CONFIRM:http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog Reference: CONECTIVA:CLSA-2003:640 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 Reference: GENTOO:200302-15 Reference: URL:http://security.gentoo.org/glsa/glsa-200302-15.xml Reference: MANDRAKE:MDKSA-2003:022 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022 Reference: REDHAT:RHSA-2003:041 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-041.html Reference: REDHAT:RHSA-2003:068 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-068.html Reference: SUNALERT:56161 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161 Reference: BID:6905 Reference: URL:http://www.securityfocus.com/bid/6905 Reference: XF:vnc-rand-weak-cookie(11384) Reference: URL:http://www.iss.net/security_center/static/11384.php The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies. Modifications: 20040811 ADDREF CONECTIVA:CLSA-2003:640 20040811 ADDREF GENTOO:200302-15 20040811 ADDREF SUNALERT:56161 20040811 ADDREF BID:6905 20040818 ADDREF REDHAT:RHSA-2003:068 Analysis -------- Vendor Acknowledgement: yes changelog INFERRED ACTION: CAN-2002-1511 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: RHSA-2003:068 Christey> CONECTIVA:CLA-2003:640 ====================================================== Candidate: CAN-2002-1513 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1513 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20020927 OpenVMS POP server local vulnerability Reference: URL:http://online.securityfocus.com/archive/1/293070 Reference: BUGTRAQ:20021001 [security bulletin] SSRT2371 HP OpenVMS Potential POP server local vulnerability (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0010.html Reference: COMPAQ:SSRT2371 Reference: URL:http://archives.neohapsis.com/archives/compaq/2002-q4/0000.html Reference: BID:5790 Reference: URL:http://www.securityfocus.com/bid/5790 Reference: XF:openvms-pop-gain-privileges(10236) Reference: URL:http://www.iss.net/security_center/static/10236.php The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1513 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green NOOP(1) Cox ====================================================== Candidate: CAN-2002-1514 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1514 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20020925 Borland Interbase local root exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0311.html Reference: BID:5805 Reference: URL:http://www.securityfocus.com/bid/5805 Reference: XF:interbase-gdslockmgr-bo(10196) Reference: URL:http://www.iss.net/security_center/static/10196.php gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2002-1514 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(3) Cox, Balinsky, Wall ====================================================== Candidate: CAN-2002-1516 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1516 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: CIAC:N-004 Reference: URL:http://www.ciac.org/ciac/bulletins/n-004.shtml Reference: SGI:20020903-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P Reference: XF:irix-rpcbind-w-symlink(10272) Reference: URL:http://www.iss.net/security_center/static/10272.php Reference: BID:5889 Reference: URL:http://online.securityfocus.com/bid/5889 rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack. Analysis -------- Vendor Acknowledgement: yes advisory ABSTRACTION: this is most likely a different vulnerability than CVE-1999-0190 because CVE-1999-0190 is remotely exploitable, and symlink issues are, by there nature, only locally exploitable. INFERRED ACTION: CAN-2002-1516 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green NOOP(1) Cox ====================================================== Candidate: CAN-2002-1517 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1517 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: CIAC:N-004 Reference: URL:http://www.ciac.org/ciac/bulletins/n-004.shtml Reference: SGI:20020903-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P Reference: XF:irix-fsr-efs-symlink(10275) Reference: URL:http://www.iss.net/security_center/static/10275.php Reference: BID:5897 Reference: URL:http://www.securityfocus.com/bid/5897 fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file activities via a symlink attack, possibly via the .fsrlast file. Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: the only source that specifically mentions the ".fsrlast" file is SecurityFocus, and it is not clear where that knowledge came from. INFERRED ACTION: CAN-2002-1517 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green NOOP(1) Cox ====================================================== Candidate: CAN-2002-1518 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1518 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: CIAC:N-004 Reference: URL:http://www.ciac.org/ciac/bulletins/n-004.shtml Reference: SGI:20020903-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P Reference: BID:5893 Reference: URL:http://www.securityfocus.com/bid/5893 Reference: XF:irix-mv-directory-insecure(10276) Reference: URL:http://www.iss.net/security_center/static/10276.php mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1518 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green NOOP(1) Cox ====================================================== Candidate: CAN-2002-1519 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1519 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20020926 Watchguard firewall appliances security issues Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html Reference: BUGTRAQ:20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html Reference: BID:5814 Reference: URL:http://www.securityfocus.com/bid/5814 Reference: XF:firebox-vclass-cli-format-string(10217) Reference: URL:http://www.iss.net/security_center/static/10217.php Reference: OSVDB:4924 Reference: URL:http://www.osvdb.org/4924 Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter. Modifications: 20040811 [desc] fix "and possible" typo 20040818 ADDREF OSVDB:4924 Analysis -------- Vendor Acknowledgement: yes followup INFERRED ACTION: CAN-2002-1519 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(3) Christey, Cox, Wall Voter Comments: Christey> fix typo: "and possible" ====================================================== Candidate: CAN-2002-1520 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1520 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html Reference: BUGTRAQ:20020926 Watchguard firewall appliances security issues Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html Reference: BID:5815 Reference: URL:http://www.securityfocus.com/bid/5815 Reference: XF:firebox-vclass-cli-admin-privileges(10218) Reference: URL:http://www.iss.net/security_center/static/10218.php Reference: OSVDB:4831 Reference: URL:http://www.osvdb.org/4831 The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges. Modifications: 20040818 ADDREF OSVDB:4831 Analysis -------- Vendor Acknowledgement: yes followup INFERRED ACTION: CAN-2002-1520 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1521 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1521 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: VULNWATCH:20020925 [SecurityOffice] Webserver 4D v3.6 Weak Password Preservation Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0128.html Reference: XF:webserver-4d-plaintext-passwords(10198) Reference: URL:http://www.iss.net/security_center/static/10198.php Reference: BID:5803 Reference: URL:http://www.securityfocus.com/bid/5803 Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges. Analysis -------- Vendor Acknowledgement: no INFERRED ACTION: CAN-2002-1521 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1524 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1524 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20020929 IIL Advisory: Winamp 3 (1.0.0.488) XML parser buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0346.html Reference: BID:5832 Reference: URL:http://www.securityfocus.com/bid/5832 Reference: XF:winamp-xml-parser-bo(10228) Reference: URL:http://www.iss.net/security_center/static/10228.php Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2002-1524 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1528 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1528 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20021010 MondoSearch show the source of all files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0147.html Reference: XF:mondosearch-url-souce-disclosure(10350) Reference: URL:http://www.iss.net/security_center/static/10350.php Reference: BID:5941 Reference: URL:http://www.securityfocus.com/bid/5941 MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2002-1528 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1529 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1529 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html Reference: XF:superscout-emailfilter-error-xss(10319) Reference: URL:http://www.iss.net/security_center/static/10319.php Reference: BID:5928 Reference: URL:http://www.securityfocus.com/bid/5928 Cross-site scripting (XSS) vulnerability in msgError.asp for the administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1529 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1530 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1530 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html Reference: BID:5929 Reference: URL:http://www.securityfocus.com/bid/5929 Reference: XF:superscout-emailfilter-plaintext-passwords(10320) Reference: URL:http://www.iss.net/security_center/static/10320.php The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1530 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1531 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1531 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html Reference: XF:superscout-emailfilter-content-dos(10321) Reference: URL:http://www.iss.net/security_center/static/10321.php Reference: BID:5930 Reference: URL:http://www.securityfocus.com/bid/5930 The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (crash) via an HTTP request without a Content-Length parameter. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1531 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1532 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1532 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html Reference: BID:5931 Reference: URL:http://www.securityfocus.com/bid/5931 Reference: XF:superscout-emailfilter-get-dos(10322) Reference: URL:http://www.iss.net/security_center/static/10322.php The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (resource exhaustion) via a GET request without the terminating /r/n/r/n (CRLF) sequence, which causes the interface to wait for the sequence and blocks other users from accessing it. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1532 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1534 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1534 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20021006 Flash player can read local files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0083.html Reference: XF:flash-xml-read-files(10297) Reference: URL:http://www.iss.net/security_center/static/10297.php Reference: BID:5904 Reference: URL:http://www.securityfocus.com/bid/5904 Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2002-1534 ACCEPT_REV (3 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-1537 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1537 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030225 Category: SF Reference: BUGTRAQ:20021027 Privilege Escalation Vulnerability In phpBB 2.0.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html Reference: XF:phpbb-adminugauth-admin-privileges(10489) Reference: URL:http://www.iss.net/security_center/static/10489.php Reference: BID:6056 Reference: URL:http://www.securityfocus.com/bid/6056 Reference: OSVDB:4284 Reference: URL:http://www.osvdb.org/4284 admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u". Modifications: 20040818 ADDREF OSVDB:4284 Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1537 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1538 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1538 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030225 Category: SF Reference: BUGTRAQ:20021025 Sec-Tec advisory 24.10.02 Unauthorised file acces in Acuma Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0366.html Reference: XF:acusend-unauthorized-file-access(10473) Reference: URL:http://www.iss.net/security_center/static/10473.php Reference: BID:6048 Reference: URL:http://www.securityfocus.com/bid/6048 Acuma Acusend 4, and possibly earlier versions, allows remote authenticated users to read the reports of other users by inferring the full URL, whose name is easily predictable. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2002-1538 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1540 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1540 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030225 Category: SF Reference: BUGTRAQ:20021024 DH team: Norton Antivirus Corporate Edition Privilege Escalation Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html Reference: BUGTRAQ:20021025 RE: DH team: Norton Antivirus Corporate Edition Privilege Escalation, http://online.securityfocus.com/archive/1/296979/2002-10-22/2002-10-28/0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html Reference: XF:nav-winhlp32-gain-privileges(10475) Reference: URL:http://www.iss.net/security_center/static/10475.php Reference: OSVDB:6258 Reference: URL:http://www.osvdb.org/6258 The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32. Modifications: 20040818 ADDREF OSVDB:6258 Analysis -------- Vendor Acknowledgement: yes followup INFERRED ACTION: CAN-2002-1540 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Wall NOOP(1) Cox ====================================================== Candidate: CAN-2002-1541 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1541 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030225 Category: SF Reference: VULNWATCH:20021024 [SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0041.html Reference: BID:6044 Reference: URL:http://www.securityfocus.com/bid/6044 Reference: XF:badblue-protected-file-access(10466) Reference: URL:http://www.iss.net/security_center/static/10466.php BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra / (slash). Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2002-1541 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1543 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1543 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030225 Category: SF Reference: NETBSD:NetBSD-SA2002-025 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-025.txt.asc Reference: XF:trek-keyboard-input-bo(10458) Reference: URL:http://www.iss.net/security_center/static/10458.php Reference: BID:6036 Reference: URL:http://www.securityfocus.com/bid/6036 Reference: OSVDB:7570 Reference: URL:http://www.osvdb.org/7570 Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users to gain privileges via long keyboard input. Modifications: 20040818 ADDREF OSVDB:7570 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1543 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green NOOP(1) Cox ====================================================== Candidate: CAN-2002-1547 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1547 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030304 Category: SF Reference: BUGTRAQ:20021101 Netscreen SSH1 CRC32 Compensation Denial of service Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0443.html Reference: VULNWATCH:20021101 Netscreen SSH1 CRC32 Compensation Denial of service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0053.html Reference: VULNWATCH:20021101 (Correction) Netscreen SSH1 CRC32 Compensation Denial of service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0054.html Reference: BUGTRAQ:20021101 (Correction) Netscreen SSH1 CRC32 Compensation Denial of service Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0446.html Reference: CONFIRM:http://www.netscreen.com/support/alerts/11_06_02.html Reference: XF:netscreen-ssh-dos(10528) Reference: URL:http://www.iss.net/security_center/static/10528.php Reference: OSVDB:4376 Reference: URL:http://www.osvdb.org/4376 Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144. Modifications: 20040818 ADDREF OSVDB:4376 Analysis -------- Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The advisory by Netscreen says "NetScreen has confirmed a customer report that an SSHv1 CRC32 Attack can compromise the ability to manage the NetScreen device and/or force the device to reboot" INFERRED ACTION: CAN-2002-1547 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1548 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1548 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030304 Category: SF Reference: AIXAPAR:IY31934 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called." Modifications: 20040811 [desc] add details Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1548 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Bollinger NOOP(2) Armstrong, Cox ====================================================== Candidate: CAN-2002-1549 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1549 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030304 Category: SF Reference: BUGTRAQ:20021112 Remote Buffer Overflow vulnerability in Light HTTPd Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-11/0138.html Reference: BID:6162 Reference: URL:http://www.securityfocus.com/bid/6162 Reference: XF:light-httpd-bo(10607) Reference: URL:http://www.iss.net/security_center/static/10607.php Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2002-1549 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1550 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1550 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030304 Category: SF Reference: AIXAPAR:IY34617 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files. Modifications: 20040811 [desc] add "overwrite files" per Bollinger Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-1550 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Bollinger NOOP(1) Cox Voter Comments: Bollinger> local attacker can overwrite arbitrary files as root. the attacker does not have control over the contents or the timing of the attack. ====================================================== Candidate: CAN-2002-1552 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1552 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030304 Category: SF Reference: BUGTRAQ:20021112 NOVL-2002-2963827 - Remote Manager Security Issue - NW5.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712790808781&w=2 Reference: BUGTRAQ:20021112 NOVL-2002-2963767 - Remote Manager Security Issue - eDir 8.6.2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712498905027&w=2 Reference: BID:6163 Reference: URL:http://www.securityfocus.com/bid/6163 Reference: XF:novell-edirectory-expired-accounts(10604) Reference: URL:http://xforce.iss.net/xforce/xfdb/10604 Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager. Modifications: 20040811 ADDREF XF:novell-edirectory-expired-accounts(10604) 20040811 ADDREF BID:6163 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1552 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(3) Christey, Cox, Wall Voter Comments: Christey> BID:6163 URL:http://www.securityfocus.com/bid/6163 ====================================================== Candidate: CAN-2002-1560 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1560 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030304 Category: SF Reference: BUGTRAQ:20021022 gBook Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0328.html Reference: BID:6033 Reference: URL:http://www.securityfocus.com/bid/6033 Reference: XF:gbook-mysql-admin-access(10455) Reference: URL:http://www.iss.net/security_center/static/10455.php index.php in gBook 1.4 allows remote attackers to bypass authentication and gain administrative privileges by setting the login parameter to true. Analysis -------- Vendor Acknowledgement: no INFERRED ACTION: CAN-2002-1560 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1574 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1574 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20031201 Category: SF Reference: REDHAT:RHSA-2004:044 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-044.html Reference: REDHAT:RHSA-2004:106 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-106.html Reference: CIAC:N-096 Reference: URL:http://www.ciac.org/ciac/bulletins/n-096.shtml Reference: XF:linux-ixj-root-privileges(10417) Reference: URL:http://xforce.iss.net/xforce/xfdb/10417 Reference: BID:5985 Reference: URL:http://www.securityfocus.com/bid/5985 Buffer overflow in the ixj telephony card driver in Linux before 2.4.20, with unknown attack vectors and impact. Modifications: 20040818 ADDREF REDHAT:RHSA-2004:106 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-1574 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Cox, Wall Voter Comments: Cox> http://linux.bkbits.net:8080/linux-2.4/cset@alan@lxorguk.ukuu.org.uk|ChangeSet|20020826224304|09117 ====================================================== Candidate: CAN-2003-0002 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0002 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030102 Category: SF Reference: BUGTRAQ:20021007 CSS on Microsoft Content Management Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103417794800719&w=2 Reference: MS:MS03-002 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-002.asp Reference: BID:5922 Reference: URL:http://online.securityfocus.com/bid/5922 Reference: XF:mcms-manuallogin-reasontxt-xss (10318) Reference: URL:http://www.iss.net/security_center/static/10318.php Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0002 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Green NOOP(1) Cox ====================================================== Candidate: CAN-2003-0003 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0003 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20030102 Category: SF Reference: BUGTRAQ:20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104394414713415&w=2 Reference: NTBUGTRAQ:20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104393588232166&w=2 Reference: MS:MS03-001 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-001.asp Reference: CERT:CA-2003-03 Reference: URL:http://www.cert.org/advisories/CA-2003-03.html Reference: CERT-VN:VU#610986 Reference: URL:http://www.kb.cert.org/vuls/id/610986 Reference: BID:6666 Reference: URL:http://www.securityfocus.com/bid/6666 Reference: XF:win-locator-bo(11132) Reference: URL:http://xforce.iss.net/xforce/xfdb/11132 Reference: OVAL:OVAL103 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL103.html Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. Modifications: 20040811 ADDREF BID:6666 20040811 ADDREF XF:win-locator-bo(11132) 20040824 ADDREF OVAL:OVAL103 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0003 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Baker MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:win-locator-bo(11132) ====================================================== Candidate: CAN-2003-0004 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0004 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030102 Category: SF Reference: BUGTRAQ:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104878038418534&w=2 Reference: VULNWATCH:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0154.html Reference: MS:MS03-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-005.asp Reference: BID:6778 Reference: URL:http://www.securityfocus.com/bid/6778 Reference: XF:winxp-windows-redirector-bo(11260) Reference: URL:http://www.iss.net/security_center/static/11260.php Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter. Modifications: 20040811 ADDREF BUGTRAQ:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability 20040811 ADDREF VULNWATCH:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability 20040811 ADDREF BID:6778 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0004 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Green NOOP(2) Christey, Cox Voter Comments: Christey> BUGTRAQ:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104878038418534&w=2 Christey> VULNWATCH:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0154.html Christey> BID:6778 URL:http://www.securityfocus.com/bid/6778 ====================================================== Candidate: CAN-2003-0007 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0007 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030102 Category: SF Reference: MS:MS03-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-003.asp Reference: BID:6667 Reference: URL:http://www.securityfocus.com/bid/6667 Reference: XF:outlook-v1-certificate-plaintext(11133) Reference: URL:http://xforce.iss.net/xforce/xfdb/11133 Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure." Modifications: 20040811 ADDREF BID:6667 20040811 ADDREF XF:outlook-v1-certificate-plaintext(11133) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0007 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Green NOOP(1) Cox ====================================================== Candidate: CAN-2003-0009 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0009 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030102 Category: SF Reference: BUGTRAQ:20030227 MS-Windows ME IE/Outlook/HelpCenter critical vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104636383018686&w=2 Reference: MS:MS03-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-006.asp Reference: CIAC:N-047 Reference: URL:http://www.ciac.org/ciac/bulletins/n-047.shtml Reference: CERT-VN:VU#489721 Reference: URL:http://www.kb.cert.org/vuls/id/489721 Reference: BID:6966 Reference: URL:http://www.securityfocus.com/bid/6966 Reference: XF:winme-hsc-hcp-bo(11425) Reference: URL:http://www.iss.net/security_center/static/11425.php Reference: OSVDB:6074 Reference: URL:http://www.osvdb.org/6074 Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter. Modifications: 20040811 ADDREF CIAC:N-047 20040811 ADDREF CERT-VN:VU#489721 20040811 ADDREF BID:6966 20040818 ADDREF OSVDB:6074 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0009 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Green NOOP(2) Christey, Cox Voter Comments: Christey> CIAC:N-047 URL:http://www.ciac.org/ciac/bulletins/n-047.shtml CERT-VN:VU#489721 URL:http://www.kb.cert.org/vuls/id/489721 BID:6966 URL:http://www.securityfocus.com/bid/6966 ====================================================== Candidate: CAN-2003-0012 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0012 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030106 Category: SF Reference: BUGTRAQ:20030102 [BUGZILLA] Security Advisory - remote database password disclosure Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104154319200399&w=2 Reference: DEBIAN:DSA-230 Reference: URL:http://www.debian.org/security/2003/dsa-230 Reference: REDHAT:RHSA-2003:012 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-012.html Reference: BID:6502 Reference: URL:http://online.securityfocus.com/bid/6502 Reference: XF:bugzilla-mining-world-writable(10971) Reference: URL:http://www.iss.net/security_center/static/10971.php The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data. Modifications: 20040811 ADDREF REDHAT:RHSA-2003:012 20040811 ADDREF XF:bugzilla-mining-world-writable(10971) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0012 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Jones NOOP(2) Christey, Cox Voter Comments: Christey> REDHAT:RHSA-2003:012 URL:http://www.redhat.com/support/errata/RHSA-2003-012.html XF:bugzilla-mining-world-writable(10971) URL:http://www.iss.net/security_center/static/10971.php ====================================================== Candidate: CAN-2003-0013 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0013 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030106 Category: CF Reference: BUGTRAQ:20030102 [BUGZILLA] Security Advisory - remote database password disclosure Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104154319200399&w=2 Reference: DEBIAN:DSA-230 Reference: URL:http://www.debian.org/security/2003/dsa-230 Reference: BID:6501 Reference: URL:http://online.securityfocus.com/bid/6501 Reference: XF:bugzilla-htaccess-database-password(10970) Reference: URL:http://www.iss.net/security_center/static/10970.php Reference: OSVDB:6351 Reference: URL:http://www.osvdb.org/6351 The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file. Modifications: 20040811 ADDREF XF:bugzilla-htaccess-database-password(10970) 20040818 ADDREF OSVDB:6351 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0013 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Jones NOOP(2) Christey, Cox Voter Comments: Christey> XF:bugzilla-htaccess-database-password(10970) URL:http://www.iss.net/security_center/static/10970.php ====================================================== Candidate: CAN-2003-0015 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030107 Category: SF Reference: VULNWATCH:20030120 Advisory 01/2003: CVS remote vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html Reference: MISC:http://security.e-matters.de/advisories/012003.html Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2003-January/003606.html Reference: BUGTRAQ:20030124 Test program for CVS double-free. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104342550612736&w=2 Reference: BUGTRAQ:20030202 Exploit for CVS double free() for Linux pserver Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104428571204468&w=2 Reference: CERT:CA-2003-02 Reference: URL:http://www.cert.org/advisories/CA-2003-02.html Reference: CONFIRM:http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14 Reference: CALDERA:CSSA-2003-006 Reference: DEBIAN:DSA-233 Reference: URL:http://www.debian.org/security/2003/dsa-233 Reference: FREEBSD:FreeBSD-SA-03:01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104438807203491&w=2 Reference: MANDRAKE:MDKSA-2003:009 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009 Reference: REDHAT:RHSA-2003:012 Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-012.html Reference: REDHAT:RHSA-2003:013 Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-013.html Reference: SUSE:SuSE-SA:2003:0007 Reference: BUGTRAQ:20030122 [security@slackware.com: [slackware-security] New CVS packages available] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104333092200589&w=2 Reference: CIAC:N-032 Reference: URL:http://www.ciac.org/ciac/bulletins/n-032.shtml Reference: CERT-VN:VU#650937 Reference: URL:http://www.kb.cert.org/vuls/id/650937 Reference: BID:6650 Reference: URL:http://www.securityfocus.com/bid/6650 Reference: XF:cvs-doublefree-memory-corruption(11108) Reference: URL:http://xforce.iss.net/xforce/xfdb/11108 Double-free vulnerabiity in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands. Modifications: 20040811 ADDREF BID:6650 20040811 ADDREF XF:cvs-doublefree-memory-corruption(11108) 20040811 ADDREF CIAC:N-032 20040811 ADDREF MANDRAKE:MDKSA-2003:009 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0015 ACCEPT (5 accept, 9 ack, 0 review) Current Votes: ACCEPT(4) Wall, Cole, Baker, Cox MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:cvs-doublefree-memory-corruption(11108) Christey> BID:6650 URL:http://www.securityfocus.com/bid/6650 CIAC:N-032 URL:http://www.ciac.org/ciac/bulletins/n-032.shtml MANDRAKE:MDKSA-2003:009 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:009 ====================================================== Candidate: CAN-2003-0016 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0016 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030107 Category: SF Reference: MLIST:[apache-httpd-announce] 20030120 [ANNOUNCE] Apache 2.0.44 Released Reference: URL:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=104313442901017&w=2 Reference: CERT-VN:VU#979793 Reference: URL:http://www.kb.cert.org/vuls/id/979793 Reference: CERT-VN:VU#825177 Reference: URL:http://www.kb.cert.org/vuls/id/825177 Reference: CONFIRM:http://www.apacheweek.com/issues/03-01-24#security Reference: BID:6659 Reference: URL:http://www.securityfocus.com/bid/6659 Reference: XF:apache-device-name-dos(11124) Reference: URL:http://xforce.iss.net/xforce/xfdb/11124 Reference: XF:apache-device-code-execution(11125) Reference: URL:http://xforce.iss.net/xforce/xfdb/11125 Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names. Modifications: 20040811 ADDREF CERT-VN:VU#979793 20040811 ADDREF CERT-VN:VU#825177 20040811 ADDREF CONFIRM:http://www.apacheweek.com/issues/03-01-24#security 20040811 ADDREF XF:apache-device-name-dos(11124) 20040811 ADDREF XF:apache-device-code-execution(11125) 20040811 ADDREF BID:6659 20040811 [refs] normalize MLIST Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0016 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Wall, Cole, Green, Baker, Cox NOOP(1) Christey Voter Comments: Cox> Addref: http://www.apacheweek.com/issues/03-01-24#security Christey> BUGTRAQ:20030122 Path Parsing Errata in Apache HTTP Server URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104326783301113&w=2 CERT-VN:VU#979793 URL:http://www.kb.cert.org/vuls/id/979793 CERT-VN:VU#825177 URL:http://www.kb.cert.org/vuls/id/825177 Need to update the description to cover the fact that there are 2 separate attack vectors / bugs here (note: CD:SF-LOC does suggest keeping these issues MERGED in a single item) ====================================================== Candidate: CAN-2003-0017 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0017 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030107 Category: SF Reference: CONFIRM:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=104313442901017&w=2 Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0017 ACCEPT_REV (4 accept, 1 ack, 1 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Cox REVIEWING(1) Wall Voter Comments: Cox> You can use this vulnerability to quickly build up a complete list of available files in a directory, (for example if "a>" returns a file then try "aa>" and so on. So suggest modification of "certain files" to "files". Addref: http://www.apacheweek.com/issues/03-01-24#security Green> SPECIFIC REFERENCE TO THE VULNERABILITY IN APACHE 2.0.44 ANNOUNCEMENT ====================================================== Candidate: CAN-2003-0018 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0018 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030107 Category: SF Reference: DEBIAN:DSA-358 Reference: URL:http://www.debian.org/security/2003/dsa-358 Reference: DEBIAN:DSA-423 Reference: URL:http://www.debian.org/security/2004/dsa-423 Reference: MANDRAKE:MDKSA-2003:014 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:014 Reference: REDHAT:RHSA-2003:025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-025.html Reference: BID:6763 Reference: URL:http://www.securityfocus.com/bid/6763 Reference: XF:linux-odirect-information-leak(11249) Reference: URL:http://www.iss.net/security_center/static/11249.php Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. Modifications: 20040811 ADDREF DEBIAN:DSA-423 20040811 ADDREF BID:6763 20040818 ADDREF DEBIAN:DSA-358 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0018 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Cox, Jones NOOP(1) Christey Voter Comments: Christey> BID:6763 URL:http://www.securityfocus.com/bid/6763 SUSE:SuSE-SA:2003:049 also references this bug: "race condition with files opened via O_DIRECT which could be exploited to read disk blocks randomly. This could include blocks of previously deleted files with sensitive content" Christey> DEBIAN:DSA-423 URL:http://www.debian.org/security/2004/dsa-423 ====================================================== Candidate: CAN-2003-0019 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0019 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030107 Category: SF Reference: REDHAT:RHSA-2003:056 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-056.html Reference: CERT-VN:VU#134025 Reference: URL:http://www.kb.cert.org/vuls/id/134025 Reference: CIAC:N-044 Reference: URL:http://www.ciac.org/ciac/bulletins/n-044.shtml Reference: BID:6801 Reference: URL:http://www.securityfocus.com/bid/6801 Reference: XF:linux-umlnet-gain-privileges(11276) Reference: URL:http://www.iss.net/security_center/static/11276.php uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode. Modifications: 20040811 ADDREF CIAC:N-044 20040811 ADDREF CERT-VN:VU#134025 20040811 ADDREF BID:6801 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0019 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Cox, Jones NOOP(1) Christey Voter Comments: Christey> CIAC:N-044 URL:http://www.ciac.org/ciac/bulletins/n-044.shtml CERT-VN:VU#134025 URL:http://www.kb.cert.org/vuls/id/134025 BID:6801 URL:http://www.securityfocus.com/bid/6801 ====================================================== Candidate: CAN-2003-0020 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20030107 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: APPLE:APPLE-SA-2004-05-03 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108369640424244&w=2 Reference: GENTOO:GLSA-200405-22 Reference: URL:http://security.gentoo.org/glsa/glsa-200405-22.xml Reference: HP:SSRT4717 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108731648532365&w=2 Reference: MANDRAKE:MDKSA-2003:050 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050 Reference: MANDRAKE:MDKSA-2004:046 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:046 Reference: REDHAT:RHSA-2003:082 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-082.html Reference: REDHAT:RHSA-2003:083 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-083.html Reference: REDHAT:RHSA-2003:104 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-104.html Reference: REDHAT:RHSA-2003:139 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-139.html Reference: REDHAT:RHSA-2003:243 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-243.html Reference: REDHAT:RHSA-2003:244 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-244.html Reference: TRUSTIX:2004-0017 Reference: URL:http://www.trustix.org/errata/2004/0017 Reference: TRUSTIX:2004-0027 Reference: URL:http://www.trustix.org/errata/2004/0027 Reference: SLACKWARE:SSA:2004-133 Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643 Reference: BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108437852004207&w=2 Reference: XF:apache-esc-seq-injection(11412) Reference: URL:http://www.iss.net/security_center/static/11412.php Reference: BID:9930 Reference: URL:http://www.securityfocus.com/bid/9930 Reference: OVAL:OVAL150 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL150.html Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. Modifications: 20040811 ADDREF REDHAT:RHSA-2003:139 20040811 ADDREF REDHAT:RHSA-2003:243 20040811 ADDREF MANDRAKE:MDKSA-2003:050 20040811 ADDREF TRUSTIX:2004-0017 20040811 ADDREF TRUSTIX:2004-0027 20040811 ADDREF APPLE:APPLE-SA-2004-05-03 20040811 ADDREF BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) 20040811 ADDREF SLACKWARE:SSA:2004-133 20040811 ADDREF MANDRAKE:MDKSA-2004:046 20040811 ADDREF GENTOO:GLSA-200405-22 20040811 ADDREF HP:SSRT4717 20040818 ADDREF REDHAT:RHSA-2003:082 20040818 ADDREF REDHAT:RHSA-2003:083 20040818 ADDREF REDHAT:RHSA-2003:104 20040818 ADDREF REDHAT:RHSA-2003:244 20040824 ADDREF OVAL:OVAL150 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0020 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Cole, Baker MODIFY(1) Cox NOOP(3) Wall, Green, Christey Voter Comments: CHANGE> [Cox changed vote from REVIEWING to MODIFY] Cox> This issue affects Apache 1.3.27, Apache 2.0.45 and earlier, as well as possibly later versions (since it's not fixed by ASF yet) Cox> ADDREF REDHAT:RHSA-2003:139 Christey> MANDRAKE:MDKSA-2003:050 (as suggested by Vincent Danen of Mandrake) Christey> REDHAT:RHSA-2003:243 Christey> BUGTRAQ:20040330 TSLSA-2004-0017 - apache URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108066914830552&w=2 Christey> APPLE:APPLE-SA-2004-05-03 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108369640424244&w=2 Christey> BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108437852004207&w=2 Christey> SLACKWARE:SSA:2004-133 URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643 TRUSTIX:2004-0027 URL:http://www.trustix.org/errata/2004/0027 Christey> MANDRAKE:MDKSA-2004:046 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:046 Christey> BUGTRAQ:20040526 [ GLSA 200405-22 ] Apache 1.3: Multiple vulnerabilities URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108559521611694&w=2 Christey> HP:SSRT4717 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108731648532365&w=2 ====================================================== Candidate: CAN-2003-0021 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0021 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030107 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: MANDRAKE:MDKSA-2003:040 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040 Reference: GENTOO:GLSA-200303-1 Reference: URL:http://www.linuxsecurity.com/advisories/gentoo_advisory-2911.html Reference: BID:6936 Reference: URL:http://www.securityfocus.com/bid/6936 Reference: XF:terminal-emulator-screen-dump(11413) Reference: URL:http://www.iss.net/security_center/static/11413.php The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence. Modifications: 20040811 ADDREF MANDRAKE:MDKSA-2003:040 20040811 ADDREF BID:6936 20040811 [refs] normalize GENTOO Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0021 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Cox NOOP(2) Wall, Christey Voter Comments: Christey> MANDRAKE:MDKSA-2003:040 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:040 Christey> MANDRAKE:MDKSA-2003:040 (as suggested by Vincent Danen of Mandrake) Christey> BID:6936 URL:http://www.securityfocus.com/bid/6936 ====================================================== Candidate: CAN-2003-0022 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0022 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030107 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: MANDRAKE:MDKSA-2003:034 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034 Reference: REDHAT:RHSA-2003:054 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-054.html Reference: REDHAT:RHSA-2003:055 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-055.html Reference: BID:6938 Reference: URL:http://www.securityfocus.com/bid/6938 Reference: XF:terminal-emulator-screen-dump(11413) Reference: URL:http://www.iss.net/security_center/static/11413.php The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence. Modifications: 20040811 ADDREF REDHAT:RHSA-2003:055 20040811 ADDREF MANDRAKE:MDKSA-2003:034 20040811 ADDREF BID:6938 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0022 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker MODIFY(1) Cox NOOP(2) Wall, Christey Voter Comments: Cox> Addref: RHSA-2003:055 Christey> MANDRAKE:MDKSA-2003:034 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:034 Green> ACKNOWLEDGED IN RHSA-2003:054-07 Christey> MANDRAKE:MDKSA-2003:034 (as suggested by Vincent Danen of Mandrake) Christey> BID:6938 URL:http://www.securityfocus.com/bid/6938 ====================================================== Candidate: CAN-2003-0023 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0023 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030107 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: MANDRAKE:MDKSA-2003:034 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034 Reference: REDHAT:RHSA-2003:055 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-055.html Reference: REDHAT:RHSA-2003:054 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-054.html Reference: BID:6947 Reference: URL:http://www.securityfocus.com/bid/6947 Reference: XF:terminal-emulator-menu-modification(11416) Reference: URL:http://www.iss.net/security_center/static/11416.php The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu. Modifications: 20040811 ADDREF REDHAT:RHSA-2003:055 20040811 ADDREF MANDRAKE:MDKSA-2003:034 20040811 ADDREF BID:6947 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0023 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker MODIFY(1) Cox NOOP(2) Wall, Christey Voter Comments: Cox> Addref: RHSA-2003:055 Christey> MANDRAKE:MDKSA-2003:034 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:034 Green> ACKNOWLEDGED IN RHSA-2003:054-07 Christey> MANDRAKE:MDKSA-2003:034 (as suggested by Vincent Danen of Mandrake) Christey> BID:6947 URL:http://www.securityfocus.com/bid/6947 ====================================================== Candidate: CAN-2003-0024 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0024 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030107 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: BID:6949 Reference: URL:http://www.securityfocus.com/bid/6949 Reference: XF:terminal-emulator-menu-modification(11416) Reference: URL:http://www.iss.net/security_center/static/11416.php The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu. Modifications: 20040811 ADDREF BID:6949 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0024 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Baker, Cox NOOP(3) Wall, Green, Christey Voter Comments: Christey> BID:6949 URL:http://www.securityfocus.com/bid/6949 ====================================================== Candidate: CAN-2003-0027 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0027 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20030110 Category: SF Reference: BUGTRAQ:20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104326556329850&w=2 Reference: MISC:http://www.entercept.com/news/uspr/01-22-03.asp Reference: SUNALERT:50104 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50104 Reference: CERT-VN:VU#850785 Reference: URL:http://www.kb.cert.org/vuls/id/850785 Reference: BID:6665 Reference: URL:http://www.securityfocus.com/bid/6665 Reference: XF:solaris-kcms-directory-traversal(11129) Reference: URL:http://xforce.iss.net/xforce/xfdb/11129 Reference: OVAL:OVAL120 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL120.html Reference: OVAL:OVAL195 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL195.html Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure. Modifications: 20040811 ADDREF SUNALERT:50104 20040811 ADDREF BID:6665 20040811 ADDREF XF:solaris-kcms-directory-traversal(11129) 20040824 ADDREF OVAL:OVAL120 20040824 ADDREF OVAL:OVAL195 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0027 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Baker MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:solaris-kcms-directory-traversal(11129) ====================================================== Candidate: CAN-2003-0032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0032 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030112 Category: SF Reference: BUGTRAQ:20030103 Multiple libmcrypt vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104162752401212&w=2 Reference: BUGTRAQ:20030105 GLSA: libmcrypt Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104188513728573&w=2 Reference: DEBIAN:DSA-228 Reference: URL:http://www.debian.org/security/2003/dsa-228 Reference: CONECTIVA:CLA-2003:567 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567 Reference: SUSE:SuSE-SA:2003:0010 Reference: XF:libmcrypt-libtool-memory-leak(10988) Reference: URL:http://www.iss.net/security_center/static/10988.php Reference: BID:6512 Reference: URL:http://www.securityfocus.com/bid/6512 Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool. Modifications: 20040811 ADDREF XF:libmcrypt-libtool-memory-leak(10988) 20040811 ADDREF BID:6512 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0032 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Jones NOOP(2) Christey, Cox Voter Comments: Christey> XF:libmcrypt-libtool-memory-leak(10988) URL:http://www.iss.net/security_center/static/10988.php BID:6512 URL:http://www.securityfocus.com/bid/6512 ====================================================== Candidate: CAN-2003-0033 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0033 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030115 Category: SF Reference: ISS:20030303 Snort RPC Preprocessing Vulnerability Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951 Reference: BUGTRAQ:20030303 Snort RPC Vulnerability (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104673386226064&w=2 Reference: DEBIAN:DSA-297 Reference: URL:http://www.debian.org/security/2003/dsa-297 Reference: ENGARDE:ESA-20030307-007 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html Reference: GENTOO:GLSA-200304-06 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154530427824&w=2 Reference: GENTOO:GLSA-200303-6.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104716001503409&w=2 Reference: MANDRAKE:MDKSA-2003:029 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:029 Reference: CERT:CA-2003-13 Reference: URL:http://www.cert.org/advisories/CA-2003-13.html Reference: CERT-VN:VU#916785 Reference: URL:http://www.kb.cert.org/vuls/id/916785 Reference: BID:6963 Reference: URL:http://www.securityfocus.com/bid/6963 Reference: XF:snort-rpc-fragment-bo(10956) Reference: URL:http://www.iss.net/security_center/static/10956.php Reference: OSVDB:4418 Reference: URL:http://www.osvdb.org/4418 Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets. Modifications: 20040811 ADDREF CERT:CA-2003-13 20040811 ADDREF CERT-VN:VU#916785 20040811 ADDREF DEBIAN:DSA-297 20040811 ADDREF GENTOO:GLSA-200304-06 20040811 ADDREF BID:6963 20040811 [refs] normalize GENTOO 200303-6.1 20040818 ADDREF OSVDB:4418 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0033 ACCEPT (4 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Jones NOOP(2) Christey, Cox Voter Comments: Christey> CERT:CA-2003-13 URL:http://www.cert.org/advisories/CA-2003-13.html CERT-VN:VU#916785 URL:http://www.kb.cert.org/vuls/id/916785 Christey> BUGTRAQ:20030428 GLSA: snort (200304-06) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154530427824&w=2 Christey> DEBIAN:DSA-297 URL:http://www.debian.org/security/2003/dsa-297 ====================================================== Candidate: CAN-2003-0039 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0039 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030127 Category: SF Reference: BUGTRAQ:20030115 DoS against DHCP infrastructure with isc dhcrelay Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104310927813830&w=2 Reference: CONECTIVA:CLSA-2003:616 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616 Reference: DEBIAN:DSA-245 Reference: URL:http://www.debian.org/security/2003/dsa-245 Reference: REDHAT:RHSA-2003:034 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-034.html Reference: TURBO:TLSA-2003-26 Reference: URL:http://cc.turbolinux.com/security/TLSA-2003-26.txt Reference: BUGTRAQ:20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd) Reference: URL:http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.html Reference: CERT-VN:VU#149953 Reference: URL:http://www.kb.cert.org/vuls/id/149953 Reference: BID:6628 Reference: URL:http://www.securityfocus.com/bid/6628 Reference: XF:dhcp-dhcrelay-dos(11187) Reference: URL:http://xforce.iss.net/xforce/xfdb/11187 ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count. Modifications: 20040811 ADDREF REDHAT:RHSA-2003:034 20040811 ADDREF CONECTIVA:CLSA-2003:616 20040811 ADDREF CERT-VN:VU#149953 20040811 ADDREF TURBO:TLSA-2003-26 20040811 ADDREF XF:dhcp-dhcrelay-dos(11187) 20040811 ADDREF BID:6628 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2003-0039 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Cox, Jones NOOP(1) Christey Voter Comments: Christey> REDHAT:RHSA-2003:034 URL:http://www.redhat.com/support/errata/RHSA-2003-034.html ====================================================== Candidate: CAN-2003-0040 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0040 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030127 Category: SF Reference: DEBIAN:DSA-247 Reference: URL:http://www.debian.org/security/2003/dsa-247 Reference: BID:6738 Reference: URL:http://www.securityfocus.com/bid/6738 Reference: XF:courierimap-authmysqllib-sql-injection(11213) Reference: URL:http://xforce.iss.net/xforce/xfdb/11213 SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name. Modifications: 20040811 ADDREF BID:6738 20040811 ADDREF XF:courierimap-authmysqllib-sql-injection(11213) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0040 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green NOOP(1) Cox REVIEWING(1) Jones Voter Comments: Jones> [JHJ] Specific user name? ====================================================== Candidate: CAN-2003-0043 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0043 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030127 Category: SF Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/ Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt Reference: DEBIAN:DSA-246 Reference: URL:http://www.debian.org/security/2003/dsa-246 Reference: HP:HPSBUX0303-249 Reference: URL:http://www.securityfocus.com/advisories/5111 Reference: BID:6722 Reference: URL:http://www.securityfocus.com/bid/6722 Reference: XF:tomcat-webxml-read-files(11195) Reference: URL:http://xforce.iss.net/xforce/xfdb/11195 Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. Modifications: 20040811 ADDREF HP:HPSBUX0303-249 20040811 ADDREF BID:6722 20040811 ADDREF XF:tomcat-webxml-read-files(11195) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0043 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Cox, Jones Voter Comments: CHANGE> [Cox changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2003-0045 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0045 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030127 Category: SF Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt Reference: XF:jakarta-tomcat-msdos-dos(12102) Reference: URL:http://xforce.iss.net/xforce/xfdb/12102 Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. Modifications: 20040811 ADDREF XF:jakarta-tomcat-msdos-dos(12102) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0045 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Cox NOOP(1) Wall Voter Comments: CHANGE> [Cox changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2003-0050 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0050 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030128 Category: SF Reference: ATSTAKE:A032403-1 Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2 Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt Reference: BID:6954 Reference: URL:http://www.securityfocus.com/bid/6954 Reference: XF:quicktime-darwin-command-execution(11401) Reference: URL:http://www.iss.net/security_center/static/11401.php parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters. Modifications: 20040811 ADDREF BID:6954 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2003-0050 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Wall, Cox ====================================================== Candidate: CAN-2003-0051 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0051 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030128 Category: SF Reference: ATSTAKE:A032403-1 Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2 Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt Reference: BID:6956 Reference: URL:http://www.securityfocus.com/bid/6956 Reference: XF:quicktime-darwin-path-disclosure(11402) Reference: URL:http://www.iss.net/security_center/static/11402.php parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter. Modifications: 20040811 ADDREF BID:6956 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0051 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Wall, Cox Voter Comments: Green> APPEARS TO BE ACKNOWLEDGED IN AppleCare Knowledge Base Documents 70171 and 70172 ====================================================== Candidate: CAN-2003-0052 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0052 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030128 Category: SF Reference: ATSTAKE:A032403-1 Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2 Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt Reference: BID:6955 Reference: URL:http://www.securityfocus.com/bid/6955 Reference: XF:quicktime-darwin-directory-disclosure(11403) Reference: URL:http://www.iss.net/security_center/static/11403.php parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories. Modifications: 20040811 ADDREF BID:6955 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0052 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Wall, Cox Voter Comments: Green> APPEARS TO BE ACKNOWLEDGED IN AppleCare Knowledge Base Documents 70171 and 70172 ====================================================== Candidate: CAN-2003-0053 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0053 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030128 Category: SF Reference: ATSTAKE:A032403-1 Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2 Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt Reference: BID:6958 Reference: URL:http://www.securityfocus.com/bid/6958 Reference: XF:quicktime-darwin-parsexml-xss(11404) Reference: URL:http://www.iss.net/security_center/static/11404.php Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message. Modifications: 20040811 ADDREF BID:6958 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0053 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Wall, Cox Voter Comments: Green> APPEARS TO BE ACKNOWLEDGED IN AppleCare Knowledge Base Documents 70171 and 70172 ====================================================== Candidate: CAN-2003-0054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0054 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030128 Category: SF Reference: ATSTAKE:A032403-1 Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2 Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt Reference: BID:6960 Reference: URL:http://www.securityfocus.com/bid/6960 Reference: XF:quicktime-darwin-describe-xss(11405) Reference: URL:http://www.iss.net/security_center/static/11405.php Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser. Modifications: 20040811 ADDREF BID:6960 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0054 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Wall, Cox Voter Comments: Green> APPEARS TO BE ACKNOWLEDGED IN AppleCare Knowledge Base Documents70171 and 70172 ====================================================== Candidate: CAN-2003-0055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0055 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030128 Category: SF Reference: ATSTAKE:A032403-1 Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2 Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt Reference: BID:6957 Reference: URL:http://www.securityfocus.com/bid/6957 Reference: XF:quicktime-darwin-mp3-bo(11406) Reference: URL:http://www.iss.net/security_center/static/11406.php Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename. Modifications: 20040811 ADDREF BID:6957 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0055 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(3) Wall, Christey, Cox Voter Comments: Green> APPEARS TO BE ACKNOWLEDGED IN AppleCare Knowledge Base Documents 7017 and 70172 Christey> BID:6957 URL:http://www.securityfocus.com/bid/6957 ====================================================== Candidate: CAN-2003-0058 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0058 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030131 Category: SF Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt Reference: CERT-VN:VU#661243 Reference: URL:http://www.kb.cert.org/vuls/id/661243 Reference: CONECTIVA:CLSA-2003:639 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639 Reference: MANDRAKE:MDKSA-2003:043 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043 Reference: REDHAT:RHSA-2003:051 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html Reference: REDHAT:RHSA-2003:052 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html Reference: REDHAT:RHSA-2003:168 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html Reference: SUNALERT:50142 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50142 Reference: BID:6683 Reference: URL:http://www.securityfocus.com/bid/6683 Reference: XF:kerberos-kdc-null-pointer-dos(10099) Reference: URL:http://xforce.iss.net/xforce/xfdb/10099 MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. Modifications: 20040811 ADDREF CONECTIVA:CLSA-2003:639 20040811 ADDREF REDHAT:RHSA-2003:051 20040811 ADDREF REDHAT:RHSA-2003:052 20040811 ADDREF MANDRAKE:MDKSA-2003:043 20040811 ADDREF SUNALERT:50142 20040811 ADDREF XF:kerberos-kdc-null-pointer-dos(10099) 20040811 ADDREF BID:6683 20040818 ADDREF REDHAT:RHSA-2003:168 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0058 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Baker MODIFY(2) Frech, Cox NOOP(3) Wall, Cole, Christey Voter Comments: CHANGE> [Cox changed vote from ACCEPT to MODIFY] Cox> Addref RHSA-2003:051 Cox> Addref REDHAT:RHSA-2003:052 Green> PATCH ADDRESSING THIS ISSUE RELEASED 3/26/03 Christey> MANDRAKE:MDKSA-2003:043 (as suggested by Vincent Danen of Mandrake) Frech> XF:kerberos-kdc-null-pointer-dos(10099) ====================================================== Candidate: CAN-2003-0059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0059 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030131 Category: SF Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt Reference: CONECTIVA:CLSA-2003:639 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639 Reference: MANDRAKE:MDKSA-2003:043 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043 Reference: REDHAT:RHSA-2003:051 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html Reference: REDHAT:RHSA-2003:052 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html Reference: REDHAT:RHSA-2003:168 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html Reference: CERT-VN:VU#684563 Reference: URL:http://www.kb.cert.org/vuls/id/684563 Reference: BID:6714 Reference: URL:http://www.securityfocus.com/bid/6714 Reference: XF:kerberos-kdc-user-spoofing(11188) Reference: URL:http://xforce.iss.net/xforce/xfdb/11188 Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys. Modifications: 20040811 ADDREF CONECTIVA:CLSA-2003:639 20040811 ADDREF REDHAT:RHSA-2003:051 20040811 ADDREF REDHAT:RHSA-2003:052 20040811 ADDREF MANDRAKE:MDKSA-2003:043 20040811 ADDREF BID:6714 20040811 ADDREF XF:kerberos-kdc-user-spoofing(11188) 20040818 ADDREF REDHAT:RHSA-2003:168 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0059 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Green, Baker MODIFY(2) Frech, Cox NOOP(3) Wall, Cole, Christey Voter Comments: Cox> This is actually fixed in krb5 version 1.2.3 not 1.2.5 Cox> Addref RHSA-2003:051 Cox> Addref REDHAT:RHSA-2003:052 Christey> MANDRAKE:MDKSA-2003:043 (as suggested by Vincent Danen of Mandrake) Frech> XF:kerberos-kdc-user-spoofing(11188) ====================================================== Candidate: CAN-2003-0062 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0062 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030204 Category: SF Reference: BUGTRAQ:20030210 iDEFENSE Security Advisory 02.10.03: Buffer Overflow In NOD32 Antivirus Software for Unix Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104490777824360&w=2 Reference: MISC:http://www.idefense.com/advisory/02.10.03.txt Reference: BID:6803 Reference: URL:http://www.securityfocus.com/bid/6803 Reference: XF:nod32-pathname-bo(11282) Reference: URL:http://www.iss.net/security_center/static/11282.php Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name. Modifications: 20040811 ADDREF BID:6803 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0062 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Stracener, Baker NOOP(3) Wall, Green, Cox ====================================================== Candidate: CAN-2003-0063 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030204 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: DEBIAN:DSA-380 Reference: URL:http://www.debian.org/security/2003/dsa-380 Reference: REDHAT:RHSA-2003:064 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-064.html Reference: REDHAT:RHSA-2003:065 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-065.html Reference: REDHAT:RHSA-2003:066 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-066.html Reference: REDHAT:RHSA-2003:067 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-067.html Reference: BID:6940 Reference: URL:http://www.securityfocus.com/bid/6940 Reference: XF:terminal-emulator-window-title(11414) Reference: URL:http://www.iss.net/security_center/static/11414.php The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Modifications: 20040811 ADDREF BID:6940 20040811 ADDREF DEBIAN:DSA-380 20040811 ADDREF REDHAT:RHSA-2003:063 20040811 ADDREF REDHAT:RHSA-2003:067 20040818 ADDREF REDHAT:RHSA-2003:065 20040818 ADDREF REDHAT:RHSA-2003:066 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0063 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker MODIFY(1) Cox NOOP(2) Wall, Christey Voter Comments: Cox> add "and earlier", this does not just affect 4.2.0 Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE VERIFIED AND REPLICATABLE Christey> REDHAT:RHSA-2003:067 URL:http://www.redhat.com/support/errata/RHSA-2003-067.html Christey> DEBIAN:DSA-380 ====================================================== Candidate: CAN-2003-0064 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0064 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030204 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: HP:HPSBUX0401-309 Reference: URL:http://www.securityfocus.com/advisories/6236 Reference: BID:6942 Reference: URL:http://www.securityfocus.com/bid/6942 Reference: XF:terminal-emulator-window-title(11414) Reference: URL:http://www.iss.net/security_center/static/11414.php The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Modifications: 20040811 ADDREF BID:6942 20040811 ADDREF HP:HPSBUX0401-309 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0064 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Cox NOOP(1) Wall Voter Comments: Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE VERIFIED AND REPLICATABLE ====================================================== Candidate: CAN-2003-0065 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0065 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030204 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: BID:6945 Reference: URL:http://www.securityfocus.com/bid/6945 Reference: XF:terminal-emulator-window-title(11414) Reference: URL:http://www.iss.net/security_center/static/11414.php The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Modifications: 20040811 ADDREF BID:6945 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0065 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Cox NOOP(1) Wall Voter Comments: Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE VERIFIED AND REPLICATABLE ====================================================== Candidate: CAN-2003-0066 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0066 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030204 Category: SF Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: GENTOO:200303-16 Reference: URL:http://www.securityfocus.com/advisories/5137 Reference: MANDRAKE:MDKSA-2003:003 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003 Reference: REDHAT:RHSA-2003:054 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-054.html Reference: REDHAT:RHSA-2003:055 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-055.html Reference: BID:6953 Reference: URL:http://www.securityfocus.com/bid/6953 Reference: XF:terminal-emulator-window-title(11414) Reference: URL:http://www.iss.net/security_center/static/11414.php The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Modifications: 20040811 ADDREF GENTOO:200303-16 20040811 ADDREF MANDRAKE:MDKSA-2003:003 20040811 ADDREF REDHAT:RHSA-2003:055 20040811 ADDREF BID:6953 20040811 [desc] add "and earlier" for versions Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0066 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker MODIFY(1) Cox NOOP(2) Wall, Christey Voter Comments: Cox> This also affects versions of rxvt prior to 2.7.8 Addref: RHSA-2003:055 Christey> MANDRAKE:MDKSA-2003:034 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:034 Green> ACKNOWLEDGED IN RHSA-2003:054-07 Christey> MANDRAKE:MDKSA-2003:034 (as suggested by Vincent Danen of Mandrake) ====================================================== Candidate: CAN-2003-0067 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0067 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20030204 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: XF:terminal-emulator-window-title(11414) Reference: URL:http://www.iss.net/security_center/static/11414.php The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0067 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Cox NOOP(1) Wall Voter Comments: Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE VERIFIED AND REPLICATABLE ====================================================== Candidate: CAN-2003-0068 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0068 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030204 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: DEBIAN:DSA-496 Reference: URL:http://www.debian.org/security/2004/dsa-496 Reference: GENTOO:GLSA-200303-1 Reference: URL:http://lwn.net/Articles/24193/ Reference: MANDRAKE:MDKSA-2003:040 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040 Reference: BID:10237 Reference: URL:http://www.securityfocus.com/bid/10237 Reference: XF:terminal-emulator-window-title(11414) Reference: URL:http://www.iss.net/security_center/static/11414.php The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Modifications: 20040811 ADDREF BID:10237 20040811 ADDREF DEBIAN:DSA-496 20040811 ADDREF GENTOO:GLSA-200303-1 20040811 ADDREF MANDRAKE:MDKSA-2003:040 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0068 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Cox NOOP(2) Wall, Christey Voter Comments: Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE VERIFIED AND REPLICATABLE Christey> MANDRAKE:MDKSA-2003:040 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:040 Christey> MANDRAKE:MDKSA-2003:040 (as suggested by Vincent Danen of Mandrake) Christey> DEBIAN:DSA-496 URL:http://www.debian.org/security/2004/dsa-496 ====================================================== Candidate: CAN-2003-0069 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0069 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030204 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: XF:terminal-emulator-window-title(11414) Reference: URL:http://www.iss.net/security_center/static/11414.php Reference: OSVDB:8347 Reference: URL:http://www.osvdb.org/8347 The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Modifications: 20040818 ADDREF OSVDB:8347 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0069 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Cox NOOP(1) Wall Voter Comments: Green> RELEASE NOTES OF 2002-11-12 ACKNOWLEDGE THE RAPID7 FINDINGS ====================================================== Candidate: CAN-2003-0070 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0070 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030204 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: REDHAT:RHSA-2003:053 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-053.html Reference: GENTOO:GLSA-200303-2 Reference: URL:http://seclists.org/lists/bugtraq/2003/Mar/0010.html Reference: XF:terminal-emulator-window-title(11414) Reference: URL:http://www.iss.net/security_center/static/11414.php VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Modifications: 20040811 [refs] normalize GENTOO Analysis -------- Vendor Acknowledgement: yes advisory ACCURACY: Affected versions confirmed by Mark Cox of Red Hat via email. INFERRED ACTION: CAN-2003-0070 ACCEPT_REV (4 accept, 1 ack, 1 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Cox REVIEWING(1) Jones Voter Comments: Jones> [JHJ] "gnome-terminal terminal"? flow/clarity? ====================================================== Candidate: CAN-2003-0071 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0071 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030204 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: DEBIAN:DSA-380 Reference: URL:http://www.debian.org/security/2003/dsa-380 Reference: REDHAT:RHSA-2003:064 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-064.html Reference: REDHAT:RHSA-2003:065 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-065.html Reference: REDHAT:RHSA-2003:066 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-066.html Reference: REDHAT:RHSA-2003:067 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-067.html Reference: BID:6950 Reference: URL:http://www.securityfocus.com/bid/6950 Reference: XF:terminal-emulator-dec-udk(11415) Reference: URL:http://www.iss.net/security_center/static/11415.php The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop. Modifications: 20040811 ADDREF BID:6950 20040811 ADDREF DEBIAN:DSA-380 20040811 ADDREF REDHAT:RHSA-2003:067 20040818 ADDREF REDHAT:RHSA-2003:064 20040818 ADDREF REDHAT:RHSA-2003:065 20040818 ADDREF REDHAT:RHSA-2003:066 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0071 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Cox NOOP(2) Wall, Christey Voter Comments: Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE VERIFIED AND REPLICATABLE Christey> REDHAT:RHSA-2003:067 URL:http://www.redhat.com/support/errata/RHSA-2003-067.html Christey> DEBIAN:DSA-380 ====================================================== Candidate: CAN-2003-0073 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0073 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20030204 Category: SF Reference: CONFIRM:http://www.mysql.com/doc/en/News-3.23.55.html Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013 Reference: BUGTRAQ:20030129 [OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104385719107879&w=2 Reference: CONECTIVA:CLA-2003:743 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743 Reference: DEBIAN:DSA-303 Reference: URL:http://www.debian.org/security/2003/dsa-303 Reference: ENGARDE:ESA-20030220-004 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html Reference: MANDRAKE:MDKSA-2003:013 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013 Reference: REDHAT:RHSA-2003:093 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-093.html Reference: REDHAT:RHSA-2003:094 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-094.html Reference: REDHAT:RHSA-2003:166 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html Reference: BID:6718 Reference: URL:http://www.securityfocus.com/bid/6718 Reference: XF:mysql-mysqlchangeuser-doublefree-dos(11199) Reference: URL:http://www.iss.net/security_center/static/11199.php Reference: OVAL:OVAL436 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL436.html Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. Modifications: 20040811 ADDREF CONECTIVA:CLA-2003:743 20040811 ADDREF DEBIAN:DSA-303 20040811 ADDREF REDHAT:RHSA-2003:093 20040811 ADDREF REDHAT:RHSA-2003:094 20040811 ADDREF BID:6718 20040818 ADDREF REDHAT:RHSA-2003:166 20040824 ADDREF OVAL:OVAL436 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0073 ACCEPT_REV (4 accept, 3 ack, 1 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green MODIFY(1) Cox NOOP(1) Christey REVIEWING(1) Jones Voter Comments: Jones> [JHJ] double-free? CHANGE> [Cox changed vote from ACCEPT to MODIFY] Cox> ADDREF REDHAT:RHSA-2003:094 Christey> REDHAT:RHSA-2003:093 URL:http://www.redhat.com/support/errata/RHSA-2003-093.html Christey> DEBIAN:DSA-303 URL:http://www.debian.org/security/2003/dsa-303 Christey> CONECTIVA:CLA-2003:743 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743 ====================================================== Candidate: CAN-2003-0075 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0075 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20030202 Bladeenc 0.94.2 code execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104428700106672&w=2 Reference: MISC:http://www.pivx.com/luigi/adv/blade942-adv.txt Reference: GENTOO:GLSA-200302-04 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104446346127432&w=2 Reference: BID:6745 Reference: URL:http://www.securityfocus.com/bid/6745 Reference: XF:bladeenc-myfseek-code-execution(11227) Reference: URL:http://www.iss.net/security_center/static/11227.php Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk. Modifications: 20040811 ADDREF BID:6745 20040811 [refs] normalize GENTOO Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0075 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Wall, Cox ====================================================== Candidate: CAN-2003-0077 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0077 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030210 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: REDHAT:RHSA-2003:070 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-070.html Reference: REDHAT:RHSA-2003:071 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-071.html Reference: XF:terminal-emulator-window-title(11414) Reference: URL:http://www.iss.net/security_center/static/11414.php Reference: OSVDB:4917 Reference: URL:http://www.osvdb.org/4917 The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Modifications: 20040811 ADDREF REDHAT:RHSA-2003:070 20040811 [desc] change versions 20040818 ADDREF REDHAT:RHSA-2003:071 20040818 ADDREF OSVDB:4917 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0077 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker MODIFY(1) Cox NOOP(2) Wall, Christey Voter Comments: Cox> This is not yet fixed upstream (2003-03-24) therefore "2.0.5" should be removed Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE VERIFIED AND REPLICATABLE Christey> REDHAT:RHSA-2003:070 URL:http://www.redhat.com/support/errata/RHSA-2003-070.html ====================================================== Candidate: CAN-2003-0078 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030210 Category: SF Reference: CONFIRM:http://www.openssl.org/news/secadv_20030219.txt Reference: BUGTRAQ:20030219 OpenSSL 0.9.7a and 0.9.6i released Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104567627211904&w=2 Reference: CONECTIVA:CLSA-2003:570 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570 Reference: DEBIAN:DSA-253 Reference: URL:http://www.debian.org/security/2003/dsa-253 Reference: ENGARDE:ESA-20030220-005 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html Reference: FREEBSD:FreeBSD-SA-03:02 Reference: GENTOO:GLSA-200302-10 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104577183206905&w=2 Reference: REDHAT:RHSA-2003:062 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-062.html Reference: REDHAT:RHSA-2003:063 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-063.html Reference: REDHAT:RHSA-2003:082 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-082.html Reference: REDHAT:RHSA-2003:104 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-104.html Reference: REDHAT:RHSA-2003:205 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-205.html Reference: SGI:20030501-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I Reference: TRUSTIX:2003-0005 Reference: URL:http://www.trustix.org/errata/2003/0005 Reference: MANDRAKE:MDKSA-2003:020 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020 Reference: NETBSD:NetBSD-SA2003-001 Reference: SUSE:SuSE-SA:2003:011 Reference: BUGTRAQ:20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104568426824439&w=2 Reference: CIAC:N-051 Reference: URL:http://www.ciac.org/ciac/bulletins/n-051.shtml Reference: BID:6884 Reference: URL:http://www.securityfocus.com/bid/6884 Reference: XF:ssl-cbc-information-leak(11369) Reference: URL:http://www.iss.net/security_center/static/11369.php Reference: OSVDB:3945 Reference: URL:http://www.osvdb.org/3945 ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." Modifications: 20040811 [refs] normalize GENTOO 20040811 [refs] normalize TRUSTIX 20040811 ADDREF REDHAT:RHSA-2003:062 20040811 ADDREF REDHAT:RHSA-2003:063 20040811 ADDREF REDHAT:RHSA-2003:082 20040811 ADDREF REDHAT:RHSA-2003:104 20040811 ADDREF REDHAT:RHSA-2003:205 20040811 ADDREF SGI:20030501-01-I 20040811 ADDREF CIAC:N-051 20040811 ADDREF BUGTRAQ:20030526 TLS timing attack on OpenSSL [can-2003-78] [bid 6884] exploit 20040811 ADDREF BID:6884 20040818 ADDREF OSVDB:3945 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0078 ACCEPT (5 accept, 8 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Jones MODIFY(1) Cox NOOP(1) Christey Voter Comments: Christey> ** WARNING ** This candidate was accidentally assigned to two different issues. It is for the OpenSSL issue *ONLY*. A separate candidate will be provided for the hanterm-xf window title reporting bug. Cox> Addref: RHSA-2003:104 Addref: RHSA-2003:082 Addref: RHSA-2003:063 Addref: RHSA-2003:062 Christey> BUGTRAQ:20030526 TLS timing attack on OpenSSL [can-2003-78] [bid 6884] exploit URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104869795326445&w=2 Christey> SGI:20030501-01-I URL:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I Christey> CIAC:N-051 URL:http://www.ciac.org/ciac/bulletins/n-051.shtml - URL REDHAT:RHSA-2003:062 URL:http://www.redhat.com/support/errata/RHSA-2003-062.html Christey> REDHAT:RHSA-2003:205 ====================================================== Candidate: CAN-2003-0079 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0079 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030210 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: REDHAT:RHSA-2003:070 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-070.html Reference: REDHAT:RHSA-2003:071 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-071.html Reference: BID:6944 Reference: URL:http://www.securityfocus.com/bid/6944 Reference: XF:terminal-emulator-dec-udk(11415) Reference: URL:http://www.iss.net/security_center/static/11415.php Reference: OSVDB:4918 Reference: URL:http://www.osvdb.org/4918 The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop. Modifications: 20040811 ADDREF REDHAT:RHSA-2003:070 20040811 ADDREF REDHAT:RHSA-2003:071 20040811 ADDREF BID:6944 20040818 ADDREF OSVDB:4918 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0079 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Cox NOOP(2) Wall, Christey Voter Comments: Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE VERIFIED AND REPLICATABLE Christey> REDHAT:RHSA-2003:070 URL:http://www.redhat.com/support/errata/RHSA-2003-070.html ====================================================== Candidate: CAN-2003-0081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0081 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20030210 Category: SF Reference: FULLDISC:20030308 Ethereal format string bug, yet still ethereal much better than windows Reference: URL:http://seclists.org/lists/fulldisclosure/2003/Mar/0080.html Reference: MISC:http://www.guninski.com/etherre.html Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00008.html Reference: CONECTIVA:CLSA-2003:627 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000627 Reference: DEBIAN:DSA-258 Reference: URL:http://www.debian.org/security/2003/dsa-258 Reference: GENTOO:GLSA-200303-10 Reference: URL:http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html Reference: MANDRAKE:MDKSA-2003:051 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:051 Reference: REDHAT:RHSA-2003:076 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-076.html Reference: REDHAT:RHSA-2003:077 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-077.html Reference: SUSE:SuSE-SA:2003:019 Reference: URL:http://www.suse.de/de/security/2003_019_ethereal.html Reference: BID:7049 Reference: URL:http://www.securityfocus.com/bid/7049 Reference: XF:ethereal-socks-format-string(11497) Reference: URL:http://xforce.iss.net/xforce/xfdb/11497 Reference: OVAL:OVAL54 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL54.html Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers. Modifications: 20040811 ADDREF CONECTIVA:CLSA-2003:627 20040811 ADDREF GENTOO:GLSA-200303-10 20040811 ADDREF REDHAT:RHSA-2003:076 20040811 ADDREF REDHAT:RHSA-2003:077 20040811 ADDREF SUSE:SuSE-SA:2003:019 20040811 CHANGEREF BUGTRAQ FULLDISC 20040811 ADDREF BID:7049 20040811 ADDREF XF:ethereal-socks-format-string(11497) 20040824 ADDREF OVAL:OVAL54 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0081 ACCEPT (4 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Cox NOOP(2) Christey, Jones Voter Comments: Christey> SUSE:SuSE-SA:2003:019 URL:http://www.suse.de/de/security/2003_019_ethereal.html Christey> MANDRAKE:MDKSA-2003:051 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:051 ====================================================== Candidate: CAN-2003-0087 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0087 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030210 Category: SF Reference: BUGTRAQ:20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104508375107938&w=2 Reference: VULNWATCH:20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0066.html Reference: BUGTRAQ:20030212 libIM.a buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104508833214691&w=2 Reference: MISC:http://www.idefense.com/advisory/02.12.03.txt Reference: AIXAPAR:IY40307 Reference: AIXAPAR:IY40317 Reference: AIXAPAR:IY40320 Reference: BID:6840 Reference: URL:http://www.securityfocus.com/bid/6840 Reference: XF:aix-aixterm-libim-bo(11309) Reference: URL:http://xforce.iss.net/xforce/xfdb/11309 Reference: OSVDB:7996 Reference: URL:http://www.osvdb.org/7996 Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm. Modifications: 20040811 ADDREF XF:aix-aixterm-libim-bo(11309) 20040811 ADDREF BID:6840 20040818 ADDREF OSVDB:7996 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0087 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Bollinger MODIFY(1) Jones NOOP(1) Cox Voter Comments: Bollinger> local attacker can execute arbitrary code as root Jones> Change "...allows local users to gain privileges..." to "...allows local users to gain additional privileges..." ====================================================== Candidate: CAN-2003-0088 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0088 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030210 Category: SF Reference: ATSTAKE:A021403-1 Reference: URL:http://www.atstake.com/research/advisories/2003/a021403-1.txt Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt Reference: BID:6859 Reference: URL:http://www.securityfocus.com/bid/6859 Reference: XF:macos-trublueenvironment-gain-privileges(11332) Reference: URL:http://www.iss.net/security_center/static/11332.php TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information. Modifications: 20040811 ADDREF BID:6859 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2003-0088 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Wall, Cox ====================================================== Candidate: CAN-2003-0093 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0093 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030212 Category: SF Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=81585 Reference: DEBIAN:DSA-261 Reference: URL:http://www.debian.org/security/2003/dsa-261 Reference: MANDRAKE:MDKSA-2003:027 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027 Reference: REDHAT:RHSA-2003:032 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html Reference: REDHAT:RHSA-2003:033 Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-033.html Reference: REDHAT:RHSA-2003:214 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html Reference: XF:tcpdump-radius-decoder-dos(11324) Reference: URL:http://xforce.iss.net/xforce/xfdb/11324 The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop. Modifications: 20040811 ADDREF REDHAT:RHSA-2003:032 20040811 ADDREF MANDRAKE:MDKSA-2003:027 20040811 ADDREF XF:tcpdump-radius-decoder-dos(11324) 20040818 ADDREF REDHAT:RHSA-2003:214 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2003-0093 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Cox, Jones NOOP(1) Christey Voter Comments: Christey> REDHAT:RHSA-2003:032 URL:http://www.redhat.com/support/errata/RHSA-2003-032.html Christey> MANDRAKE:MDKSA-2003:027 (as suggested by Vincent Danen of Mandrake) ====================================================== Candidate: CAN-2003-0094 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0094 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030214 Category: SF Reference: MANDRAKE:MDKSA-2003:016 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016 Reference: BID:6855 Reference: URL:http://www.securityfocus.com/bid/6855 Reference: XF:utillinux-mcookie-cookie-predictable(11318) Reference: URL:http://xforce.iss.net/xforce/xfdb/11318 A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. Modifications: 20040811 ADDREF BID:6855 20040811 ADDREF XF:utillinux-mcookie-cookie-predictable(11318) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0094 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Jones NOOP(2) Christey, Cox Voter Comments: Christey> BID:6855 URL:http://www.securityfocus.com/bid/6855 XF:utillinux-mcookie-cookie-predictable(11318) URL:http://xforce.iss.net/xforce/xfdb/11318 ====================================================== Candidate: CAN-2003-0095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0095 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030218 Category: SF Reference: VULNWATCH:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a) Reference: BUGTRAQ:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549693426042&w=2 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf Reference: CERT:CA-2003-05 Reference: URL:http://www.cert.org/advisories/CA-2003-05.html Reference: CERT-VN:VU#953746 Reference: URL:http://www.kb.cert.org/vuls/id/953746 Reference: CIAC:N-046 Reference: URL:http://www.ciac.org/ciac/bulletins/n-046.shtml Reference: BID:6849 Reference: URL:http://www.securityfocus.com/bid/6849 Reference: XF:oracle-username-bo(11328) Reference: URL:http://www.iss.net/security_center/static/11328.php Reference: OSVDB:6319 Reference: URL:http://www.osvdb.org/6319 Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP. Modifications: 20040811 ADDREF CIAC:N-046 20040811 ADDREF BID:6849 20040818 ADDREF OSVDB:6319 Analysis -------- Vendor Acknowledgement: yes advisory ABSTRACTION: According to the Oracle advisories, CAN-2003-0095 appears in 8.0.x, whereas CAN-2003-0096 does not; therefore, CD:SF-LOC suggests that the issues be SPLIT. INFERRED ACTION: CAN-2003-0095 ACCEPT (4 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Wall, Cole, Baker, Frech NOOP(2) Christey, Cox Voter Comments: Christey> BID:6849 URL:http://www.securityfocus.com/bid/6849 Christey> CIAC:N-046 URL:http://www.ciac.org/ciac/bulletins/n-046.shtml ====================================================== Candidate: CAN-2003-0097 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0097 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030218 Category: SF Reference: BUGTRAQ:20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550977011668&w=2 Reference: VULNWATCH:20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0 Reference: GENTOO:GLSA-200302-09 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104567042700840&w=2 Reference: GENTOO:GLSA-200302-09.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104567137502557&w=2 Reference: CONFIRM:http://www.slackware.com/changelog/current.php?cpu=i386 Reference: BID:6875 Reference: URL:http://www.securityfocus.com/bid/6875 Reference: XF:php-cgi-sapi-access(11343) Reference: URL:http://www.iss.net/security_center/static/11343.php Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect). Modifications: 20040811 [refs] normalize GENTOO 20040811 ADDREF BID:6875 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0097 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Cox NOOP(1) Wall ====================================================== Candidate: CAN-2003-0100 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0100 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030224 Category: SF Reference: BUGTRAQ:20030220 Cisco IOS OSPF exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104576100719090&w=2 Reference: BUGTRAQ:20030221 Re: Cisco IOS OSPF exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104587206702715&w=2 Reference: BID:6895 Reference: URL:http://www.securityfocus.com/bid/6895 Reference: XF:cisco-ios-ospf-bo(11373) Reference: URL:http://www.iss.net/security_center/static/11373.php Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements. Modifications: 20040811 ADDREF BID:6895 Analysis -------- Vendor Acknowledgement: yes followup INFERRED ACTION: CAN-2003-0100 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Cole, Green, Baker NOOP(1) Cox ====================================================== Candidate: CAN-2003-0102 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0102 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030225 Category: SF Reference: BUGTRAQ:20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104680706201721&w=2 Reference: MISC:http://www.idefense.com/advisory/03.04.03.txt Reference: DEBIAN:DSA-260 Reference: URL:http://www.debian.org/security/2003/dsa-260 Reference: IMMUNIX:IMNX-2003-7+-012-01 Reference: URL:http://lwn.net/Alerts/34908/ Reference: MANDRAKE:MDKSA-2003:030 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030 Reference: NETBSD:NetBSD-SA2003-003 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc Reference: SUSE:SuSE-SA:2003:017 Reference: URL:http://www.suse.de/de/security/2003_017_file.html Reference: REDHAT:RHSA-2003:086 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-086.html Reference: REDHAT:RHSA-2003:087 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-087.html Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize). Modifications: 20040811 ADDREF REDHAT:RHSA-2003:087 20040811 ADDREF MANDRAKE:MDKSA-2003:030 20040811 ADDREF SUSE:SuSE-SA:2003:017 20040811 ADDREF IMMUNIX:IMNX-2003-7+-012-01 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0102 ACCEPT (5 accept, 4 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green MODIFY(2) Jones, Cox NOOP(1) Christey Voter Comments: Christey> SUSE:SuSE-SA:2003:017 URL:http://www.suse.de/de/security/2003_017_file.html Cox> Addref: RHSA-2003:087 Jones> Change "...user running file,..." to "...user running the file command," for clarity Christey> MANDRAKE:MDKSA-2003:030 (as suggested by Vincent Danen of Mandrake) Christey> IMMUNIX:IMNX-2003-7+-012-01 ====================================================== Candidate: CAN-2003-0103 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0103 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030225 Category: SF Reference: ATSTAKE:A022503-1 Reference: BID:6952 Reference: URL:http://www.securityfocus.com/bid/6952 Reference: XF:nokia-6210-vcard-dos(11421) Reference: URL:http://www.iss.net/security_center/static/11421.php Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers. Modifications: 20040811 ADDREF BID:6952 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0103 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Wall, Cox ====================================================== Candidate: CAN-2003-0104 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0104 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030225 Category: SF Reference: ISS:20030310 PeopleSoft PeopleTools Remote Command Execution Vulnerability Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999 Reference: BID:7053 Reference: URL:http://www.securityfocus.com/bid/7053 Reference: XF:peoplesoft-schedulertransfer-create-files(10962) Reference: URL:http://www.iss.net/security_center/static/10962.php Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet. Modifications: 20040811 ADDREF BID:7053 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0104 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Baker NOOP(4) Wall, Cole, Green, Cox ====================================================== Candidate: CAN-2003-0107 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0107 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030226 Category: SF Reference: BUGTRAQ:20030222 buffer overrun in zlib 1.1.4 Reference: URL:http://online.securityfocus.com/archive/1/312869 Reference: BUGTRAQ:20030223 poc zlib sploit just for fun :) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610337726297&w=2 Reference: BUGTRAQ:20030224 Re: buffer overrun in zlib 1.1.4 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610536129508&w=2 Reference: BUGTRAQ:20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104620610427210&w=2 Reference: CALDERA:CSSA-2003-011.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt Reference: CONECTIVA:CLSA-2003:619 Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619 Reference: GENTOO:GLSA-200303-25 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104887247624907&w=2 Reference: MANDRAKE:MDKSA-2003:033 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033 Reference: NETBSD:NetBSD-SA2003-004 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc Reference: REDHAT:RHSA-2003:079 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-079.html Reference: REDHAT:RHSA-2003:081 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-081.html Reference: SUNALERT:57405 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html Reference: CERT-VN:VU#142121 Reference: URL:http://www.kb.cert.org/vuls/id/142121 Reference: BID:6913 Reference: URL:http://online.securityfocus.com/bid/6913 Reference: XF:zlib-gzprintf-bo(11381) Reference: URL:http://www.iss.net/security_center/static/11381.php Reference: OSVDB:6599 Reference: URL:http://www.osvdb.org/6599 Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. Modifications: 20040811 ADDREF GENTOO:GLSA-200303-25 20040811 ADDREF MANDRAKE:MDKSA-2003:033 20040811 ADDREF REDHAT:RHSA-2003:079 20040811 ADDREF CERT-VN:VU#142121 20040811 ADDREF SUNALERT:57405 20040811 ADDREF CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html 20040811 ADDREF CALDERA:CSSA-2003-011.0 20040811 ADDREF NETBSD:NetBSD-SA2003-004 20040811 ADDREF CONECTIVA:CLSA-2003:619 20040818 ADDREF REDHAT:RHSA-2003:081 20040818 ADDREF OSVDB:6599 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0107 ACCEPT (4 accept, 5 ack, 0 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Cox NOOP(2) Wall, Christey Voter Comments: Christey> MANDRAKE:MDKSA-2003:033 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:033 Christey> BUGTRAQ:20030328 GLSA: zlib (200303-25) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104887247624907&w=2 Christey> MANDRAKE:MDKSA-2003:033 (as suggested by Vincent Danen of Mandrake) Christey> REDHAT:RHSA-2003:079 URL:http://www.redhat.com/support/errata/RHSA-2003-079.html Christey> CERT-VN:VU#142121 URL:http://www.kb.cert.org/vuls/id/142121 Christey> SUNALERT:57405 URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405 Christey> CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html Christey> CALDERA:CSSA-2003-011.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt NETBSD:NetBSD-SA2003-004 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc Christey> CONECTIVA:CLSA-2003:619 URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619 ====================================================== Candidate: CAN-2003-0108 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0108 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030226 Category: SF Reference: BUGTRAQ:20030227 iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsin Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104637420104189&w=2 Reference: MISC:http://www.idefense.com/advisory/02.27.03.txt Reference: CONECTIVA:CLA-2003:629 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629 Reference: DEBIAN:DSA-255 Reference: URL:http://www.debian.org/security/2003/dsa-255 Reference: MANDRAKE:MDKSA-2003:027 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027 Reference: REDHAT:RHSA-2003:032 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html Reference: REDHAT:RHSA-2003:085 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-085.html Reference: REDHAT:RHSA-2003:214 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html Reference: SUSE:SuSE-SA:2003:0015 Reference: URL:http://www.suse.de/de/security/2003_015_tcpdump.html Reference: BUGTRAQ:20030304 [OpenPKG-SA-2003.014] OpenPKG Security Advisory (tcpdump) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678787109030&w=2 Reference: BID:6974 Reference: URL:http://www.securityfocus.com/bid/6974 Reference: XF:tcpdump-isakmp-dos(11434) Reference: URL:http://www.iss.net/security_center/static/11434.php isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop. Modifications: 20040811 ADDREF CONECTIVA:CLA-2003:629 20040811 ADDREF REDHAT:RHSA-2003:032 20040811 ADDREF BID:6974 20040818 ADDREF REDHAT:RHSA-2003:085 20040818 ADDREF REDHAT:RHSA-2003:214 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2003-0108 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Cox NOOP(2) Jones, Christey Voter Comments: Christey> REDHAT:RHSA-2003:032 URL:http://www.redhat.com/support/errata/RHSA-2003-032.html Christey> CONECTIVA:CLA-2003:629 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629 Christey> BID:6974 URL:http://www.securityfocus.com/bid/6974 ====================================================== Candidate: CAN-2003-0120 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0120 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030228 Category: SF Reference: DEBIAN:DSA-256 Reference: URL:http://www.debian.org/security/2003/dsa-256 Reference: BID:6978 Reference: URL:http://www.securityfocus.com/bid/6978 Reference: XF:mhc-adb2mhc-insecure-tmp(11439) Reference: URL:http://www.iss.net/security_center/static/11439.php adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name. Modifications: 20040811 [desc] fix typo 20040811 ADDREF BID:6978 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0120 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Green MODIFY(1) Jones NOOP(2) Christey, Cox Voter Comments: Jones> change "diectory" to "directory" Christey> BID:6978 URL:http://www.securityfocus.com/bid/6978 ====================================================== Candidate: CAN-2003-0122 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0122 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030310 Category: SF Reference: BUGTRAQ:20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104757319829443&w=2 Reference: VULNWATCH:20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html Reference: MISC:http://www.rapid7.com/advisories/R7-0010.html Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101 Reference: CERT:CA-2003-11 Reference: URL:http://www.cert.org/advisories/CA-2003-11.html Reference: CERT-VN:VU#433489 Reference: URL:http://www.kb.cert.org/vuls/id/433489 Reference: CIAC:N-065 Reference: URL:http://www.ciac.org/ciac/bulletins/n-065.shtml Reference: BID:7037 Reference: URL:http://www.securityfocus.com/bid/7037 Reference: XF:lotus-nrpc-bo(11526) Reference: URL:http://xforce.iss.net/xforce/xfdb/11526 Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field. Modifications: 20040811 ADDREF CERT:CA-2003-11 20040811 ADDREF CERT-VN:VU#433489 20040811 ADDREF CIAC:N-065 20040811 ADDREF XF:lotus-nrpc-bo(11526) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0122 ACCEPT (4 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Bollinger NOOP(3) Wall, Christey, Cox Voter Comments: Green> ACKNOWLEDGED IN LOTUS SPR #DBAR5CJJJS Christey> CERT-VN:VU#433489 URL:http://www.kb.cert.org/vuls/id/433489 CERT:CA-2003-11 URL:http://www.cert.org/advisories/CA-2003-11.html Christey> CIAC:N-065 URL:http://www.ciac.org/ciac/bulletins/n-065.shtml XF:lotus-nrpc-bo(11526) URL:http://xforce.iss.net/xforce/xfdb/11526 ====================================================== Candidate: CAN-2003-0123 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0123 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030310 Category: SF Reference: BUGTRAQ:20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104757545500368&w=2 Reference: MISC:http://www.rapid7.com/advisories/R7-0011.html Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060 Reference: CERT:CA-2003-11 Reference: URL:http://www.cert.org/advisories/CA-2003-11.html Reference: CERT-VN:VU#411489 Reference: URL:http://www.kb.cert.org/vuls/id/411489 Reference: CIAC:N-065 Reference: URL:http://www.ciac.org/ciac/bulletins/n-065.shtml Reference: BID:7038 Reference: URL:http://www.securityfocus.com/bid/7038 Reference: XF:lotus-web-retriever-bo(11525) Reference: URL:http://xforce.iss.net/xforce/xfdb/11525 Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line. Modifications: 20040811 ADDREF CERT:CA-2003-11 20040811 ADDREF CERT-VN:VU#411489 20040811 ADDREF CIAC:N-065 20040811 ADDREF XF:lotus-web-retriever-bo(11525) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0123 ACCEPT (4 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Cole, Green, Baker, Bollinger NOOP(3) Wall, Christey, Cox Voter Comments: Christey> CERT-VN:VU#411489 URL:http://www.kb.cert.org/vuls/id/411489 CERT:CA-2003-11 URL:http://www.cert.org/advisories/CA-2003-11.html Christey> CIAC:N-065 URL:http://www.ciac.org/ciac/bulletins/n-065.shtml XF:lotus-web-retriever-bo(11525) URL:http://xforce.iss.net/xforce/xfdb/11525 CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060 ====================================================== Candidate: CAN-2003-0124 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0124 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030312 Category: SF Reference: BUGTRAQ:20030311 Vulnerability in man < 1.5l Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104740927915154&w=2 Reference: CONECTIVA:CLSA-2003:620 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620 Reference: GENTOO:GLSA-200303-13 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104802285112752&w=2 Reference: REDHAT:RHSA-2003:133 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-133.html Reference: REDHAT:RHSA-2003:134 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-134.html Reference: BID:7066 Reference: URL:http://www.securityfocus.com/bid/7066 Reference: XF:man-myxsprintf-code-execution(11512) Reference: URL:http://xforce.iss.net/xforce/xfdb/11512 man before 1.51 allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man. Modifications: 20040811 ADDREF GENTOO:200303-13 20040811 ADDREF REDHAT:RHSA-2003:133 20040811 ADDREF REDHAT:RHSA-2003:134 20040811 ADDREF CONECTIVA:CLSA-2003:620 20040811 ADDREF BID:7066 20040811 ADDREF XF:man-myxsprintf-code-execution(11512) 20040811 [desc] clarify issue Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0124 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Green, Baker MODIFY(1) Cox NOOP(3) Wall, Cole, Christey Voter Comments: Christey> BUGTRAQ:20030318 GLSA: man (200303-13) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104802285112752&w=2 Cox> This vulnerability will only execute the arbitrary code as the user that runs 'man' and only if that user has an executable called 'unsafe' somewhere on their path to which the attacker has access. Suggest modification of description to take this into account. Green> NEW VERSION RELEASE FOLLOWING REPORT OF VULNERABILITY Cox> ADDREF REDHAT:RHSA-2003:134 Christey> REDHAT:RHSA-2003:133 ====================================================== Candidate: CAN-2003-0125 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0125 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030312 Category: SF Reference: MISC:http://www.krusesecurity.dk/advisories/routefind550bof.txt Reference: VULNWATCH:20030311 SOHO Routefinder 550 VPN, DoS and Buffer Overflow Reference: CONFIRM:ftp://ftp.multitech.com/Routers/RF550VPN.TXT Reference: BID:7067 Reference: URL:http://www.securityfocus.com/bid/7067 Reference: XF:routefinder-vpn-options-bo(11514) Reference: URL:http://xforce.iss.net/xforce/xfdb/11514 Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS value. Modifications: 20040811 ADDREF BID:7067 20040811 ADDREF XF:routefinder-vpn-options-bo(11514) Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2003-0125 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Wall, Cox ====================================================== Candidate: CAN-2003-0143 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0143 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20030317 Assigned: 20030313 Category: SF Reference: BUGTRAQ:20030310 QPopper 4.0.x buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104739841223916&w=2 Reference: BUGTRAQ:20030312 Re: QPopper 4.0.x buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104748775900481&w=2 Reference: DEBIAN:DSA-259 Reference: URL:http://www.debian.org/security/2003/dsa-259 Reference: GENTOO:GLSA-200303-12 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792541215354&w=2 Reference: SUSE:SuSE-SA:2003:018 Reference: URL:http://www.suse.de/de/security/2003_018_qpopper.html Reference: BUGTRAQ:20030314 [OpenPKG-SA-2003.018] OpenPKG Security Advisory (qpopper) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104768137314397&w=2 Reference: BID:7058 Reference: URL:http://www.securityfocus.com/bid/7058 Reference: XF:qpopper-popmsg-macroname-bo(11516) Reference: URL:http://xforce.iss.net/xforce/xfdb/11516 The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name. Modifications: 20040811 CHANGEREF GENTOO [normalize] 20040811 ADDREF SUSE:SuSE-SA:2003:018 20040811 ADDREF BID:7058 20040811 ADDREF XF:qpopper-popmsg-macroname-bo(11516) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0143 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Jones, Cole, Armstrong, Green NOOP(2) Christey, Cox Voter Comments: Christey> SUSE:SuSE-SA:2003:018 URL:http://www.suse.de/de/security/2003_018_qpopper.html ====================================================== Candidate: CAN-2003-0145 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0145 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20030314 Category: SF Reference: CONFIRM:http://www.tcpdump.org/tcpdump-changes.txt Reference: DEBIAN:DSA-261 Reference: URL:http://www.debian.org/security/2003/dsa-261 Reference: MANDRAKE:MDKSA-2003:027 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027 Reference: REDHAT:RHSA-2003:032 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html Reference: REDHAT:RHSA-2003:151 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-151.html Reference: REDHAT:RHSA-2003:214 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html Reference: XF:tcpdump-radius-attribute-dos(11857) Reference: URL:http://xforce.iss.net/xforce/xfdb/11857 Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093. Modifications: 20040811 ADDREF MANDRAKE:MDKSA-2003:027 20040811 ADDREF REDHAT:RHSA-2003:032 20040811 ADDREF REDHAT:RHSA-2003:151 20040811 ADDREF XF:tcpdump-radius-attribute-dos(11857) 20040818 ADDREF REDHAT:RHSA-2003:214 20040818 ADDREF DEBIAN:DSA-261 Analysis -------- Vendor Acknowledgement: yes changelog ACCURACY: Via email on March 14, 2003, Martin Schulze confirmed that this is a different issue than CAN-2003-0093. INFERRED ACTION: CAN-2003-0145 ACCEPT_REV (3 accept, 3 ack, 1 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Wall, Christey REVIEWING(1) Cox Voter Comments: Christey> REDHAT:RHSA-2003:032 URL:http://www.redhat.com/support/errata/RHSA-2003-032.html Christey> MANDRAKE:MDKSA-2003:027 (as suggested by Vincent Danen of Mandrake) Christey> REDHAT:RHSA-2003:151 URL:http://www.redhat.com/support/errata/RHSA-2003-151.html ====================================================== Candidate: CAN-2003-0825 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0825 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20030918 Category: SF Reference: MS:MS04-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-006.asp Reference: CERT-VN:VU#445214 Reference: URL:http://www.kb.cert.org/vuls/id/445214 Reference: BID:9624 Reference: URL:http://www.securityfocus.com/bid/9624 Reference: XF:win-wins-gsflag-dos(15037) Reference: URL:http://xforce.iss.net/xforce/xfdb/15037 Reference: OSVDB:3903 Reference: URL:http://www.osvdb.org/3903 Reference: OVAL:OVAL704 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL704.html Reference: OVAL:OVAL800 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL800.html Reference: OVAL:OVAL801 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL801.html Reference: OVAL:OVAL802 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL802.html The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. Modifications: 20040811 ADDREF CERT-VN:VU#445214 20040811 ADDREF BID:9624 20040811 ADDREF XF:win-wins-gsflag-dos(15037) 20040818 ADDREF OSVDB:3903 20040824 ADDREF OVAL:OVAL704 20040824 ADDREF OVAL:OVAL800 20040824 ADDREF OVAL:OVAL801 20040824 ADDREF OVAL:OVAL802 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0825 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2003-0903 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0903 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20031104 Category: SF Reference: MS:MS04-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-003.asp Reference: CERT-VN:VU#139150 Reference: URL:http://www.kb.cert.org/vuls/id/139150 Reference: BID:9407 Reference: URL:http://www.securityfocus.com/bid/9407 Reference: XF:mdac-broadcastrequest-bo(14187) Reference: URL:http://xforce.iss.net/xforce/xfdb/14187 Reference: OSVDB:3457 Reference: URL:http://www.osvdb.org/3457 Reference: OVAL:OVAL525 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL525.html Reference: OVAL:OVAL553 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL553.html Reference: OVAL:OVAL751 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL751.html Reference: OVAL:OVAL775 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL775.html Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request. Modifications: 20040811 ADDREF CERT-VN:VU#139150 20040811 ADDREF BID:9407 20040811 ADDREF XF:mdac-broadcastrequest-bo(14187) 20040818 ADDREF OSVDB:3457 20040824 ADDREF OVAL:OVAL525 20040824 ADDREF OVAL:OVAL553 20040824 ADDREF OVAL:OVAL751 20040824 ADDREF OVAL:OVAL775 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0903 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Baker, Wall, Cole, Armstrong, Green NOOP(1) Cox ====================================================== Candidate: CAN-2003-0905 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0905 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20031104 Category: SF Reference: MS:MS04-008 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-008.asp Reference: CERT-VN:VU#982630 Reference: URL:http://www.kb.cert.org/vuls/id/982630 Reference: BID:9825 Reference: URL:http://www.securityfocus.com/bid/9825 Reference: XF:win-media-services-dos(15038) Reference: URL:http://xforce.iss.net/xforce/xfdb/15038 Reference: OVAL:OVAL842 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL842.html Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets. Modifications: 20040811 ADDREF CERT-VN:VU#982630 20040811 ADDREF BID:9825 20040811 ADDREF XF:win-media-services-dos(15038) 20040824 ADDREF OVAL:OVAL842 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0905 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Baker, Balinsky, Wall, Cole, Armstrong MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:win-media-services-dos(15038) http://xforce.iss.net/xforce/xfdb/15038 ====================================================== Candidate: CAN-2003-0924 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0924 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20031104 Category: SF Reference: DEBIAN:DSA-426 Reference: URL:http://www.debian.org/security/2004/dsa-426 Reference: REDHAT:RHSA-2004:030 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-030.html Reference: REDHAT:RHSA-2004:031 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-031.html Reference: SGI:20040201-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc Reference: MANDRAKE:MDKSA-2004:011 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011 Reference: CERT-VN:VU#487102 Reference: URL:http://www.kb.cert.org/vuls/id/487102 Reference: BID:9442 Reference: URL:http://www.securityfocus.com/bid/9442 Reference: XF:netpbm-temp-insecure-file(14874) Reference: URL:http://xforce.iss.net/xforce/xfdb/14874 Reference: OVAL:OVAL804 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL804.html Reference: OVAL:OVAL810 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL810.html netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. Modifications: 20040811 ADDREF BID:9442 20040811 ADDREF XF:netpbm-temp-insecure-file(14874) 20040811 [desc] fix affected version 20040824 ADDREF OVAL:OVAL804 20040824 ADDREF OVAL:OVAL810 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0924 ACCEPT (6 accept, 4 ack, 0 review) Current Votes: ACCEPT(5) Baker, Wall, Cole, Armstrong, Green MODIFY(1) Cox Voter Comments: Cox> 2:9.25 is a Mandrake-specific version identifier ====================================================== Candidate: CAN-2003-0966 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0966 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20040318 Assigned: 20031126 Category: SF Reference: REDHAT:RHSA-2004:009 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-009.html Reference: SGI:20040103-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc Reference: MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078 Reference: BID:9430 Reference: URL:http://www.securityfocus.com/bid/9430 Reference: XF:elm-frm-subject-bo(14840) Reference: URL:http://xforce.iss.net/xforce/xfdb/14840 Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line. Modifications: 20040811 ADDREF MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078 20040811 ADDREF BID:9430 20040811 ADDREF XF:elm-frm-subject-bo(14840) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0966 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Baker, Wall, Cole, Armstrong, Green MODIFY(1) Cox Voter Comments: Cox> ADDREF: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078 add "and later versions" because this isn't fixed upstream. ====================================================== Candidate: CAN-2003-0969 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0969 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20031201 Category: SF Reference: DEBIAN:DSA-411 Reference: URL:http://www.debian.org/security/2004/dsa-411 Reference: SUSE:SuSE-SA:2004:002 Reference: URL:http://www.suse.com/de/security/2004_02_tcpdump.html Reference: BID:9364 Reference: URL:http://www.securityfocus.com/bid/9364 Reference: XF:mpg321-mp3-format-string(14148) Reference: URL:http://xforce.iss.net/xforce/xfdb/14148 Reference: OSVDB:3331 Reference: URL:http://www.osvdb.org/3331 mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability. Modifications: 20040811 ADDREF SUSE:SuSE-SA:2004:002 20040811 ADDREF BID:9364 20040818 ADDREF OSVDB:3331 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0969 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Baker, Cox, Williams, Cole, Armstrong NOOP(1) Wall Voter Comments: Williams> http://www.suse.com/de/security/2004_02_tcpdump.html http://www.debian.org/security/2004/dsa-411 ====================================================== Candidate: CAN-2003-0985 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20031216 Category: SF Reference: BUGTRAQ:20040105 Linux kernel mremap vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107332782121916&w=2 Reference: MISC:http://isec.pl/vulnerabilities/isec-0013-mremap.txt Reference: BUGTRAQ:20040105 Linux kernel do_mremap() proof-of-concept exploit code Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340358402129&w=2 Reference: BUGTRAQ:20040106 Linux mremap bug correction Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340814409017&w=2 Reference: DEBIAN:DSA-423 Reference: URL:http://www.debian.org/security/2004/dsa-423 Reference: DEBIAN:DSA-450 Reference: URL:http://www.debian.org/security/2004/dsa-450 Reference: SUSE:SuSE-SA:2004:001 Reference: SUSE:SuSE-SA:2004:003 Reference: URL:http://www.suse.com/de/security/2004_03_linux_kernel.html Reference: CONECTIVA:CLA-2004:799 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799 Reference: ENGARDE:ESA-20040105-001 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html Reference: REDHAT:RHSA-2003:416 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-416.html Reference: REDHAT:RHSA-2003:417 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-417.html Reference: REDHAT:RHSA-2003:418 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-418.html Reference: REDHAT:RHSA-2003:419 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-419.html Reference: DEBIAN:DSA-413 Reference: URL:http://www.debian.org/security/2004/dsa-413 Reference: DEBIAN:DSA-417 Reference: URL:http://www.debian.org/security/2004/dsa-417 Reference: DEBIAN:DSA-427 Reference: URL:http://www.debian.org/security/2004/dsa-427 Reference: DEBIAN:DSA-439 Reference: URL:http://www.debian.org/security/2004/dsa-439 Reference: DEBIAN:DSA-440 Reference: URL:http://www.debian.org/security/2004/dsa-440 Reference: DEBIAN:DSA-442 Reference: URL:http://www.debian.org/security/2004/dsa-442 Reference: DEBIAN:DSA-470 Reference: URL:http://www.debian.org/security/2004/dsa-470 Reference: DEBIAN:DSA-475 Reference: URL:http://www.debian.org/security/2004/dsa-475 Reference: IMMUNIX:IMNX-2004-73-001-01 Reference: MANDRAKE:MDKSA-2004:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001 Reference: SGI:20040102-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040102-01-U Reference: TRUSTIX:2004-0001 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107332754521495&w=2 Reference: BUGTRAQ:20040107 [slackware-security] Kernel security update (SSA:2004-006-01) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107350348418373&w=2 Reference: BUGTRAQ:20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-01/0070.html Reference: BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2 Reference: XF:linux-domremap-gain-privileges(14135) Reference: URL:http://xforce.iss.net/xforce/xfdb/14135 Reference: OSVDB:3315 Reference: URL:http://www.osvdb.org/3315 Reference: OVAL:OVAL860 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL860.html Reference: OVAL:OVAL867 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL867.html The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077. Modifications: 20040811 ADDREF DEBIAN:DSA-470 20040811 ADDREF DEBIAN:DSA-475 20040811 ADDREF REDHAT:RHSA-2003:418 20040811 [refs] normalize TRUSTIX 20040811 [desc] fix affected versions 20040818 ADDREF DEBIAN:DSA-423 20040818 ADDREF DEBIAN:DSA-450 20040818 ADDREF OSVDB:3315 20040824 ADDREF OVAL:OVAL860 20040824 ADDREF OVAL:OVAL867 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0985 ACCEPT (6 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong MODIFY(2) Cox, Williams NOOP(1) Christey Voter Comments: Cox> This issue was fixed in 2.4.21 (proof at URL below) Addref: http://linux.bkbits.net:8080/linux-2.4/cset@rusty@rustcorp.com.au|ChangeSet|20030421172337|61834 This issue did not affect 2.6 (proof: rusty@rustcorp.com.au|ChangeSet|20030506080426|32903) Addref: REDHAT:RHSA-2003:418 Williams> Modify in accordance with Cox comments. Christey> DEBIAN:DSA-470 URL:http://www.debian.org/security/2004/dsa-470 Christey> DEBIAN:DSA-475 URL:http://www.debian.org/security/2004/dsa-475 Christey> Normalize Trustix reference to TRUSTIX:2004-0001 ====================================================== Candidate: CAN-2003-0988 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20031216 Category: SF Reference: BUGTRAQ:20040114 KDE Security Advisory: VCF file information reader vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107412130407906&w=2 Reference: CONFIRM:http://www.kde.org/info/security/advisory-20040114-1.txt Reference: CONECTIVA:CLA-2004:810 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810 Reference: GENTOO:GLSA-200404-02 Reference: URL:http://security.gentoo.org/glsa/glsa-200404-02.xml Reference: MANDRAKE:MDKSA-2004:003 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003 Reference: REDHAT:RHSA-2004:005 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-005.html Reference: REDHAT:RHSA-2004:006 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-006.html Reference: CERT-VN:VU#820798 Reference: URL:http://www.kb.cert.org/vuls/id/820798 Reference: BID:9419 Reference: URL:http://www.securityfocus.com/bid/9419 Reference: XF:kde-kdepim-bo(14833) Reference: URL:http://xforce.iss.net/xforce/xfdb/14833 Reference: OVAL:OVAL858 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL858.html Reference: OVAL:OVAL865 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL865.html Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file. Modifications: 20040811 ADDREF REDHAT:RHSA-2004:006 20040811 ADDREF CERT-VN:VU#820798 20040811 ADDREF BID:9419 20040811 ADDREF XF:kde-kdepim-bo(14833) 20040824 ADDREF OVAL:OVAL858 20040824 ADDREF OVAL:OVAL865 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0988 ACCEPT (6 accept, 3 ack, 0 review) Current Votes: ACCEPT(6) Baker, Cox, Wall, Cole, Armstrong, Green NOOP(1) Christey Voter Comments: Cox> Addref: REDHAT:RHSA-2004:006 Christey> BUGTRAQ:20040406 [ GLSA 200404-02 ] KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108127782900563&w=2 ====================================================== Candidate: CAN-2003-0991 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0991 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20040318 Assigned: 20031216 Category: SF Reference: MLIST:[Mailman-Announce] 20040208 RELEASED: Mailman 2.0.14 patch-only release Reference: URL:http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html Reference: CONECTIVA:CLA-2004:842 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 Reference: DEBIAN:DSA-436 Reference: URL:http://www.debian.org/security/2004/dsa-436 Reference: REDHAT:RHSA-2004:019 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-019.html Reference: SGI:20040201-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc Reference: MANDRAKE:MDKSA-2004:013 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013 Reference: XF:mailman-command-handler-dos(15106) Reference: URL:http://xforce.iss.net/xforce/xfdb/15106 Reference: BID:9620 Reference: URL:http://www.securityfocus.com/bid/9620 Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-0991 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong NOOP(1) Christey Voter Comments: Christey> CONECTIVA:CLA-2004:842 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 ====================================================== Candidate: CAN-2003-0993 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20040318 Assigned: 20031216 Category: SF Reference: CONFIRM:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850 Reference: MLIST:[apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c Reference: URL:http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722 Reference: CONFIRM:http://www.apacheweek.com/features/security-13 Reference: GENTOO:GLSA-200405-22 Reference: URL:http://security.gentoo.org/glsa/glsa-200405-22.xml Reference: MANDRAKE:MDKSA-2004:046 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:046 Reference: SLACKWARE:SSA:2004-133 Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643 Reference: TRUSTIX:2004-0027 Reference: URL:http://www.trustix.org/errata/2004/0027 Reference: BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108437852004207&w=2 Reference: XF:apache-modaccess-obtain-information(15422) Reference: URL:http://xforce.iss.net/xforce/xfdb/15422 Reference: BID:9829 Reference: URL:http://www.securityfocus.com/bid/9829 mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. Modifications: 20040811 ADDREF BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) 20040811 ADDREF SLACKWARE:SSA:2004-133 20040811 ADDREF TRUSTIX:2004-0027 20040811 ADDREF MANDRAKE:MDKSA-2004:046 20040811 ADDREF GENTOO:GLSA-200405-22 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2003-0993 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Baker, Cox, Balinsky, Cole, Armstrong NOOP(2) Wall, Christey Voter Comments: Christey> BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108437852004207&w=2 Christey> SLACKWARE:SSA:2004-133 URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643 TRUSTIX:2004-0027 URL:http://www.trustix.org/errata/2004/0027 Christey> MANDRAKE:MDKSA-2004:046 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:046 Christey> BUGTRAQ:20040526 [ GLSA 200405-22 ] Apache 1.3: Multiple vulnerabilities URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108559521611694&w=2 ====================================================== Candidate: CAN-2003-0994 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0994 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20031216 Category: SF Reference: FULLDISC:20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-January/015510.html Reference: BUGTRAQ:20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-January/015510.html Reference: BUGTRAQ:20040112 Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107393473928245&w=2 Reference: MISC:http://www.secnetops.biz/research/SRT2004-01-09-1022.txt Reference: OSVDB:3428 Reference: URL:http://www.osvdb.org/3428 The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges. Modifications: 20040818 ADDREF OSVDB:3428 Analysis -------- Vendor Acknowledgement: yes followup INFERRED ACTION: CAN-2003-0994 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Baker, Williams, Wall, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2003-1022 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1022 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20031219 Category: SF Reference: DEBIAN:DSA-416 Reference: URL:http://www.debian.org/security/2004/dsa-416 Reference: CIAC:O-048 Reference: URL:http://www.ciac.org/ciac/bulletins/o-048.shtml Reference: XF:fspsuite-dot-directory-traversal(14154) Reference: URL:http://xforce.iss.net/xforce/xfdb/14154 Reference: BID:9377 Reference: URL:http://www.securityfocus.com/bid/9377 Reference: OSVDB:3346 Reference: URL:http://www.osvdb.org/3346 Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory. Modifications: 20040818 ADDREF OSVDB:3346 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-1022 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Williams, Wall, Cole, Armstrong, Baker NOOP(1) Cox ====================================================== Candidate: CAN-2003-1326 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1326 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20030206 Category: SF Reference: MS:MS03-004 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-004.asp Reference: CIAC:N-038 Reference: URL:http://www.ciac.org/ciac/bulletins/n-038.shtml Reference: BID:6779 Reference: URL:http://www.securityfocus.com/bid/6779 Reference: XF:ie-dialog-zone-bypass(11258) Reference: URL:http://www.iss.net/security_center/static/11258.php Reference: OVAL:OVAL126 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL126.html Reference: OVAL:OVAL178 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL178.html Reference: OVAL:OVAL49 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL49.html Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box." Modifications: 20040811 [desc] fix affected versions 20040811 ADDREF CIAC:N-038 20040811 ADDREF BID:6779 20040824 ADDREF OVAL:OVAL126 20040824 ADDREF OVAL:OVAL178 20040824 ADDREF OVAL:OVAL49 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-1326 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Green NOOP(2) Cox, Christey Voter Comments: Christey> Need to remove 5.01 from the affected versions list; MS03-004 says "Internet Explorer 5.01 users are not affected by the first vulnerability," which is this issue. Christey> CIAC:N-038 URL:http://www.ciac.org/ciac/bulletins/n-038.shtml BID:6779 URL:http://www.securityfocus.com/bid/6779 ====================================================== Candidate: CAN-2003-1328 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1328 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20030206 Category: SF Reference: BUGTRAQ:20030206 showHelp("file:") disables security in IE - Sandblad advisory #11 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html Reference: MS:MS03-004 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-004.asp Reference: CERT-VN:VU#400577 Reference: URL:http://www.kb.cert.org/vuls/id/400577 Reference: CIAC:N-038 Reference: URL:http://www.ciac.org/ciac/bulletins/n-038.shtml Reference: BID:6780 Reference: URL:http://www.securityfocus.com/bid/6780 Reference: XF:ie-showhelp-zone-bypass(11259) Reference: URL:http://www.iss.net/security_center/static/11259.php Reference: OVAL:OVAL57 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL57.html The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." Modifications: 20040811 [desc] fix affected versions 20040811 ADDREF BUGTRAQ:20030206 showHelp("file:") disables security in IE - Sandblad advisory #11 20040811 ADDREF CIAC:N-038 20040811 ADDREF CERT-VN:VU#400577 20040811 ADDREF BID:6780 20040824 ADDREF OVAL:OVAL57 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2003-1328 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Green NOOP(2) Cox, Christey Voter Comments: Christey> Need to add 5.01 to the affected versions list. Christey> BUGTRAQ:20030206 showHelp("file:") disables security in IE - Sandblad advisory #11 URL:http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html CIAC:N-038 URL:http://www.ciac.org/ciac/bulletins/n-038.shtml CERT-VN:VU#400577 URL:http://www.kb.cert.org/vuls/id/400577 BID:6780 URL:http://www.securityfocus.com/bid/6780 ====================================================== Candidate: CAN-2004-0001 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0001 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20040105 Category: SF Reference: REDHAT:RHSA-2004:017 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-017.html Reference: GENTOO:GLSA-200402-06 Reference: URL:http://security.gentoo.org/glsa/glsa-200402-06.xml Reference: CERT-VN:VU#337238 Reference: URL:http://www.kb.cert.org/vuls/id/337238 Reference: XF:linux-ptrace-gain-privilege(14888) Reference: URL:http://xforce.iss.net/xforce/xfdb/14888 Reference: BID:9429 Reference: URL:http://www.securityfocus.com/bid/9429 Reference: OVAL:OVAL868 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL868.html Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges. Modifications: 20040824 ADDREF OVAL:OVAL868 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0001 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(6) Cole, Armstrong, Green, Baker, Cox, Wall ====================================================== Candidate: CAN-2004-0004 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0004 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040105 Category: SF Reference: BUGTRAQ:20040116 [OpenCA Advisory] Vulnerability in signature verification Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107427313700554&w=2 Reference: CONFIRM:http://www.openca.org/news/CAN-2004-0004.txt Reference: CERT-VN:VU#336446 Reference: URL:http://www.kb.cert.org/vuls/id/336446 Reference: BID:9435 Reference: URL:http://www.securityfocus.com/bid/9435 Reference: XF:openca-improper-signature-verification(14847) Reference: URL:http://xforce.iss.net/xforce/xfdb/14847 Reference: OSVDB:3615 Reference: URL:http://www.osvdb.org/3615 The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users. Modifications: 20040811 ADDREF CERT-VN:VU#336446 20040811 ADDREF BID:9435 20040811 ADDREF XF:openca-improper-signature-verification(14847) 20040818 ADDREF OSVDB:3615 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0004 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0009 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0009 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20040318 Assigned: 20040105 Category: SF Reference: BUGTRAQ:20040206 Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107619127531765&w=2 Reference: FULLDISC:20040206 [apache-ssl] Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016870.html Reference: CONFIRM:http://www.apache-ssl.org/advisory-20040206.txt Reference: XF:apachessl-default-password(15065) Reference: URL:http://xforce.iss.net/xforce/xfdb/15065 Reference: BID:9590 Reference: URL:http://www.securityfocus.com/bid/9590 Reference: OSVDB:3877 Reference: URL:http://www.osvdb.org/3877 Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user. Modifications: 20040818 ADDREF OSVDB:3877 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2004-0009 ACCEPT_REV (4 accept, 1 ack, 1 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2004-0011 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0011 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20040318 Assigned: 20040105 Category: SF Reference: DEBIAN:DSA-416 Reference: URL:http://www.debian.org/security/2003/dsa-416 Reference: CIAC:O-048 Reference: URL:http://www.ciac.org/ciac/bulletins/o-048.shtml Reference: BID:9377 Reference: URL:http://www.securityfocus.com/bid/9377 Reference: XF:fsp-boundry-error-bo(14155) Reference: URL:http://xforce.iss.net/xforce/xfdb/14155 Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0011 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Williams, Wall NOOP(1) Cox Voter Comments: Williams> http://cvs.sourceforge.net/viewcvs.py/fsp/fsp/ChangeLog?view=auto ====================================================== Candidate: CAN-2004-0013 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0013 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040105 Category: SF Reference: DEBIAN:DSA-414 Reference: URL:http://www.debian.org/security/2004/dsa-414 Reference: MANDRAKE:MDKSA-2004:005 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:005 Reference: BID:9376 Reference: URL:http://www.securityfocus.com/bid/9376 Reference: XF:jabber-ssl-connections-dos(14158) Reference: URL:http://xforce.iss.net/xforce/xfdb/14158 Reference: OSVDB:3345 Reference: URL:http://www.osvdb.org/3345 jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash). Modifications: 20040811 ADDREF BID:9376 20040811 ADDREF XF:jabber-ssl-connections-dos(14158) 20040811 [desc] fix versions 20040818 ADDREF OSVDB:3345 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0013 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Wall MODIFY(1) Williams NOOP(1) Cox Voter Comments: Williams> http://jabberd.jabberstudio.org/1.4/release-1.4.3.shtml versions currently listed in desc may be wrong (fixed in 1.4.3?). ====================================================== Candidate: CAN-2004-0015 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0015 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20040318 Assigned: 20040105 Category: SF Reference: DEBIAN:DSA-418 Reference: URL:http://www.debian.org/security/2004/dsa-418 Reference: BID:9381 Reference: URL:http://www.securityfocus.com/bid/9381 Reference: XF:vbox3-gain-privileges(14170) Reference: URL:http://xforce.iss.net/xforce/xfdb/14170 vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges. Modifications: 20040811 ADDREF BID:9381 20040811 ADDREF XF:vbox3-gain-privileges(14170) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0015 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Williams NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0016 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0016 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040105 Category: SF Reference: DEBIAN:DSA-419 Reference: URL:http://www.debian.org/security/2004/dsa-419 Reference: BID:9387 Reference: URL:http://www.securityfocus.com/bid/9387 Reference: XF:phpgroupware-calendar-file-include(13489) Reference: URL:http://xforce.iss.net/xforce/xfdb/13489 Reference: OSVDB:6860 Reference: URL:http://www.osvdb.org/6860 The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files. Modifications: 20040811 ADDREF BID:9387 20040811 ADDREF XF:phpgroupware-calendar-file-include(13489) 20040818 ADDREF OSVDB:6860 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0016 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker MODIFY(1) Williams NOOP(2) Cox, Wall Voter Comments: Williams> i believe this affects phpGroupWare 0.9.14.006 and earlier. fixed in 0.9.14.007. http://phpgroupware.org/downloads ====================================================== Candidate: CAN-2004-0028 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0028 Final-Decision: Interim-Decision: 20040825 Modified: 20040811 Proposed: 20040318 Assigned: 20040106 Category: SF Reference: DEBIAN:DSA-420 Reference: URL:http://www.debian.org/security/2004/dsa-420 Reference: BID:9397 Reference: URL:http://www.securityfocus.com/bid/9397 Reference: XF:jitterbug-execute-code(14207) Reference: URL:http://xforce.iss.net/xforce/xfdb/14207 jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands. Modifications: 20040811 ADDREF BID:9397 20040811 ADDREF XF:jitterbug-execute-code(14207) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0028 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Williams NOOP(2) Cox, Wall Voter Comments: Williams> note that this software is no longer supported. http://samba.anu.edu.au/jitterbug/ ====================================================== Candidate: CAN-2004-0031 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0031 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040106 Category: SF Reference: BUGTRAQ:20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340840209453&w=2 Reference: XF:phpgedview-modify-admin-password(14161) Reference: URL:http://xforce.iss.net/xforce/xfdb/14161 Reference: OSVDB:3403 Reference: URL:http://www.osvdb.org/3403 PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php. Modifications: 20040818 ADDREF OSVDB:3403 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2004-0031 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Baker, Williams NOOP(3) Cole, Cox, Wall Voter Comments: Williams> http://phpgedview.sourceforge.net/ ====================================================== Candidate: CAN-2004-0032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0032 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040106 Category: SF Reference: BUGTRAQ:20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340840209453&w=2 Reference: BID:9369 Reference: URL:http://www.securityfocus.com/bid/9369 Reference: XF:phpgedview-search-xss(14160) Reference: URL:http://xforce.iss.net/xforce/xfdb/14160 Reference: OSVDB:3402 Reference: URL:http://www.osvdb.org/3402 Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter. Modifications: 20040811 ADDREF BID:9369 20040818 ADDREF OSVDB:3402 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2004-0032 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Baker, Williams NOOP(3) Cole, Cox, Wall Voter Comments: Williams> http://phpgedview.sourceforge.net/ ====================================================== Candidate: CAN-2004-0033 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0033 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040106 Category: SF Reference: BUGTRAQ:20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340840209453&w=2 Reference: XF:phpgedview-admin-info-disclosure(14162) Reference: URL:http://xforce.iss.net/xforce/xfdb/14162 Reference: OSVDB:3404 Reference: URL:http://www.osvdb.org/3404 admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command. Modifications: 20040818 ADDREF OSVDB:3404 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2004-0033 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Baker, Williams NOOP(3) Cole, Cox, Wall Voter Comments: Williams> http://phpgedview.sourceforge.net/ ====================================================== Candidate: CAN-2004-0035 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0035 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040107 Category: SF Reference: BUGTRAQ:20040105 Multiple Vulnerabilities in Phorum 3.4.5 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340481804110&w=2 Reference: BID:9363 Reference: URL:http://www.securityfocus.com/bid/9363 Reference: XF:phorum-register-sql-injection(14146) Reference: URL:http://xforce.iss.net/xforce/xfdb/14146 Reference: OSVDB:3508 Reference: URL:http://www.osvdb.org/3508 SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. Modifications: 20040811 ADDREF BID:9363 20040818 ADDREF OSVDB:3508 Analysis -------- Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The Phorum home page includes a news item for Phorum 3.4.6 that says it fixed some "cross sight scripting issues that were found by Calum Power [the Bugtraq poster]... [including] register.php." While the Phorum announcement implies it's an XSS issue, the coincidence with Power's post is sufficient enough to reasonably assume that Phorum's statement is erroneous with respect to implying that it's XSS instead of SQL injection. INFERRED ACTION: CAN-2004-0035 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Williams NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0036 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0036 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040107 Category: SF Reference: BUGTRAQ:20040105 vBulletin Forum 2.3.xx calendar.php SQL Injection Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340358202123&w=2 Reference: CONFIRM:http://www.vbulletin.com/forum/showthread.php?postid=588825 Reference: BID:9360 Reference: URL:http://www.securityfocus.com/bid/9360 Reference: XF:vbulletin-calendar-sql-injection(14144) Reference: URL:http://xforce.iss.net/xforce/xfdb/14144 Reference: OSVDB:3344 Reference: URL:http://www.osvdb.org/3344 SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter. Modifications: 20040811 ADDREF BID:9360 20040812 ADDREF CONFIRM:http://www.vbulletin.com/forum/showthread.php?postid=588825 20040818 ADDREF OSVDB:3344 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0036 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Williams NOOP(2) Cox, Wall Voter Comments: Williams> http://www.vbulletin.com/forum/showthread.php?postid=588825 ====================================================== Candidate: CAN-2004-0040 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0040 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040107 Category: SF Reference: ISS:20040204 Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow Reference: URL:http://xforce.iss.net/xforce/alerts/id/163 Reference: BUGTRAQ:20040205 Two checkpoint fw-1/vpn-1 vulns Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107604682227031&w=2 Reference: MISC:http://www.us-cert.gov/cas/techalerts/TA04-036A.html Reference: CERT-VN:VU#873334 Reference: URL:http://www.kb.cert.org/vuls/id/873334 Reference: CIAC:O-073 Reference: URL:http://www.ciac.org/ciac/bulletins/o-073.shtml Reference: XF:vpn1-ike-bo(14150) Reference: URL:http://xforce.iss.net/xforce/xfdb/14150 Reference: BID:9582 Reference: URL:http://www.securityfocus.com/bid/9582 Reference: OSVDB:3821 Reference: URL:http://www.osvdb.org/3821 Reference: OSVDB:4432 Reference: URL:http://www.osvdb.org/4432 Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet. Modifications: 20040818 ADDREF OSVDB:3821 20040818 ADDREF OSVDB:4432 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0040 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Wall NOOP(1) Cox ====================================================== Candidate: CAN-2004-0044 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0044 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040112 Category: SF Reference: CISCO:20040108 Cisco Personal Assistant User Password Bypass Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml Reference: BID:9384 Reference: URL:http://www.securityfocus.com/bid/9384 Reference: XF:ciscopersonalassistant-config-file-access(14172) Reference: URL:http://xforce.iss.net/xforce/xfdb/14172 Reference: OSVDB:3430 Reference: URL:http://www.osvdb.org/3430 Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username. Modifications: 20040812 ADDREF BID:9384 20040812 ADDREF XF:ciscopersonalassistant-config-file-access(14172) 20040818 ADDREF OSVDB:3430 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0044 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Williams, Wall NOOP(1) Cox ====================================================== Candidate: CAN-2004-0045 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0045 Final-Decision: Interim-Decision: 20040825 Modified: 20040812 Proposed: 20040318 Assigned: 20040112 Category: SF Reference: BUGTRAQ:20040107 [SECURITY] INN: Buffer overflow in control message handling Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-01/0063.html Reference: SLACKWARE:SSA:2004-014-02 Reference: URL:http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.365791 Reference: BUGTRAQ:20040108 [OpenPKG-SA-2004.001] OpenPKG Security Advisory (inn) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-01/0064.html Reference: BID:9382 Reference: URL:http://www.securityfocus.com/bid/9382 Reference: XF:inn-artpost-control-message-bo(14190) Reference: URL:http://xforce.iss.net/xforce/xfdb/14190 Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code. Modifications: 20040812 [desc] add ARTpost function 20040812 ADDREF SLACKWARE:SSA:2004-014-02 20040812 ADDREF BID:9382 20040812 ADDREF XF:inn-artpost-control-message-bo(14190) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0045 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Cox, Williams NOOP(1) Wall Voter Comments: Williams> http://www.isc.org/products/INN/ ====================================================== Candidate: CAN-2004-0049 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0049 Final-Decision: Interim-Decision: 20040825 Modified: 20040812 Proposed: 20040318 Assigned: 20040114 Category: SF Reference: VULNWATCH:20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow Reference: URL:http://seclists.org/lists/vulnwatch/2004/Jan-Mar/0057.html Reference: BUGTRAQ:20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow Reference: URL:http://www.securityfocus.com/archive/1/357834 Reference: CONFIRM:http://service.real.com/help/faq/security/040112_dos/ Reference: CONFIRM:http://service.real.com/help/faq/security/security022604.html Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port. Modifications: 20040812 ADDREF VULNWATCH:20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow 20040812 ADDREF BUGTRAQ:20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow 20040812 ADDREF CONFIRM:http://service.real.com/help/faq/security/security022604.html Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0049 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Wall MODIFY(1) Williams NOOP(2) Christey, Cox Voter Comments: Christey> The following post has more details, stating that it's a buffer overflow and that code execution is possible: VULNWATCH:20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow Williams> vendor conf on the bof w/ code exec issue. http://service.real.com/help/faq/security/security022604.html ====================================================== Candidate: CAN-2004-0063 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0063 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040114 Category: SF Reference: CONFIRM:http://www.ncipher.com/support/advisories/advisory8_payshield.html Reference: BUGTRAQ:20040114 nCipher Advisory #8: payShield library may verify bad requests Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411819503569&w=2 Reference: BID:9422 Reference: URL:http://www.securityfocus.com/bid/9422 Reference: XF:payshield-incorrect-request-verification(14832) Reference: URL:http://xforce.iss.net/xforce/xfdb/14832 Reference: OSVDB:3537 Reference: URL:http://www.osvdb.org/3537 The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number. Modifications: 20040812 ADDREF BID:9422 20040812 ADDREF XF:payshield-incorrect-request-verification(14832) 20040818 ADDREF OSVDB:3537 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0063 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0068 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0068 Final-Decision: Interim-Decision: 20040825 Modified: 20040812 Proposed: 20040318 Assigned: 20040115 Category: SF Reference: BUGTRAQ:20040114 PhpDig 1.6.x: remote command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107412194008671&w=2 Reference: CONFIRM:http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393 Reference: BID:9424 Reference: URL:http://www.securityfocus.com/bid/9424 Reference: XF:phpdig-config-file-include(14826) Reference: URL:http://xforce.iss.net/xforce/xfdb/14826 PHP remote code injection vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code. Modifications: 20040812 ADDREF BID:9424 20040812 ADDREF XF:phpdig-config-file-include(14826) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0068 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0070 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0070 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040115 Category: SF Reference: BUGTRAQ:20040110 Remote Code Execution in ezContents Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107392588915627&w=2 Reference: CONFIRM:http://www.ezcontents.org/forum/viewtopic.php?t=361 Reference: BID:9396 Reference: URL:http://www.securityfocus.com/bid/9396 Reference: XF:ezcontents-php-file-include(14199) Reference: URL:http://xforce.iss.net/xforce/xfdb/14199 Reference: OSVDB:6878 Reference: URL:http://www.osvdb.org/6878 PHP remote code injection vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code. Modifications: 20040812 ADDREF BID:9396 20040812 ADDREF XF:ezcontents-php-file-include(14199) 20040818 ADDREF OSVDB:6878 Analysis -------- Vendor Acknowledgement: yes ACKNOWLEDGEMENT: the vendor's web site includes an item "Wed Feb 04, 2004 9:48 am" which explicitly lists CAN-2004-0070. INFERRED ACTION: CAN-2004-0070 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Baker, Williams NOOP(3) Cole, Cox, Wall ====================================================== Candidate: CAN-2004-0075 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0075 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20040119 Category: SF Reference: CONECTIVA:CLA-2004:846 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 Reference: MANDRAKE:MDKSA-2004:015 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:015 Reference: REDHAT:RHSA-2004:065 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-065.html Reference: SUSE:SuSE-SA:2004:005 Reference: URL:http://www.suse.de/de/security/2004_05_linux_kernel.html Reference: XF:linux-vicam-dos(15246) Reference: URL:http://xforce.iss.net/xforce/xfdb/15246 Reference: OVAL:OVAL836 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL836.html The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service. Modifications: 20040812 ADDREF CONECTIVA:CLA-2004:846 20040812 ADDREF BID:9690 20040824 ADDREF OVAL:OVAL836 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2004-0075 ACCEPT_REV (3 accept, 2 ack, 1 review) Current Votes: ACCEPT(3) Armstrong, Baker, Cox NOOP(2) Cole, Christey REVIEWING(1) Wall Voter Comments: Christey> CONECTIVA:CLA-2004:846 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 ====================================================== Candidate: CAN-2004-0077 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20040119 Category: SF Reference: BUGTRAQ:20040218 Second critical mremap() bug found in all Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107711762014175&w=2 Reference: VULNWATCH:20040218 Second critical mremap() bug found in all Linux kernels Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html Reference: MISC:http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt Reference: CONECTIVA:CLA-2004:820 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820 Reference: DEBIAN:DSA-438 Reference: URL:http://www.debian.org/security/2004/dsa-438 Reference: DEBIAN:DSA-439 Reference: URL:http://www.debian.org/security/2004/dsa-439 Reference: DEBIAN:DSA-440 Reference: URL:http://www.debian.org/security/2004/dsa-440 Reference: DEBIAN:DSA-441 Reference: URL:http://www.debian.org/security/2004/dsa-441 Reference: DEBIAN:DSA-442 Reference: URL:http://www.debian.org/security/2004/dsa-442 Reference: DEBIAN:DSA-444 Reference: URL:http://www.debian.org/security/2004/dsa-444 Reference: DEBIAN:DSA-450 Reference: URL:http://www.debian.org/security/2004/dsa-450 Reference: DEBIAN:DSA-453 Reference: URL:http://www.debian.org/security/2004/dsa-453 Reference: DEBIAN:DSA-454 Reference: URL:http://www.debian.org/security/2004/dsa-454 Reference: DEBIAN:DSA-456 Reference: URL:http://www.debian.org/security/2004/dsa-456 Reference: DEBIAN:DSA-466 Reference: URL:http://www.debian.org/security/2004/dsa-466 Reference: DEBIAN:DSA-470 Reference: URL:http://www.debian.org/security/2004/dsa-470 Reference: DEBIAN:DSA-514 Reference: URL:http://www.debian.org/security/2004/dsa-514 Reference: DEBIAN:DSA-475 Reference: URL:http://www.debian.org/security/2004/dsa-475 Reference: REDHAT:RHSA-2004:065 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-065.html Reference: REDHAT:RHSA-2004:066 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-066.html Reference: REDHAT:RHSA-2004:069 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-069.html Reference: REDHAT:RHSA-2004:106 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-106.html Reference: SLACKWARE:SSA:2004-049 Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.541911 Reference: SUSE:SuSE-SA:2004:005 Reference: URL:http://www.suse.de/de/security/2004_05_linux_kernel.html Reference: TRUSTIX:2004-0007 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712137732553&w=2 Reference: TRUSTIX:2004-0008 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755871932680&w=2 Reference: GENTOO:GLSA-200403-02 Reference: URL:http://security.gentoo.org/glsa/glsa-200403-02.xml Reference: CERT-VN:VU#981222 Reference: URL:http://www.kb.cert.org/vuls/id/981222 Reference: XF:linux-mremap-gain-privileges(15244) Reference: URL:http://xforce.iss.net/xforce/xfdb/15244 Reference: BID:9686 Reference: URL:http://www.securityfocus.com/bid/9686 Reference: OSVDB:3986 Reference: URL:http://www.osvdb.org/3986 Reference: OVAL:OVAL825 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL825.html Reference: OVAL:OVAL837 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL837.html The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. Modifications: 20040812 ADDREF DEBIAN:DSA-466 20040812 ADDREF DEBIAN:DSA-470 20040812 ADDREF DEBIAN:DSA-475 20040812 ADDREF DEBIAN:DSA-514 20040812 ADDREF REDHAT:RHSA-2004:069 20040812 ADDREF CERT-VN:VU#981222 20040812 [refs] Normalize Trustix references 20040818 ADDREF REDHAT:RHSA-2004:106 20040818 ADDREF DEBIAN:DSA-450 20040818 ADDREF DEBIAN:DSA-453 20040818 ADDREF DEBIAN:DSA-454 20040818 ADDREF OSVDB:3986 20040824 ADDREF OVAL:OVAL825 20040824 ADDREF OVAL:OVAL837 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0077 ACCEPT (5 accept, 5 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Cox, Wall NOOP(1) Christey Voter Comments: Christey> DEBIAN:DSA-466 URL:http://www.debian.org/security/2004/dsa-466 CERT-VN:VU#981222 URL:http://www.kb.cert.org/vuls/id/981222 Cox> Addref: REDHAT:RHSA-2004:069 Christey> DEBIAN:DSA-470 URL:http://www.debian.org/security/2004/dsa-470 Christey> DEBIAN:DSA-475 URL:http://www.debian.org/security/2004/dsa-475 Christey> Normalize Trustix references Christey> DEBIAN:DSA-514 URL:http://www.debian.org/security/2004/dsa-514 ====================================================== Candidate: CAN-2004-0078 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0078 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20040119 Category: SF Reference: BUGTRAQ:20040211 Mutt-1.4.2 fixes buffer overflow. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107651677817933&w=2 Reference: CALDERA:CSSA-2004-013.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt Reference: REDHAT:RHSA-2004:050 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-050.html Reference: REDHAT:RHSA-2004:051 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-051.html Reference: MANDRAKE:MDKSA-2004:010 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010 Reference: SLACKWARE:SSA:2004-043 Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405607 Reference: CONFIRM:http://bugs.debian.org/126336 Reference: BUGTRAQ:20040215 LNSA-#2004-0001: mutt remote crash Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107696262905039&w=2 Reference: BUGTRAQ:20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107884956930903&w=2 Reference: XF:mutt-index-menu-bo(15134) Reference: URL:http://xforce.iss.net/xforce/xfdb/15134 Reference: BID:9641 Reference: URL:http://www.securityfocus.com/bid/9641 Reference: OSVDB:3918 Reference: URL:http://www.osvdb.org/3918 Reference: OVAL:OVAL811 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL811.html Reference: OVAL:OVAL838 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL838.html Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages. Modifications: 20040812 ADDREF CALDERA:CSSA-2004-013.0 20040818 ADDREF OSVDB:3918 20040824 ADDREF OVAL:OVAL811 20040824 ADDREF OVAL:OVAL838 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0078 ACCEPT (5 accept, 4 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Cox, Wall NOOP(1) Christey Voter Comments: Christey> CALDERA:CSSA-2004-013.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt ====================================================== Candidate: CAN-2004-0080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0080 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040119 Category: SF Reference: GENTOO:GLSA-200404-06 Reference: URL:http://security.gentoo.org/glsa/glsa-200404-06.xml Reference: REDHAT:RHSA-2004:056 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-056.html Reference: SGI:20040201-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc Reference: SGI:20040406-01-U Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108318777829802&w=2 Reference: BUGTRAQ:20040331 OpenLinux: util-linux could leak sensitive data Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108077689801698&w=2 Reference: BUGTRAQ:20040408 LNSA-#2004-0010: login may leak sensitive data Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108144719532385&w=2 Reference: CERT-VN:VU#801526 Reference: URL:http://www.kb.cert.org/vuls/id/801526 Reference: BID:9558 Reference: URL:http://www.securityfocus.com/bid/9558 Reference: XF:utillinux-information-leak(15016) Reference: URL:http://xforce.iss.net/xforce/xfdb/15016 Reference: OSVDB:3796 Reference: URL:http://www.osvdb.org/3796 The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. Modifications: 20040812 ADDREF BUGTRAQ:20040331 OpenLinux: util-linux could leak sensitive data 20040812 ADDREF BUGTRAQ:20040408 LNSA-#2004-0010: login may leak sensitive data 20040812 ADDREF GENTOO:GLSA-200404-06 20040812 ADDREF SGI:20040406-01-U 20040812 ADDREF CERT-VN:VU#801526 20040812 ADDREF BID:9558 20040812 ADDREF XF:utillinux-information-leak(15016) 20040818 ADDREF OSVDB:3796 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0080 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Cox, Wall NOOP(1) Christey Voter Comments: Christey> BUGTRAQ:20040331 OpenLinux: util-linux could leak sensitive data URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108077689801698&w=2 Christey> BUGTRAQ:20040408 LNSA-#2004-0010: login may leak sensitive data URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108144719532385&w=2 Christey> SGI:20040406-01-U URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108318777829802&w=2 ====================================================== Candidate: CAN-2004-0082 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0082 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20040119 Category: SF Reference: REDHAT:RHSA-2004:064 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-064.html Reference: CONFIRM:http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt Reference: CONFIRM:http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html Reference: CIAC:O-078 Reference: URL:http://www.ciac.org/ciac/bulletins/o-078.shtml Reference: BID:9637 Reference: URL:http://www.securityfocus.com/bid/9637 Reference: XF:samba-mksmbpasswd-gain-access(15132) Reference: URL:http://xforce.iss.net/xforce/xfdb/15132 Reference: OSVDB:3919 Reference: URL:http://www.osvdb.org/3919 Reference: OVAL:OVAL827 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL827.html The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password. Modifications: 20040812 ADDREF CIAC:O-078 20040812 ADDREF BID:9637 20040812 ADDREF CONFIRM:http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html 20040818 ADDREF OSVDB:3919 20040824 ADDREF OVAL:OVAL827 Analysis -------- Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The release notes for Samba 3.02, dated February 9, 2004, explicitly reference this identifier. INFERRED ACTION: CAN-2004-0082 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Cox, Wall NOOP(1) Christey Voter Comments: Christey> CIAC:O-078 URL:http://www.ciac.org/ciac/bulletins/o-078.shtml BID:9637 URL:http://www.securityfocus.com/bid/9637 ====================================================== Candidate: CAN-2004-0089 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0089 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040120 Category: SF Reference: ATSTAKE:A012704-1 Reference: URL:http://www.atstake.com/research/advisories/2004/a012704-1.txt Reference: APPLE:APPLE-SA-2004-01-26 Reference: URL:http://www.securityfocus.com/advisories/6269 Reference: CERT-VN:VU#902374 Reference: URL:http://www.kb.cert.org/vuls/id/902374 Reference: BID:9731 Reference: URL:http://www.securityfocus.com/bid/9731 Reference: XF:macosx-trublue-environmentvariable-bo(14968) Reference: URL:http://xforce.iss.net/xforce/xfdb/14968 Reference: OSVDB:6821 Reference: URL:http://www.osvdb.org/6821 Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable. Modifications: 20040812 ADDREF APPLE:APPLE-SA-2004-01-26 20040812 ADDREF CERT-VN:VU#902374 20040812 ADDREF BID:9731 20040812 ADDREF XF:macosx-trublue-environmentvariable-bo(14968) 20040812 DELREF CONFIRM's - normalize to APPLE instead 20040818 ADDREF OSVDB:6821 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2004-0089 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Green, Baker NOOP(3) Cole, Cox, Wall Voter Comments: Green> Ack'ed by CAN# in Apple bulletin at http://docs.info.apple.com/article.html?artnum=61798 ====================================================== Candidate: CAN-2004-0093 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0093 Final-Decision: Interim-Decision: 20040825 Modified: 20040812 Proposed: 20040318 Assigned: 20040123 Category: SF Reference: CONECTIVA:CLSA-2004:824 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824 Reference: DEBIAN:DSA-443 Reference: URL:http://www.debian.org/security/2004/dsa-443 Reference: REDHAT:RHSA-2004:152 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-152.html Reference: SGI:20040406-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U Reference: BID:9701 Reference: URL:http://www.securityfocus.com/bid/9701 Reference: XF:xfree86-glx-array-dos(15272) Reference: URL:http://xforce.iss.net/xforce/xfdb/15272 XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI). Modifications: 20040812 ADDREF CONECTIVA:CLSA-2004:824 20040812 ADDREF SGI:20040406-01-U 20040812 ADDREF REDHAT:RHSA-2004:152 20040812 ADDREF BID:9701 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2004-0093 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox NOOP(2) Christey, Wall Voter Comments: Christey> SGI:20040406-01-U URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108318777829802&w=2 ====================================================== Candidate: CAN-2004-0094 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0094 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20040318 Assigned: 20040123 Category: SF Reference: CONECTIVA:CLSA-2004:824 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824 Reference: DEBIAN:DSA-443 Reference: URL:http://www.debian.org/security/2004/dsa-443 Reference: REDHAT:RHSA-2004:152 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-152.html Reference: SGI:20040406-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U Reference: BID:9701 Reference: URL:http://www.securityfocus.com/bid/9701 Reference: XF:xfree86-glx-integer-dos(15273) Reference: URL:http://xforce.iss.net/xforce/xfdb/15273 Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI). Modifications: 20040812 ADDREF CONECTIVA:CLSA-2004:824 20040812 ADDREF SGI:20040406-01-U 20040812 ADDREF REDHAT:RHSA-2004:152 20040812 ADDREF BID:9701 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0094 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox NOOP(2) Christey, Wall Voter Comments: Christey> SGI:20040406-01-U URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108318777829802&w=2 ====================================================== Candidate: CAN-2004-0095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0095 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040126 Category: SF Reference: CONFIRM:http://download.nai.com/products/patches/ePO/v3.1.0/EPO3013.zip Reference: BID:9476 Reference: URL:http://www.securityfocus.com/bid/9476 Reference: XF:epolicy-contentlength-post-dos(14989) Reference: URL:http://xforce.iss.net/xforce/xfdb/14989 Reference: OSVDB:3744 Reference: URL:http://www.osvdb.org/3744 McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow. Modifications: 20040812 ADDREF CONFIRM 20040812 ADDREF XF:epolicy-contentlength-post-dos(14989) 20040818 ADDREF OSVDB:3744 Analysis -------- Vendor Acknowledgement: yes patch ACKNOWLEDGEMENT: NAI patch EPO3013 includes a Patch3.txt file that specifically mentions this CVE item. INFERRED ACTION: CAN-2004-0095 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(3) Armstrong, Green, Baker NOOP(2) Cole, Cox REVIEWING(1) Wall Voter Comments: Green> Vendor ack'ed by CAN # in Network Associates Patch EPO3013 ====================================================== Candidate: CAN-2004-0096 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0096 Final-Decision: Interim-Decision: 20040825 Modified: 20040812 Proposed: 20040318 Assigned: 20040126 Category: SF Reference: MLIST:[mod_python] 20040122 [ANNOUNCE] Mod_python 2.7.10 Reference: URL:http://www.modpython.org/pipermail/mod_python/2004-January/014879.html Reference: GENTOO:GLSA-200401-03 Reference: URL:http://security.gentoo.org/glsa/glsa-200401-03.xml Reference: REDHAT:RHSA-2004:058 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-058.html Reference: REDHAT:RHSA-2004:063 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-063.html Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973. Modifications: 20040812 ADDREF GENTOO:GLSA-200401-03 20040812 ADDREF REDHAT:RHSA-2004:058 20040812 ADDREF REDHAT:RHSA-2004:063 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0096 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Baker, Cox NOOP(2) Christey, Wall Voter Comments: Christey> BUGTRAQ:20040127 [ GLSA 200401-03 ] Apache mod_python Denial of Service vulnerability URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522658715931&w=2 Green> http://www.modpython.org/pipermail/mod_python/2004-January/014879.html CHANGE> [Cox changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2004-0099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0099 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040129 Category: SF Reference: FREEBSD:FreeBSD-SA-04:01 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc Reference: BID:9533 Reference: URL:http://www.securityfocus.com/bid/9533 Reference: XF:freebsd-mksnapffs-bypass-security(15005) Reference: URL:http://xforce.iss.net/xforce/xfdb/15005 Reference: OSVDB:3790 Reference: URL:http://www.osvdb.org/3790 mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions. Modifications: 20040812 ADDREF BID:9533 20040812 ADDREF XF:freebsd-mksnapffs-bypass-security(15005) 20040818 ADDREF OSVDB:3790 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0099 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0108 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0108 Final-Decision: Interim-Decision: 20040825 Modified: 20040812 Proposed: 20040318 Assigned: 20040202 Category: SF Reference: REDHAT:RHSA-2004:053 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-053.html Reference: DEBIAN:DSA-460 Reference: URL:http://www.debian.org/security/2004/dsa-460 Reference: SGI:20040302-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc Reference: BID:9844 Reference: URL:http://www.securityfocus.com/bid/9844 Reference: XF:sysstat-isag-symlink(15437) Reference: URL:http://xforce.iss.net/xforce/xfdb/15437 The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107. Modifications: 20040812 ADDREF BID:9844 20040812 ADDREF XF:sysstat-isag-symlink(15437) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0108 ACCEPT (7 accept, 3 ack, 0 review) Current Votes: ACCEPT(6) Cole, Armstrong, Baker, Cox, Balinsky, Wall MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:sysstat-isag-symlink(15437) http://xforce.iss.net/xforce/xfdb/15437 Christey> BID:9844 URL:http://www.securityfocus.com/bid/9844 XF:sysstat-isag-symlink(15437) URL:http://xforce.iss.net/xforce/xfdb/15437 ====================================================== Candidate: CAN-2004-0111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0111 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20040202 Category: SF Reference: DEBIAN:DSA-464 Reference: URL:http://www.debian.org/security/2004/dsa-464 Reference: MANDRAKE:MDKSA-2004:020 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:020 Reference: REDHAT:RHSA-2004:102 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-102.html Reference: REDHAT:RHSA-2004:103 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-103.html Reference: BID:9842 Reference: URL:http://www.securityfocus.com/bid/9842 Reference: XF:gdk-pixbuf-bitmap-dos(15426) Reference: URL:http://xforce.iss.net/xforce/xfdb/15426 Reference: OVAL:OVAL845 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL845.html Reference: OVAL:OVAL846 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL846.html gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file. Modifications: 20040812 ADDREF DEBIAN:DSA-464 20040812 ADDREF REDHAT:RHSA-2004:102 20040812 ADDREF BID:9842 20040812 ADDREF XF:gdk-pixbuf-bitmap-dos(15426) 20040824 ADDREF OVAL:OVAL845 20040824 ADDREF OVAL:OVAL846 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2004-0111 ACCEPT_REV (6 accept, 2 ack, 1 review) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Cox, Balinsky MODIFY(1) Frech NOOP(1) Christey REVIEWING(1) Wall Voter Comments: Christey> DEBIAN:DSA-464 URL:http://www.debian.org/security/2004/dsa-464 Frech> XF:gdk-pixbuf-bitmap-dos(15426) http://xforce.iss.net/xforce/xfdb/15426 Cox> Addref: REDHAT:RHSA-2004:102 Christey> XF:gdk-pixbuf-bitmap-dos(15426) URL:http://xforce.iss.net/xforce/xfdb/15426 BID:9842 URL:http://www.securityfocus.com/bid/9842 ====================================================== Candidate: CAN-2004-0113 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20040202 Category: SF Reference: MISC:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27106 Reference: MLIST:[apache-cvs] 20040307 cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c Reference: URL:http://marc.theaimsgroup.com/?l=apache-cvs&m=107869699329638 Reference: CONFIRM:http://www.apacheweek.com/features/security-20 Reference: APPLE:APPLE-SA-2004-05-03 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108369640424244&w=2 Reference: CONECTIVA:CLSA-2004:839 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000839 Reference: GENTOO:GLSA-200403-04 Reference: URL:http://security.gentoo.org/glsa/glsa-200403-04.xml Reference: HP:SSRT4717 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108731648532365&w=2 Reference: MANDRAKE:MDKSA-2004:043 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:043 Reference: REDHAT:RHSA-2004:084 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-084.html Reference: REDHAT:RHSA-2004:182 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-182.html Reference: TRUSTIX:2004-0017 Reference: URL:http://www.trustix.org/errata/2004/0017 Reference: BUGTRAQ:20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108034113406858&w=2 Reference: XF:apache-modssl-plain-dos(15419) Reference: URL:http://xforce.iss.net/xforce/xfdb/15419 Reference: BID:9826 Reference: URL:http://www.securityfocus.com/bid/9826 Reference: OSVDB:4182 Reference: URL:http://www.osvdb.org/4182 Reference: OVAL:OVAL876 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL876.html Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. Modifications: 20040812 ADDREF CONECTIVA:CLSA-2004:839 20040812 ADDREF GENTOO:GLSA-200403-04 20040812 ADDREF MANDRAKE:MDKSA-2004:043 20040812 ADDREF REDHAT:RHSA-2004:084 20040812 ADDREF REDHAT:RHSA-2004:182 20040812 ADDREF TRUSTIX:2004-0017 20040812 ADDREF HP:SSRT4717 20040812 ADDREF APPLE:APPLE-SA-2004-05-03 20040812 ADDREF BUGTRAQ:20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48 20040818 ADDREF OSVDB:4182 20040824 ADDREF OVAL:OVAL876 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2004-0113 ACCEPT (6 accept, 3 ack, 0 review) Current Votes: ACCEPT(6) Cole, Armstrong, Baker, Cox, Balinsky, Wall NOOP(1) Christey Voter Comments: Christey> REDHAT:RHSA-2004:084 URL:http://www.redhat.com/support/errata/RHSA-2004-084.html Christey> BUGTRAQ:20040330 TSLSA-2004-0017 - apache URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108066914830552&w=2 Christey> BUGTRAQ:20040325 GLSA200403-04 Multiple security vulnerabilities in Apache 2 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108024081011678&w=2 BUGTRAQ:20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108034113406858&w=2 Christey> REDHAT:RHSA-2004:182 URL:http://www.redhat.com/support/errata/RHSA-2004-182.html Christey> APPLE:APPLE-SA-2004-05-03 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108369640424244&w=2 Christey> MANDRAKE:MDKSA-2004:043 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:043 Christey> HP:SSRT4717 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108731648532365&w=2 ====================================================== Candidate: CAN-2004-0114 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0114 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040203 Category: SF Reference: BUGTRAQ:20040205 [PINE-CERT-20040201] reference count overflow in shmat() Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107608375207601&w=2 Reference: MISC:http://www.pine.nl/press/pine-cert-20040201.txt Reference: FREEBSD:FreeBSD-SA-04:02 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc Reference: NETBSD:NetBSD-SA2004-004 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-004.txt.asc Reference: BID:9586 Reference: URL:http://www.securityfocus.com/bid/9586 Reference: XF:bsd-shmat-gain-privileges(15061) Reference: URL:http://xforce.iss.net/xforce/xfdb/15061 Reference: OSVDB:3836 Reference: URL:http://www.osvdb.org/3836 The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges. Modifications: 20040818 ADDREF OSVDB:3836 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0114 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0115 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0115 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040203 Category: SF Reference: ATSTAKE:A021004-1 Reference: URL:http://www.atstake.com/research/advisories/2004/a021004-1.txt Reference: MS:MS04-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-005.asp Reference: CIAC:O-076 Reference: URL:http://www.ciac.org/ciac/bulletins/o-076.shtml Reference: BID:9632 Reference: URL:http://www.securityfocus.com/bid/9632 Reference: XF:virtual-pc-gain-privileges(15113) Reference: URL:http://xforce.iss.net/xforce/xfdb/15113 Reference: OSVDB:3893 Reference: URL:http://www.osvdb.org/3893 VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file. Modifications: 20040812 ADDREF CIAC:O-076 20040812 ADDREF BID:9632 20040812 ADDREF XF:virtual-pc-gain-privileges(15113) 20040818 ADDREF OSVDB:3893 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0115 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Wall NOOP(2) Christey, Cox Voter Comments: Christey> CIAC:O-076 URL:http://www.ciac.org/ciac/bulletins/o-076.shtml XF:virtual-pc-gain-privileges(15113) URL:http://xforce.iss.net/xforce/xfdb/15113 BID:9632 URL:http://www.securityfocus.com/bid/9632 ====================================================== Candidate: CAN-2004-0121 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0121 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20040203 Category: SF Reference: IDEFENSE:20040309 Microsoft Outlook "mailto:" Parameter Passing Vulnerability Reference: URL:http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities Reference: BUGTRAQ:20040310 Outlook mailto: URL argument injection vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107893704602842&w=2 Reference: MS:MS04-009 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-009.asp Reference: CERT-VN:VU#305206 Reference: URL:http://www.kb.cert.org/vuls/id/305206 Reference: BID:9827 Reference: URL:http://www.securityfocus.com/bid/9827 Reference: XF:outlook-mailtourl-execute-code(15414) Reference: URL:http://xforce.iss.net/xforce/xfdb/15414 Reference: OVAL:OVAL843 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL843.html Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs. Modifications: 20040812 ADDREF CERT-VN:VU#305206 20040812 ADDREF XF:outlook-mailtourl-execute-code(15414) 20040812 ADDREF BID:9827 20040812 CHANGEREF MISC - normalize to IDEFENSE 20040812 [desc] say "argument injection vulnerability" 20040824 ADDREF OVAL:OVAL843 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0121 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Balinsky, Wall MODIFY(1) Frech NOOP(2) Christey, Cox Voter Comments: Frech> XF:outlook-mailtourl-execute-code(15414) http://xforce.iss.net/xforce/xfdb/15414 Christey> modify desc to say "argument injection vulnerability" ====================================================== Candidate: CAN-2004-0122 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0122 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20040203 Category: SF Reference: MS:MS04-010 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-010.asp Reference: CERT-VN:VU#688094 Reference: URL:http://www.kb.cert.org/vuls/id/688094 Reference: XF:msn-request-view-files(15415) Reference: URL:http://xforce.iss.net/xforce/xfdb/15415 Reference: OVAL:OVAL844 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL844.html Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files. Modifications: 20040812 ADDREF CERT-VN:VU#688094 20040812 ADDREF XF:msn-request-view-files(15415) 20040824 ADDREF OVAL:OVAL844 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0122 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Balinsky, Wall MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:msn-request-view-files(15415) http://xforce.iss.net/xforce/xfdb/15415 ====================================================== Candidate: CAN-2004-0126 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0126 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040203 Category: SF Reference: FREEBSD:FreeBSD-SA-04:03 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc Reference: XF:freebsd-jailattach-gain-privileges(15344) Reference: URL:http://xforce.iss.net/xforce/xfdb/15344 Reference: BID:9762 Reference: URL:http://www.securityfocus.com/bid/9762 Reference: OSVDB:4101 Reference: URL:http://www.osvdb.org/4101 The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail. Modifications: 20040818 ADDREF OSVDB:4101 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0126 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0128 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0128 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040204 Category: SF Reference: BUGTRAQ:20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior Reference: URL:http://www.securityfocus.com/archive/1/352355 Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=141517 Reference: BID:9531 Reference: URL:http://www.securityfocus.com/bid/9531 Reference: XF:phpgedview-gedfilconf-file-include(14987) Reference: URL:http://xforce.iss.net/xforce/xfdb/14987 Reference: OSVDB:3769 Reference: URL:http://www.osvdb.org/3769 PHP remote code injection vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script. Modifications: 20040812 ADDREF BID:9531 20040812 ADDREF XF:phpgedview-gedfilconf-file-include(14987) 20040818 ADDREF OSVDB:3769 Analysis -------- Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the changelog for PhpGedView v2.65.2, dated January 28, 2004, includes an item that says the developer "Fixed vulnerability in $INDEX_DIRECTORY/gedcom.ged_conf.php." INFERRED ACTION: CAN-2004-0128 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0129 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0129 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040204 Category: SF Reference: BUGTRAQ:20040203 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107582619125932&w=2 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=350228 Reference: CONFIRM:http://www.phpmyadmin.net/home_page/relnotes.php?rel=0 Reference: GENTOO:GLSA-200402-05 Reference: URL:http://security.gentoo.org/glsa/glsa-200402-05.xml Reference: BID:9564 Reference: URL:http://www.securityfocus.com/bid/9564 Reference: XF:phpmyadmin-dotdot-directory-traversal(15021) Reference: URL:http://xforce.iss.net/xforce/xfdb/15021 Reference: OSVDB:3800 Reference: URL:http://www.osvdb.org/3800 Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter. Modifications: 20040611 Normalize Gentoo reference 20040813 ADDREF BID:9564 20040813 ADDREF XF:phpmyadmin-dotdot-directory-traversal(15021) 20040818 ADDREF OSVDB:3800 Analysis -------- Vendor Acknowledgement: unknown discloser-claimed ACKNOWLEDGEMENT: the Changelog for version 2.5.6-rc1 states that "a security fix" was made, and a diff of export.php with an earlier version confirms it. INFERRED ACTION: CAN-2004-0129 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Armstrong, Baker NOOP(4) Cole, Christey, Cox, Wall Voter Comments: Christey> Normalize Gentoo reference ====================================================== Candidate: CAN-2004-0131 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0131 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040210 Category: SF Reference: IDEFENSE:20040204 GNU Radius Remote Denial of Service Vulnerability Reference: URL:http://www.idefense.com/application/poi/display?id=71&type=vulnerabilities&flashstatus=true Reference: CONFIRM:http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz Reference: CERT-VN:VU#277396 Reference: URL:http://www.kb.cert.org/vuls/id/277396 Reference: BID:9578 Reference: URL:http://www.securityfocus.com/bid/9578 Reference: XF:radius-radprintrequest-dos(15046) Reference: URL:http://xforce.iss.net/xforce/xfdb/15046 Reference: OSVDB:3824 Reference: URL:http://www.osvdb.org/3824 The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote atackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference. Modifications: 20040813 CHANGEREF IDEFENSE normalize from FULLDISC 20040818 ADDREF OSVDB:3824 Analysis -------- Vendor Acknowledgement: unknown ACKNOWLEDGEMENT: the ChangeLog for Radius 1.2 includes an item dated 2003-11-26 which says "(rad_print_request): Removed." INFERRED ACTION: CAN-2004-0131 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Armstrong, Baker NOOP(3) Cole, Cox, Wall ====================================================== Candidate: CAN-2004-0148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0148 Final-Decision: Interim-Decision: 20040825 Modified: 20040813 Proposed: 20040318 Assigned: 20040213 Category: SF Reference: DEBIAN:DSA-457 Reference: URL:http://www.debian.org/security/2004/dsa-457 Reference: HP:SSRT4704 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108999466902690&w=2 Reference: REDHAT:RHSA-2004:096 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-096.html Reference: BID:9832 Reference: URL:http://www.securityfocus.com/bid/9832 Reference: XF:wuftpd-restrictedgid-gain-access(15423) Reference: URL:http://xforce.iss.net/xforce/xfdb/15423 wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. Modifications: 20040813 ADDREF BID:9832 20040813 ADDREF XF:wuftpd-restrictedgid-gain-access(15423) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0148 ACCEPT (7 accept, 3 ack, 0 review) Current Votes: ACCEPT(6) Cole, Armstrong, Baker, Cox, Balinsky, Wall MODIFY(1) Frech Voter Comments: Frech> XF:wuftpd-restrictedgid-gain-access(15423) http://xforce.iss.net/xforce/xfdb/15423 ====================================================== Candidate: CAN-2004-0150 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0150 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040213 Category: SF Reference: DEBIAN:DSA-458 Reference: URL:http://www.debian.org/security/2004/dsa-458 Reference: MANDRAKE:MDKSA-2004:019 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:019 Reference: BID:9836 Reference: URL:http://www.securityfocus.com/bid/9836 Reference: XF:python-getaddrinfo-bo(15409) Reference: URL:http://xforce.iss.net/xforce/xfdb/15409 Reference: OSVDB:4172 Reference: URL:http://www.osvdb.org/4172 Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS. Modifications: 20040813 ADDREF BID:9836 20040813 ADDREF XF:python-getaddrinfo-bo(15409) 20040818 ADDREF OSVDB:4172 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0150 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Balinsky MODIFY(2) Frech, Cox NOOP(1) Wall Voter Comments: Frech> XF:python-getaddrinfo-bo(15409) http://xforce.iss.net/xforce/xfdb/15409 Cox> Fixed in 2.2.2, does not affect servers which have IPv6 support enabled. Suggested replacement text: "Buffer overflow in the getaddrinfo in Python 2.2 before 2.2.2 where IPv6 support is disabled allows remote attackers to executer arbitrary code via an IPv6 address that is obtained using DNS." ====================================================== Candidate: CAN-2004-0159 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0159 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040213 Category: SF Reference: DEBIAN:DSA-447 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755803218677&w=2 Reference: FULLDISC:20040223 Re: [SECURITY] [DSA 447-1] New hsftp packages fix format string vulnerability Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/017737.html Reference: BID:9715 Reference: URL:http://www.securityfocus.com/bid/9715 Reference: XF:hsftp-format-string(15276) Reference: URL:http://xforce.iss.net/xforce/xfdb/15276 Reference: OSVDB:4029 Reference: URL:http://www.osvdb.org/4029 Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command. Modifications: 20040813 ADDREF BID:9715 20040818 ADDREF OSVDB:4029 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0159 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0160 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0160 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20040318 Assigned: 20040213 Category: SF Reference: DEBIAN:DSA-446 Reference: URL:http://www.debian.org/security/2004/dsa-446 Reference: XF:synaesthesia-configuration-symlink-attack(15279) Reference: URL:http://xforce.iss.net/xforce/xfdb/15279 Reference: BID:9713 Reference: URL:http://www.securityfocus.com/bid/9713 Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0160 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0165 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0165 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040218 Category: SF Reference: ATSTAKE:A022304-1 Reference: URL:http://www.atstake.com/research/advisories/2004/a022304-1.txt Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html Reference: CERT-VN:VU#841742 Reference: URL:http://www.kb.cert.org/vuls/id/841742 Reference: XF:macos-pppd-format-string(15297) Reference: URL:http://xforce.iss.net/xforce/xfdb/15297 Reference: BID:9730 Reference: URL:http://www.securityfocus.com/bid/9730 Reference: OSVDB:6822 Reference: URL:http://www.osvdb.org/6822 Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges. Modifications: 20040818 ADDREF OSVDB:6822 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0165 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0167 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0167 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040218 Category: SF Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html Reference: CERT-VN:VU#578886 Reference: URL:http://www.kb.cert.org/vuls/id/578886 Reference: BID:9731 Reference: URL:http://www.securityfocus.com/bid/9731 Reference: XF:macos-diskarbitration-unknown(15300) Reference: URL:http://xforce.iss.net/xforce/xfdb/15300 Reference: OSVDB:6824 Reference: URL:http://www.osvdb.org/6824 DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media. Modifications: 20040818 ADDREF OSVDB:6824 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0167 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0169 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0169 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040218 Category: SF Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html Reference: IDEFENSE:20040223 Darwin Streaming Server Remote Denial of Service Vulnerability Reference: URL:http://www.idefense.com/application/poi/display?id=75&type=vulnerabilities Reference: CERT-VN:VU#460350 Reference: URL:http://www.kb.cert.org/vuls/id/460350 Reference: XF:darwin-describe-request-dos(15291) Reference: URL:http://xforce.iss.net/xforce/xfdb/15291 Reference: BID:9735 Reference: URL:http://www.securityfocus.com/bid/9735 Reference: OSVDB:6826 Reference: URL:http://www.osvdb.org/6826 Reference: OSVDB:6837 Reference: URL:http://www.osvdb.org/6837 QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function. Modifications: 20040813 CHANGEREF IDEFENSE [normalize from BUGTRAQ] 20040818 ADDREF OSVDB:6826 20040818 ADDREF OSVDB:6837 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0169 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0171 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0171 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040219 Category: SF Reference: IDEFENSE:20040302 FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability Reference: URL:http://www.idefense.com/application/poi/display?id=78&type=vulnerabilities Reference: APPLE:APPLE-SA-2004-05-28 Reference: URL:http://lists.seifried.org/pipermail/security/2004-May/003743.html Reference: FREEBSD:FreeBSD-SA-04:04 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc Reference: CERT-VN:VU#395670 Reference: URL:http://www.kb.cert.org/vuls/id/395670 Reference: BID:9792 Reference: URL:http://www.securityfocus.com/bid/9792 Reference: XF:freebsd-mbuf-dos(15369) Reference: URL:http://xforce.iss.net/xforce/xfdb/15369 Reference: OSVDB:4124 Reference: URL:http://www.osvdb.org/4124 FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections. Modifications: 20040813 ADDREF APPLE:APPLE-SA-2004-05-28 20040813 ADDREF CERT-VN:VU#395670 20040813 ADDREF BID:9792 20040813 CHANGEREF IDEFENSE [normalize from FULLDISC] 20040813 [desc] add system crash impact 20040818 ADDREF OSVDB:4124 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2004-0171 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker MODIFY(1) Balinsky NOOP(3) Christey, Cox, Wall Voter Comments: Balinsky> Advisory says that the bug can cause a system crash. Add this to the description. Christey> APPLE:APPLE-SA-2004-05-28 URL:http://docs.info.apple.com/article.html?artnum=61798 ====================================================== Candidate: CAN-2004-0173 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0173 Final-Decision: Interim-Decision: 20040825 Modified: 20040813 Proposed: 20040318 Assigned: 20040225 Category: SF Reference: BUGTRAQ:20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107765545431387&w=2 Reference: FULLDISC:20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory traversal vulnerability Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/017740.html Reference: CONFIRM:http://www.apacheweek.com/issues/04-03-12 Reference: CONFIRM:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26152 Reference: BID:9733 Reference: URL:http://www.securityfocus.com/bid/9733 Reference: XF:apache-cygwin-directory-traversal(15293) Reference: URL:http://xforce.iss.net/xforce/xfdb/15293 Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. Modifications: 20040813 ADDREF CONFIRM:http://www.apacheweek.com/issues/04-03-12 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2004-0173 ACCEPT_REV (5 accept, 1 ack, 1 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox MODIFY(1) Frech REVIEWING(1) Wall Voter Comments: Frech> XF:apache-cygwin-directory-traversal(15293) http://xforce.iss.net/xforce/xfdb/15293 ====================================================== Candidate: CAN-2004-0185 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0185 Final-Decision: Interim-Decision: 20040825 Modified: 20040813 Proposed: 20040318 Assigned: 20040302 Category: SF Reference: MISC:http://www.securiteam.com/unixfocus/6X00Q1P8KC.html Reference: CONFIRM:ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch Reference: MISC:http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt Reference: DEBIAN:DSA-457 Reference: URL:http://www.debian.org/security/2004/dsa-457 Reference: REDHAT:RHSA-2004:096 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-096.html Reference: BID:8893 Reference: URL:http://www.securityfocus.com/bid/8893 Reference: XF:wuftpd-skey-bo(13518) Reference: URL:http://xforce.iss.net/xforce/xfdb/13518 Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name. Modifications: 20040813 ADDREF BID:8893 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2004-0185 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Baker, Cox NOOP(2) Cole, Wall ====================================================== Candidate: CAN-2004-0186 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0186 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20040318 Assigned: 20040302 Category: SF Reference: BUGTRAQ:20040209 Samba 3.x + kernel 2.6.x local root vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107636290906296&w=2 Reference: BUGTRAQ:20040211 Re: Samba 3.x + kernel 2.6.x local root vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107657505718743&w=2 Reference: DEBIAN:DSA-463 Reference: URL:http://www.debian.org/security/2004/dsa-463 Reference: XF:samba-smbmnt-gain-privileges(15131) Reference: URL:http://xforce.iss.net/xforce/xfdb/15131 Reference: BID:9619 Reference: URL:http://www.securityfocus.com/bid/9619 Reference: OSVDB:3916 Reference: URL:http://www.osvdb.org/3916 smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted. Modifications: 20040818 ADDREF OSVDB:3916 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2004-0186 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox NOOP(1) Wall ====================================================== Candidate: CAN-2004-0188 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0188 Final-Decision: Interim-Decision: 20040825 Modified: 20040813 Proposed: 20040318 Assigned: 20040302 Category: SF Reference: BUGTRAQ:20040227 Calife heap corrupt / potential local root exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107789737832092&w=2 Reference: DEBIAN:DSA-461 Reference: URL:http://www.debian.org/security/2004/dsa-461 Reference: BID:9756 Reference: URL:http://www.securityfocus.com/bid/9756 Reference: XF:calife-long-password-bo(15335) Reference: URL:http://xforce.iss.net/xforce/xfdb/15335 Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password. Modifications: 20040813 ADDREF BID:9756 Analysis -------- Vendor Acknowledgement: yes followup INFERRED ACTION: CAN-2004-0188 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0189 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20040303 Category: SF Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2004_1.txt Reference: CONECTIVA:CLA-2004:838 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838 Reference: DEBIAN:DSA-474 Reference: URL:http://www.debian.org/security/2004/dsa-474 Reference: GENTOO:GLSA-200403-11 Reference: URL:http://security.gentoo.org/glsa/glsa-200403-11.xml Reference: MANDRAKE:MDKSA-2004:025 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025 Reference: REDHAT:RHSA-2004:133 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-133.html Reference: REDHAT:RHSA-2004:134 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-134.html Reference: SGI:20040404-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U Reference: BUGTRAQ:20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108084935904110&w=2 Reference: BID:9778 Reference: URL:http://www.securityfocus.com/bid/9778 Reference: XF:squid-urlregex-acl-bypass(15366) Reference: URL:http://xforce.iss.net/xforce/xfdb/15366 Reference: OSVDB:5916 Reference: URL:http://www.osvdb.org/5916 Reference: OVAL:OVAL877 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL877.html Reference: OVAL:OVAL941 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL941.html The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. Modifications: 20040813 ADDREF CONECTIVA:CLA-2004:838 20040813 ADDREF DEBIAN:DSA-474 20040813 ADDREF GENTOO:GLSA-200403-11 20040813 ADDREF MANDRAKE:MDKSA-2004:025 20040813 ADDREF REDHAT:RHSA-2004:133 20040813 ADDREF REDHAT:RHSA-2004:134 20040813 ADDREF SGI:20040404-01-U 20040813 ADDREF BUGTRAQ:20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid) 20040818 ADDREF OSVDB:5916 20040824 ADDREF OVAL:OVAL877 20040824 ADDREF OVAL:OVAL941 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2004-0189 ACCEPT (3 accept, 4 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Baker, Cox NOOP(3) Cole, Christey, Wall Voter Comments: Christey> REDHAT:RHSA-2004:134 URL:http://www.redhat.com/support/errata/RHSA-2004-134.html Christey> MANDRAKE:MDKSA-2004:025 Christey> BUGTRAQ:20040331 [ GLSA 200403-11 ] Squid ACL [url_regex] bypass vulnerability URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108075225114097&w=2 BUGTRAQ:20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108084935904110&w=2 Christey> DEBIAN:DSA-474 URL:http://www.debian.org/security/2004/dsa-474 Christey> CONECTIVA:CLA-2004:838 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838 Christey> REDHAT:RHSA-2004:133 URL:http://www.redhat.com/support/errata/RHSA-2004-133.html Christey> SGI:20040404-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc ====================================================== Candidate: CAN-2004-0190 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0190 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040303 Category: SF Reference: BUGTRAQ:20040216 Symantec FireWall/VPN Appliance model 200 leak of security Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107694794031839&w=2 Reference: FULLDISC:20040216 Symantec FireWall/VPN Appliance model 200 leak of security Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/017414.html Reference: XF:symantec-firewallvpn-password-plaintext(15212) Reference: URL:http://xforce.iss.net/xforce/xfdb/15212 Reference: OSVDB:4117 Reference: URL:http://www.osvdb.org/4117 Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges. Modifications: 20040818 ADDREF OSVDB:4117 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2004-0190 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0191 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0191 Final-Decision: Interim-Decision: 20040825 Modified: 20040824 Proposed: 20040318 Assigned: 20040303 Category: SF Reference: BUGTRAQ:20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107774710729469&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=227417 Reference: REDHAT:RHSA-2004:110 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-110.html Reference: REDHAT:RHSA-2004:112 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-112.html Reference: HP:SSRT4722 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108448379429944&w=2 Reference: XF:mozilla-event-handler-xss(15322) Reference: URL:http://xforce.iss.net/xforce/xfdb/15322 Reference: BID:9747 Reference: URL:http://www.securityfocus.com/bid/9747 Reference: OSVDB:4062 Reference: URL:http://www.osvdb.org/4062 Reference: OVAL:OVAL874 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL874.html Reference: OVAL:OVAL937 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL937.html Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. Modifications: 20040813 ADDREF REDHAT:RHSA-2004:112 20040813 ADDREF HP:SSRT4722 20040818 ADDREF REDHAT:RHSA-2004:110 20040818 ADDREF OSVDB:4062 20040824 ADDREF OVAL:OVAL874 20040824 ADDREF OVAL:OVAL937 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0191 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Baker, Cox NOOP(3) Cole, Christey, Wall Voter Comments: Christey> REDHAT:RHSA-2004:112 URL:http://www.redhat.com/support/errata/RHSA-2004-112.html Cox> Addref: RHSA-2004:112 Christey> URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108448379429944&w=2 HP:SSRT4722 ====================================================== Candidate: CAN-2004-0193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0193 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20040318 Assigned: 20040304 Category: SF Reference: BUGTRAQ:20040227 EEYE: RealSecure/BlackICE Server Message Block (SMB) Processing Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107789851117176&w=2 Reference: MISC:http://www.eeye.com/html/Research/Upcoming/20040213.html Reference: ISS:20040226 Vulnerability in SMB Parsing in ISS Products Reference: URL:http://xforce.iss.net/xforce/alerts/id/165 Reference: CERT-VN:VU#150326 Reference: URL:http://www.kb.cert.org/vuls/id/150326 Reference: XF:pam-smb-protocol-bo(15207) Reference: URL:http://xforce.iss.net/xforce/xfdb/15207 Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0193 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Wall NOOP(1) Cox ====================================================== Candidate: CAN-2004-0194 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0194 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20040318 Assigned: 20040304 Category: SF Reference: BUGTRAQ:20040303 Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107842545022724&w=2 Reference: FULLDISC:20040303 Adobe Acrobat Reader XML Forms Data Format Buffer Overflow Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018227.html Reference: MISC:http://www.nextgenss.com/advisories/adobexfdf.txt Reference: BID:9802 Reference: URL:http://www.securityfocus.com/bid/9802 Reference: XF:acrobatreader-xfdf-bo(15384) Reference: URL:http://xforce.iss.net/xforce/xfdb/15384 Reference: OSVDB:4135 Reference: URL:http://www.osvdb.org/4135 Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data. Modifications: 20040813 ADDREF BID:9802 20040818 ADDREF OSVDB:4135 Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2004-0194 ACCEPT_REV (3 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Armstrong, Baker, Balinsky NOOP(2) Cole, Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2004-0256 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0256 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040130 Symlink Vulnerability in GNU libtool <1.5.2 Reference: URL:http://www.securityfocus.com/archive/1/352333 Reference: CONECTIVA:CLA-2004:811 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000811 Reference: MISC:http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405 Reference: BID:9530 Reference: URL:http://www.securityfocus.com/bid/9530 Reference: XF:libtool-insecure-temp-directory(15017) Reference: URL:http://xforce.iss.net/xforce/xfdb/15017 Reference: OSVDB:3795 Reference: URL:http://www.osvdb.org/3795 GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp. Modifications: 20040818 ADDREF OSVDB:3795 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0256 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Baker, Cox NOOP(1) Wall ====================================================== Candidate: CAN-2004-0257 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0257 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040205 OpenBSD IPv6 remote kernel crash Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107604603226564&w=2 Reference: FULLDISC:20040204 Remote openbsd crash with ip6, yet still openbsd much better than windows Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016704.html Reference: MISC:http://www.guninski.com/obsdmtu.html Reference: CONFIRM:http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet6/ip6_output.c Reference: NETBSD:NetBSD-SA2004-002 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-002.txt.asc Reference: XF:openbsd-ipv6-dos(15044) Reference: URL:http://xforce.iss.net/xforce/xfdb/15044 Reference: BID:9577 Reference: URL:http://www.securityfocus.com/bid/9577 Reference: OSVDB:3825 Reference: URL:http://www.osvdb.org/3825 OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port. Modifications: 20040813 CHANGEREF FULLDISC [normalize] 20040818 ADDREF OSVDB:3825 Analysis -------- Vendor Acknowledgement: yes changelog INFERRED ACTION: CAN-2004-0257 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0261 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0261 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040206 Open Journal Blog Authenticaion Bypassing Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107619136600713&w=2 Reference: CONFIRM:http://www.grohol.com/downloads/oj/latest/changelog.txt Reference: BID:9598 Reference: URL:http://www.securityfocus.com/bid/9598 Reference: XF:openjournal-uid-admin-access(15069) Reference: URL:http://xforce.iss.net/xforce/xfdb/15069 Reference: OSVDB:3872 Reference: URL:http://www.osvdb.org/3872 oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter. Modifications: 20040818 ADDREF OSVDB:3872 Analysis -------- Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the vendor changelog's entry under v2.06 - 05 Feb 2004 says "Fixed security issue in oj.cgi and oj.cfg" INFERRED ACTION: CAN-2004-0261 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0263 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0263 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20040318 Assigned: 20040317 Category: SF Reference: GENTOO:GLSA-200402-01 Reference: URL:http://http://security.gentoo.org/glsa/glsa-200402-01.xml Reference: BID:9599 Reference: URL:http://www.securityfocus.com/bid/9599 Reference: XF:php-virtualhost-info-disclosure(15072) Reference: URL:http://xforce.iss.net/xforce/xfdb/15072 Reference: OSVDB:3878 Reference: URL:http://www.osvdb.org/3878 PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. Modifications: 20040611 normalize Gentoo reference 20040813 ADDREF BID:9599 20040818 ADDREF OSVDB:3878 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0263 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Cox, Wall NOOP(1) Christey Voter Comments: Christey> BID:9599 Christey> Normalize Gentoo reference CHANGE> [Cox changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2004-0270 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0270 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040209 clamav 0.65 remote DOS exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634700823822&w=2 Reference: CONFIRM:http://www.freebsd.org/cgi/query-pr.cgi?pr=62586 Reference: GENTOO:GLSA-200402-07 Reference: URL:http://security.gentoo.org/glsa/glsa-200402-07.xml Reference: XF:clam-antivirus-uuencoded-dos(15077) Reference: URL:http://xforce.iss.net/xforce/xfdb/15077 Reference: BID:9610 Reference: URL:http://www.securityfocus.com/bid/9610 Reference: OSVDB:3894 Reference: URL:http://www.osvdb.org/3894 libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program. Modifications: 20040611 Normalize Gentoo reference 20040818 ADDREF OSVDB:3894 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2004-0270 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(3) Christey, Cox, Wall Voter Comments: Christey> Normalize Gentoo reference ====================================================== Candidate: CAN-2004-0273 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0273 Final-Decision: Interim-Decision: 20040825 Modified: 20040813 Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040210 Directory traversal in RealPlayer allows code execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107642978524321&w=2 Reference: CONFIRM:http://service.real.com/help/faq/security/040123_player/EN/ Reference: CERT-VN:VU#514734 Reference: URL:http://www.kb.cert.org/vuls/id/514734 Reference: XF:realoneplayer-rmp-directory-traversal(15123) Reference: URL:http://xforce.iss.net/xforce/xfdb/15123 Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. Modifications: 20040813 ADDREF CERT-VN:VU#514734 20040813 ADDREF XF:realoneplayer-rmp-directory-traversal(15123) Analysis -------- Vendor Acknowledgement: yes ACKNOWLEDGEMENT:at http://service.real.com/help/faq/security/040123_player/EN/ under exploit 2 it says "To fashion RMP files which allow an attacker to download and execute arbitrary code on a user's machine." INFERRED ACTION: CAN-2004-0273 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Wall NOOP(2) Christey, Cox Voter Comments: Christey> CERT-VN:VU#514734 URL:http://www.kb.cert.org/vuls/id/514734 ====================================================== Candidate: CAN-2004-0274 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0274 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040208 Eggrop bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634593827102&w=2 Reference: BUGTRAQ:20040210 Re: Eggrop bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643315623958&w=2 Reference: MISC:http://mogan.nonsoloirc.com/egg_advisory.txt Reference: XF:eggdrop-sharemod-gain-access(15084) Reference: URL:http://xforce.iss.net/xforce/xfdb/15084 Reference: BID:9606 Reference: URL:http://www.securityfocus.com/bid/9606 Reference: OSVDB:3928 Reference: URL:http://www.osvdb.org/3928 Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities. Modifications: 20040818 ADDREF OSVDB:3928 Analysis -------- Vendor Acknowledgement: yes followup INFERRED ACTION: CAN-2004-0274 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0276 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0276 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040211 Denial of Service in Monkey httpd <= 0.8.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107652610506968&w=2 Reference: MISC:http://aluigi.altervista.org/poc/monkeydos.zip Reference: CONFIRM:http://monkeyd.sourceforge.net/ Reference: XF:monkey-getrealstring-dos(15187) Reference: URL:http://xforce.iss.net/xforce/xfdb/15187 Reference: BID:9642 Reference: URL:http://www.securityfocus.com/bid/9642 Reference: OSVDB:3921 Reference: URL:http://www.osvdb.org/3921 The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field. Modifications: 20040818 ADDREF OSVDB:3921 Analysis -------- Vendor Acknowledgement: yes ACKNOWLEDGEMENT: the announcement for Monkey 0.8.2 says that there are "a lot of bug fixes (including a fix for a DoS). Thanks to Luigi A." INFERRED ACTION: CAN-2004-0276 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2004-0297 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0297 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040317 Category: SF Reference: IDEFENSE:20040217 Ipswitch IMail LDAP Daemon Remote Buffer Overflow Reference: URL:http://www.idefense.com/application/poi/display?id=74 Reference: CONFIRM:http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html Reference: CERT-VN:VU#972334 Reference: URL:http://www.kb.cert.org/vuls/id/972334 Reference: BID:9682 Reference: URL:http://www.securityfocus.com/bid/9682 Reference: XF:imail-ldap-tag-bo(15243) Reference: URL:http://xforce.iss.net/xforce/xfdb/15243 Reference: OSVDB:3984 Reference: URL:http://www.osvdb.org/3984 Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length. Modifications: 20040813 CHANGEREF IDEFENSE [normalize from BUGTRAQ] 20040818 ADDREF OSVDB:3984 Analysis -------- Vendor Acknowledgement: yes ACKNOWLEDGEMENT: at http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html it says "fixes a possible LDAP Denial of Service vulnerability" and the poster refers to this patch and the patch is dated Feb 17. INFERRED ACTION: CAN-2004-0297 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Wall NOOP(1) Cox ====================================================== Candidate: CAN-2004-0306 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0306 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20040318 Assigned: 20040317 Category: CF Reference: CISCO:20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml Reference: XF:cisco-ons-file-upload(15264) Reference: URL:http://xforce.iss.net/xforce/xfdb/15264 Reference: BID:9699 Reference: URL:http://www.securityfocus.com/bid/9699 Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0306 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Wall NOOP(1) Cox ====================================================== Candidate: CAN-2004-0307 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0307 Final-Decision: Interim-Decision: 20040825 Modified: 20040820 Proposed: 20040318 Assigned: 20040317 Category: SF Reference: CISCO:20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml Reference: BID:9699 Reference: URL:http://www.securityfocus.com/bid/9699 Reference: XF:cisco-ons-ack-dos(15265) Reference: URL:http://xforce.iss.net/xforce/xfdb/15265 Reference: OSVDB:4009 Reference: URL:http://www.osvdb.org/4009 Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead. Modifications: 20040818 ADDREF OSVDB:4009 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0307 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Wall NOOP(1) Cox ====================================================== Candidate: CAN-2004-0309 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0309 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040219 EEYE: ZoneLabs SMTP Processing Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107722656827427&w=2 Reference: CERT-VN:VU#619982 Reference: URL:http://www.kb.cert.org/vuls/id/619982 Reference: CIAC:O-084 Reference: URL:http://www.ciac.org/ciac/bulletins/o-084.shtml Reference: CONFIRM:http://download.zonelabs.com/bin/free/securityAlert/8.html Reference: XF:zonelabs-multiple-products-bo(14991) Reference: URL:http://xforce.iss.net/xforce/xfdb/14991 Reference: BID:9696 Reference: URL:http://www.securityfocus.com/bid/9696 Reference: OSVDB:3991 Reference: URL:http://www.osvdb.org/3991 Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument. Modifications: 20040818 ADDREF OSVDB:3991 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0309 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Wall NOOP(1) Cox ====================================================== Candidate: CAN-2004-0320 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0320 Final-Decision: Interim-Decision: 20040825 Modified: 20040818 Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040223 nCipher Advisory #9: Host-side attackers can access secret data Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755899018249&w=2 Reference: XF:ncipher-hsm-obtain-info(15281) Reference: URL:http://xforce.iss.net/xforce/xfdb/15281 Reference: BID:9717 Reference: URL:http://www.securityfocus.com/bid/9717 Reference: OSVDB:4055 Reference: URL:http://www.osvdb.org/4055 Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands. Modifications: 20040818 ADDREF OSVDB:4055 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0320 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Wall, Cox ====================================================== Candidate: CAN-2004-0336 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0336 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107799540630302&w=2 Reference: BUGTRAQ:20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html Reference: XF:602pro-path-disclosure(15350) Reference: URL:http://xforce.iss.net/xforce/xfdb/15350 Reference: BID:9781 Reference: URL:http://www.securityfocus.com/bid/9781 LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory. Analysis -------- Vendor Acknowledgement: yes followup INFERRED ACTION: CAN-2004-0336 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Wall, Cox ====================================================== Candidate: CAN-2004-0347 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0347 Final-Decision: Interim-Decision: 20040825 Modified: 20040813 Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107826362024112&w=2 Reference: FULLDISC:20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018120.html Reference: BUGTRAQ:20040304 NetScreen Advisory 58412: XSS Bug in NetScreen-SA SSL VPN Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107850564102190&w=2 Reference: CERT-VN:VU#114070 Reference: URL:http://www.kb.cert.org/vuls/id/114070 Reference: BID:9791 Reference: URL:http://www.securityfocus.com/bid/9791 Reference: XF:netscreen-delhomepagecgi-xss(15368) Reference: URL:http://xforce.iss.net/xforce/xfdb/15368 Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter. Modifications: 20040813 ADDREF CERT-VN:VU#114070 20040813 ADDREF BID:9791 20040813 ADDREF XF:netscreen-delhomepagecgi-xss(15368) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2004-0347 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Wall, Cox ====================================================== Candidate: CAN-2004-0356 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0356 Final-Decision: Interim-Decision: 20040825 Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040305 SLMail Pro Supervisor Report Center Buffer Overflow (#NISR05022004a) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107850488326232&w=2 Reference: CONFIRM:http://216.26.170.92/Download/webfiles/Patches/SLMPPatch-2.0.14.pdf Reference: MISC:http://www.nextgenss.com/advisories/slmailsrc.txt Reference: XF:slmail-src-stack-bo(15398) Reference: URL:http://xforce.iss.net/xforce/xfdb/15398 Reference: BID:9809 Reference: URL:http://www.securityfocus.com/bid/9809 Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro 2.0.9 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a long HTTP sub-version. Analysis -------- Vendor Acknowledgement: yes ACKNOWLEDGEMENT: the patch document for SL Mail 2.0.14 includes the item: "Security Issues: SL Supervisor buffer overflow" INFERRED ACTION: CAN-2004-0356 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(2) Wall, Cox
|
||||
