[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-87 - 58 candidates

I am proposing cluster RECENT-87 for review and voting by the
Editorial Board.

Name: RECENT-87
Description: Candidates announced between 2/19/2002 and 2/28/2002
Size: 58

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve





Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0300
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0300
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020219 gnujsp: dir- and script-disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101415804625292&w=2
Reference: BUGTRAQ:20020220 Re: gnujsp: dir- and script-disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101422432123898&w=2
Reference: DEBIAN:DSA-114
Reference: URL:http://www.debian.org/security/2002/dsa-114
Reference: BID:4125
Reference: URL:http://online.securityfocus.com/bid/4125

gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories,
read source code of certain scripts, and bypass access restrictions by
directly requesting the target file from the gnujsp servlet, which
does not work around a limitation of JServ and does not process the
requested file.

Analysis
----------------
ED_PRI CAN-2002-0300 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0302
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0302
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020220 Symantec Enterprise Firewall (SEF) Notify Daemon data loss via SN MP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424225814604&w=2
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20a.html
Reference: BID:4139
Reference: URL:http://online.securityfocus.com/bid/4139

The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops
large alerts when SNMP is used as the transport, which could prevent
some alerts from being sent in the event of an attack.

Analysis
----------------
ED_PRI CAN-2002-0302 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0329
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0329
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020227 RE: Open Bulletin Board javascript bug.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101485184605149&w=2
Reference: BUGTRAQ:20020227 Snitz 2000 Code Patch (was RE: Open Bulletin Board javascript bug.)
Reference: URL:http://online.securityfocus.com/archive/1/258981
Reference: CONFIRM:http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660
Reference: BID:4192
Reference: URL:http://online.securityfocus.com/bid/4192
Reference: BID:4192
Reference: URL:http://www.securityfocus.com/bid/4192
Reference: XF:snitz-img-css(8309)
Reference: URL:http://www.iss.net/security_center/static/8309.php

Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and
earlier allows remote attackers to execute arbitrary script as other
Forums 2000 users via Javascript in an IMG tag.

Analysis
----------------
ED_PRI CAN-2002-0329 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0330
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0330
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020225 Open Bulletin Board  javascript bug.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101466092601554&w=2
Reference: CONFIRM:http://community.iansoft.net/read.php?TID=5159
Reference: BID:4171
Reference: URL:http://online.securityfocus.com/bid/4171
Reference: XF:openbb-img-css(8278)
Reference: URL:http://www.iss.net/security_center/static/8278.php

Cross-site scripting vulnerability in codeparse.php of Open Bulletin
Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary
script and steal cookies via Javascript in the IMG tag.

Analysis
----------------
ED_PRI CAN-2002-0330 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0339
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0339
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CISCO:20020227 Cisco Security Advisory: Data Leak with Cisco Express Forwarding
Reference: URL:http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml
Reference: XF:ios-cef-information-leak(8296)
Reference: URL:http://www.iss.net/security_center/static/8296.php
Reference: BID:4191
Reference: URL:http://www.securityfocus.com/bid/4191

Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF)
enabled includes portions of previous packets in the padding of a MAC
level packet when the MAC packet's length is less than the IP level
packet length.

Analysis
----------------
ED_PRI CAN-2002-0339 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0292
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0292
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020219 [SA-2002:01] Slashcode login vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101414005501708&w=2
Reference: BID:4116
Reference: URL:http://online.securityfocus.com/bid/4116

Cross-site scripting vulnerability in Slash before 2.2.5, as used in
Slashcode and elsewhere, allows remote attackers to steal cookies and
authentication information from other users via Javascript in a URL,
possibly in the formkey field.

Analysis
----------------
ED_PRI CAN-2002-0292 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0299
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0299
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020220 CNet CatchUp arbitrary code execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101438631921749&w=2
Reference: BID:3975
Reference: URL:http://online.securityfocus.com/bid/3975

CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code
via a .RVP file that creates a file with an arbitrary extension (such
as .BAT), which is executed during a scan.

Analysis
----------------
ED_PRI CAN-2002-0299 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0309
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0309
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020221 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101430810813853&w=2
Reference: BUGTRAQ:20020220 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424307617060&w=2
Reference: BID:4141
Reference: URL:http://online.securityfocus.com/bid/4141

SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the
firewall's physical interface name and address in an SMTP protocol
exchange when NAT translation is made to an address other than the
firewall, which could allow remote attackers to determine certain
firewall configuration information.

Analysis
----------------
ED_PRI CAN-2002-0309 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0318
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0318
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020221 DoS Attack against many RADIUS servers
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440113410083&w=2

FreeRADIUS RADIUS server allows remote attackers to cause a denial of
service (CPU consumption) via a flood of Access-Request packets.

Analysis
----------------
ED_PRI CAN-2002-0318 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0293
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0293
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20020219 Security BugWare : Alcatel 4400 PBX hack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101413767925869&w=2

FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain
root privileges by modifying root's .profile file.

Analysis
----------------
ED_PRI CAN-2002-0293 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0294
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0294
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20020219 Security BugWare : Alcatel 4400 PBX hack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101413767925869&w=2
Reference: BID:4130
Reference: URL:http://online.securityfocus.com/bid/4130

Alcatel 4400 installs the /chetc/shutdown command with setgid
privileges, which allows many different local users to shut down the
system.

Analysis
----------------
ED_PRI CAN-2002-0294 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0295
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0295
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20020219 Security BugWare : Alcatel 4400 PBX hack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101413767925869&w=2
Reference: BID:4133
Reference: URL:http://online.securityfocus.com/bid/4133

Alcatel OmniPCX 4400 installs files with world-writable permissions,
which allows local users to reconfigure the system and possibly gain
privileges.

Analysis
----------------
ED_PRI CAN-2002-0295 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0296
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0296
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020219 Another local root vulnerability during installation of Tarantella Enterprise 3.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0187.html
Reference: BUGTRAQ:20020224 Exploit for Tarantella Enterprise installation (bid  4115)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101467193803592&w=2
Reference: BID:4115
Reference: URL:http://www.securityfocus.com/bid/4115

The installation of Tarantella Enterprise 3 allows local users to
overwrite arbitrary files via a symlink attack on the "spinning"
temporary file.

Analysis
----------------
ED_PRI CAN-2002-0296 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0297
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0297
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020219 ScriptEase MiniWeb Server DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101415883727615&w=2
Reference: BID:4128
Reference: URL:http://online.securityfocus.com/bid/4128

Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a long URL in an HTTP request.

Analysis
----------------
ED_PRI CAN-2002-0297 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0298
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0298
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020219 Four More ScriptEase MiniWeb Server v0.95 DoS Attacks
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424439220931&w=2
Reference: BID:4145
Reference: URL:http://online.securityfocus.com/bid/4145

ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a
denial of service (crash) via certain HTTP GET requests containing (1)
a %2e%2e (encoded dot-dot), (2) several /../ (dot dot) sequences, (3)
a missing URI, or (4) several ../ in a URI that does not begin with a
/ (slash) character.

Analysis
----------------
ED_PRI CAN-2002-0298 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0301
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0301
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020220 Re: Citrix NFuse 1.6 - additional network exposure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424947801895&w=2
Reference: BID:4142
Reference: URL:http://online.securityfocus.com/bid/4142

Citrix NFuse 1.6 allows remote attackers to bypass authentication and
obtain sensitive information by directly calling launch.asp with
invalid NFUSE_USER and NFUSE_PASSWORD parameters.

Analysis
----------------
ED_PRI CAN-2002-0301 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0303
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0303
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020220 Security issue with GroupWise 6 and LDAP authentication in PostOffice
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101425369510983&w=2
Reference: BID:4154
Reference: URL:http://online.securityfocus.com/bid/4154

GroupWise 6, when using LDAP authentication and when Post Office has a
blank username and password, allows attackers to gain privileges of
other users by logging in without a password.

Analysis
----------------
ED_PRI CAN-2002-0303 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0304
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0304
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020220 SecurityOffice Security Advisory:// LilHTTP Web Server Protected File Access Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101432338000591&w=2
Reference: BUGTRAQ:20020320 LilHTTP Web Server Protected File Access Vulnerability (Solution)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101665069500433&w=2
Reference: MISC:http://www.summitcn.com/lilhttp/lildocs.html#WhatsNew

Lil HTTP Server 2.1 allows remote attackers to read password-protected
files via a /./ in the HTTP request.

Analysis
----------------
ED_PRI CAN-2002-0304 3
Vendor Acknowledgement: unknown discloser-claimed

ACKNOWLEDGEMENT: the vendor's "What's New" page includes an entry for
version 2.2, which states "fixed some known security issues with this
server." It is not clear whether the vendor fixed THIS issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0305
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0305
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020221 Zero One Tech (ZOT) P100s PrintServer and SNMP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101432416503293&w=2

Zero One Tech (ZOT) P100s print server does not properly disable the
SNMP service or change the default password, which could leave the
server open to attack without the administrator's knowledge.

Analysis
----------------
ED_PRI CAN-2002-0305 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0306
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0306
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020221 "Cthulhu xhAze" - Command execution in Ans.pl
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101430868616112&w=2
Reference: BID:4149
Reference: URL:http://online.securityfocus.com/bid/4149

ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote
attackers to execute arbitrary commands via shell metacharacters in
the p (plugin) parameter.

Analysis
----------------
ED_PRI CAN-2002-0306 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0307
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0307
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020221 "Cthulhu xhAze" - Command execution in Ans.pl
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101430868616112&w=2
Reference: BID:4147
Reference: URL:http://online.securityfocus.com/bid/4147

Directory traversal vulnerability in ans.pl in Avenger's News System
(ANS) 2.11 and earlier allows remote attackers to determine the
existence of arbitrary files or execute any Perl program on the system
via a .. (dot dot) in the p parameter, which reads the target file and
attempts to execute line using Perl's eval function.

Analysis
----------------
ED_PRI CAN-2002-0307 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0308
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0308
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020221 AdMentor Login Flaw
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101430885516675&w=2
Reference: BID:4152
Reference: URL:http://online.securityfocus.com/bid/4152

admin.asp in AdMentor 2.11 allows remote attackers to bypass
authentication and gain privileges via a SQL injection attack on the
Login and Password arguments.

Analysis
----------------
ED_PRI CAN-2002-0308 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0310
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0310
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020221 Netwin Webnews 1.1k
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101432236729631&w=2
Reference: BID:4156
Reference: URL:http://online.securityfocus.com/bid/4156

Netwin WebNews 1.1k CGI program includes several default usernames and
cleartext passwords that cannot be deleted by the administrator, which
allows remote attackers to gain privileges via the username/password
combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3)
alwi3845/wtest3452, or (4) testweb2/wtest4879.

Analysis
----------------
ED_PRI CAN-2002-0310 3
Vendor Acknowledgement:
Content Decisions: CF-DEFAULT, CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0311
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0311
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020120 Unixware 7.1.1 scoadminreg.cgi local exploit
Reference: URL:http://online.securityfocus.com/archive/1/251747
Reference: CALDERA:CSSA-2002-SCO.6
Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.6/CSSA-2002-SCO.6.txt
Reference: BID:3936
Reference: URL:http://online.securityfocus.com/bid/3936
Reference: XF:unixware-webtop-execute-commands(7977)
Reference: URL:http://www.iss.net/security_center/static/7977.php

Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows
local and possibly remote attackers to gain root privileges via shell
metacharacters in the -c argument for (1) in scoadminreg.cgi or (2)
service_action.cgi.

Analysis
----------------
ED_PRI CAN-2002-0311 3
Vendor Acknowledgement: yes patch
Content Decisions: SF-EXEC, VAGUE

ABSTRACTION: while the Caldera advisory is vague, the severity of the
issue, the affected program, and the timing of the advisory gives some
hint that the advisory might be addressing the same issue that was
reported a month previously. By reviewing the source code included in
the specific patch (erg711951b.Z), one can see that the "$manager"
variable - clearly the variable being manipulated by the posted
exploit - is now being cleansed of shell metacharacters. Given this
patch, plus the fact that Caldera did not dispute the poster's
original claims, there is finally sufficient evidence that the Caldera
advisory addresses the issue originally given in the Bugtraq post.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0312
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0312
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)
Reference: URL:http://online.securityfocus.com/archive/1/258365
Reference: NTBUGTRAQ:20020222 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0202&L=ntbugtraq&F=P&S=&P=10201
Reference: BUGTRAQ:20020221 SecurityOffice Security Advisory:// Essentia Web Server Directory Traversal Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101439734827908&w=2
Reference: XF:essentia-server-directory-traversal(8248)
Reference: URL:http://www.iss.net/security_center/static/8248.php
Reference: BID:4160
Reference: URL:http://www.securityfocus.com/bid/4160

Directory traversal vulnerability in Essentia Web Server 2.1 allows
remote attackers to read arbitrary files via a .. (dot dot) in a URL.

Analysis
----------------
ED_PRI CAN-2002-0312 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0313
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0313
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)
Reference: URL:http://online.securityfocus.com/archive/1/258365
Reference: BUGTRAQ:20020221 SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440530023617&w=2
Reference: XF:essentia-server-long-request-dos(8249)
Reference: URL:http://www.iss.net/security_center/static/8249.php
Reference: BID:4159
Reference: URL:http://www.securityfocus.com/bid/4159

Buffer overflow in Essentia Web Server 2.1 allows remote attackers to
cause a denial of service, and possibly execute arbitrary code, via a
long URL.

Analysis
----------------
ED_PRI CAN-2002-0313 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0314
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0314
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020222 Morpheus, Kazaa and Grokster Remote DoS. Also Identity faking vulnerability.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101441689224760&w=2
Reference: BID:4122
Reference: URL:http://www.securityfocus.com/bid/4122
Reference: XF:fasttrack-message-service-dos(8273)
Reference: URL:http://www.iss.net/security_center/static/8273.php

fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3)
morpheus allows remote attackers to cause a denial of service (memory
exhaustion) via a series of client-to-client messages, which pops up
new windows per message.

Analysis
----------------
ED_PRI CAN-2002-0314 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: EX-CLIENT-DOS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0315
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0315
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020222 Morpheus, Kazaa and Grokster Remote DoS. Also Identity faking vulnerability.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101441689224760&w=2
Reference: XF:fasttrack-message-service-spoof(8272)
Reference: URL:http://www.iss.net/security_center/static/8272.php
Reference: BID:4121
Reference: URL:http://www.securityfocus.com/bid/4121

fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus
allows remote attackers to spoof other users by modifying the username
and network information in the message header.

Analysis
----------------
ED_PRI CAN-2002-0315 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0316
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0316
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020222 XMB cross-scripting vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101447886404876&w=2
Reference: XF:xmb-php-css(8262)
Reference: URL:http://www.iss.net/security_center/static/8262.php
Reference: BID:4167
Reference: URL:http://www.securityfocus.com/bid/4167

Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x
and earlier allows remote attackers to execute script as other XMB
users by inserting the script into an IMG tag.

Analysis
----------------
ED_PRI CAN-2002-0316 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0317
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0317
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020220 Gator installer Plugin allows any software to be installed
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101438671922874&w=2
Reference: MISC:http://www.gator.com/update/
Reference: XF:gator-activex-install(8266)
Reference: URL:http://www.iss.net/security_center/static/8266.php
Reference: BID:4161
Reference: URL:http://www.securityfocus.com/bid/4161

Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites
to install arbitrary software by specifying a Trojan Gator
installation file (setup.ex_) in the src parameter.

Analysis
----------------
ED_PRI CAN-2002-0317 3
Vendor Acknowledgement: unknown vague

ACKNOWLEDGEMENT: 2 days after disclosure, the vendor included a
prominent "security fix" link on its front page, leading to an update
page. The page did not include enough details to be certain that the
vendor was fixing this vulnerability. Downloading the
"GatorSecurityFix.exe" program and analyzing the ASCII strings in the
program, it appears that it's trying to find and delete IEGator.dll -
but it's still not clear whether that's a critical element of the
vulnerability, or part of the process of updating.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0319
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0319
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020222 pforum: cross-site-scripting bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101446366708757&w=2
Reference: BID:4165
Reference: URL:http://www.securityfocus.com/bid/4165
Reference: XF:pforum-username-css(8263)
Reference: URL:http://www.iss.net/security_center/static/8263.php

Cross-site scripting vulnerability in edituser.php for pforum 1.14 and
earlier allows remote attackers to execute script and steal cookies
from other users via Javascript in a username.

Analysis
----------------
ED_PRI CAN-2002-0319 3
Vendor Acknowledgement: unknown foreign

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0320
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0320
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020221 Remote crashes in Yahoo messenger
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101439616623230&w=2
Reference: XF:yahoo-messenger-message-bo(8264)
Reference: URL:http://www.iss.net/security_center/static/8264.php
Reference: XF:yahoo-messenger-imvironment-bo(8265)
Reference: URL:http://www.iss.net/security_center/static/8265.php
Reference: BID:4162
Reference: URL:http://online.securityfocus.com/bid/4162
Reference: BID:4163
Reference: URL:http://online.securityfocus.com/bid/4163

Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to
cause a denial of service and possibly execute arbitrary code via a
long (1) message or (2) IMvironment field.

Analysis
----------------
ED_PRI CAN-2002-0320 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

INCLUSION: CD:EX-CLIENT-DOS suggests excluding problems that only
cause a DoS within a client; however, this problem might be an
exploitable buffer overflow (not proven), so this could be a more
serious issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0321
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0321
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020221 Remote crashes in Yahoo messenger
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101439616623230&w=2
Reference: XF:yahoo-messenger-username-spoof(8267)
Reference: URL:http://www.iss.net/security_center/static/8267.php
Reference: BID:4164
Reference: URL:http://www.securityfocus.com/bid/4164

Yahoo! Messenger 5.0 allows remote attackers to spoof other users by
modifying the username and using the spoofed username for social
engineering or denial of service (flooding) attacks.

Analysis
----------------
ED_PRI CAN-2002-0321 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0322
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0322
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020223 Re: Remote crashes in Yahoo messenger
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101466489113920&w=2
Reference: BUGTRAQ:20020223 Re: Re: Remote crashes in Yahoo messenger
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101467298107635&w=2
Reference: BID:4173
Reference: URL:http://online.securityfocus.com/bid/4173

Yahoo! Messenger 4.0 sends user passwords in cleartext, which could
allow remote attackers to gain privileges of other users via sniffing.

Analysis
----------------
ED_PRI CAN-2002-0322 3
Vendor Acknowledgement:
Content Decisions: SF-LOC, DESIGN-NO-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0323
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0323
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020224 ScriptEase:WebServer Edition vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101465709621105&w=2

comment2.jse in ScriptEase:WebServer allows remote attackers to read
arbitrary files by specifying the target file as an argument in the
URL.

Analysis
----------------
ED_PRI CAN-2002-0323 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0324
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0324
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020224 Greymatter 1.21c and earlier - remote login/pass exposure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101465343308249&w=2
Reference: MISC:http://www.dangerousmonkey.com/dangblog/dangarch/00000051.htm
Reference: XF:greymatter-gmrightclick-account-information(8277)
Reference: URL:http://www.iss.net/security_center/static/8277.php
Reference: BID:4169
Reference: URL:http://online.securityfocus.com/bid/4169

Greymatter 1.21c and earlier with the Bookmarklet feature enabled
allows remote attackers to read a cleartext password and gain
administrative privileges by guessing the name of a gmrightclick-*.reg
file which contains the administrator name and password in cleartext,
then retrieving the file from the web server before the Greymatter
administrator performs a "Clear And Exit" action.

Analysis
----------------
ED_PRI CAN-2002-0324 3
Vendor Acknowledgement: no disputed disputed as poor configuration

INCLUSION: the vendor effectively disputes the severity of the
vulnerability since a proper logout of the tool (i.e., "Clear And
Exit") would minimize the problem. However, the files would still be
present during the user session, which means there is a race condition
that could still be potentially exploited.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0325
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0325
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020226 BadBlue Yet Another Directory Traversal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101474689126219&w=2
Reference: BID:4179
Reference: URL:http://www.securityfocus.com/bid/4179
Reference: XF:badblue-dotdotdot-directory-traversal(8295)
Reference: URL:http://www.iss.net/security_center/static/8295.php

Directory traversal vulnerability in BadBlue before 1.6.1 allows
remote attackers to read arbitrary files via a ... (modified dot dot)
in the URL.

Analysis
----------------
ED_PRI CAN-2002-0325 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0326
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0326
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020226 BadBlue XSS vulnerabilities / Filesharing Server Worm
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101474387016066&w=2
Reference: BID:4180
Reference: URL:http://www.securityfocus.com/bid/4180
Reference: XF:badblue-url-css(8294)
Reference: URL:http://www.iss.net/security_center/static/8294.php

Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows
remote attackers to execute arbitrary script and possibly additional
commands via a URL that contains Javascript.

Analysis
----------------
ED_PRI CAN-2002-0326 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0327
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0327
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: VULN-DEV:20020222 Censoft TERM Emu bOf
Reference: URL:http://online.securityfocus.com/archive/82/257731
Reference: BUGTRAQ:20020227 Century Software Term Exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101477608215471&w=2
Reference: XF:term-tty-bo(8291)
Reference: URL:http://www.iss.net/security_center/static/8291.php
Reference: BID:4174
Reference: URL:http://online.securityfocus.com/bid/4174

Buffer overflow in Century Software TERM allows local users to gain
root privileges via a long tty argument to the callin program.

Analysis
----------------
ED_PRI CAN-2002-0327 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0328
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0328
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020226 Re: Open Bulletin Board javascript bug.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101475420818274&w=2
Reference: BID:4182
Reference: URL:http://online.securityfocus.com/bid/4182

Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote
attackers to execute arbitrary script as other Ikonboard users and
steal cookies via Javascript in an IMG tag.

Analysis
----------------
ED_PRI CAN-2002-0328 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0331
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0331
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020227 BPM STUDIO PRO 4.2 DIRECTORY ESCAPE VULNERABILITY
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101486044323352&w=2
Reference: XF:bpm-http-directory-traversal(8300)
Reference: URL:http://www.iss.net/security_center/static/8300.php
Reference: BID:4198
Reference: URL:http://online.securityfocus.com/bid/4198

Directory traversal vulnerability in the HTTP server for BPM Studio
Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot
dot) in the HTTP request.

Analysis
----------------
ED_PRI CAN-2002-0331 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0332
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0332
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020227 Remote exploit against xtelld and other fun
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494896516467&w=2
Reference: DEBIAN:DSA-121
Reference: URL:http://www.debian.org/security/2002/dsa-121
Reference: BID:4194
Reference: URL:http://www.securityfocus.com/bid/4194
Reference: XF:xtell-tty-directory-traversal(8313)
Reference: URL:http://www.iss.net/security_center/static/8313.php

Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before
2.7, allows remote attackers to execute arbitrary code via (1) a long
DNS hostname that is determined using reverse DNS lookups, (2) a long
AUTH string, or (3) certain data in the xtell request.

Analysis
----------------
ED_PRI CAN-2002-0332 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0333
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0333
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020227 Remote exploit against xtelld and other fun
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494896516467&w=2
Reference: DEBIAN:DSA-121
Reference: URL:http://www.debian.org/security/2002/dsa-121
Reference: BID:4194
Reference: URL:http://www.securityfocus.com/bid/4194
Reference: XF:xtell-tty-directory-traversal(8313)
Reference: URL:http://www.iss.net/security_center/static/8313.php

Directory traversal vulnerability in xtell (xtelld) 1.91.1 and
earlier, and 2.x before 2.7, allows remote attackers to read files
with short names, and local users to read more files using a symlink
with a short name, via a .. in the TTY argument.

Analysis
----------------
ED_PRI CAN-2002-0333 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0334
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0334
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020227 Remote exploit against xtelld and other fun
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494896516467&w=2
Reference: DEBIAN:DSA-121
Reference: URL:http://www.debian.org/security/2002/dsa-121
Reference: BID:4197
Reference: URL:http://www.securityfocus.com/bid/4197
Reference: XF:xtell-log-symlink(8314)
Reference: URL:http://www.iss.net/security_center/static/8314.php

xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local
users to modify files via a symlink attack on the .xtell-log file.

Analysis
----------------
ED_PRI CAN-2002-0334 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0335
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0335
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020227 LBYTE&SECURITY.NNOV: Buffer overflows in Worldgroup
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101484128203523&w=2
Reference: BID:4186
Reference: URL:http://www.securityfocus.com/bid/4186
Reference: XF:worldgroup-http-get-bo(8298)
Reference: URL:http://www.iss.net/security_center/static/8298.php

Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier
allows remote attackers to cause a denial of service, and possibly
execute arbitrary code, via a long HTTP GET request.

Analysis
----------------
ED_PRI CAN-2002-0335 3
Vendor Acknowledgement:
Content Decisions: SF-EXEC, SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0336
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0336
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020227 LBYTE&SECURITY.NNOV: Buffer overflows in Worldgroup
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101484128203523&w=2
Reference: XF:worldgroup-ftp-list-bo(8297)
Reference: URL:http://www.iss.net/security_center/static/8297.php
Reference: BID:4185
Reference: URL:http://www.securityfocus.com/bid/4185

Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier
allows remote attackers to cause a denial of service, and possibly
execute arbitrary code, via a LIST command containing a large number
of / (slash), * (wildcard), and .. characters.

Analysis
----------------
ED_PRI CAN-2002-0336 3
Vendor Acknowledgement:
Content Decisions: SF-EXEC, SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0337
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0337
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020227 2K, with RealPlayer Installed 100 % CPU utilization
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101495354424868&w=2
Reference: XF:realplayer-mp3-invalid-dos(8320)
Reference: URL:http://www.iss.net/security_center/static/8320.php
Reference: BID:4200
Reference: URL:http://www.securityfocus.com/bid/4200

RealPlayer 8 allows remote attackers to cause a denial of service (CPU
utilization) via malformed .mp3 files.

Analysis
----------------
ED_PRI CAN-2002-0337 3
Vendor Acknowledgement:
Content Decisions: EX-CLIENT-DOS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0338
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0338
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020227 SECURITY.NNOV: Special device access in The Bat!
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101483832026841&w=2
Reference: BID:4187
Reference: URL:http://www.securityfocus.com/bid/4187
Reference: XF:thebat-msdos-device-dos(8303)
Reference: URL:http://www.iss.net/security_center/static/8303.php

The Bat! 1.53d and 1.54beta, and possibly other versions, allows
remote attackers to cause a denial of service (crash) via an
attachment whose name includes an MS-DOS device name.

Analysis
----------------
ED_PRI CAN-2002-0338 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0340
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0340
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020222 Windows Media Player executes WMF content in .MP3 files.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101447771102582&w=2

Windows Media Player (WMP) 8.00.00.4477, and possibly other versions,
automatically detects and executes .wmf and other content, even when
the file's extension or content type does not specify .wmf, which
could make it easier for attackers to conduct unauthorized activities
via Trojan horse files containing .wmf content.

Analysis
----------------
ED_PRI CAN-2002-0340 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0341
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0341
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020227 SecurityOffice Security Advisory:// Novell GroupWise Web Access Path Disclosure Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494830315071&w=2

GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions,
allows remote attackers to determine the full pathname of the web
server via an HTTP request with an invalid HTMLVER parameter.

Analysis
----------------
ED_PRI CAN-2002-0341 3
Vendor Acknowledgement:
Content Decisions: REDISCOVERY, SF-LOC

ABSTRACTION: this looks similar to CAN-1999-1006, but that issue was
reported in 1999. However, the type of issue appears to be the same,
as well as the affected version (5.5), so perhaps these 2 issues
should be MERGED.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0342
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0342
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020226 BUG: Kmail client DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101475683425671&w=2
Reference: XF:kmail-message-body-dos(8283)
Reference: URL:http://www.iss.net/security_center/static/8283.php
Reference: BID:4177
Reference: URL:http://www.securityfocus.com/bid/4177

Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of
service (crash) via an email message whose body is approximately 55 K
long.

Analysis
----------------
ED_PRI CAN-2002-0342 3
Vendor Acknowledgement: unknown
Content Decisions: EX-CLIENT-DOS

INCLUSION: CD:EX-CLIENT-DOS suggests that if a problem only causes a
DoS on the client side, and the scope of the problem is limited to the
client, and the client only needs to be restarted to address the
problem, then the problem should not be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0343
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0343
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020228 Hotline Client Plain password vuln.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101495128121299&w=2
Reference: XF:hotline-connect-plaintext-password(8327)
Reference: URL:http://www.iss.net/security_center/static/8327.php
Reference: BID:4210
Reference: URL:http://www.securityfocus.com/bid/4210

Hotline Client 1.8.5 stores sensitive user information, including
passwords, in plaintext in the bookmarks file, which could allow local
users with access to the bookmarks file to gain privileges by
extracting the passwords.

Analysis
----------------
ED_PRI CAN-2002-0343 3
Vendor Acknowledgement:
Content Decisions: DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0344
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0344
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020225 Symantec LiveUpdate
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101466781122312&w=2
Reference: BUGTRAQ:20020228 Re:  "Javier Sanchez" jsanchez157@hotmail.com 02/25/2002 11:14 AM, Symantec
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101496301307285&w=2
Reference: BID:4170
Reference: URL:http://www.securityfocus.com/bid/4170
Reference: XF:nav-liveupdate-plaintext-account(8282)
Reference: URL:http://www.iss.net/security_center/static/8282.php

Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores
usernames and passwords for a local LiveUpdate server in cleartext in
the registry, which may allow remote attackers to impersonate the
LiveUpdate server.

Analysis
----------------
ED_PRI CAN-2002-0344 3
Vendor Acknowledgement: yes followup
Content Decisions: DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0345
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0345
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020301 Re:  "Peter Miller" pcmiller61@yahoo.com, 02/26/2002 03:48 AM RE:  Symantec
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101529792821615&w=2
Reference: BUGTRAQ:20020226 RE: Symantec LiveUpdate
Reference: URL:http://online.securityfocus.com/archive/1/258293
Reference: BID:4181
Reference: URL:http://www.securityfocus.com/bid/4181
Reference: XF:ghost-plaintext-account(8305)
Reference: URL:http://www.iss.net/security_center/static/8305.php

Symantec Ghost 7.0 stores usernames and passwords in plaintext in the
NGServer\params registry key, which could allow an attacker to gain
privileges.

Analysis
----------------
ED_PRI CAN-2002-0345 3
Vendor Acknowledgement: no disputed
Content Decisions: DESIGN-WEAK-ENCRYPTION, INCLUSION

INCLUSION: a followup post by Symantec (and another one by an
independent party) claims that the key is only accessible to the
Administrator account. If that is the case, then there are little or
no gains to having this information that cannot already be obtained
using the Administrator privileges. Perhaps this issue should not be
included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0346
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0346
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020228 Colbalt-RAQ-v4-Bugs&Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101495944202452&w=2
Reference: BID:4211
Reference: URL:http://www.securityfocus.com/bid/4211
Reference: XF:cobalt-raq-css(8321)
Reference: URL:http://www.iss.net/security_center/static/8321.php

Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote
attackers to execute arbitrary script as other Cobalt users via
Javascript in a URL to (1) service.cgi or (2) alert.cgi.

Analysis
----------------
ED_PRI CAN-2002-0346 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0347
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0347
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020228 Colbalt-RAQ-v4-Bugs&Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101495944202452&w=2
Reference: BID:4208
Reference: URL:http://www.securityfocus.com/bid/4208
Reference: XF:cobalt-raq-directory-traversal(8322)
Reference: URL:http://www.iss.net/security_center/static/8322.php

Directory traversal vulnerability in Cobalt RAQ 4 allows remote
attackers to read password-protected files, and possibly files outside
the web root, via a .. (dot dot) in an HTTP request.

Analysis
----------------
ED_PRI CAN-2002-0347 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0348
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0348
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020228 Colbalt-RAQ-v4-Bugs&Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101495944202452&w=2
Reference: XF:cobalt-raq-service-dos(8323)
Reference: URL:http://www.iss.net/security_center/static/8323.php
Reference: BID:4209
Reference: URL:http://www.securityfocus.com/bid/4209

service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial
of service, and possibly execute arbitrary code, via a long service
argument.

Analysis
----------------
ED_PRI CAN-2002-0348 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0349
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0349
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020228 ... Tiny Personal Firewall ...
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494587110288&w=2
Reference: BID:4207
Reference: URL:http://www.securityfocus.com/bid/4207
Reference: XF:tinyfw-popup-gain-access(8324)
Reference: URL:http://www.iss.net/security_center/static/8324.php

Tiny Personal Firewall (TPF) 2.0.15, under certain configurations,
will pop up an alert to the system even when the screen is locked,
which could allow an attacker with physical access to the machine to
hide activities or bypass access restrictions.

Analysis
----------------
ED_PRI CAN-2002-0349 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007