[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-102 - 53 candidates

I am proposing cluster RECENT-102 for review and voting by the
Editorial Board.

Name: RECENT-102
Description: CANs announced between 2002/07/18 and 2002/07/31
Size: 53

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve







Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0391
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0391
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020528
Category: SF
Reference: ISS:20020731 Remote Buffer Overflow Vulnerability in Sun RPC
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823
Reference: BUGTRAQ:20020731 Remote Buffer Overflow Vulnerability in Sun RPC
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102813809232532&w=2
Reference: BUGTRAQ:20020801 RPC analysis
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102821785316087&w=2
Reference: BUGTRAQ:20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102831443208382&w=2
Reference: CERT:CA-2002-25
Reference: URL:http://www.cert.org/advisories/CA-2002-25.html
Reference: CERT-VN:VU#192995
Reference: URL:http://www.kb.cert.org/vuls/id/192995
Reference: DEBIAN:DSA-142
Reference: URL:http://www.debian.org/security/2002/dsa-142
Reference: DEBIAN:DSA-143
Reference: URL:http://www.debian.org/security/2002/dsa-143
Reference: DEBIAN:DSA-146
Reference: URL:http://www.debian.org/security/2002/dsa-146
Reference: DEBIAN:DSA-149
Reference: URL:http://www.debian.org/security/2002/dsa-149
Reference: FREEBSD:FreeBSD-SA-02:34.rpc
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102821928418261&w=2
Reference: SGI:20020801-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A
Reference: SGI:20020801-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A
Reference: NETBSD:NetBSD-SA2002-011
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc
Reference: REDHAT:RHSA-2002:166
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-166.html
Reference: REDHAT:RHSA-2002:172
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-172.html

Integer overflow in xdr_array function in RPC servers for operating
systems that use libc, glibc, or other code based on SunRPC including
dietlibc, allows remote attackers to execute arbitrary code by passing
a large number of arguments to xdr_array through RPC services such as
rpc.cmsd and dmispd.

Analysis
----------------
ED_PRI CAN-2002-0391 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0638
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0638
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020627
Category: SF
Reference: VULNWATCH:20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html
Reference: BUGTRAQ:20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102795787713996&w=2
Reference: CERT-VN:VU#405955
Reference: URL:http://www.kb.cert.org/vuls/id/405955
Reference: REDHAT:RHSA-2002:132
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-132.html
Reference: MANDRAKE:MDKSA-2002:047
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php
Reference: BUGTRAQ:20020730 TSLSA-2002-0064 - util-linux
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html
Reference: HP:HPSBTL0207-054
Reference: URL:http://online.securityfocus.com/advisories/4320
Reference: XF:utillinux-chfn-race-condition(9709)
Reference: URL:http://www.iss.net/security_center/static/9709.php
Reference: BID:5344
Reference: URL:http://www.securityfocus.com/bid/5344

setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3
and earlier, and other operating systems, does not properly lock a
temporary file when modifying /etc/passwd, which may allow local users
to gain privileges via a complex race condition that uses an open file
descriptor in utility programs such as chfn and chsh.

Analysis
----------------
ED_PRI CAN-2002-0638 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0655
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020702
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20020730 OpenSSL Security Altert - Remote Buffer Overflows
Reference: REDHAT:RHSA-2002:155
Reference: DEBIAN:DSA-136
Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl)
Reference: BUGTRAQ:20020730 TSLSA-2002-0063 - openssl
Reference: BUGTRAQ:20020730 OpenSSL patches for other versions
Reference: ENGARDE:ESA-20020730-019
Reference: BUGTRAQ:20020730 GLSA: OpenSSL
Reference: SUSE:SuSE-SA:2002:027
Reference: CERT:CA-2002-23
Reference: URL:http://www.cert.org/advisories/CA-2002-23.html
Reference: CERT-VN:VU#308891
Reference: URL:http://www.kb.cert.org/vuls/id/308891
Reference: CALDERA:CSSA-2002-033.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
Reference: CALDERA:CSSA-2002-033.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
Reference: FREEBSD:FreeBSD-SA-02:33
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
Reference: MANDRAKE:MDKSA-2002:046
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php
Reference: CONECTIVA:CLA-2002:513
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
Reference: BID:5364
Reference: URL:http://www.securityfocus.com/bid/5364

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not
properly handle ASCII representations of integers on 64 bit platforms,
which could allow attackers to cause a denial of service and possibly
execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2002-0655 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0656
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020702
Category: SF
Reference: BUGTRAQ:20020730 OpenSSL Security Altert - Remote Buffer Overflows
Reference: REDHAT:RHSA-2002:155
Reference: DEBIAN:DSA-136
Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl)
Reference: BUGTRAQ:20020730 TSLSA-2002-0063 - openssl
Reference: BUGTRAQ:20020730 OpenSSL patches for other versions
Reference: ENGARDE:ESA-20020730-019
Reference: BUGTRAQ:20020730 GLSA: OpenSSL
Reference: SUSE:SuSE-SA:2002:027
Reference: CERT:CA-2002-23
Reference: URL:http://www.cert.org/advisories/CA-2002-23.html
Reference: CERT-VN:VU#102795
Reference: URL:http://www.kb.cert.org/vuls/id/102795
Reference: CERT-VN:VU#258555
Reference: URL:http://www.kb.cert.org/vuls/id/258555
Reference: CALDERA:CSSA-2002-033.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
Reference: CALDERA:CSSA-2002-033.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
Reference: FREEBSD:FreeBSD-SA-02:33
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
Reference: MANDRAKE:MDKSA-2002:046
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php
Reference: CONECTIVA:CLA-2002:513
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
Reference: XF:openssl-ssl2-masterkey-bo(9714)
Reference: URL:http://www.iss.net/security_center/static/9714.php
Reference: BID:5362
Reference: URL:http://www.securityfocus.com/bid/5362
Reference: BID:5363
Reference: URL:http://www.securityfocus.com/bid/5363

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and
earlier, allow remote attackers to execute arbitrary code via (1) a
large client master key in SSL2 or (2) a large session ID in SSL3.

Analysis
----------------
ED_PRI CAN-2002-0656 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0658
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020702
Category: SF
Reference: MANDRAKE:MDKSA-2002:045
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-045.php
Reference: REDHAT:RHSA-2002:164
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-164.html
Reference: REDHAT:RHSA-2002:154
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-154.html
Reference: REDHAT:RHSA-2002:153
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-153.html
Reference: CALDERA:CSSA-2002-032.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-032.0.txt
Reference: DEBIAN:DSA-137
Reference: URL:http://www.debian.org/security/2002/dsa-137
Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.007] OpenPKG Security Advisory (mm)
Reference: HP:HPSBTL0208-056
Reference: URL:http://online.securityfocus.com/advisories/4392
Reference: FREEBSD:FreeBSD-SN-02:05
Reference: URL:http://online.securityfocus.com/advisories/4431
Reference: SUSE:SuSE-SA:2002:028
Reference: URL:http://www.suse.com/de/security/2002_028_mod_ssl.html
Reference: XF:mm-tmpfile-symlink(9719)
Reference: URL:http://www.iss.net/security_center/static/9719.php
Reference: BID:5352
Reference: URL:http://online.securityfocus.com/bid/5352

OSSP mm library (libmm) before 1.2.0 allows the local Apache user to
gain privileges via temporary files, possibly via a symbolic link attack.

Analysis
----------------
ED_PRI CAN-2002-0658 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0659
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020702
Category: SF
Reference: BUGTRAQ:20020730 OpenSSL Security Altert - Remote Buffer Overflows
Reference: DEBIAN:DSA-136
Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl)
Reference: BUGTRAQ:20020730 TSLSA-2002-0063 - openssl
Reference: BUGTRAQ:20020730 OpenSSL patches for other versions
Reference: ENGARDE:ESA-20020730-019
Reference: BUGTRAQ:20020730 GLSA: OpenSSL
Reference: CERT:CA-2002-23
Reference: URL:http://www.cert.org/advisories/CA-2002-23.html
Reference: CERT-VN:VU#748355
Reference: URL:http://www.kb.cert.org/vuls/id/748355
Reference: REDHAT:RHSA-2002:164
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-164.html
Reference: REDHAT:RHSA-2002:161
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-161.html
Reference: REDHAT:RHSA-2002:160
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-160.html
Reference: CALDERA:CSSA-2002-033.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
Reference: CALDERA:CSSA-2002-033.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
Reference: FREEBSD:FreeBSD-SA-02:33
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
Reference: CONECTIVA:CLA-2002:516
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516
Reference: BID:5366
Reference: URL:http://www.securityfocus.com/bid/5366
Reference: XF:openssl-asn1-parser-dos(9718)
Reference: URL:http://www.iss.net/security_center/static/9718.php

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and
earlier, allows remote attackers to cause a denial of service via
invalid encodings.

Analysis
----------------
ED_PRI CAN-2002-0659 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0695
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0695
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020712
Category: SF
Reference: MS:MS02-040
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-040.asp

Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of
Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server
7.0 or 2000 allows remote attackers to execute arbitrary code via a
query that calls the OpenRowSet command.

Analysis
----------------
ED_PRI CAN-2002-0695 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0710
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0710
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020718
Category: SF
Reference: BUGTRAQ:20020730 Directory traversal vulnerability in sendform.cgi
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102809084218422&w=2
Reference: VULNWATCH:20020731 [VulnWatch] Directory traversal vulnerability in sendform.cgi
Reference: CONFIRM:http://www.scn.org/~bb615/scripts/sendform.html

Directory traversal vulnerability in sendform.cgi 1.44 and earlier
allows remote attackers to read arbitrary files by specifying the
desired files in the BlurbFilePath parameter.

Analysis
----------------
ED_PRI CAN-2002-0710 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: On the vendor's home page, an item dated July 22,
2002, says "New: security fix: This limits reading world-readable
'blurb' files (that can be used with HTML forms with this script) to
certain directories defined in the script by the Web administrator."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0813
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0813
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020730
Category: SF
Reference: BUGTRAQ:20020727 Phenoelit Advisory, 0815 ++ * - Cisco_tftp
Reference: URL:http://online.securityfocus.com/archive/1/284634
Reference: CISCO:20020730 TFTP Long Filename Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml
Reference: BUGTRAQ:20020822 Cisco IOS exploit PoC
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103002169829669&w=2
Reference: XF:cisco-tftp-filename-bo(9700)
Reference: URL:http://www.iss.net/security_center/static/9700.php
Reference: BID:5328
Reference: URL:http://www.securityfocus.com/bid/5328

Heap-based buffer overflow in the TFTP server capability in Cisco IOS
11.1, 11.2, and 11.3 allows remote attackers to cause a denial of
service (reset) or modify configuration via a long filename.

Analysis
----------------
ED_PRI CAN-2002-0813 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0814
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0814
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020730
Category: SF
Reference: BUGTRAQ:20020724 VMware GSX Server Remote Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102752511030425&w=2
Reference: BUGTRAQ:20020726 Re: VMware GSX Server Remote Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102765223418716&w=2
Reference: NTBUGTRAQ:20020805 VMware GSX Server 2.0.1 Release and Security Alert
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0057.html
Reference: CONFIRM:http://www.vmware.com/download/gsx_security.html
Reference: XF:vmware-gsx-auth-bo(9663)
Reference: URL:http://www.iss.net/security_center/static/9663.php
Reference: BID:5294
Reference: URL:http://www.securityfocus.com/bid/5294

Buffer overflow in VMware Authorization Service for VMware GSX Server
2.0.0 build-2050 allows remote authenticated users to execute
arbitrary code via a long GLOBAL argument.

Analysis
----------------
ED_PRI CAN-2002-0814 1
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0816
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0816
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020731
Category: SF
Reference: BUGTRAQ:20020719 tru64 proof of concept /bin/su non-exec bypass
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102709593117171&w=2
Reference: COMPAQ:SSRT2257
Reference: URL:http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html
Reference: BID:5272
Reference: URL:http://online.securityfocus.com/bid/5272
Reference: XF:tru64-su-bo(9640)
Reference: URL:http://www.iss.net/security_center/static/9640.php

Buffer overflow in su in Tru64 Unix 5.x allows local users to gain
root privileges via a long username and argument.

Analysis
----------------
ED_PRI CAN-2002-0816 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0817
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0817
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020801
Category: SF
Reference: BUGTRAQ:20020731 The SUPER Bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102812622416695&w=2
Reference: DEBIAN:DSA-139
Reference: URL:http://www.debian.org/security/2002/dsa-139

Format string vulnerability in super for Linux allows local users to
gain root privileges via a long command line argument.

Analysis
----------------
ED_PRI CAN-2002-0817 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0820
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0820
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020801
Category: SF
Reference: VULNWATCH:20020731 [VulnWatch] FreeBSD <=4.6 kernel problems, yet Linux and *BSD much better than Windows
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0047.html
Reference: BUGTRAQ:20020819 Freebsd FD exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102979180524452&w=2
Reference: FREEBSD:FreeBSD-SA-02:23
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc
Reference: MISC:http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=d429cd2ef1d3a2b7&seekm=ai6c0q%242289%241%40FreeBSD.csie.NCTU.edu.tw#link16

FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2
after they have already been assigned to /dev/null when the
descriptors reference procfs or linprocfs, which could allow local
users to reuse the file descriptors in a setuid or setgid program to
modify critical data and gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0820 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0824
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0824
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020803
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:32.pppd
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102812546815606&w=2
Reference: NETBSD:NetBSD-SA2002-010
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-010.txt.asc

pppd allows local users to change the permissions of arbitrary files
via a symlink attack on a file that is specified as a tty device.

Analysis
----------------
ED_PRI CAN-2002-0824 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0825
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0825
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020805
Category: SF
Reference: CONFIRM:http://www.padl.com/Articles/PotentialBufferOverflowin.html

Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198
allows remote attackers to cause a denial of service and possibly
execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2002-0825 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1049
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1049
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020729 HylaFAX - Various Vulnerabilities Fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html
Reference: DEBIAN:DSA-148
Reference: URL:http://www.debian.org/security/2002/dsa-148
Reference: CONFIRM:http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=300
Reference: BID:5348
Reference: URL:http://www.securityfocus.com/bid/5348
Reference: XF:hylafax-faxgetty-tsi-dos(9728)
Reference: URL:http://www.iss.net/security_center/static/9728.php

Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows
remote attackers to cause a denial of service (crash) via the TSI data
element.

Analysis
----------------
ED_PRI CAN-2002-1049 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1050
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1050
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020729 HylaFAX - Various Vulnerabilities Fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html
Reference: DEBIAN:DSA-148
Reference: URL:http://www.debian.org/security/2002/dsa-148
Reference: CONFIRM:http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=312
Reference: BID:5349
Reference: URL:http://www.securityfocus.com/bid/5349
Reference: XF:hylafax-faxgetty-image-bo(9729)
Reference: URL:http://www.iss.net/security_center/static/9729.php

Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote
attackers to cause a denial of service (and possibly execute arbitrary
code via a long line of image data.

Analysis
----------------
ED_PRI CAN-2002-1050 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1054
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020722 Pablo Sofware Solutions FTP server Directory Traversal Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/283665
Reference: VULNWATCH:20020722 [VulnWatch] Pablo Sofware Solutions FTP server Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0035.html
Reference: CONFIRM:http://www.pablovandermeer.nl/ftpserversrc.zip
Reference: BID:5283
Reference: URL:http://www.securityfocus.com/bid/5283
Reference: XF:pablo-ftp-directory-traversal(9647)
Reference: URL:http://www.iss.net/security_center/static/9647.php

Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and
earlier allows remote authenticated users to list arbitrary
directories via "..\" (dot-dot backslash) sences in a LIST command.

Analysis
----------------
ED_PRI CAN-2002-1054 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the Release/whatsnew.txt file in the source code
includes an item dated [07/21/2002], Version 1.10, states "Fixed
security hole in GetDirectoryList (LIST \..\) (thanks to:
http://www.sec uriteinfo.com) [the discloser]"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1059
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1059
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020723 Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102744150718462&w=2
Reference: BUGTRAQ:20020723 Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102746007908689&w=2
Reference: CONFIRM:http://www.vandyke.com/products/securecrt/security07-25-02.html
Reference: XF:securecrt-ssh1-identifier-bo(9650)
Reference: URL:http://www.iss.net/security_center/static/9650.php
Reference: BID:5287
Reference: URL:http://www.securityfocus.com/bid/5287

Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x
before 4.0 beta 3, allows an SSH server to execute arbitrary code via
a long SSH1 protocol version string.

Analysis
----------------
ED_PRI CAN-2002-1059 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1060
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1060
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020724 CacheFlow CacheOS Cross-site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0283.html
Reference: CONFIRM:http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm
Reference: BID:5305
Reference: URL:http://www.securityfocus.com/bid/5305
Reference: XF:cacheos-unresolved-error-xss(9674)
Reference: URL:http://www.iss.net/security_center/static/9674.php

Cross-site scripting vulnerability in CacheFlow CacheOS 4.1.06 and
earlier allows remote attackers to insert arbitrary HTML, including
script, via a URL to a nonexistent hostname that includes the HTML,
which is inserted into the resulting error message.

Analysis
----------------
ED_PRI CAN-2002-1060 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the changelog, dated 07/15/2002, includes the
following item for V4.1.07(build 18110): "Modified default
user-configurable error pages to eliminate cross-site scripting
attack."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1076
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1076
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020725 IPSwitch IMail ADVISORY/EXPLOIT/PATCH
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html
Reference: BUGTRAQ:20020729 Hoax Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html
Reference: BUGTRAQ:20020729 Re:  Hoax Exploit (2c79cbe14ac7d0b8472d3f129fa1df55 RETURNS)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html
Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20020731-DM02.htm
Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20020729-DM01.htm
Reference: BID:5323
Reference: URL:http://www.securityfocus.com/bid/5323
Reference: XF:imail-web-messaging-bo(9679)
Reference: URL:http://www.iss.net/security_center/static/9679.php

Buffer overflow in the Web Messaging daemon for Ipswitch IMail before
7.12 allows remote attackers to execute arbitrary code via a long HTTP
GET request for HTTP/1.0.

Analysis
----------------
ED_PRI CAN-2002-1076 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the release notes for version 7.12 say "Fixed a
buffer over-run which could result in a vulnerability (bugtraq id
5323)."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1088
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1088
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020725 Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0296.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963273
Reference: BID:5313
Reference: URL:http://www.securityfocus.com/bid/5313
Reference: XF:groupwise-rcpt-bo(9671)
Reference: URL:http://www.iss.net/security_center/static/9671.php

Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote
attackers to execute arbitrary code via a long RCPT TO command.

Analysis
----------------
ED_PRI CAN-2002-1088 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: while the Novell TID does not itself contain vendor
acknowledgement, the vendor's security advisory page has a link to the
TID with the phrase "Buffer overflow in Novell GroupWise 6.0.1 Support
Pack 1."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1057
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1057
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020723 MailMax security advisory/exploit/patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0245.html
Reference: BID:5285
Reference: URL:http://www.securityfocus.com/bid/5285
Reference: XF:mailmax-pop3max-user-bo(9651)
Reference: URL:http://www.iss.net/security_center/static/9651.php

Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows
remote attackers to execute arbitrary code via a long USER command.

Analysis
----------------
ED_PRI CAN-2002-1057 2
Vendor Acknowledgement: yes via-email

ACKNOWLEDGEMENT: e-mail inquiry sent on August 28, 2002, via interface
at https://supportcenteronline.com/ics/support/default.asp?deptID=468.
Vendor acknowledged the issue on August 29: "This report is accurate
and we have a patch fixing the issue available for our customers."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0657
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020702
Category: SF
Reference: BUGTRAQ:20020730 OpenSSL Security Altert - Remote Buffer Overflows:
Reference: DEBIAN:DSA-136
Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl)
Reference: BUGTRAQ:20020730 OpenSSL patches for other versions
Reference: SUSE:SuSE-SA:2002:027
Reference: CERT:CA-2002-23
Reference: URL:http://www.cert.org/advisories/CA-2002-23.html
Reference: CERT-VN:VU#561275
Reference: URL:http://www.kb.cert.org/vuls/id/561275
Reference: CALDERA:CSSA-2002-033.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
Reference: CALDERA:CSSA-2002-033.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
Reference: FREEBSD:FreeBSD-SA-02:33
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
Reference: MANDRAKE:MDKSA-2002:046
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php
Reference: CONECTIVA:CLA-2002:513
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
Reference: XF:openssl-ssl3-masterkey-bo(9715)
Reference: URL:http://www.iss.net/security_center/static/9715.php
Reference: BID:5361
Reference: URL:http://online.securityfocus.com/bid/5361

Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos
enabled, allows attackers to execute arbitrary code via a long master
key.

Analysis
----------------
ED_PRI CAN-2002-0657 3
Vendor Acknowledgement: yes advisory
Content Decisions: EX-BETA

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0815
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0815
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020730
Category: SF
Reference: BUGTRAQ:20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102796732924658&w=2
Reference: BUGTRAQ:20020729 RE: XWT Foundation Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102798282208686&w=2

The Javascript "Same Origin Policy" (SOP), as implemented in (1)
Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web
server to access HTTP and SOAP/XML content from restricted sites by
mapping the malicious server's parent DNS domain name to the
restricted site, loading a page from the restricted site into one
frame, and passing the information to the attacker-controlled frame,
which is allowed because the document.domain of the two frames matches
on the parent domain.

Analysis
----------------
ED_PRI CAN-2002-0815 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0993
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0993
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: HP:HPSBUX0207-201
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0023.html
Reference: BID:5267
Reference: URL:http://www.securityfocus.com/bid/5267
Reference: XF:hp-isee-unauth-access(9620)
Reference: URL:http://www.iss.net/security_center/static/9620.php

Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE)
product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users
access to access restricted files.

Analysis
----------------
ED_PRI CAN-2002-0993 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1016
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2002-July/000559.html
Reference: XF:adobe-ebook-bypass-restrictions(9634)
Reference: URL:http://www.iss.net/security_center/static/9634.php
Reference: BID:5273
Reference: URL:http://www.securityfocus.com/bid/5273

Adobe eBook Reader allows a user to bypass restrictions for copy,
print, lend, and give operations by backing up key data files,
performing the operations, and restoring the original data files.

Analysis
----------------
ED_PRI CAN-2002-1016 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1017
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1017
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020730 Vulnerability: protected Adobe eBooks can be copied between computers
Reference: URL:http://online.securityfocus.com/archive/1/285093
Reference: XF:adobe-ebook-bypass-activation(9740)
Reference: URL:http://www.iss.net/security_center/static/9740.php
Reference: BID:5358
Reference: URL:http://www.securityfocus.com/bid/5358

Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other
systems by using the backup feature, capturing the encryption
Challenge, and using the appropriate hash function to generate the
activation code.

Analysis
----------------
ED_PRI CAN-2002-1017 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1048
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1048
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020727 Phenoelit Advisory  #0815 +-+
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0345.html
Reference: BID:5331
Reference: URL:http://www.securityfocus.com/bid/5331

HP JetDirect printers allow remote attackers to obtain the
administrative password for the (1) web and (2) telnet services via an
SNMP request to the variable (.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0.

Analysis
----------------
ED_PRI CAN-2002-1048 3
Vendor Acknowledgement: unknown vague

ACKNOWLEDGEMENT: the acknowledgement for this issue is uncertain, as
HP:HPSBUX0207-204 is too vague to know whether it's addressing this
issue, a previously announced one, or neither.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1055
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1055
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020727 phenoelit advisory, Brother Printers ++/-
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0353.html
Reference: BID:5339
Reference: URL:http://www.securityfocus.com/bid/5339
Reference: XF:brother-nc-password-bo(9701)
Reference: URL:http://www.iss.net/security_center/static/9701.php

Buffer overflow in administrative web server for Brother NC-3100h
printer allows remote attackers to cause a denial of service via a
long password.

Analysis
----------------
ED_PRI CAN-2002-1055 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1058
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1058
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020723 Cobalt Qube 3 Administration page
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0261.html
Reference: XF:cobalt-qube-admin-access(9669)
Reference: URL:http://www.iss.net/security_center/static/9669.php
Reference: BID:5297
Reference: URL:http://www.securityfocus.com/bid/5297

Directory traversal vulnerability in splashAdmin.php for Cobalt Qube
3.0 allows local users and remote attackers, to gain privileges as the
Qube Admin via .. (dot dot) sequences in the sessionId cookie that
point to an alternate session file.

Analysis
----------------
ED_PRI CAN-2002-1058 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1061
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1061
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
Reference: XF:jana-pop3-logging-bo(9685)
Reference: URL:http://www.iss.net/security_center/static/9685.php
Reference: XF:jana-smtp-logging-bo(9686)
Reference: URL:http://www.iss.net/security_center/static/9686.php
Reference: BID:5320
Reference: URL:http://www.securityfocus.com/bid/5320
Reference: BID:5322
Reference: URL:http://www.securityfocus.com/bid/5322
Reference: XF:jana-http-proxy-bo(9683)
Reference: URL:http://www.iss.net/security_center/static/9683.php
Reference: BID:5324
Reference: URL:http://www.securityfocus.com/bid/5324
Reference: BID:5319
Reference: URL:http://www.securityfocus.com/bid/5319
Reference: XF:jana-http-logging-bo(9682)
Reference: URL:http://www.iss.net/security_center/static/9682.php

Multiple buffer overflows in Thomas Hauck Jana Server 2.x through
2.2.1, and 1.4.6 and earlier, allow remote attackers to cause a denial
of service and possibly execute arbitrary code via (1) an HTTP GET
request with a long major version number, (2) an HTTP GET request to
the HTTP proxy on port 3128 with a long major version number, (3) a
long OK reply from a POP3 server, and (4) a long SMTP server response.

Analysis
----------------
ED_PRI CAN-2002-1061 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1062
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1062
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
Reference: XF:jana-socks5-bo(9684)
Reference: URL:http://www.iss.net/security_center/static/9684.php
Reference: BID:5321
Reference: URL:http://www.securityfocus.com/bid/5321

Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and
1.4.6 and earlier, allows remote attackers to execute arbitrary code
via long (1) Username, (2) Password, or (3) Hostname entries.

Analysis
----------------
ED_PRI CAN-2002-1062 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC, SF-EXEC

ABSTRACTION: while the *exploit* is a buffer overflow, the problem was
explicitly reported as a signedness error that enabled the overflow;
therefore, this is treated as a different issue than the Jana
overflows, in accordance with CD:SF-LOC.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1063
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1063
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
Reference: XF:jana-ftp-pasv-dos(9687)
Reference: URL:http://www.iss.net/security_center/static/9687.php
Reference: BID:5325
Reference: URL:http://www.securityfocus.com/bid/5325

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier,
allows remote attackers to cause a denial of service (resource
exhaustion) via a large number of FTP PASV requests, which consumes
all available FTP ports.

Analysis
----------------
ED_PRI CAN-2002-1063 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1064
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1064
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
Reference: XF:jana-pop3-bruteforce(9688)
Reference: URL:http://www.iss.net/security_center/static/9688.php
Reference: BID:5326
Reference: URL:http://www.securityfocus.com/bid/5326

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier,
generates different responses for valid and invalid usernames, which
allows remote attackers to identify valid users on the server.

Analysis
----------------
ED_PRI CAN-2002-1064 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1065
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1065
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
Reference: XF:jana-pop3-bruteforce(9688)
Reference: URL:http://www.iss.net/security_center/static/9688.php

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier,
does not restrict the number of unsuccessful login attempts, which
makes it easier for remote attackers to gain privileges via brute
force username and password guessing.

Analysis
----------------
ED_PRI CAN-2002-1065 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1066
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1066
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html
Reference: XF:jana-pop3-index-bo(9689)
Reference: URL:http://www.iss.net/security_center/static/9689.php
Reference: BID:5327
Reference: URL:http://www.securityfocus.com/bid/5327

Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to
cause a denial of service and possibly execute arbitrary code via a
large message index value in a (1) RETR or (2) DELE command to the
POP3 server, which exceeds the array limits and allows a buffer
overflow attack.

Analysis
----------------
ED_PRI CAN-2002-1066 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1067
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1067
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020727 0815 ++ */ SEH_Web
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0336.html
Reference: BID:5329
Reference: URL:http://www.securityfocus.com/bid/5329
Reference: XF:seh-ic9-password-bo(9702)
Reference: URL:http://www.iss.net/security_center/static/9702.php

Administrative web interface for IC9 Pocket Print Server Firmware
7.1.30 and 7.1.36f allows remote attackers to cause a denial of
service (reboot and reset) via a long password, possibly due to a
buffer overflow.

Analysis
----------------
ED_PRI CAN-2002-1067 3
Vendor Acknowledgement: no disputed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1068
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1068
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020727 Phenoelit Advisory  #0815 ++-+ dp_300 (DLINK)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0341.html
Reference: VULN-DEV:20020727 Phenoelit Advisory  #0815 ++-+ dp_300 (DLINK)
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102779425117680&w=2
Reference: XF:dlink-dp-post-dos(9703)
Reference: URL:http://www.iss.net/security_center/static/9703.php
Reference: BID:5330
Reference: URL:http://www.securityfocus.com/bid/5330

The web server for D-Link DP-300 print server allows remote attackers
to cause a denial of service (hang) via a large HTTP POST request.

Analysis
----------------
ED_PRI CAN-2002-1068 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1072
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1072
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: VULNWATCH:20020724 [VulnWatch] Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0036.html
Reference: BUGTRAQ:20020724 Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1)
Reference: URL:http://online.securityfocus.com/archive/1/283999
Reference: BID:5292
Reference: URL:http://www.securityfocus.com/bid/5292
Reference: XF:zyxel-jolt-dos(9655)
Reference: URL:http://www.iss.net/security_center/static/9655.php

ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows
remote attackers to cause a denial of service via an oversized,
fragmented "jolt" style ICMP packet.

Analysis
----------------
ED_PRI CAN-2002-1072 3
Vendor Acknowledgement:
Content Decisions: INCLUSION

ABSTRACTION: It is possible that this overlaps CAN-2001-1194(2).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1073
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1073
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020717 MERCUR Mailserver advisory/remote exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0195.html
Reference: XF:mercur-control-service-bo(9618)
Reference: URL:http://www.iss.net/security_center/static/9618.php
Reference: BID:5261
Reference: URL:http://www.securityfocus.com/bid/5261

Buffer overflow in the control service for MERCUR Mailserver 4.2
allows remote attackers to execute arbitrary code via a long password.

Analysis
----------------
ED_PRI CAN-2002-1073 3
Vendor Acknowledgement:

ACKNOWLEDGEMENT: email inquiry sent to support@atrium-software.com on
August 29, 2002.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1075
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1075
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020724 Pegasus mail DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0277.html
Reference: BID:5302
Reference: URL:http://www.securityfocus.com/bid/5302
Reference: XF:pegasus-message-header-bo(9673)
Reference: URL:http://www.iss.net/security_center/static/9673.php

Buffer overflow in Pegasus mail client 4.01 and earlier allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via long (1) To or (2) From headers.

Analysis
----------------
ED_PRI CAN-2002-1075 3
Vendor Acknowledgement:

ACKNOWLEDGEMENT: email inquiry sent to tech-support@pmail.gen.nz on
August 29, 2002.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1077
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1077
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020730 IPSwitch IMail Advisory #2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0399.html
Reference: BID:5365
Reference: URL:http://www.securityfocus.com/bid/5365
Reference: XF:imail-iwebcal-content-length-dos(9722)
Reference: URL:http://www.iss.net/security_center/static/9722.php

IPSwitch IMail Web Calendaring service (iwebcal) allows remote
attackers to cause a denial of service (crash) via an HTTP POST
request without a Content-Length field.

Analysis
----------------
ED_PRI CAN-2002-1077 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1078
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1078
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020729 Abyss Web Server version 1.0.3 shows file and directory content
Reference: URL:http://online.securityfocus.com/archive/1/284904
Reference: VULNWATCH:20020729 [VulnWatch] Abyss Web Server version 1.0.3 shows file and directory content
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0043.html
Reference: BID:5345
Reference: URL:http://www.securityfocus.com/bid/5345
Reference: XF:abyss-slash-directory-traversal(9721)
Reference: URL:http://www.iss.net/security_center/static/9721.php

Abyss Web Server 1.0.3 allows remote attackers to list directory
contents via an HTTP GET request that ends in a large number of /
(slash) characters.

Analysis
----------------
ED_PRI CAN-2002-1078 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1082
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1082
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html
Reference: BUGTRAQ:20020725 ezContents multiple vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/284229
Reference: XF:ezcontents-image-file-upload(9698)
Reference: URL:http://www.iss.net/security_center/static/9698.php

The Image Upload capability for ezContents 1.40 and earlier allows
remote attackers to cause ezContents to perform operations on local
files as if they were uploaded.

Analysis
----------------
ED_PRI CAN-2002-1082 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1083
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1083
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html
Reference: BUGTRAQ:20020725 ezContents multiple vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/284229
Reference: XF:ezcontents-dotdot-directory-traversal(9710)
Reference: URL:http://www.iss.net/security_center/static/9710.php

Directory traversal vulnerabilities in ezContents 1.41 and earlier
allow remote attackers to cause ezContents to (1) create directories
using the Maintain Images:Add New:Create Subdirectory item, or (2)
list directories using the Maintain Images file listing, via .. (dot
dot) sequences.

Analysis
----------------
ED_PRI CAN-2002-1083 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1084
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1084
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html
Reference: BUGTRAQ:20020725 ezContents multiple vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/284229
Reference: XF:ezcontents-verifylogin-post-data(9711)
Reference: URL:http://www.iss.net/security_center/static/9711.php

The VerifyLogin function in ezContents 1.41 and earlier does not
properly halt program execution if a user fails to log in properly,
which allows remote attackers to modify and view restricted
information via HTTP POST requests.

Analysis
----------------
ED_PRI CAN-2002-1084 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1085
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1085
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html
Reference: BUGTRAQ:20020725 ezContents multiple vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/284229
Reference: XF:ezcontents-diary-entry-xss(9712)
Reference: URL:http://www.iss.net/security_center/static/9712.php

Multiple cross-site scripting vulnerabilities in ezContents 1.41 and
earlier allow remote attackers to execute script and steal cookies via
the diary and other capabilities.

Analysis
----------------
ED_PRI CAN-2002-1085 3
Vendor Acknowledgement:
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1086
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1086
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html
Reference: BUGTRAQ:20020725 ezContents multiple vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/284229
Reference: XF:ezcontents-sql-injection(9713)
Reference: URL:http://www.iss.net/security_center/static/9713.php

Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier
allow remote attackers to conduct unauthorized activities.

Analysis
----------------
ED_PRI CAN-2002-1086 3
Vendor Acknowledgement:
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1087
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1087
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html
Reference: BUGTRAQ:20020725 ezContents multiple vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/284229

The scripts (1) createdir.php, (2) removedir.php and (3)
uploadfile.php for ezContents 1.41 and earlier do not check
credentials, which allows remote attackers to create or delete
directories and upload files via a direct HTTP POST request.

Analysis
----------------
ED_PRI CAN-2002-1087 3
Vendor Acknowledgement:
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007