[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PROPOSAL] Cluster UNIX-2002a - 52 candidates

To: cve-editorial-board-list@lists.mitre.org
Subject: [PROPOSAL] Cluster UNIX-2002a - 52 candidates
From: "Steven M. Christey" <coley@LINUS.mitre.org>
Date: Mon, 17 Mar 2003 18:21:24 -0500 (EST)
Delivery-Date: Mon Mar 17 18:21:32 2003
Sender: owner-cve-editorial-board-list@lists.mitre.org
I am proposing cluster UNIX-2002a for review and voting by the
Editorial Board.

Name: UNIX-2002a
Description: CANs in Linux/Unix advisories from July 2002 to Sept 2002
Size: 52

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0384
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0384
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020522
Category: SF
Reference: REDHAT:RHSA-2002:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-107.html
Reference: REDHAT:RHSA-2002:098
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-098.html
Reference: MANDRAKE:MDKSA-2002:054
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-054.php
Reference: HP:HPSBTL0208-057
Reference: URL:http://online.securityfocus.com/advisories/4358
Reference: XF:gaim-jabber-module-bo(9766)
Reference: URL:http://www.iss.net/security_center/static/9766.php
Reference: BID:5406
Reference: URL:http://www.securityfocus.com/bid/5406

Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows
remote attackers to execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2002-0384 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0662
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0662
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020702
Category: SF
Reference: BUGTRAQ:20020902 The ScrollKeeper Root Trap
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103098575826031&w=2
Reference: DEBIAN:DSA-160
Reference: URL:http://www.debian.org/security/2002/dsa-160
Reference: REDHAT:RHSA-2002:186
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-186.html
Reference: BUGTRAQ:20020904 GLSA: scrollkeeper
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103115387102294&w=2

scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users
to create and overwrite files via a symlink attack on the
scrollkeeper-tempfile.x temporary files.

Analysis
----------------
ED_PRI CAN-2002-0662 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0835
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0835
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020808
Category: SF
Reference: REDHAT:RHSA-2002:162
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-162.html
Reference: REDHAT:RHSA-2002:165
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-165.html
Reference: CALDERA:CSSA-2002-044.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt
Reference: HP:HPSBTL0209-066
Reference: URL:http://online.securityfocus.com/advisories/4449
Reference: BID:5596
Reference: URL:http://www.securityfocus.com/bid/5596
Reference: XF:pxe-dhcp-dos(10003)
Reference: URL:http://www.iss.net/security_center/static/10003.php

Preboot eXecution Environment (PXE) server allows remote attackers to
cause a denial of service (crash) via certain DHCP packets from
Voice-Over-IP (VOIP) phones.

Analysis
----------------
ED_PRI CAN-2002-0835 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1091
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1091
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: BUGTRAQ:20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134051120770&w=2
Reference: MISC:http://crash.ihug.co.nz/~Sneuro/zerogif/
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=157989
Reference: REDHAT:RHSA-2002:192
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html
Reference: MANDRAKE:MDKSA-2002:075
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:075
Reference: XF:netscape-zero-gif-bo(10058)
Reference: URL:http://www.iss.net/security_center/static/10058.php
Reference: BID:5665
Reference: URL:http://www.securityfocus.com/bid/5665

Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers
to corrupt heap memory and execute arbitrary code via a GIF image with
a zero width.

Analysis
----------------
ED_PRI CAN-2002-1091 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1111
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978873620491&w=2
Reference: DEBIAN:DSA-153
Reference: URL:http://www.debian.org/security/2002/dsa-153
Reference: BID:5515
Reference: URL:http://www.securityfocus.com/bid/5515

print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify
the limit_reporters option, which allows remote attackers to view bug
summaries for bugs that would otherwise be restricted.

Analysis
----------------
ED_PRI CAN-2002-1111 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1112
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1112
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978673018271&w=2
Reference: DEBIAN:DSA-153
Reference: URL:http://www.debian.org/security/2002/dsa-153
Reference: BID:5514
Reference: URL:http://www.securityfocus.com/bid/5514

Mantis before 0.17.4 allows remote attackers to list project bugs
without authentication by modifying the cookie that is used by the
"View Bugs" page.

Analysis
----------------
ED_PRI CAN-2002-1112 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1113
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1113
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: BUGTRAQ:20020813 mantisbt security flaw
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102927873301965&w=2
Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-04] Arbitrary code execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978924821040&w=2
Reference: DEBIAN:DSA-153
Reference: URL:http://www.debian.org/security/2002/dsa-153
Reference: BID:5504
Reference: URL:http://www.securityfocus.com/bid/5504

summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote
attackers to execute arbitrary PHP code by modifying the
g_jpgraph_path parameter to reference the location of the PHP code.

Analysis
----------------
ED_PRI CAN-2002-1113 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1114
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1114
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978711618648&w=2
Reference: DEBIAN:DSA-153
Reference: URL:http://www.debian.org/security/2002/dsa-153
Reference: XF:mantis-configinc-var-include(9900)
Reference: URL:http://www.iss.net/security_center/static/9900.php
Reference: BID:5509
Reference: URL:http://www.securityfocus.com/bid/5509

config_inc2.php in Mantis before 0.17.4 allows remote attackers to
execute arbitrary code or read arbitrary files via the parameters (1)
g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file,
(4) g_meta_include_file, or (5) a cookie.

Analysis
----------------
ED_PRI CAN-2002-1114 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1115
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1115
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: BUGTRAQ:20020823 [Mantis Advisory/2002-06] Private bugs accessible in Mantis
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103013249211164&w=2
Reference: DEBIAN:DSA-161
Reference: URL:http://www.debian.org/security/2002/dsa-161

Mantis 0.17.4a and earlier allows remote attackers to view private
bugs by modifying the f_id bug ID parameter to (1)
bug_update_advanced_page.php, (2) bug_update_page.php, (3)
view_bug_advanced_page.php, or (4) view_bug_page.php.

Analysis
----------------
ED_PRI CAN-2002-1115 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1116
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1116
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on 'View Bugs'
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103014152320112&w=2
Reference: DEBIAN:DSA-161
Reference: URL:http://www.debian.org/security/2002/dsa-161

The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and
earlier includes summaries of private bugs for users that do not have
access to any projects.

Analysis
----------------
ED_PRI CAN-2002-1116 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1119
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1119
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020909
Category: SF
Reference: MISC:http://mail.python.org/pipermail/python-dev/2002-August/027229.html
Reference: DEBIAN:DSA-159
Reference: URL:http://www.debian.org/security/2002/dsa-159
Reference: CONECTIVA:CLA-2002:527
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000527
Reference: CALDERA:CSSA-2002-045.0
Reference: MANDRAKE:MDKSA-2002:082
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-082.php
Reference: REDHAT:RHSA-2002:202
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-202.html
Reference: BUGTRAQ:20030123 [OpenPKG-SA-2003.006] OpenPKG Security Advisory (python)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104333092200589&w=2
Reference: XF:python-execvpe-tmpfile-symlink(10009)
Reference: URL:http://www.iss.net/security_center/static/10009.php
Reference: BID:5581
Reference: URL:http://www.securityfocus.com/bid/5581

os._execvpe from os.py in Python 2.2.1 and earlier creates temporary
files with predictable names, which could allow local users to execute
arbitrary code via a symlink attack.

Analysis
----------------
ED_PRI CAN-2002-1119 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1126
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1126
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020917
Category: SF
Reference: BUGTRAQ:20020911 Privacy leak in mozilla
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103176760004720&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=145579
Reference: REDHAT:RHSA-2002:192
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html
Reference: MANDRAKE:MDKSA-2002:075
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:075
Reference: XF:mozilla-onunload-url-leak(10084)
Reference: URL:http://www.iss.net/security_center/static/10084.php
Reference: BID:5694
Reference: URL:http://www.securityfocus.com/bid/5694

Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape
and Galeon, set the document referrer too quickly in certain
situations when a new page is being loaded, which allows web pages to
determine the next page that is being visited, including manually
entered URLs, using the onunload handler.

Analysis
----------------
ED_PRI CAN-2002-1126 1
Vendor Acknowledgement: yes patch

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1131
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1131
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020920
Category: SF
Reference: BUGTRAQ:20020919 Squirrel Mail 1.2.7 XSS Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774
Reference: REDHAT:RHSA-2002:204
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-204.html
Reference: DEBIAN:DSA-191
Reference: URL:http://www.debian.org/security/2002/dsa-191
Reference: XF:squirrelmail-php-xss(10145)
Reference: URL:http://www.iss.net/security_center/static/10145.php
Reference: BID:5763
Reference: URL:http://www.securityfocus.com/bid/5763

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and
earlier allows remote attackers to execute script as other web users
via (1) addressbook.php, (2) options.php, (3) search.php, or (4)
help.php.

Analysis
----------------
ED_PRI CAN-2002-1131 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the vendor's changelog for version 1.2.8, dated
September 14, 2002, says: " Fixes for multiple XXS exploits on the
addressbook, search, help, and options pages."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1132
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1132
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020920
Category: SF
Reference: BUGTRAQ:20020919 Squirrel Mail 1.2.7 XSS Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
Reference: REDHAT:RHSA-2002:204
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-204.html
Reference: DEBIAN:DSA-191
Reference: URL:http://www.debian.org/security/2002/dsa-191
Reference: XF:squirrelmail-options-path-disclosure(10345)
Reference: URL:http://www.iss.net/security_center/static/10345.php

SquirrelMail 1.2.7 and earlier, and possibly later versions, allows
remote attackers to determine the absolute pathname of the options.php
script via a malformed optpage file argument, which generates an error
message when the file cannot be included in the script.

Analysis
----------------
ED_PRI CAN-2002-1132 1
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1147
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1147
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020924
Category: SF
Reference: MISC:http://www.tech-serve.com/research/advisories/2002/a092302-1.txt
Reference: BUGTRAQ:20020924 HP Procurve 4000M Stacked Switch HTTP Reset Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103287951910420&w=2
Reference: HP:HPSBUX0209-219
Reference: URL:http://online.securityfocus.com/advisories/4501
Reference: BID:5784
Reference: URL:http://www.securityfocus.com/bid/5784
Reference: XF:hp-procurve-http-reset-dos(10172)
Reference: URL:http://www.iss.net/security_center/static/10172.php

The HTTP administration interface for HP Procurve 4000M Switch
firmware before C.09.16, with stacking features and remote
administration enabled, does not authenticate requests to reset the
device, which allows remote attackers to cause a denial of service via
a direct request to the device_reset CGI program.

Analysis
----------------
ED_PRI CAN-2002-1147 1
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1148
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1148
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020924
Category: SF
Reference: BUGTRAQ:20020924 JSP source code exposure in Tomcat 4.x
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103288242014253&w=2
Reference: DEBIAN:DSA-170
Reference: URL:http://www.debian.org/security/2002/dsa-170
Reference: HP:HPSBUX0212-229
Reference: URL:http://online.securityfocus.com/advisories/4758
Reference: BID:5786
Reference: URL:http://www.securityfocus.com/bid/5786
Reference: XF:tomcat-servlet-source-code(10175)
Reference: URL:http://www.iss.net/security_center/static/10175.php

The default servlet (org.apache.catalina.servlets.DefaultServlet) in
Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read
source code for server files via a direct request to the servlet.

Analysis
----------------
ED_PRI CAN-2002-1148 1
Vendor Acknowledgement: unknown vague

ACCURACY: The "DSA-169" number was inadvertently published for two
separate issues.  Debian confirmed via email that DSA-169 is intended
for the htcheck issue (CAN-2002-1195), and DSA-170 is intended for the
Tomcat issue (CAN-2002-1148).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1151
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1151
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020924
Category: SF
Reference: BUGTRAQ:20020910 KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103175850925395&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020908-2.txt
Reference: CONECTIVA:CLA-2002:525
Reference: DEBIAN:DSA-167
Reference: URL:http://www.debian.org/security/2002/dsa-167
Reference: MANDRAKE:MDKSA-2002:064
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-064.php
Reference: CALDERA:CSSA-2002-047.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt
Reference: REDHAT:RHSA-2002:220
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html
Reference: BID:5689
Reference: URL:http://online.securityfocus.com/bid/5689
Reference: XF:ie-sameoriginpolicy-bypass(10039)
Reference: URL:http://www.iss.net/security_center/static/10039.php

The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0
through 3.0.3 does not properly initialize the domains on sub-frames
and sub-iframes, which can allow remote attackers to execute script
and steal cookies from subframes that are in other domains.

Analysis
----------------
ED_PRI CAN-2002-1151 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1152
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1152
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020924
Category: SF
Reference: BUGTRAQ:20020910 KDE Security Advisory: Secure Cookie Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103175827225044&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020908-1.txt
Reference: REDHAT:RHSA-2002:220
Reference: XF:kde-konqueror-cookie-hijacking(10083)
Reference: URL:http://www.iss.net/security_center/static/10083.php
Reference: BID:5691
Reference: URL:http://www.securityfocus.com/bid/5691

Konqueror in KDE 3.0 through 3.0.2 does not properly detect the
"secure" flag in an HTTP cookie, which could cause Konqueror to send
the cookie across an unencrypted channel, which could allow remote
attackers to steal the cookie via sniffing.

Analysis
----------------
ED_PRI CAN-2002-1152 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1336
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1336
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021202
Category: SF
Reference: BUGTRAQ:20020724 VNC authentication weakness
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102753170201524&w=2
Reference: BUGTRAQ:20020726 RE: VNC authentication weakness
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102769183913594&w=2
Reference: CONFIRM:http://www.tightvnc.com/WhatsNew.txt
Reference: MANDRAKE:MDKSA-2003:022
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:022
Reference: BID:5296
Reference: URL:http://online.securityfocus.com/bid/5296

TightVNC before 1.2.6 generates the same challenge string for multiple
connections, which allows remote attackers to bypass VNC
authentication by sniffing the challenge and response of other users.

Analysis
----------------
ED_PRI CAN-2002-1336 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: The changelog for 1.2.6 says that it "Fixed a
repeated challenge replay attack vulnerability, bugtraq id 5296."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1405
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1405
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: BUGTRAQ:20020819 Lynx CRLF Injection
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978118411977&w=2
Reference: BUGTRAQ:20020822 Lynx CRLF Injection, part two
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103003793418021&w=2
Reference: DEBIAN:DSA-210
Reference: URL:http://www.debian.org/security/2002/dsa-210
Reference: CALDERA:CSSA-2002-049.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt
Reference: REDHAT:RHSA-2003:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-029.html
Reference: BUGTRAQ:20021219 TSLSA-2002-0085 - lynx-ssl
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104033235506549&w=2
Reference: MANDRAKE:MDKSA-2003:023
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:023
Reference: XF:lynx-crlf-injection(9887)
Reference: URL:http://www.iss.net/security_center/static/9887.php

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote
attackers to inject false HTTP headers into an HTTP request that is
provided on the command line, via a URL containing encoded carriage
return, line feed, and other whitespace characters.

Analysis
----------------
ED_PRI CAN-2002-1405 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1412
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1412
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020801 code injection in gallery
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0471.html
Reference: CONFIRM:http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=50&mode=thread&order=0&thold=0
Reference: DEBIAN:DSA-138
Reference: URL:http://www.debian.org/security/2002/dsa-138

Gallery photo album package before 1.3.1 allows local and possibly
remote attackers to execute arbitrary code via a modified
GALLERY_BASEDIR variable that points to a directory or URL that
contains a Trojan horse init.php script.

Analysis
----------------
ED_PRI CAN-2002-1412 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1419
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1419
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: SGI:20020805-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020805-01-I
Reference: BID:5467
Reference: URL:http://www.securityfocus.com/bid/5467
Reference: XF:irix-origin-bypass-filtering(9868)
Reference: URL:http://www.iss.net/security_center/static/9868.php

The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes
the MAC address of the system, which could modify intended access
restrictions that are based on a MAC address.

Analysis
----------------
ED_PRI CAN-2002-1419 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1424
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1424
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: DEBIAN:DSA-141
Reference: URL:http://www.debian.org/security/2002/dsa-141
Reference: BID:5385
Reference: URL:http://www.securityfocus.com/bid/5385
Reference: XF:munpack-mime-bo(9747)
Reference: URL:http://www.iss.net/security_center/static/9747.php

Buffer overflow in munpack in mpack 1.5 and earlier allows remote
attackers to cause a denial of service and possibly execute arbitrary
code.

Analysis
----------------
ED_PRI CAN-2002-1424 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1425
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1425
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: DEBIAN:DSA-141
Reference: URL:http://www.debian.org/security/2002/dsa-141
Reference: BID:5386
Reference: URL:http://www.securityfocus.com/bid/5386
Reference: XF:munpack-dotdot-directory-traversal(9748)
Reference: URL:http://www.iss.net/security_center/static/9748.php

Directory traversal vulnerability in munpack in mpack 1.5 and earlier
allows remote attackers to create new files in the parent directory
via a ../ (dot-dot) sequence in the filename to be extracted.

Analysis
----------------
ED_PRI CAN-2002-1425 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1472
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1472
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: CONECTIVA:CLA-2002:529
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529
Reference: SUSE:SuSE-SA:2002:032
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html
Reference: BID:5735
Reference: URL:http://www.securityfocus.com/bid/5735
Reference: XF:xfree86-x11-program-execution(10137)
Reference: URL:http://www.iss.net/security_center/static/10137.php

libX11.so in xfree86 allows local users to gain root privileges via a
modified LD_PRELOAD environment variable that points to a malicious
module.

Analysis
----------------
ED_PRI CAN-2002-1472 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1476
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1476
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: NETBSD:NetBSD-SA2002-012
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc
Reference: BID:5724
Reference: URL:http://www.securityfocus.com/bid/5724
Reference: XF:netbsd-libc-setlocale-bo(10159)
Reference: URL:http://www.iss.net/security_center/static/10159.php

Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and
possibly other operating systems, when called with the LC_ALL
category, allows local attackers to execute arbitrary code via a
user-controlled locale string that has more than 6 elements, which
exceeds the boundaries of the new_categories category array, as
exploitable through programs such as xterm and zsh.

Analysis
----------------
ED_PRI CAN-2002-1476 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1477
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1477
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020903 Cacti security issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html
Reference: DEBIAN:DSA-164
Reference: URL:http://www.debian.org/security/2002/dsa-164
Reference: MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
Reference: XF:cacti-graph-label-commands(10048)
Reference: URL:http://www.iss.net/security_center/static/10048.php
Reference: BID:5627
Reference: URL:http://www.securityfocus.com/bid/5627

graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti
administrators to execute arbitrary commands via shell metacharacters
in the title during edit mode.

Analysis
----------------
ED_PRI CAN-2002-1477 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1490
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1490
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: NETBSD:NetBSD-SA2002-007
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-007.txt.asc
Reference: XF:netbsd-tiocsctty-ioctl-bo(10115)
Reference: URL:http://www.iss.net/security_center/static/10115.php
Reference: BID:5722
Reference: URL:http://www.securityfocus.com/bid/5722

NetBSD 1.4 through 1.6 beta allows local users to cause a denial of
service (kernel panic) via a series of calls to the TIOCSCTTY ioctl,
which causes an integer overflow in a structure counter and sets the
counter to zero, which frees memory that is still in use by other
processes.

Analysis
----------------
ED_PRI CAN-2002-1490 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1513
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1513
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20020927 OpenVMS POP server local vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/293070
Reference: BUGTRAQ:20021001 [security bulletin] SSRT2371 HP OpenVMS Potential POP server local vulnerability (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0010.html
Reference: COMPAQ:SSRT2371
Reference: URL:http://archives.neohapsis.com/archives/compaq/2002-q4/0000.html
Reference: BID:5790
Reference: URL:http://www.securityfocus.com/bid/5790
Reference: XF:openvms-pop-gain-privileges(10236)
Reference: URL:http://www.iss.net/security_center/static/10236.php

The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3
allows local users to truncate arbitrary files via the -logfile
command line option, which overrides file system permissions because
the server runs with the SYSPRV and BYPASS privileges.

Analysis
----------------
ED_PRI CAN-2002-1513 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1468
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1468
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: AIXAPAR:IY31997
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0007.html

Buffer overflow in errpt in AIX 4.3.3 with unknown attack vectors and
unknown consequences.

Analysis
----------------
ED_PRI CAN-2002-1468 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0399
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0399
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020602
Category: SF
Reference: BUGTRAQ:20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103419290219680&w=2
Reference: REDHAT:RHSA-2002:096
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-096.html
Reference: MANDRAKE:MDKSA-2002:066
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:066
Reference: CONECTIVA:CLA-2002:538
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538
Reference: ENGARDE:ESA-20021003-022
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2400.html
Reference: XF:archive-extraction-directory-traversal(10224)
Reference: URL:http://www.iss.net/security_center/static/10224.php

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25,
and possibly later versions, allows attackers to overwrite arbitrary
files during archive extraction via a (1) "/.." or (2) "./.." string,
which removes the leading slash but leaves the "..", a variant of
CAN-2001-1267.

Analysis
----------------
ED_PRI CAN-2002-0399 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0837
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0837
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020808
Category: SF
Reference: BUGTRAQ:20020908 Guardent Client Advisory: Multiple wordtrans-web Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103158607631137&w=2
Reference: MISC:http://www.guardent.com/comp_news_wordtrans-web.html#
Reference: REDHAT:RHSA-2002:188
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-188.html
Reference: XF:wordtrans-web-php-xss(10059)
Reference: URL:http://www.iss.net/security_center/static/10059.php
Reference: XF:wordtrans-web-code-execution(10063)
Reference: URL:http://www.iss.net/security_center/static/10063.php
Reference: BID:5674
Reference: URL:http://www.securityfocus.com/bid/5674
Reference: BID:5671
Reference: URL:http://www.securityfocus.com/bid/5671

wordtrans 1.1pre8 and earlier in the wordtrans-web package allows
remote attackers to (1) execute arbitrary code or (2) conduct
cross-site scripting attacks via certain parameters (possibly "dict")
to the wordtrans.php script.

Analysis
----------------
ED_PRI CAN-2002-0837 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: the Guardent advisory is not clear enough to be certain
whether there is one or two different vulnerability types here,
although there is some implication that "multiple" vulnerabilities are
involved.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1110
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1110
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978728718851&w=2
Reference: DEBIAN:DSA-153
Reference: URL:http://www.debian.org/security/2002/dsa-153
Reference: BID:5510
Reference: URL:http://www.securityfocus.com/bid/5510

Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier,
when running without magic_quotes_gpc enabled, allows remote attackers
to gain privileges or perform unauthorized database operations via
modified form fields, e.g. to account_update.php.

Analysis
----------------
ED_PRI CAN-2002-1110 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1124
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1124
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020913
Category: SF
Reference: DEBIAN:DSA-166
Reference: URL:http://www.debian.org/security/2002/dsa-166
Reference: XF:linux-purity-bo(10100)
Reference: URL:http://www.iss.net/security_center/static/10100.php
Reference: BID:5702
Reference: URL:http://www.securityfocus.com/bid/5702

Multiple buffer overflows in purity 1-16 allow local users to gain
privileges and modify high scores tables.

Analysis
----------------
ED_PRI CAN-2002-1124 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1125
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1125
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020916
Category: SF
Reference: VULNWATCH:20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.html
Reference: BUGTRAQ:20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103228135413310&w=2
Reference: FREEBSD:FreeBSD-SA-02:39
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc
Reference: XF:bsd-libkvm-descriptor-leak(10109)
Reference: URL:http://www.iss.net/security_center/static/10109.php
Reference: BID:5714
Reference: URL:http://www.securityfocus.com/bid/5714
Reference: BID:5716
Reference: URL:http://www.securityfocus.com/bid/5716
Reference: BID:5718
Reference: URL:http://www.securityfocus.com/bid/5718
Reference: BID:5719
Reference: URL:http://www.securityfocus.com/bid/5719
Reference: BID:5720
Reference: URL:http://www.securityfocus.com/bid/5720

FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and
earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and
(5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem,
which allows local users to read kernel memory.

Analysis
----------------
ED_PRI CAN-2002-1125 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1134
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1134
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: COMPAQ:SSRT2362
Reference: URL:http://online.securityfocus.com/advisories/4497
Reference: BUGTRAQ:20020923 [security bulletin] SSRT2362 WEBES Service Tools (HP Tru64 UNIX, HP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103280973718587&w=2
Reference: XF:webes-unauth-file-access(10167)
Reference: URL:http://www.iss.net/security_center/static/10167.php
Reference: BID:5773
Reference: URL:http://www.securityfocus.com/bid/5773

Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES
4.0 (Service Pack 5) allows local users to read privileged files.

Analysis
----------------
ED_PRI CAN-2002-1134 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1174
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1174
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020930
Category: SF
Reference: VULNWATCH:20020929 Advisory 03/2002: Fetchmail remote vulnerabilities
Reference: BUGTRAQ:20020929 Advisory 03/2002: Fetchmail remote vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103340148625187&w=2
Reference: MANDRAKE:MDKSA-2002:063
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php
Reference: DEBIAN:DSA-171
Reference: URL:http://www.debian.org/security/2002/dsa-171
Reference: CONECTIVA:CLA-2002:531
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531
Reference: REDHAT:RHSA-2002:215
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-215.html
Reference: ENGARDE:ESA-20021003-023
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2402.html
Reference: XF:fetchmail-multidrop-bo(10203)
Reference: URL:http://www.iss.net/security_center/static/10203.php
Reference: BID:5825
Reference: URL:http://www.securityfocus.com/bid/5825
Reference: BID:5827
Reference: URL:http://www.securityfocus.com/bid/5827

Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers
to cause a denial of service (crash) or execute arbitrary code via (1)
long headers that are not properly processed by the readheaders
function, or (2) via long Received: headers, which are not properly
parsed by the parse_received function.

Analysis
----------------
ED_PRI CAN-2002-1174 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1175
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1175
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020930
Category: SF
Reference: VULNWATCH:20020929 Advisory 03/2002: Fetchmail remote vulnerabilities
Reference: BUGTRAQ:20020929 Advisory 03/2002: Fetchmail remote vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103340148625187&w=2
Reference: MANDRAKE:MDKSA-2002:063
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php
Reference: DEBIAN:DSA-171
Reference: URL:http://www.debian.org/security/2002/dsa-171
Reference: CONECTIVA:CLA-2002:531
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531
Reference: REDHAT:RHSA-2002:215
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-215.html
Reference: ENGARDE:ESA-20021003-023
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2402.html
Reference: XF:fetchmail-multidrop-bo(10203)
Reference: URL:http://www.iss.net/security_center/static/10203.php
Reference: BID:5826
Reference: URL:http://www.securityfocus.com/bid/5826

The getmxrecord function in Fetchmail 6.0.0 and earlier does not
properly check the boundary of a particular malformed DNS packet from
a malicious DNS server, which allows remote attackers to cause a
denial of service (crash) when Fetchmail attempts to read data beyond
the expected boundary.

Analysis
----------------
ED_PRI CAN-2002-1175 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1216
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1216
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021015
Category: SF
Reference: BUGTRAQ:20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103419290219680&w=2
Reference: REDHAT:RHSA-2002:096
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-096.html
Reference: XF:archive-extraction-directory-traversal(10224)
Reference: URL:http://www.iss.net/security_center/static/10224.php

GNU tar 1.13.19 and other versions before 1.13.25 allows remote
attackers to overwrite arbitrary files via a symlink attack, as the
result of a modification that effectively disabled the security check.

Analysis
----------------
ED_PRI CAN-2002-1216 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

ABSTRACTION: This problem is a re-introduction of a vulnerability that
affected earlier versions of software.  It seems appropriate that,
since different versions are affected for this re-introduction, that
CD:SF-LOC should suggest keeping the issues SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1226
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1226
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021017
Category: SF
Reference: SUSE:SuSE-SA:2002:034
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103341355708817&w=2
Reference: BUGTRAQ:20021014 GLSA: heimdal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103462479621246&w=2
Reference: DEBIAN:DSA-178
Reference: URL:http://www.debian.org/security/2002/dsa-178

Unknown vulnerabilities in Heimdal before 0.5 with unknown impact,
possibly in the (1) kadmind and (2) kdc servers, may allow remote or
local attackers to gain root or other access, but not via buffer
overflows (CAN-2002-1225).

Analysis
----------------
ED_PRI CAN-2002-1226 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1397
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1397
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: BUGTRAQ:20020819 @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102977465204357&w=2
Reference: MISC:http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52
Reference: CONECTIVA:CLA-2002:524
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524

Vulnerability in the cash_words() function for PostgreSQL 7.2 and
earlier allows local users to cause a denial of service and possibly
execute arbitrary code via a large negative argument, possibly
triggering an integer signedness error or buffer overflow.

Analysis
----------------
ED_PRI CAN-2002-1397 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: A large number of buffer overflows and other issues were
discovered in PostgreSQL 7.2.x during August 2002.  The process of
sorting out these different issues was quite arduous.  While CD:SF-LOC
might suggest combining most of the overflows into a single item, some
security advisories are vague enough that it seems appropriate to
create separate candidates for the separate reports, so that vendors
may clarify to their customers which problems they did (or did not)
fix.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1398
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1398
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: BUGTRAQ:20020819 Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978152712430&w=2
Reference: BUGTRAQ:20020821 Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102996089613404&w=2
Reference: BUGTRAQ:20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103021186622725&w=2
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=postgresql-announce&m=103062536330644
Reference: CONFIRM:http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
Reference: DEBIAN:DSA-165
Reference: URL:http://www.debian.org/security/2002/dsa-165
Reference: SUSE:SuSE-SA:2002:038
Reference: URL:http://www.suse.de/de/security/2002_038_postgresql.html
Reference: BUGTRAQ:20020826 GLSA: PostgreSQL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103036987114437&w=2

Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows
attackers to cause a denial of service and possibly execute arbitrary
code via a long date string, aka a vulnerability "in handling long
datetime input."

Analysis
----------------
ED_PRI CAN-2002-1398 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: A large number of buffer overflows and other issues were
discovered in PostgreSQL 7.2.x during August 2002.  The process of
sorting out these different issues was quite arduous.  While CD:SF-LOC
might suggest combining most of the overflows into a single item, some
security advisories are vague enough that it seems appropriate to
create separate candidates for the separate reports, so that vendors
may clarify to their customers which problems they did (or did not)
fix.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1400
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1400
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: BUGTRAQ:20020820 @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102987306029821&w=2
Reference: BUGTRAQ:20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103021186622725&w=2
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=postgresql-announce&m=103062536330644
Reference: CONFIRM:http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
Reference: CONECTIVA:CLA-2002:524
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524
Reference: SUSE:SuSE-SA:2002:038
Reference: URL:http://www.suse.de/de/security/2002_038_postgresql.html
Reference: MANDRAKE:MDKSA-2002:062
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:062
Reference: BUGTRAQ:20020826 GLSA: PostgreSQL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103036987114437&w=2

Heap-based buffer overflow in the repeat() function for PostgreSQL
before 7.2.2 allows attackers to execute arbitrary code by causing
repeat() to generate a large string.

Analysis
----------------
ED_PRI CAN-2002-1400 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: A large number of buffer overflows and other issues were
discovered in PostgreSQL 7.2.x during August 2002.  The process of
sorting out these different issues was quite arduous.  While CD:SF-LOC
might suggest combining most of the overflows into a single item, some
security advisories are vague enough that it seems appropriate to
create separate candidates for the separate reports, so that vendors
may clarify to their customers which problems they did (or did not)
fix.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1401
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1401
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: MISC:http://archives.postgresql.org/pgsql-hackers/2002-08/msg02047.php
Reference: MISC:http://archives.postgresql.org/pgsql-hackers/2002-08/msg02081.php
Reference: DEBIAN:DSA-165
Reference: URL:http://www.debian.org/security/2002/dsa-165
Reference: CONECTIVA:CLA-2002:524
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524

Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add
(also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and
earlier allow attackers to cause a denial of service and possibly
execute arbitrary code, possibly as a result of an integer overflow.

Analysis
----------------
ED_PRI CAN-2002-1401 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: A large number of buffer overflows and other issues were
discovered in PostgreSQL 7.2.x during August 2002.  The process of
sorting out these different issues was quite arduous.  While CD:SF-LOC
might suggest combining most of the overflows into a single item, some
security advisories are vague enough that it seems appropriate to
create separate candidates for the separate reports, so that vendors
may clarify to their customers which problems they did (or did not)
fix.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1406
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1406
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: HP:HPSBUX0208-210
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0049.html
Reference: BID:5454
Reference: URL:http://www.securityfocus.com/bid/5454
Reference: XF:hp-vvos-passwd(9847)
Reference: URL:http://www.iss.net/security_center/static/9847.php

Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown
impact, related to "Unexpected behavior."

Analysis
----------------
ED_PRI CAN-2002-1406 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

ABSTRACTION: this could be a duplicate of CAN-2002-0577, but the HP
advisory is too vague to be certain. However, CAN-2002-0577 is covered
by HP:HPSBUX0204-191, and that advisory recommends a different patch
for VVOS 11.04.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1408
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1408
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: HP:HPSBUX0208-208
Reference: URL:http://online.securityfocus.com/advisories/4360
Reference: XF:hp-emanate-default-snmp(9814)
Reference: URL:http://www.iss.net/security_center/static/9814.php
Reference: BID:5428
Reference: URL:http://www.securityfocus.com/bid/5428

Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2
snmpModules allow the SNMP read-write community name to be exposed,
related to (1) "'read-only' community access," and/or (2) an easily
guessable community name.

Analysis
----------------
ED_PRI CAN-2002-1408 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, SF-LOC

ABSTRACTION: the advisory is so vague that it is difficult to identify
the vulnerability with more precision than covered in the CVE
description. However, there may be two separate issues, since the
advisory says that one issue is fixed by the patch, and another
requires a configuration change. But the advisory does not provide
sufficient information to know for sure.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1409
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1409
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: HP:HPSBUX0208-206
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0041.html
Reference: BID:5425
Reference: URL:http://www.securityfocus.com/bid/5425
Reference: XF:hp-ptrace-dos(9818)
Reference: URL:http://www.iss.net/security_center/static/9818.php

ptrace on HP-UX 11.00 through 11.11 allows local users to cause a
denial of service (data page fault panic) via "an incorrect reference
to thread register state."

Analysis
----------------
ED_PRI CAN-2002-1409 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

ACCURACY: the advisory is too vague to understand the real nature of
the vulnerability, so the description has to quote the words from the
advisory.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1439
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1439
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: HP:HPSBUX0208-211
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0050.html
Reference: XF:hp-vvos-tga-corruption(9846)
Reference: URL:http://www.iss.net/security_center/static/9846.php
Reference: BID:5459
Reference: URL:http://www.securityfocus.com/bid/5459

Unknown vulnerability related to stack corruption in the TGA daemon
for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow
attackers to obtain access to system files.

Analysis
----------------
ED_PRI CAN-2002-1439 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

ACCURACY: the advisory is too vague to understand the nature of the
vulnerability, which could be a classic buffer overflow, integer
signedness error, out-of-bounds array index, etc. Neither does the
advisory state whether the problem is remotely or locally exploitable.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1473
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1473
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: HP:HPSBUX0208-213
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0064.html
Reference: XF:hp-lp-dos(9992)
Reference: URL:http://www.iss.net/security_center/static/9992.php

Multiple buffer overflows in lp subsystem for HP-UX 10.20 through
11.11 (11i) allow local users to cause a denial of service and
possibly execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2002-1473 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-EXEC, VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1474
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1474
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: COMPAQ:SSRT-547
Reference: URL:http://archives.neohapsis.com/archives/tru64/2002-q3/0017.html

Unknown vulnerability or vulnerabilities in TCP/IP component for HP
Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a
denial of service.

Analysis
----------------
ED_PRI CAN-2002-1474 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, SF-LOC

ACCURACY: the advisory does not say whether there is one or two
vulnerabilities, but there are two separate references (SSRT0756U and
SSRT0776U) which could be an indicator of multiple issues.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1475
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1475
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: COMPAQ:SSRT-547
Reference: URL:http://archives.neohapsis.com/archives/tru64/2002-q3/0017.html

Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f,
4.0g, and 5.0a allows remote attackers to "take over packets destined
for another host" and cause a denial of service.

Analysis
----------------
ED_PRI CAN-2002-1475 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

ACCURACY: the terminology as used in the advisory does not clarify the
nature of the attack, so the text from the advisory is quoted in the
description.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1500
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1500
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: NETBSD:NetBSD-SA2002-014
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-014.txt.asc
Reference: BID:5727
Reference: URL:http://www.securityfocus.com/bid/5727
Reference: XF:netbsd-fdset-bo(10114)
Reference: URL:http://www.iss.net/security_center/static/10114.php

Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD
1.4.x through 1.6 allows local users to gain privileges by executing
the programs after filling the file descriptor tables, which produces
file descriptors larger than FD_SETSIZE, which are not checked by
FD_SET().

Analysis
----------------
ED_PRI CAN-2002-1500 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Prev by Date: [PROPOSAL] Cluster MS-2002a - 47 candidates
Next by Date: [PROPOSAL] Cluster UNIX-2002b - 58 candidates
Prev by thread: [PROPOSAL] Cluster MS-2002a - 47 candidates
Next by thread: [PROPOSAL] Cluster UNIX-2002b - 58 candidates
Index(es):
- Date
- Thread