[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster UNIX-2002c - 36 candidates



I am proposing cluster UNIX-2002c for review and voting by the
Editorial Board.

Name: UNIX-2002c
Description: CANs in Linux advisories from December 2002
Size: 36

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-1158
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1158
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020926
Category: SF
Reference: REDHAT:RHSA-2002:246
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-246.html

Buffer overflow in Canna 3.5b2 and earlier allows local users to
execute arbitrary code as the bin user.

Analysis
----------------
ED_PRI CAN-2002-1158 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1159
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1159
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020926
Category: SF
Reference: REDHAT:RHSA-2002:246
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-246.html

Canna 3.6 and earlier does not properly validate requests, which
allows remote attackers to cause a denial of service or information
leak.

Analysis
----------------
ED_PRI CAN-2002-1159 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1160
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1160
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020926
Category: CF
Reference: BUGTRAQ:20021214 BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104431622818954&w=2
Reference: REDHAT:RHSA-2003:035
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-035.html
Reference: MANDRAKE:MDKSA-2003:017
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:017
Reference: XF:linux-pamxauth-gain-privileges(11254)
Reference: URL:http://www.iss.net/security_center/static/11254.php

The default configuration of the pam_xauth module forwards
MIT-Magic-Cookies to new X sessions, which could allow local users to
gain root privileges by stealing the cookies from a temporary .xauth
file, which is created with the original user's credentials after root
uses su.

Analysis
----------------
ED_PRI CAN-2002-1160 1
Vendor Acknowledgement: unknown

ACCURACY: while the post from Andreas Beck appears to be dated
December 14, 2002, it was not actually published until February 3,
2002, as reflected in the Vendor Response section.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1341
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1341
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021205
Category: SF
Reference: BUGTRAQ:20021203 SquirrelMail v1.2.9 XSS bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103893844126484&w=2
Reference: MISC:http://f0kp.iplus.ru/bz/008.txt
Reference: BUGTRAQ:20021203 Re: SquirrelMail v1.2.9 XSS bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103911130503272&w=2
Reference: BUGTRAQ:20021215 GLSA: squirrelmail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004924002662&w=2
Reference: DEBIAN:DSA-220
Reference: URL:http://www.debian.org/security/2002/dsa-220
Reference: REDHAT:RHSA-2003:042
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-042.html

Cross-site scripting (XSS) vulnerability in read_body.php for
SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to
insert script and HTML via the (1) mailbox and (2) passed_id
parameters.

Analysis
----------------
ED_PRI CAN-2002-1341 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1344
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1344
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021209
Category: SF
Reference: BUGTRAQ:20021211 Directory Traversal Vulnerabilities in FTP Clients
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103962838628940&w=2
Reference: REDHAT:RHSA-2002:229
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-229.html
Reference: CONECTIVA:CLA-2002:552
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000552
Reference: DEBIAN:DSA-209
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103973388702700&w=2
Reference: MANDRAKE:MDKSA-2002:086
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-086.php
Reference: BUGTRAQ:20021219 TSLSA-2002-0089 - wget
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104033016703851&w=2
Reference: BID:6352
Reference: URL:http://www.securityfocus.com/bid/6352

Directory traversal vulnerability in wget before 1.8.2-4 allows a
remote FTP server to create or overwrite files as the wget user via
filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.

Analysis
----------------
ED_PRI CAN-2002-1344 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1348
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1348
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021210
Category: SF
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=126233
Reference: REDHAT:RHSA-2003:044
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-044.html
Reference: BUGTRAQ:20030217 GLSA:  w3m
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104552193927323&w=2
Reference: XF:w3m-img-alt-xss(11266)
Reference: URL:http://www.iss.net/security_center/static/11266.php

w3m before 0.3.2.2 does not properly escape HTML tags in the ALT
attribute of an IMG tag, which could allow remote attackers to access
files or cookies.

Analysis
----------------
ED_PRI CAN-2002-1348 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: The changelog for 0.3.2.2 describes "another security
vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag in
img alt attribute, so malicious frame html may deceive you to access
your local files, cookies and so on."
NOTE: CAN-2002-1404 was also assigned to this issue.  However, it is
being rejected in favor of CAN-2002-1348.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1350
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1350
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021213
Category: SF
Reference: DEBIAN:DSA-206
Reference: URL:http://www.debian.org/security/2002/dsa-206
Reference: BUGTRAQ:20021219 TSLSA-2002-0084 - tcpdump
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032975103398&w=2

The BGP decoding routines in tcpdump before 3.6.2-2.2 do not properly
copy data, which allows remote attackers to cause a denial of service
and possibly execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2002-1350 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1362
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1362
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021214
Category: SF
Reference: DEBIAN:DSA-211
Reference: URL:http://www.debian.org/security/2002/dsa-211

mICQ 0.4.9 and earlier allows remote attackers to cause a denial of
service (crash) via malformed ICQ message types without a 0xFE
separator character.

Analysis
----------------
ED_PRI CAN-2002-1362 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1363
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021214
Category: SF
Reference: DEBIAN:DSA-213
Reference: URL:http://www.debian.org/security/2002/dsa-213
Reference: REDHAT:RHSA-2003:006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-006.html

Portable Network Graphics (PNG) libraries (1) libpng 1.2.1 and
earlier, and (2) libpng3 1.2.5 and earlier, do not correctly calculate
offsets, which allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a buffer overflow
attack on the row buffers.

Analysis
----------------
ED_PRI CAN-2002-1363 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1365
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1365
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021213 Advisory 05/2002: Another Fetchmail Remote Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103979751818638&w=2
Reference: MISC:http://security.e-matters.de/advisories/052002.html
Reference: BUGTRAQ:20021215 GLSA: fetchmail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004858802000&w=2
Reference: CONECTIVA:CLA-2002:554
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000554
Reference: REDHAT:RHSA-2002:293
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-293.html
Reference: SUSE:SuSE-SA:2003:001
Reference: CALDERA:CSSA-2003-001.0
Reference: MANDRAKE:MDKSA-2003:011
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:011
Reference: ENGARDE:ESA-20030127-002

Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not
account for the "@" character when determining buffer lengths for
local addresses, which allows remote attackers to execute arbitrary
code via a header with a large number of local addresses.

Analysis
----------------
ED_PRI CAN-2002-1365 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1366
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1366
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local
users with lp privileges to create or overwrite arbitrary files via
file race conditions, as demonstrated by ice-cream.

Analysis
----------------
ED_PRI CAN-2002-1366 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1367
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1367
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote
attackers to add printers without authentication via a certain UDP
packet, which can then be used to perform unauthorized activities such
as stealing the local root certificate for the administration server
via a "need authorization" page, as demonstrated by new-coke.

Analysis
----------------
ED_PRI CAN-2002-1367 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1368
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1368
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code by causing negative arguments to be fed into memcpy()
calls via HTTP requests with (1) a negative Content-Length value or
(2) a negative length in a chunked transfer encoding.

Analysis
----------------
ED_PRI CAN-2002-1368 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1369
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1369
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html

jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17
does not properly use the strncat function call when processing the
options string, which allows remote attackers to execute arbitrary
code via a buffer overflow attack.

Analysis
----------------
ED_PRI CAN-2002-1369 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1371
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1371
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html

filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14
through 1.1.17 does not properly check for zero-length GIF images,
which allows remote attackers to execute arbitrary code via modified
chunk headers, as demonstrated by nogif.

Analysis
----------------
ED_PRI CAN-2002-1371 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1372
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1372
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not
properly check the return values of various file and socket
operations, which could allow a remote attacker to cause a denial of
service (resource exhaustion) by causing file descriptors to be
assigned and not released, as demonstrated by fanta.

Analysis
----------------
ED_PRI CAN-2002-1372 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1373
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1373
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2
Reference: MISC:http://security.e-matters.de/advisories/042002.html
Reference: BUGTRAQ:20021219 TSLSA-2002-0086 - mysql
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104033188706000&w=2
Reference: REDHAT:RHSA-2002:288
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html
Reference: ENGARDE:ESA-20030127-001

Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL
3.23.x before 3.23.54 allows remote attackers to cause a denial of
service (crash or hang) in mysqld by causing large negative integers
to be provided to a memcpy call.

Analysis
----------------
ED_PRI CAN-2002-1373 1
Vendor Acknowledgement: unknown

ACCURACY: a MySQL developer (Sergei Golubchik) confirmed via email
that the only the 3.23 branch was affected.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1374
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1374
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2
Reference: MISC:http://security.e-matters.de/advisories/042002.html
Reference: ENGARDE:ESA-20021213-033
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html
Reference: BUGTRAQ:20021215 GLSA: mysql
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2
Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005886114500&w=2
Reference: BUGTRAQ:20021219 TSLSA-2002-0086 - mysql
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104033188706000&w=2
Reference: REDHAT:RHSA-2002:288
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x
before 4.0.6, allows remote attackers to gain privileges via a brute
force attack using a one-character password, which causes MySQL to
only compare the provided password against the first character of the
real password.

Analysis
----------------
ED_PRI CAN-2002-1374 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1375
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1375
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2
Reference: MISC:http://security.e-matters.de/advisories/042002.html
Reference: ENGARDE:ESA-20021213-033
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html
Reference: BUGTRAQ:20021215 GLSA: mysql
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2
Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005886114500&w=2
Reference: BUGTRAQ:20021219 TSLSA-2002-0086 - mysql
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104033188706000&w=2
Reference: REDHAT:RHSA-2002:288
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to
4.0.6, allows remote attackers to execute arbitrary code via a long
response.

Analysis
----------------
ED_PRI CAN-2002-1375 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1376
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1376
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2
Reference: MISC:http://security.e-matters.de/advisories/042002.html
Reference: ENGARDE:ESA-20021213-033
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html
Reference: BUGTRAQ:20021215 GLSA: mysql
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2
Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005886114500&w=2
Reference: BUGTRAQ:20021219 TSLSA-2002-0086 - mysql
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104033188706000&w=2
Reference: REDHAT:RHSA-2002:288
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html

libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to
4.0.6, does not properly verify length fields for certain responses in
the (1) read_rows or (2) read_one_row routines, which allows remote
attackers to cause a denial of service and possibly execute arbitrary
code.

Analysis
----------------
ED_PRI CAN-2002-1376 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1377
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1377
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2002-December/003330.html
Reference: MISC:http://www.guninski.com/vim1.html
Reference: REDHAT:RHSA-2002:297
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-297.html
Reference: MANDRAKE:MDKSA-2003:012
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:012

vim 6.0 and 6.1, and possibly other versions, allows attackers to
execute arbitrary commands using the libcall feature in modelines,
which are not sandboxed but may be executed when vim is used as an
editor for other products such as mutt.

Analysis
----------------
ED_PRI CAN-2002-1377 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1383
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1383
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021218
Category: SF
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html

Multiple integer overflows in Common Unix Printing System (CUPS)
1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code
via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and
(2) the image handling code in CUPS filters, as demonstrated by mksun.

Analysis
----------------
ED_PRI CAN-2002-1383 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1384
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1384
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021218
Category: SF
Reference: VULNWATCH:20021223 iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops
Reference: MISC:http://www.idefense.com/advisory/12.23.02.txt
Reference: DEBIAN:DSA-222
Reference: URL:http://www.debian.org/security/2003/dsa-222
Reference: DEBIAN:DSA-226
Reference: URL:http://www.debian.org/security/2003/dsa-226
Reference: BUGTRAQ:20030102 GLSA:  xpdf
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104152282309980&w=2
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html
Reference: REDHAT:RHSA-2003:037
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-037.html

Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i,
and CUPS before 1.1.18, allows local users to execute arbitrary code
via a ColorSpace entry with a large number of elements, as
demonstrated by cups-pdf.

Analysis
----------------
ED_PRI CAN-2002-1384 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1388
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1388
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021230
Category: SF
Reference: CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200212220120.gBM1K8502180@mcguire.earlhood.com
Reference: DEBIAN:DSA-221
Reference: URL:http://www.debian.org/security/2002/dsa-221

Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14
allows remote attackers to inject arbitrary HTML into web archive
pages via HTML mail messages.

Analysis
----------------
ED_PRI CAN-2002-1388 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1389
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1389
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021230
Category: SF
Reference: DEBIAN:DSA-217
Reference: URL:http://www.debian.org/security/2002/dsa-217

Buffer overflow in typespeed 0.4.2 and earlier allows local users to
gain privileges via long input.

Analysis
----------------
ED_PRI CAN-2002-1389 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1390
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1390
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030106
Category: SF
Reference: CONFIRM:http://cristal.inria.fr/~ddr/GeneWeb/en/version/4.09.html
Reference: DEBIAN:DSA-223
Reference: URL:http://www.debian.org/security/2003/dsa-223

The daemon for GeneWeb before 4.09 does not properly handle requested
paths, which allows remote attackers to read arbitrary files via a
crafted URL.

Analysis
----------------
ED_PRI CAN-2002-1390 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1396
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: BUGTRAQ:20021227 Buffer overflow in PHP "wordwrap" function
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104102689503192&w=2
Reference: CONFIRM:http://bugs.php.net/bug.php?id=20927
Reference: REDHAT:RHSA-2003:017
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-017.html
Reference: ENGARDE:ESA-20030219-003
Reference: SUSE:SuSE-SA:2003:0009
Reference: MANDRAKE:MDKSA-2003:019
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:019

Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2
and before 4.3.0 may allow attackers to cause a denial of service or
execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2002-1396 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1342
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1342
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021205
Category: SF/CF/MP/SA/AN/unknown
Reference: DEBIAN:DSA-203
Reference: URL:http://www.debian.org/security/2002/dsa-203

Unknown vulnerability in smb2www 980804-16 and earlier allows remote
attackers to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2002-1342 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1347
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1347
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021210
Category: SF
Reference: BUGTRAQ:20021209 Cyrus SASL library buffer overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103946297703402&w=2
Reference: REDHAT:RHSA-2002:283
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-283.html

Buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote
attackers to cause a denial of service and possibly execute arbitrary
code via (1) long inputs during user name canonicalization, (2)
characters that need to be escaped during LDAP authentication using
saslauthd, or (3) an off-by-one error in the log writer, which does
not allocate space for the null character that terminates a string.

Analysis
----------------
ED_PRI CAN-2002-1347 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1355
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1355
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021213
Category: SF
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00007.html
Reference: CONFIRM:http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-bgp.c.diff?r1=1.68&r2=1.69
Reference: REDHAT:RHSA-2002:290
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-290.html

Multiple integer signedness errors in the BGP dissector in Ethereal
0.9.7 and earlier allow remote attackers to cause a denial of service
(infinite loop) via malformed messages.

Analysis
----------------
ED_PRI CAN-2002-1355 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1356
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1356
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021213
Category: SF
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00007.html
Reference: CONFIRM:http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-lmp.c#rev1.13
Reference: REDHAT:RHSA-2002:290
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-290.html

Ethereal 0.9.7 and earlier allows remote attackers to cause a denial
of service (crash) and possibly execute arbitrary code via malformed
packets to the (1) LMP, (2) PPP, or (3) TDS dissectors, possibly
related to a missing field for EndVerifyAck messages.

Analysis
----------------
ED_PRI CAN-2002-1356 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1378
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1378
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: SUSE:SuSE-SA:2002:047
Reference: URL:http://www.suse.de/de/security/2002_047_openldap2.html
Reference: DEBIAN:DSA-227
Reference: URL:http://www.debian.org/security/2003/dsa-227
Reference: REDHAT:RHSA-2003:040
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-040.html
Reference: MANDRAKE:MDKSA-2003:006
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:006

Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier
allow remote attackers to execute arbitrary code via (1) long -t or -r
parameters to slurpd, (2) a malicious ldapfilter.conf file that is not
properly handled by getfilter functions, (3) a malicious
ldaptemplates.conf that causes an overflow in libldap, (4) a certain
access control list that causes an overflow in slapd, or (5) a long
generated filename for logging rejected replication requests.

Analysis
----------------
ED_PRI CAN-2002-1378 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1379
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1379
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: SUSE:SuSE-SA:2002:047
Reference: URL:http://www.suse.de/de/security/2002_047_openldap2.html
Reference: DEBIAN:DSA-227
Reference: URL:http://www.debian.org/security/2003/dsa-227
Reference: REDHAT:RHSA-2003:040
Reference: MANDRAKE:MDKSA-2003:006
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:006

OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local
attackers to execute arbitrary code when libldap reads the .ldaprc
file within applications that are running with extra privileges.

Analysis
----------------
ED_PRI CAN-2002-1379 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1393
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1393
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030106
Category: SF
Reference: BUGTRAQ:20021221 KDE Security Advisory: Multiple vulnerabilities in KDE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104049734911544&w=2
Reference: BUGTRAQ:20021222 GLSA: kde-3.0.x
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104066520330397&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021220-1.txt
Reference: DEBIAN:DSA-237
Reference: URL:http://www.debian.org/security/2003/dsa-237
Reference: DEBIAN:DSA-238
Reference: URL:http://www.debian.org/security/2003/dsa-238
Reference: DEBIAN:DSA-239
Reference: URL:http://www.debian.org/security/2003/dsa-239
Reference: DEBIAN:DSA-240
Reference: URL:http://www.debian.org/security/2003/dsa-240
Reference: DEBIAN:DSA-241
Reference: URL:http://www.debian.org/security/2003/dsa-241
Reference: DEBIAN:DSA-242
Reference: URL:http://www.debian.org/security/2003/dsa-242
Reference: DEBIAN:DSA-243
Reference: URL:http://www.debian.org/security/2003/dsa-243
Reference: CONECTIVA:CLA-2003:569
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000569

Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not
quote certain parameters that are inserted into a shell command, which
could allow remote attackers to execute arbitrary commands via (1)
URLs, (2) filenames, or (3) e-mail addresses.

Analysis
----------------
ED_PRI CAN-2002-1393 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1395
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1395
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: DEBIAN:DSA-202
Reference: URL:http://www.debian.org/security/2002/dsa-202
Reference: BID:6307
Reference: URL:http://online.securityfocus.com/bid/6307

Internet Message (IM) 141-18 and earlier uses predictable file and
directory names, which allows local users to (1) obtain unauthorized
directory permissions via a temporary directory used by impwagent, and
(2) overwrite and create arbitrary files via immknmz.

Analysis
----------------
ED_PRI CAN-2002-1395 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1508
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1508
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030206
Category: SF
Reference: SUSE:SuSE-SA:2002:047
Reference: URL:http://www.suse.de/de/security/2002_047_openldap2.html
Reference: REDHAT:RHSA-2003:040
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-040.html
Reference: DEBIAN:DSA-227
Reference: URL:http://www.debian.org/security/2003/dsa-227
Reference: MANDRAKE:MDKSA-2003:006
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:006
Reference: XF:openldap-acl-slapd-bo(11288)
Reference: URL:http://www.iss.net/security_center/static/11288.php

slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users
to overwrite arbitrary files via a race condition during the creation
of a log file for rejected replication requests.

Analysis
----------------
ED_PRI CAN-2002-1508 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007