[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster UNIX-2003a - 35 candidates

I am proposing cluster UNIX-2003a for review and voting by the
Editorial Board.

Name: UNIX-2003a
Description: CANs in Linux advisories from Jan 2003 to March 2003
Size: 35

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-1509
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1509
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030213
Category: SF
Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418
Reference: REDHAT:RHSA-2003:057
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-057.html
Reference: MANDRAKE:MDKSA-2003:026
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:026

A patch for shadow-utils 20000902-7 causes the useradd command to
create a mail spool files with read/write privileges of the new user's
group (mode 660), which allows other users in the same group to read
or modify the new user's incoming email.

Analysis
----------------
ED_PRI CAN-2002-1509 1
Vendor Acknowledgement: yes patch

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0012
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0012
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030106
Category: SF
Reference: BUGTRAQ:20030102 [BUGZILLA] Security Advisory - remote database password disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104154319200399&w=2
Reference: DEBIAN:DSA-230
Reference: URL:http://www.debian.org/security/2003/dsa-230
Reference: BID:6502
Reference: URL:http://online.securityfocus.com/bid/6502

The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x
before 2.16.2, and 2.17.x before 2.17.3 sets world-writable
permissions for the data/mining directory when it runs, which allows
local users to modify or delete the data.

Analysis
----------------
ED_PRI CAN-2003-0012 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0013
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0013
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030106
Category: CF
Reference: BUGTRAQ:20030102 [BUGZILLA] Security Advisory - remote database password disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104154319200399&w=2
Reference: DEBIAN:DSA-230
Reference: URL:http://www.debian.org/security/2003/dsa-230
Reference: BID:6501
Reference: URL:http://online.securityfocus.com/bid/6501

The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5,
2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include
filenames for backup copies of the localconfig file that are made from
editors such as vi and Emacs, which could allow remote attackers to
obtain a database password by directly accessing the backup file.

Analysis
----------------
ED_PRI CAN-2003-0013 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0018
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0018
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: REDHAT:RHSA-2003:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-025.html
Reference: MANDRAKE:MDKSA-2003:014
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:014
Reference: XF:linux-odirect-information-leak(11249)
Reference: URL:http://www.iss.net/security_center/static/11249.php

Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the
O_DIRECT feature, which allows local attackers with write privileges
to read portions of previously deleted files, or cause file system
corruption.

Analysis
----------------
ED_PRI CAN-2003-0018 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0019
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0019
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: REDHAT:RHSA-2003:056
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-056.html
Reference: XF:linux-umlnet-gain-privileges(11276)
Reference: URL:http://www.iss.net/security_center/static/11276.php

uml_net in the kernel-utils package for Red Hat Linux 8.0 has
incorrect setuid root privileges, which allows local users to modify
network interfaces, e.g. by modifying ARP entries or placing
interfaces into promiscuous mode.

Analysis
----------------
ED_PRI CAN-2003-0019 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0032
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0032
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030112
Category: SF
Reference: BUGTRAQ:20030103 Multiple libmcrypt vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104162752401212&w=2
Reference: BUGTRAQ:20030105 GLSA:  libmcrypt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104188513728573&w=2
Reference: DEBIAN:DSA-228
Reference: URL:http://www.debian.org/security/2003/dsa-228
Reference: CONECTIVA:CLA-2003:567
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567
Reference: SUSE:SuSE-SA:2003:0010

Memory leak in libmcrypt before 2.5.5 allows attackers to cause a
denial of service (memory exhaustion) via a large number of requests
to the application, which causes libmcrypt to dynamically load
algorithms via libtool.

Analysis
----------------
ED_PRI CAN-2003-0032 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0033
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0033
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030115
Category: SF
Reference: ISS:20030303 Snort RPC Preprocessing Vulnerability
Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951
Reference: BUGTRAQ:20030303 Snort RPC Vulnerability (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104673386226064&w=2
Reference: MANDRAKE:MDKSA-2003:029
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:029
Reference: ENGARDE:ESA-20030307-007
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104705626227740&w=2
Reference: BUGTRAQ:20030307 GLSA:  snort (200303-6.1)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104716001503409&w=2
Reference: XF:snort-rpc-fragment-bo(10956)
Reference: URL:http://www.iss.net/security_center/static/10956.php

Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before
1.9.1 allows remote attackers to execute arbitrary code via fragmented
RPC packets.

Analysis
----------------
ED_PRI CAN-2003-0033 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0039
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0039
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030127
Category: SF
Reference: BUGTRAQ:20030115 DoS against DHCP infrastructure with isc dhcrelay
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104310927813830&w=2
Reference: DEBIAN:DSA-245
Reference: URL:http://www.debian.org/security/2003/dsa-245
Reference: BUGTRAQ:20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd)
Reference: URL:http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.html

ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other
versions, allows remote attackers to cause a denial of service (packet
storm) via a certain BOOTP packet that is forwarded to a broadcast MAC
address, causing an infinite loop that is not restricted by a hop
count.

Analysis
----------------
ED_PRI CAN-2003-0039 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0040
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030127
Category: SF
Reference: DEBIAN:DSA-247
Reference: URL:http://www.debian.org/security/2003/dsa-247

SQL injection vulnerability in the PostgreSQL auth module for courier
0.40 and earlier allows remote attackers to execute SQL code via the
user name.

Analysis
----------------
ED_PRI CAN-2003-0040 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0042
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0042
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030127
Category: SF
Reference: BUGTRAQ:20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104394568616290&w=2
Reference: VULNWATCH:20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
Reference: DEBIAN:DSA-246
Reference: URL:http://www.debian.org/security/2003/dsa-246

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier,
allows remote attackers to list directories even with an index.html or
other file present, or obtain unprocessed source code for a JSP file,
via a URL containing a null character.

Analysis
----------------
ED_PRI CAN-2003-0042 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0043
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0043
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030127
Category: SF
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
Reference: DEBIAN:DSA-246
Reference: URL:http://www.debian.org/security/2003/dsa-246

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier,
uses trusted privileges when processing the web.xml file, which could
allow remote attackers to read portions of some files through the
web.xml file.

Analysis
----------------
ED_PRI CAN-2003-0043 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0044
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0044
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030127
Category: SF
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
Reference: DEBIAN:DSA-246
Reference: URL:http://www.debian.org/security/2003/dsa-246

Cross-site scripting (XSS) vulnerabilities in the (1) examples and (2)
ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow
remote attackers to execute arbitrary web script.

Analysis
----------------
ED_PRI CAN-2003-0044 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0070
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0070
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: REDHAT:RHSA-2003:053
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-053.html
Reference: BUGTRAQ:20030303 GLSA:  vte (200303-2)
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

VTE, as used by default in gnome-terminal terminal emulator 2.2 and as
an option in gnome-terminal 2.0, allows attackers to modify the window
title via a certain character escape sequence and then insert it back
to the command line in the user's terminal, e.g. when the user views a
file containing the malicious sequence, which could allow the attacker
to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2003-0070 1
Vendor Acknowledgement: yes advisory

ACCURACY: Affected versions confirmed by Mark Cox of Red Hat via
email.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0073
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0073
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: CONFIRM:http://www.mysql.com/doc/en/News-3.23.55.html
Reference: MANDRAKE:MDKSA-2003:013
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:013
Reference: BUGTRAQ:20030129 [OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104385719107879&w=2
Reference: ENGARDE:ESA-20030220-004
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html
Reference: XF:mysql-mysqlchangeuser-doublefree-dos(11199)
Reference: URL:http://www.iss.net/security_center/static/11199.php

Double-free vulnerability in mysqld for MySQL before 3.23.55 allows
attackers with MySQL access to cause a denial of service (crash) via
mysql_change_user.

Analysis
----------------
ED_PRI CAN-2003-0073 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0078
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030210
Category: SF
Reference: CONFIRM:http://www.openssl.org/news/secadv_20030219.txt
Reference: BUGTRAQ:20030219 OpenSSL 0.9.7a and 0.9.6i released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104567627211904&w=2
Reference: BUGTRAQ:20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104568426824439&w=2
Reference: ENGARDE:ESA-20030220-005
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html
Reference: BUGTRAQ:20030220 GLSA:  openssl (200302-10)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104577183206905&w=2
Reference: BUGTRAQ:20030220 TSLSA-2003-0005 - openssl
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104586094920848&w=2
Reference: MANDRAKE:MDKSA-2003:020
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:020
Reference: DEBIAN:DSA-253
Reference: URL:http://www.debian.org/security/2003/dsa-253
Reference: FREEBSD:FreeBSD-SA-03:02
Reference: CONECTIVA:CLSA-2003:570
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570
Reference: SUSE:SuSE-SA:2003:011
Reference: NETBSD:NetBSD-SA2003-001
Reference: XF:ssl-cbc-information-leak(11369)
Reference: URL:http://www.iss.net/security_center/static/11369.php

ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before
0.9.6i does not perform a MAC computation if an incorrect block cipher
padding is used, which causes an information leak (timing discrepancy)
that may make it easier to launch cryptographic attacks that rely on
distinguishing between padding and MAC verification errors, possibly
leading to extraction of the original plaintext, aka the "Vaudenay
timing attack."

Analysis
----------------
ED_PRI CAN-2003-0078 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0081
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0081
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030210
Category: SF
Reference: MISC:http://www.guninski.com/etherre.html
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00008.html
Reference: BUGTRAQ:20030308 Ethereal format string bug, yet still ethereal much better than windows
Reference: DEBIAN:DSA-258
Reference: URL:http://www.debian.org/security/2003/dsa-258

Format string vulnerability in packet-socks.c of the SOCKS dissector
for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute
arbitrary code via SOCKS packets containing format string specifiers.

Analysis
----------------
ED_PRI CAN-2003-0081 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0093
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0093
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030212
Category: SF
Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=81585
Reference: REDHAT:RHSA-2003:033
Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-033.html
Reference: DEBIAN:DSA-261
Reference: URL:http://www.debian.org/security/2003/dsa-261

The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote
attackers to cause a denial of service (crash) via an invalid RADIUS
packet with a header length field of 0, which causes tcpdump to
generate data within an infinite loop.

Analysis
----------------
ED_PRI CAN-2003-0093 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0094
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0094
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030214
Category: SF
Reference: MANDRAKE:MDKSA-2003:016
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:016

A patch for mcookie in the util-linux package for Mandrake Linux 8.2
and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie
to use an entropy source that is more predictable than expected, which
may make it easier for certain types of attacks to succeed.

Analysis
----------------
ED_PRI CAN-2003-0094 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0102
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0102
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: BUGTRAQ:20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104680706201721&w=2
Reference: MISC:http://www.idefense.com/advisory/03.04.03.txt
Reference: REDHAT:RHSA-2003:086
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-086.html
Reference: NETBSD:NetBSD-SA2003-003
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc
Reference: DEBIAN:DSA-260
Reference: URL:http://www.debian.org/security/2003/dsa-260

Buffer overflow in tryelf() in readelf.c of the file command allows
attackers to execute arbitrary code as the user running file, possibly
via a large entity size value in an ELF header (elfhdr.e_shentsize).

Analysis
----------------
ED_PRI CAN-2003-0102 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0108
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0108
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030226
Category: SF
Reference: BUGTRAQ:20030227 iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsin
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104637420104189&w=2
Reference: MISC:http://www.idefense.com/advisory/02.27.03.txt
Reference: DEBIAN:DSA-255
Reference: URL:http://www.debian.org/security/2003/dsa-255
Reference: MANDRAKE:MDKSA-2003:027
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:027
Reference: SUSE:SuSE-SA:2003:0015
Reference: URL:http://www.suse.de/de/security/2003_015_tcpdump.html
Reference: BUGTRAQ:20030304 [OpenPKG-SA-2003.014] OpenPKG Security Advisory (tcpdump)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678787109030&w=2
Reference: XF:tcpdump-isakmp-dos(11434)
Reference: URL:http://www.iss.net/security_center/static/11434.php

isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers
to cause a denial of service (CPU consumption) via a certain malformed
ISAKMP packet to UDP port 500, which causes tcpdump to enter an
infinite loop.

Analysis
----------------
ED_PRI CAN-2003-0108 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0120
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0120
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030228
Category: SF
Reference: DEBIAN:DSA-256
Reference: URL:http://www.debian.org/security/2003/dsa-256
Reference: XF:mhc-adb2mhc-insecure-tmp(11439)
Reference: URL:http://www.iss.net/security_center/static/11439.php

adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local
users to overwrite arbitrary files via a symlink attack on a default
temporary diectory with a predictable name.

Analysis
----------------
ED_PRI CAN-2003-0120 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0143
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0143
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030313
Category: SF
Reference: BUGTRAQ:20030310 QPopper 4.0.x buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104739841223916&w=2
Reference: BUGTRAQ:20030312 Re: QPopper 4.0.x buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104748775900481&w=2
Reference: DEBIAN:DSA-259
Reference: URL:http://www.debian.org/security/2003/dsa-259
Reference: BUGTRAQ:20030314 [OpenPKG-SA-2003.018] OpenPKG Security Advisory (qpopper)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104768137314397&w=2
Reference: BUGTRAQ:20030317 GLSA:  qpopper (200303-12)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792541215354&w=2

The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null
terminate a message buffer after a call to Qvsnprintf, which could
allow authenticated users to execute arbitrary code via a buffer
overflow in a mdef command with a long macro name.

Analysis
----------------
ED_PRI CAN-2003-0143 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0144
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0144
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030313
Category: SF
Reference: BUGTRAQ:20030305 potential buffer overflow in lprm (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104690434504429&w=2
Reference: BUGTRAQ:20030308 OpenBSD lprm(1) exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104714441925019&w=2
Reference: CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch
Reference: SUSE:SuSE-SA:2003:0014
Reference: URL:http://www.suse.de/de/security/2003_014_lprold.html

Buffer overflow in the lprm command in the lprold lpr package on SuSE
7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating
systems, allows local users to gain root privileges via long command
line arguments such as (1) request ID or (2) user name.

Analysis
----------------
ED_PRI CAN-2003-0144 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0087
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0087
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030210
Category: SF
Reference: BUGTRAQ:20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104508375107938&w=2
Reference: VULNWATCH:20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0066.html
Reference: BUGTRAQ:20030212 libIM.a buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104508833214691&w=2
Reference: MISC:http://www.idefense.com/advisory/02.12.03.txt
Reference: AIXAPAR:IY40307
Reference: AIXAPAR:IY40317
Reference: AIXAPAR:IY40320

Buffer overflow in libIM library (libIM.a) for National Language
Support (NLS) on AIX 4.3 through 5.2 allows local users to gain
privileges via several possible attack vectors, including a long -im
argument to aixterm.

Analysis
----------------
ED_PRI CAN-2003-0087 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0025
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0025
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030110
Category: SF
Reference: BUGTRAQ:20030108 IMP 2.x SQL injection vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104204786206563&w=2
Reference: DEBIAN:DSA-229
Reference: URL:http://www.debian.org/security/2003/dsa-229
Reference: SUSE:SuSE-SA:2003:0008

Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow
remote attackers to perform unauthorized database activities and
possibly gain privileges via certain database functions such as
check_prefs() in db.pgsql, as demonstrated using mailbox.php3.

Analysis
----------------
ED_PRI CAN-2003-0025 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0031
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0031
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030112
Category: SF
Reference: BUGTRAQ:20030103 Multiple libmcrypt vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104162752401212&w=2
Reference: BUGTRAQ:20030105 GLSA:  libmcrypt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104188513728573&w=2
Reference: DEBIAN:DSA-228
Reference: URL:http://www.debian.org/security/2003/dsa-228
Reference: CONECTIVA:CLA-2003:567
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567
Reference: SUSE:SuSE-SA:2003:0010

Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to
cause a denial of service (crash).

Analysis
----------------
ED_PRI CAN-2003-0031 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0034
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0034
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030121
Category: SF
Reference: MISC:http://www.idefense.com/advisory/01.21.03.txt
Reference: VULNWATCH:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html
Reference: MANDRAKE:MDKSA-2003:010
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:010

Buffer overflow in the mtink status monitor, as included in the
printer-drivers package in Mandrake Linux, allows local users to
execute arbitrary code via a long HOME environment variable.

Analysis
----------------
ED_PRI CAN-2003-0034 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC, SF-CODEBASE

ABSTRACTION: while both mtink and escputil suffer from overflows in
the same version of the printer-drivers package, the iDEFENSE advisory
makes it clear that there are separate maintainers for these
utilities.  Therefore they are different codebases, and the overflows
are SPLIT according to CD:SF-CODEBASE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0035
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0035
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030121
Category: SF
Reference: MISC:http://www.idefense.com/advisory/01.21.03.txt
Reference: VULNWATCH:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html
Reference: MANDRAKE:MDKSA-2003:010
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:010

Buffer overflow in escputil, as included in the printer-drivers
package in Mandrake Linux, allows local users to execute arbitrary
code via a long printer-name command line argument.

Analysis
----------------
ED_PRI CAN-2003-0035 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC, SF-CODEBASE

ABSTRACTION: while both mtink and escputil suffer from overflows in
the same version of the printer-drivers package, the iDEFENSE advisory
makes it clear that there are separate maintainers for these
utilities.  Therefore they are different codebases, and the overflows
are SPLIT according to CD:SF-CODEBASE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0036
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0036
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030121
Category: SF
Reference: MISC:http://www.idefense.com/advisory/01.21.03.txt
Reference: VULNWATCH:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html
Reference: MANDRAKE:MDKSA-2003:010
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:010

ml85p, as included in the printer-drivers package for Mandrake Linux,
allows local users to overwrite arbitrary files via a symlink attack
on temporary files with predictable filenames of the form "mlg85p%d".

Analysis
----------------
ED_PRI CAN-2003-0036 3
Vendor Acknowledgement: unknown
Content Decisions: ABSTRACTION

ABSTRACTION: should this be merged with CVE-2001-1177?

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0037
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0037
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030123
Category: SF
Reference: DEBIAN:DSA-244
Reference: URL:http://www.debian.org/security/2003/dsa-244

Buffer overflows in noffle news server 1.0.1 and earlier allow remote
attackers to cause a denial of service (segmentation fault) and
possibly execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2003-0037 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0041
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0041
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030127
Category: SF
Reference: VULNWATCH:20030128 MIT Kerberos FTP client remote shell commands execution
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0047.html
Reference: REDHAT:RHSA-2003:020
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-020.html
Reference: MANDRAKE:MDKSA-2003:021
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:021

Kerberos FTP client allows remote FTP sites to execute arbitrary code
via a pipe (|) character in a filename that is retrieved by the
client.

Analysis
----------------
ED_PRI CAN-2003-0041 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE

ABSTRACTION: this is very similar to CVE-1999-0097, although different
codebases are affected.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0056
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0056
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030129
Category: SF
Reference: BUGTRAQ:20030124 [USG- SA- 2003.001] USG Security Advisory (slocate)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104342864418213&w=2
Reference: BUGTRAQ:20030125 Re: [USG- SA- 2003.001] USG Security Advisory (slocate)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104348607205691&w=2
Reference: MISC:http://www.usg.org.uk/advisories/2003.001.txt
Reference: MANDRAKE:MDKSA-2003:015
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:015
Reference: DEBIAN:DSA-252
Reference: URL:http://www.debian.org/security/2003/dsa-252
Reference: BUGTRAQ:20030202 GLSA:  slocate
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104428624705363&w=2

Buffer overflow in secure locate (slocate) before 2.7 allows local
users to execute arbitrary code via a long (1) -c or (2) -r command
line argument.

Analysis
----------------
ED_PRI CAN-2003-0056 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0098
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0098
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030221
Category: SF
Reference: MISC:http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt
Reference: MANDRAKE:MDKSA-2003:018
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:018
Reference: MISC:http://securitytracker.com/alerts/2003/Feb/1006108.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137900
Reference: CONFIRM:http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6
Reference: XF:apcupsd-logevent-format-string(11334)
Reference: URL:http://www.iss.net/security_center/static/11334.php

Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before
3.10.5, allows remote attackers to gain root privileges, possibly via
format strings in a request to a slave server.

Analysis
----------------
ED_PRI CAN-2003-0098 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0099
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0099
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030221
Category: SF
Reference: MANDRAKE:MDKSA-2003:018
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:018
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137900
Reference: XF:apcupsd-vsprintf-multiple-bo(11491)
Reference: URL:http://www.iss.net/security_center/static/11491.php

Multiple buffer overflows in apcupsd before 3.10.5 may allow attackers
to cause a denial of service or execute arbitrary code, related to
usage of the vsprintf function.

Analysis
----------------
ED_PRI CAN-2003-0099 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0101
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0101
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030224
Category: SF
Reference: BUGTRAQ:20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability "Episode 2"
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610300325629&w=2
Reference: BUGTRAQ:20030224 GLSA:  usermin (200302-14)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610336226274&w=2
Reference: BUGTRAQ:20030224 Webmin 1.050 - 1.060 remote exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610245624895&w=2
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=webmin-announce&m=104587858408101&w=2
Reference: MANDRAKE:MDKSA-2003:025
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:025
Reference: XF:webmin-usermin-root-access(11390)
Reference: URL:http://www.iss.net/security_center/static/11390.php

miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000
does not properly handle metacharacters such as line feeds and
carriage returns (CRLF) in Base-64 encoded strings during Basic
authentication, which allows remote attackers to spoof a session ID
and gain root privileges.

Analysis
----------------
ED_PRI CAN-2003-0101 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

ACKNOWLEDGEMENT: The developer confirmed via e-mail on February 24,
2003, that the SNS advisory (which credits "Keigo Yamazaki") is the
same issue as was described in the Webmin advisory (which credits
"Cintia M. Imanishi").

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007