[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster 2004-01-B - 42 candidates

I am proposing cluster 2004-01-B for review and voting by the
Editorial Board.

Name: 2004-01-B
Description: CANs announced between 2004/01/13 and 2004/01/31
Size: 42

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2003-0903
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0903
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20031104
Category: SF
Reference: MS:MS04-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-003.asp

Buffer overflow in a component of Microsoft Data Access Components
(MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary
code via a malformed UDP response to a broadcast request.

Analysis
----------------
ED_PRI CAN-2003-0903 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0924
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0924
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20031104
Category: SF
Reference: DEBIAN:DSA-426
Reference: URL:http://www.debian.org/security/2004/dsa-426
Reference: REDHAT:RHSA-2004:030
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-030.html
Reference: REDHAT:RHSA-2004:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-031.html
Reference: SGI:20040201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Reference: MANDRAKE:MDKSA-2004:011
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:011
Reference: CERT-VN:VU#487102
Reference: URL:http://www.kb.cert.org/vuls/id/487102

netpbm 2:9.25 and earlier does not properly create temporary files,
which allows local users to overwrite arbitrary files.

Analysis
----------------
ED_PRI CAN-2003-0924 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0966
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0966
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20031126
Category: SF
Reference: REDHAT:RHSA-2004:009
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-009.html
Reference: SGI:20040103-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc

Buffer overflow in the frm command in elm 2.5.6 and earlier allows
remote attackers to execute arbitrary code via a long Subject line.

Analysis
----------------
ED_PRI CAN-2003-0966 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0988
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20031216
Category: SF
Reference: BUGTRAQ:20040114 KDE Security Advisory: VCF file information reader vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107412130407906&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20040114-1.txt
Reference: REDHAT:RHSA-2004:005
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-005.html
Reference: MANDRAKE:MDKSA-2004:003
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:003
Reference: CONECTIVA:CLA-2004:810
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810

Buffer overflow in the VCF file information reader for KDE Personal
Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4
allows attackers to execute arbitrary code via a VCF file.

Analysis
----------------
ED_PRI CAN-2003-0988 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0001
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0001
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: REDHAT:RHSA-2004:017
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-017.html
Reference: BUGTRAQ:20040217 [ GLSA 200402-06 ] Linux kernel AMD64 ptrace vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107703562524092&w=2
Reference: CERT-VN:VU#337238
Reference: URL:http://www.kb.cert.org/vuls/id/337238
Reference: XF:linux-ptrace-gain-privilege(14888)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14888
Reference: BID:9429
Reference: URL:http://www.securityfocus.com/bid/9429

Unknown vulnerability in the eflags checking in the 32-bit ptrace
emulation for the Linux kernel on AMD64 systems allows local users to
gain privileges.

Analysis
----------------
ED_PRI CAN-2004-0001 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0004
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0004
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: BUGTRAQ:20040116 [OpenCA Advisory] Vulnerability in signature verification
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107427313700554&w=2
Reference: CONFIRM:http://www.openca.org/news/CAN-2004-0004.txt

The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6
and earlier only compares the serial of the signer's certificate and
the one in the database, which can cause OpenCA to incorrectly accept
a signature if the certificate's chain is trusted by OpenCA's chain
directory, allowing remote attackers to spoof requests from other
users.

Analysis
----------------
ED_PRI CAN-2004-0004 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0047
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0047
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040113
Category: SF
Reference: DEBIAN:DSA-430
Reference: URL:http://www.debian.org/security/2004/dsa-430

Multiple programs in trr19 1.0 do not properly drop privileges before
executing a system command, which could allow local users to gain
privileges.

Analysis
----------------
ED_PRI CAN-2004-0047 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0063
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0063
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: CONFIRM:http://www.ncipher.com/support/advisories/advisory8_payshield.html
Reference: BUGTRAQ:20040114 nCipher Advisory #8: payShield library may verify bad requests
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411819503569&w=2

The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12,
1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a
different status code, which could cause applications to make
incorrect security-critical decisions, e.g. by accepting an invalid
PIN number.

Analysis
----------------
ED_PRI CAN-2004-0063 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0068
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0068
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040115
Category: SF
Reference: BUGTRAQ:20040114 PhpDig 1.6.x: remote command execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107412194008671&w=2
Reference: CONFIRM:http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393

PHP remote code injection vulnerability in config.php for PhpDig 1.6.5
and earlier allows remote attackers to execute arbitrary PHP code by
modifying the $relative_script_path parameter to reference a URL on a
remote web server that contains the code.

Analysis
----------------
ED_PRI CAN-2004-0068 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0089
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0089
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040120
Category: SF
Reference: ATSTAKE:A012704-1
Reference: URL:http://www.atstake.com/research/advisories/2004/a012704-1.txt
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html

Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x
allows local users to gain privileges via a long environment variable.

Analysis
----------------
ED_PRI CAN-2004-0089 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0092
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0092
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040123
Category: SF
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html

Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and
10.3.2, with unknown impact.

Analysis
----------------
ED_PRI CAN-2004-0092 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0099
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0099
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040129
Category: SF
Reference: FREEBSD:FreeBSD-SA-04:01
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc

mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when
creating a snapshot for a file system, which causes default values for
other flags to be used, possibly disabling security-critical settings
and allowing a local user to bypass intended access restrictions.

Analysis
----------------
ED_PRI CAN-2004-0099 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0128
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0128
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040204
Category: SF
Reference: BUGTRAQ:20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior
Reference: URL:http://www.securityfocus.com/archive/1/352355
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=141517

PHP remote code injection vulnerability in the GEDCOM configuration
script for phpGedView 2.65.1 and earlier allows remote attackers to
execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY
parameter to reference a URL on a remote web server that contains a
malicious theme.php script.

Analysis
----------------
ED_PRI CAN-2004-0128 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the changelog for PhpGedView v2.65.2, dated January
28, 2004, includes an item that says the developer "Fixed
vulnerability in $INDEX_DIRECTORY/gedcom.ged_conf.php."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0256
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0256
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040130 Symlink Vulnerability in GNU libtool <1.5.2
Reference: URL:http://www.securityfocus.com/archive/1/352333
Reference: CONECTIVA:CLA-2004:811
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000811
Reference: MISC:http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405
Reference: BID:9530
Reference: URL:http://www.securityfocus.com/bid/9530
Reference: XF:libtool-insecure-temp-directory(15017)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15017

GNU libtool before 1.5.2, during compile time, allows local users to
overwrite arbitrary files via a symlink attack on libtool directories
in /tmp.

Analysis
----------------
ED_PRI CAN-2004-0256 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0096
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0096
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040126
Category: SF
Reference: MLIST:[mod_python] 20040122 [ANNOUNCE] Mod_python 2.7.10
Reference: URL:http://www.modpython.org/pipermail/mod_python/2004-January/014879.html

Unknown vulnerability in mod_python 2.7.9 allows remote attackers to
cause a denial of service (httpd crash) via a certain query string, a
variant of CAN-2003-0973.

Analysis
----------------
ED_PRI CAN-2004-0096 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0819
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0819
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20030918
Category: SF
Reference: MISC:http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Reference: MS:MS04-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-001.asp
Reference: CERT:CA-2004-01
Reference: URL:http://www.cert.org/advisories/CA-2004-01.html
Reference: CERT-VN:VU#749342
Reference: URL:http://www.kb.cert.org/vuls/id/749342

Buffer overflow in the H.323 filter of Microsoft Internet Security and
Acceleration Server 2000 allows remote attackers to execute arbitrary
code in the Microsoft Firewall Service via certain H.323 traffic, as
demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225
protocol.

Analysis
----------------
ED_PRI CAN-2003-0819 3
Vendor Acknowledgement: yes advisory
Content Decisions: SUITE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0989
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20031216
Category: SF
Reference: SUSE:SuSE-SA:2004:002
Reference: REDHAT:RHSA-2004:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-007.html
Reference: REDHAT:RHSA-2004:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-008.html
Reference: DEBIAN:DSA-425
Reference: URL:http://www.debian.org/security/2004/dsa-425
Reference: MANDRAKE:MDKSA-2004:008
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:008
Reference: SGI:20040103-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html
Reference: BUGTRAQ:20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107577418225627&w=2
Reference: CERT-VN:VU#738518
Reference: URL:http://www.kb.cert.org/vuls/id/738518

tcpdump before 3.8.1 allows remote attackers to cause a denial of
service (infinite loop) via certain ISAKMP packets, a different
vulnerability than CAN-2004-0057.

Analysis
----------------
ED_PRI CAN-2003-0989 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: since CAN-2004-0057 and CAN-2003-0989 affect different
tcpdump versions, they are SPLIT per CD:SF-LOC.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0003
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0003
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: CONFIRM:http://www.linuxcompatible.org/print25630.html
Reference: REDHAT:RHSA-2004:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-065.html
Reference: REDHAT:RHSA-2004:044
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-044.html
Reference: SUSE:SuSE-SA:2004:005
Reference: URL:http://www.suse.de/de/security/2004_05_linux_kernel.html

Unknown vulnerability in Linux kernel before 2.4.22 allows local users
to gain privileges, related to "R128 DRI limits checking."

Analysis
----------------
ED_PRI CAN-2004-0003 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0005
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0005
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: BUGTRAQ:20040126 Advisory 01/2004: 12 x Gaim remote overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2
Reference: MISC:http://security.e-matters.de/advisories/012004.html
Reference: DEBIAN:DSA-434
Reference: URL:http://www.debian.org/security/2004/dsa-434
Reference: CONECTIVA:CLA-2004:813
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813

Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause
a denial of service and possibly execute arbitrary code via (1) octal
encoding in yahoo_decode that causes a null byte to be written beyond
the buffer, (2) octal encoding in yahoo_decode that causes a pointer
to reference memory beyond the terminating null byte, (3) a quoted
printable string to the gaim_quotedp_decode MIME decoder that causes a
null byte to be written beyond the buffer, and (4) quoted printable
encoding in gaim_quotedp_decode that causes a pointer to reference
memory beyond the terminating null byte.

Analysis
----------------
ED_PRI CAN-2004-0005 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CAN-2004-0005, CAN-2004-0006, and CAN-2004-0007 are all
SPLIT per CD:SF-LOC because the sets of affected versions do not
precisely overlap.

ABSTRACTION: while there may be slightly different "flavors" of buffer
overflows mentioned in this CAN, there is insufficient research to
reliably distinguish between such subtle differences, so they are
combined under the more general "buffer overflow" class.

ACCURACY: note that while Ultramagnetic was also affected by other
Gaim vulnerabilities (CAN-2004-0006, CAN-2004-0007, and
CAN-2004-0008), the Ultramagnetic advisory explicitly states that
Ultramagnetic is *not* affected by this bug; presumably the common
codebase is from an earlier version.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0006
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0006
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: BUGTRAQ:20040126 Advisory 01/2004: 12 x Gaim remote overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2
Reference: MISC:http://security.e-matters.de/advisories/012004.html
Reference: BUGTRAQ:20040127 Ultramagnetic Advisory #001:  Multiple vulnerabilities in Gaim code
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522432613022&w=2
Reference: CONFIRM:http://ultramagnetic.sourceforge.net/advisories/001.html
Reference: REDHAT:RHSA-2004:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-032.html
Reference: REDHAT:RHSA-2004:033
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-033.html
Reference: REDHAT:RHSA-2004:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-045.html
Reference: MANDRAKE:MDKSA-2004:006
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:006
Reference: SUSE:SuSE-SA:2004:004
Reference: URL:http://www.suse.de/de/security/2004_04_gaim.html
Reference: DEBIAN:DSA-434
Reference: URL:http://www.debian.org/security/2004/dsa-434
Reference: CONECTIVA:CLA-2004:813
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
Reference: SGI:20040201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Reference: BUGTRAQ:20040127 [slackware-security]  GAIM security update (SSA:2004-026-01)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522338611564&w=2
Reference: BUGTRAQ:20040127 [gentoo-announce] [ GLSA 200401-04 ] GAIM 0.75 Remote overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107525779200944&w=2

Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic
before 0.81, allow remote attackers to cause a denial of service and
possibly execute arbitrary code via (1) cookies in a Yahoo web
connection, (2) a long name parameter in the Yahoo login web page, (3)
a long value parameter in the Yahoo login page, (4) a YMSG packet, (5)
the URL parser, and (6) HTTP proxy connect.

Analysis
----------------
ED_PRI CAN-2004-0006 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: CAN-2004-0005, CAN-2004-0006, and CAN-2004-0007 are all
SPLIT per CD:SF-LOC because the sets of affected versions do not
precisely overlap.

ABSTRACTION: The Ultramagnetic specifically states that it has a
codebase relationship with Gaim, so the issues are MERGED per
CD:SF-CODEBASE.

ABSTRACTION: while there may be slightly different "flavors" of buffer
overflows mentioned in this CAN, there is insufficient research to
reliably distinguish between such subtle differences, so they are
combined under the more general "buffer overflow" class.

ACCURACY: SUSE:SuSE-SA:2004:004 says that they are only vulnerable to
some of these issues, which might suggest a SPLIT.

ACCURACY/ABSTRACTION: Red Hat also noted that only the HTTP Proxy
Connect issue affects their 0.59.1 version of Gaim.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0007
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0007
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: BUGTRAQ:20040126 Advisory 01/2004: 12 x Gaim remote overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2
Reference: MISC:http://security.e-matters.de/advisories/012004.html
Reference: BUGTRAQ:20040127 Ultramagnetic Advisory #001:  Multiple vulnerabilities in Gaim code
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522432613022&w=2
Reference: CONFIRM:http://ultramagnetic.sourceforge.net/advisories/001.html
Reference: REDHAT:RHSA-2004:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-032.html
Reference: REDHAT:RHSA-2004:033
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-033.html
Reference: MANDRAKE:MDKSA-2004:006
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:006
Reference: DEBIAN:DSA-434
Reference: URL:http://www.debian.org/security/2004/dsa-434
Reference: CONECTIVA:CLA-2004:813
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
Reference: BUGTRAQ:20040127 [slackware-security]  GAIM security update (SSA:2004-026-01)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522338611564&w=2
Reference: BUGTRAQ:20040127 [gentoo-announce] [ GLSA 200401-04 ] GAIM 0.75 Remote overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107525779200944&w=2

Buffer overflow in the Extract Info Field Function for (1) MSN and (2)
YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic
before 0.81, allows remote attackers to cause a denial of service and
possibly execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2004-0007 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: CAN-2004-0005, CAN-2004-0006, and CAN-2004-0007 are all
SPLIT per CD:SF-LOC because the sets of affected versions do not
precisely overlap.

ABSTRACTION: The Ultramagnetic specifically states that it has a
codebase relationship with Gaim, so the issues are MERGED per
CD:SF-CODEBASE.

ABSTRACTION: while there may be slightly different "flavors" of buffer
overflows mentioned in this CAN, there is insufficient research to
reliably distinguish between such subtle differences, so they are
combined under the more general "buffer overflow" class.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0008
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0008
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: BUGTRAQ:20040126 Advisory 01/2004: 12 x Gaim remote overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2
Reference: MISC:http://security.e-matters.de/advisories/012004.html
Reference: BUGTRAQ:20040127 Ultramagnetic Advisory #001:  Multiple vulnerabilities in Gaim code
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522432613022&w=2
Reference: CONFIRM:http://ultramagnetic.sourceforge.net/advisories/001.html
Reference: REDHAT:RHSA-2004:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-032.html
Reference: REDHAT:RHSA-2004:033
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-033.html
Reference: MANDRAKE:MDKSA-2004:006
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:006
Reference: DEBIAN:DSA-434
Reference: URL:http://www.debian.org/security/2004/dsa-434
Reference: REDHAT:RHSA-2004:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-045.html
Reference: CONECTIVA:CLA-2004:813
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
Reference: SGI:20040201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Reference: BUGTRAQ:20040127 [slackware-security]  GAIM security update (SSA:2004-026-01)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522338611564&w=2
Reference: BUGTRAQ:20040127 [gentoo-announce] [ GLSA 200401-04 ] GAIM 0.75 Remote overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107525779200944&w=2

Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before
0.81, allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a directIM packet that triggers a
heap-based buffer overflow.

Analysis
----------------
ED_PRI CAN-2004-0008 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE, SF-LOC

ABSTRACTION: The Ultramagnetic specifically states that it has a
codebase relationship with Gaim, so the issues are MERGED per
CD:SF-CODEBASE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0054
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: CISCO:20040113 Vulnerabilities in H.323 Message Processing
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml
Reference: MISC:http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Reference: CERT:CA-2004-01
Reference: URL:http://www.cert.org/advisories/CA-2004-01.html
Reference: CERT-VN:VU#749342
Reference: URL:http://www.kb.cert.org/vuls/id/749342

Multiple vulnerabilities in the H.323 protocol implementation for
Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial
of service and possibly execute arbitrary code, as demonstrated by the
NISCC/OUSPG PROTOS test suite for the H.225 protocol.

Analysis
----------------
ED_PRI CAN-2004-0054 3
Vendor Acknowledgement: yes advisory
Content Decisions: SUITE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0056
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0056
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: MISC:http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Reference: CERT:CA-2004-01
Reference: URL:http://www.cert.org/advisories/CA-2004-01.html
Reference: CERT-VN:VU#749342
Reference: URL:http://www.kb.cert.org/vuls/id/749342

Multiple vulnerabilities in the H.323 protocol implementation for
Nortel Networks Business Communications Manager (BCM), Succession 1000
IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow
remote attackers to cause a denial of service and possibly execute
arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite
for the H.225 protocol.

Analysis
----------------
ED_PRI CAN-2004-0056 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SUITE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0057
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: MISC:http://marc.theaimsgroup.com/?l=tcpdump-workers&m=107325073018070&w=2
Reference: REDHAT:RHSA-2004:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-007.html
Reference: REDHAT:RHSA-2004:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-008.html
Reference: DEBIAN:DSA-425
Reference: URL:http://www.debian.org/security/2004/dsa-425
Reference: MANDRAKE:MDKSA-2004:008
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:008
Reference: SGI:20040103-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html
Reference: BUGTRAQ:20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107577418225627&w=2

The rawprint function in the ISAKMP decoding routines (print-isakmp.c)
for tcpdump 3.8.1 and earlier allows remote attackers to cause a
denial of service (segmentation fault) via malformed ISAKMP packets
that cause invalid "len" or "loc" values to be used in a loop, a
different vulnerability than CAN-2003-0989.

Analysis
----------------
ED_PRI CAN-2004-0057 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: since CAN-2004-0057 and CAN-2003-0989 affect different
tcpdump versions, they are SPLIT per CD:SF-LOC.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0058
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0058
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: BUGTRAQ:20040113 symlink vul for Antivir / Linux Version 2.0.9-9 (maybe lower)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107402026023763&w=2

Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local
users to overwrite arbitrary files via a symlink attack on the
.pid_antivir_$$ temporary file.

Analysis
----------------
ED_PRI CAN-2004-0058 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0059
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0059
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: BUGTRAQ:20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411794303201&w=2

Directory traversal vulnerability in upload capability of WWW File
Share Pro 2.42 and earlier allows remote attackers to overwrite
arbitrary files via .. (dot dot) sequences in the filename parameter
of a Content-Disposition: header.

Analysis
----------------
ED_PRI CAN-2004-0059 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0060
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0060
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: BUGTRAQ:20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411794303201&w=2

WWW File Share Pro 2.42 and earlier allows remote attackers to cause a
denial of service (crash) via a large POST request.

Analysis
----------------
ED_PRI CAN-2004-0060 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0061
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0061
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: BUGTRAQ:20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411794303201&w=2

WWW File Share Pro 2.42 and earlier allows remote attackers to bypass
directory access restrictions via (1) a URL with a trailing . (dot),
or (2) a URI with a leading slash or backslash character.

Analysis
----------------
ED_PRI CAN-2004-0061 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0062
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0062
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: BUGTRAQ:20040114 FishCart Integer Overflow / Rounding Error
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411850203994&w=2

Integer overflow in the rnd arithmetic rounding function for various
versions of FishCart before 3.1 allows remote attackers to "cause
negative totals" via an order with a large quantity.

Analysis
----------------
ED_PRI CAN-2004-0062 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0064
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0064
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: BUGTRAQ:20040113 SuSE linux 9.0 YaST config Skribt [exploit]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107402658600437&w=2

The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows
local users to overwrite arbitrary files via a symlink attack on files
within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary
directory.

Analysis
----------------
ED_PRI CAN-2004-0064 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0085
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0085
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040120
Category: SF
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html

Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and
10.2.8 with unknown impact, a different vulnerability than
CAN-2004-0086.

Analysis
----------------
ED_PRI CAN-2004-0085 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, VAGUE

ABSTRACTION: CAN-2004-0085 and CAN-2004-0086 are SPLIT because (1)
they affect different versions, and (2) the vendor, while not
providing details, has seen fit to split the issues.  So CD:SF-LOC
suggests a SPLIT./

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0086
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0086
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040120
Category: SF
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html

Unknown vulnerability in the Mail application for Mac OS X 10.3.2 with
unknown impact, a different vulnerability than CAN-2004-0085.

Analysis
----------------
ED_PRI CAN-2004-0086 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, VAGUE

ABSTRACTION: CAN-2004-0085 and CAN-2004-0086 are SPLIT because (1)
they affect different versions, and (2) the vendor, while not
providing details, has seen fit to split the issues.  So CD:SF-LOC
suggests a SPLIT./

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0087
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0087
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040120
Category: SF
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html

The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows
local users to modify network settings, a different vulnerability than
CAN-2004-0088.

Analysis
----------------
ED_PRI CAN-2004-0087 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, VAGUE

ABSTRACTION: CAN-2004-0087 and CAN-2004-0088 are SPLIT because (1)
they affect slightly different versions, and (2) Apple, the vendor,
has decided to SPLIT them.  CD:SF-LOC applies here.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0088
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0088
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040120
Category: SF
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00045.html

The System Configuration subsystem in Mac OS 10.2.8 allows local users
to modify network settings, a different vulnerability than
CAN-2004-0087.

Analysis
----------------
ED_PRI CAN-2004-0088 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, VAGUE

ABSTRACTION: CAN-2004-0087 and CAN-2004-0088 are SPLIT because (1)
they affect slightly different versions, and (2) Apple, the vendor,
has decided to SPLIT them.  CD:SF-LOC applies here.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0091
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0091
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040121
Category: SF
Reference: BUGTRAQ:20040120 vBulletin Security Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107462349324945&w=2
Reference: VULN-DEV:20040120 vBulletin Security Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=107462499927040&w=2
Reference: VULN-DEV:20040120 Re: vBulletin Security Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=107478592401619&w=2
Reference: VULN-DEV:20040123 RE: vBulletin Security Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=107488880317647&w=2
Reference: MISC:http://securitytracker.com/alerts/2004/Jan/1008780.html

Cross-site scripting (XSS) vulnerability in register.php for unknown
versions of vBulletin allows remote attackers to inject arbitrary HTML
or web script via the reg_site (or possibly regsite) parameter.  NOTE:
the vendor has disputed the existence of this issue.

Analysis
----------------
ED_PRI CAN-2004-0091 3
Vendor Acknowledgement: no disputed

ABSTRACTION/ACCURACY: a followup post claims that the Jan 2004 issue
(CAN-2004-0091) had been reported in August 2003 (CAN-2003-1031);
however, the Aug. 2003 post did not explicitly name the reg_site
parameter, and since the Jan. 2004 post has no version information,
there is insufficient proof to link the two issues closely.  Thus
these will remain SPLIT unless/until there is additional evidence to
merge them.

ACCURACY: In a January 21, 2004 post to Vuln-Dev, Kier Darby of
vBulletin says "There is no hidden field called "reg_site", nor any
$reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source
code or templates, nor has it ever existed.  We can only assume that
this vulnerability was found in a site running code modified from that
supplied by Jelsoft."  A followup says it's the "regtype" parameter
(note the different spelling), but there's an additional followup from
the vendor that states that even "regtype" doesn't have an issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0095
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040126
Category: SF
Reference: BID:9476
Reference: URL:http://www.securityfocus.com/bid/9476

McAfee ePolicy Orchestrator agent allows remote attackers to cause a
denial of service (memory consumption and crash) and possibly execute
arbitrary code via an HTTP POST request with an invalid Content-Length
value, possibly triggering a buffer overflow.

Analysis
----------------
ED_PRI CAN-2004-0095 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0127
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0127
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040204
Category: SF
Reference: BUGTRAQ:20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior
Reference: URL:http://www.securityfocus.com/archive/1/352355

Directory traversal vulnerability in editconfig_gedcom.php for
phpGedView 2.65.1 and earlier allows remote attackers to read
arbitrary files or execute arbitrary PHP programs on the server via
.. (dot dot) sequences in the gedcom_config parameter.

Analysis
----------------
ED_PRI CAN-2004-0127 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0130
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0130
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040204
Category: SF
Reference: MISC:http://www.securiteam.com/unixfocus/5NP0M1PBPQ.html

login.php in phpGedView 2.65 and earlier allows remote attackers to
obtain sensitive information via an HTTP request to login.php that
does not contain the required username or password parameters, which
causes the information to be leaked in an error message.

Analysis
----------------
ED_PRI CAN-2004-0130 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0164
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0164
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040218
Category: SF
Reference: BUGTRAQ:20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107403331309838&w=2
Reference: BUGTRAQ:20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2
Reference: NETBSD:NetBSD-SA2004-001
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-001.txt.asc
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html
Reference: XF:openbsd-isakmp-initialcontact-delete-sa(14118)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14118
Reference: XF:openbsd-isakmp-invalidspi-delete-sa(14117)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14117
Reference: BID:9416
Reference: URL:http://www.securityfocus.com/bid/9416
Reference: BID:9417
Reference: URL:http://www.securityfocus.com/bid/9417

KAME IKE daemon (racoon) does not properly handle hash values, which
allows remote attackers to delete certificates via (1) a certain
delete message that is not properly handled in isakmp.c or
isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not
properly handled in isakmp_inf.c.

Analysis
----------------
ED_PRI CAN-2004-0164 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: it could be argued that there are 2 distinct types of
bugs here, in which case a SPLIT might be recommended.  However, a
followup post by the KAME developer provides a single patch.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0236
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0236
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040131 Advisory !
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107576894019530&w=2
Reference: XF:thephototool-login-sql-injection(15007)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15007

SQL injection vulnerability in login.asp in thePHOTOtool allows remote
attackers to gain unauthorized access via the password field.

Analysis
----------------
ED_PRI CAN-2004-0236 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0237
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0237
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040131 Directory Traversal in Aprox PHP Portal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107577555527321&w=2
Reference: BID:9540
Reference: URL:http://www.securityfocus.com/bid/9540
Reference: XF:aproxphpportal-index-directory-traversal(15014)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15014

Directory traversal vulnerability in index.php in Aprox PHP Portal
allows remote attackers to read arbitrary files via a full pathname in
the show parameter.

Analysis
----------------
ED_PRI CAN-2004-0237 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007