[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster 2004-02-C - 48 candidates

I am proposing cluster 2004-02-C for review and voting by the
Editorial Board.

Name: 2004-02-C
Description: CANs announced between 2004/02/20 and 2004/02/29
Size: 48

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2004-0126
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0126
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040203
Category: SF
Reference: FREEBSD:FreeBSD-SA-04:03
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc
Reference: XF:freebsd-jailattach-gain-privileges(15344)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15344
Reference: BID:9762
Reference: URL:http://www.securityfocus.com/bid/9762

The jail_attach system call in FreeBSD 5.1 and 5.2 changes the
directory of a calling process even if the process doesn't have
permission to change directory, which allows local users to gain
read/write privileges to files and directories within another jail.

Analysis
----------------
ED_PRI CAN-2004-0126 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0159
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0159
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040213
Category: SF
Reference: DEBIAN:DSA-447
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755803218677&w=2
Reference: FULLDISC:20040223 Re: [SECURITY] [DSA 447-1] New hsftp packages fix format string vulnerability
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/017737.html
Reference: XF:hsftp-format-string(15276)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15276

Format string vulnerability in hsftp 1.11 allows remote authenticated
users to cause a denial of service and possibly execute arbitrary code
via file names containing format string characters that are not
properly handled when executing an "ls" command.

Analysis
----------------
ED_PRI CAN-2004-0159 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0160
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0160
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040213
Category: SF
Reference: DEBIAN:DSA-446
Reference: URL:http://www.debian.org/security/2004/dsa-446
Reference: XF:synaesthesia-configuration-symlink-attack(15279)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15279
Reference: BID:9713
Reference: URL:http://www.securityfocus.com/bid/9713

Synaesthesia 2.2 and earlier allows local users to execute arbitrary
code via a symlink attack on the configuration file.

Analysis
----------------
ED_PRI CAN-2004-0160 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0165
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0165
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040218
Category: SF
Reference: ATSTAKE:A022304-1
Reference: URL:http://www.atstake.com/research/advisories/2004/a022304-1.txt
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html
Reference: CERT-VN:VU#841742
Reference: URL:http://www.kb.cert.org/vuls/id/841742
Reference: XF:macos-pppd-format-string(15297)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15297
Reference: BID:9730
Reference: URL:http://www.securityfocus.com/bid/9730

Format string vulnerability in Point-to-Point Protocol (PPP) daemon
(pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers
to read arbitrary pppd process data, including PAP or CHAP
authentication credentials, to gain privileges.

Analysis
----------------
ED_PRI CAN-2004-0165 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0167
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0167
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040218
Category: SF
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html
Reference: XF:macos-diskarbitration-unknown(15300)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15300

DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly
initialize writeable removable media.

Analysis
----------------
ED_PRI CAN-2004-0167 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0169
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0169
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040218
Category: SF
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html
Reference: BUGTRAQ:20040224 iDEFENSE Security Advisory 02.23.04: Darwin Streaming Server Remote Denial of Service Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107765514003396&w=2
Reference: MISC:http://www.idefense.com/application/poi/display?id=75&type=vulnerabilities
Reference: CERT-VN:VU#460350
Reference: URL:http://www.kb.cert.org/vuls/id/460350
Reference: XF:darwin-describe-request-dos(15291)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15291
Reference: BID:9735
Reference: URL:http://www.securityfocus.com/bid/9735

QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote
attackers to cause a denial of service (crash) via DESCRIBE requests
with long User-Agent fields, which causes an Assert error to be
triggered in the BufferIsFull function.

Analysis
----------------
ED_PRI CAN-2004-0169 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0173
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0173
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040225
Category: SF
Reference: BUGTRAQ:20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107765545431387&w=2
Reference: FULLDISC:20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory traversal vulnerability
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/017740.html
Reference: CONFIRM:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26152
Reference: BID:9733
Reference: URL:http://www.securityfocus.com/bid/9733
Reference: XF:apache-cygwin-directory-traversal(15293)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15293

Directory traversal vulnerability in Apache 1.3.29 and earlier, and
Apache 2.0.48 and earlier, when running on Cygwin, allows remote
attackers to read arbitrary files via a URL containing "..%5C" (dot
dot encoded backslash) sequences.

Analysis
----------------
ED_PRI CAN-2004-0173 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0185
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0185
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040302
Category: SF
Reference: MISC:http://www.securiteam.com/unixfocus/6X00Q1P8KC.html
Reference: CONFIRM:ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch
Reference: MISC:http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt
Reference: DEBIAN:DSA-457
Reference: URL:http://www.debian.org/security/2004/dsa-457
Reference: REDHAT:RHSA-2004:096
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-096.html
Reference: XF:wuftpd-skey-bo(13518)
Reference: URL:http://xforce.iss.net/xforce/xfdb/13518

Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp
daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of
service and possibly execute arbitrary code via a s/key (SKEY) request
with a long name.

Analysis
----------------
ED_PRI CAN-2004-0185 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0188
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0188
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040302
Category: SF
Reference: BUGTRAQ:20040227 Calife heap corrupt / potential local root exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107789737832092&w=2
Reference: DEBIAN:DSA-461
Reference: URL:http://www.debian.org/security/2004/dsa-461
Reference: XF:calife-long-password-bo(15335)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15335

Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local
users to execute arbitrary code via a long password.

Analysis
----------------
ED_PRI CAN-2004-0188 1
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0189
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040303
Category: SF
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2004_1.txt
Reference: XF:squid-urlregex-acl-bypass(15366)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15366

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows
remote attackers to bypass url_regex ACLs via a URL with a NULL
("%00") characterm, which causes Squid to use only a portion of the
requested URL when comparing it against the access control lists.

Analysis
----------------
ED_PRI CAN-2004-0189 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0191
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0191
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040303
Category: SF
Reference: BUGTRAQ:20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107774710729469&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=227417
Reference: XF:mozilla-event-handler-xss(15322)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15322
Reference: BID:9747
Reference: URL:http://www.securityfocus.com/bid/9747

Mozilla before 1.4.2 executes Javascript events in the context of a
new page while it is being loaded, allowing it to interact with the
previous page (zombie document) and enable cross-domain and cross-site
scripting (XSS) attacks, as demonstrated using onmousemove events.

Analysis
----------------
ED_PRI CAN-2004-0191 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0193
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0193
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040304
Category: SF
Reference: BUGTRAQ:20040227 EEYE: RealSecure/BlackICE Server Message Block (SMB) Processing Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107789851117176&w=2
Reference: MISC:http://www.eeye.com/html/Research/Upcoming/20040213.html
Reference: ISS:20040226 Vulnerability in SMB Parsing in ISS Products
Reference: URL:http://xforce.iss.net/xforce/alerts/id/165
Reference: CERT-VN:VU#150326
Reference: URL:http://www.kb.cert.org/vuls/id/150326
Reference: XF:pam-smb-protocol-bo(15207)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15207

Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM),
as used in certain versions of RealSecure Network 7.0 and Server
Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and
3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC
Protection 3.6, and BlackICE Server Protection 3.6, allows remote
attackers to execute arbitrary code via an SMB packet containing an
authentication request with a long username.

Analysis
----------------
ED_PRI CAN-2004-0193 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0333
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0333
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040227 iDEFENSE Security Advisory 02.27.04a: WinZip MIME Parsing Buffer
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107789846720924&w=2
Reference: MISC:http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=true
Reference: CONFIRM:http://www.winzip.com/fmwz90.htm
Reference: CERT-VN:VU#116182
Reference: URL:http://www.kb.cert.org/vuls/id/116182
Reference: CIAC:O-092
Reference: URL:http://www.ciac.org/ciac/bulletins/o-092.shtml
Reference: XF:winzip-mime-bo(15336)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15336
Reference: BID:9758
Reference: URL:http://www.securityfocus.com/bid/9758

Buffer overflow in the UUDeview package for WinZip 6.2 through WinZip
8.1 SR-1 allows remote attackers to execute arbitrary code via a MIME
archive with certain long MIME parameters.

Analysis
----------------
ED_PRI CAN-2004-0333 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: at http://www.winzip.com/fmwz90.htm at the top of the
page it says WinZip 9.0 Fixes a Security Issue with MIME-Encoded Files
and in the rest of the page it goes on to explain the vuln.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0320
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0320
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040223 nCipher Advisory #9: Host-side attackers can access secret data
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755899018249&w=2
Reference: XF:ncipher-hsm-obtain-info(15281)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15281
Reference: BID:9717
Reference: URL:http://www.securityfocus.com/bid/9717

Unknown vulnerability in nCipher Hardware Security Modules (HSM)
1.67.x through 1.99.x allows local users to access secrets stored in
the module's run-time memory via certain sequences of commands.

Analysis
----------------
ED_PRI CAN-2004-0320 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0336
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0336
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107799540630302&w=2
Reference: BUGTRAQ:20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html
Reference: XF:602pro-path-disclosure(15350)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15350
Reference: BID:9781
Reference: URL:http://www.securityfocus.com/bid/9781

LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive
information via the mail login form, which contains the path to the
mail directory.

Analysis
----------------
ED_PRI CAN-2004-0336 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0110
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040202
Category: SF
Reference: REDHAT:RHSA-2004:090
Reference: URL:http://rhn.redhat.com/errata/RHSA-2004-090.html
Reference: REDHAT:RHSA-2004:091
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-091.html
Reference: BUGTRAQ:20040305 [OpenPKG-SA-2004.003] OpenPKG Security Advisory (libxml)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107851606605420&w=2
Reference: BUGTRAQ:20040306 TSLSA-2004-0010 - libxml2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107860178228804&w=2
Reference: BUGTRAQ:20040306 [ GLSA 200403-01 ] Libxml2 URI Parsing Buffer Overflow Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107876755716569&w=2
Reference: BID:9718
Reference: URL:http://www.securityfocus.com/bid/9718
Reference: XF:libxml2-nanohttp-bo(15301)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15301
Reference: XF:libxml2-nanoftp-bo(15302)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15302
Reference: MISC:http://secunia.com/advisories/10958/

Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft
Libxml2 2.6.0 through 2.6.5 allow remote attackers to execute
arbitrary code via a long URL.

Analysis
----------------
ED_PRI CAN-2004-0110 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0158
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0158
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040213
Category: SF
Reference: BUGTRAQ:20040222 lbreakout2 < 2.4beta-2 local exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755821705356&w=2
Reference: DEBIAN:DSA-445
Reference: URL:http://www.debian.org/security/2004/dsa-445
Reference: CONFIRM:http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.diff.gz
Reference: BID:9712
Reference: URL:http://www.securityfocus.com/bid/9712
Reference: XF:breakout2-home-bo(15229)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15229

Buffer overflow in lbreakout2 allows local users to gain 'games' group
privileges via a large HOME environment variable to (1) editor.c, (2)
theme.c, (3) manager.c, (4) config.c, (5) game.c, (6) levels.c, or (7)
main.c.

Analysis
----------------
ED_PRI CAN-2004-0158 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0166
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0166
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040218
Category: SF
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html
Reference: XF:macosx-safari-unknown(14993)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14993

Unknown vulnerability in Safari web browser for Mac OS X 10.2.8
related to "the display of URLs in the status bar."

Analysis
----------------
ED_PRI CAN-2004-0166 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0168
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0168
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040218
Category: SF
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html
Reference: XF:macos-corefoundation-unknown(15299)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15299

Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related
to "notification logging."

Analysis
----------------
ED_PRI CAN-2004-0168 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0192
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0192
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040303
Category: SF
Reference: BUGTRAQ:20040227 Symantec Gateway Security Management Service Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107790684732458&w=2
Reference: XF:symantecgateway-error-xss(15330)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15330

Cross-site scripting (XSS) vulnerability in the Management Service for
Symantec Gateway Security 2.0 allows remote attackers to steal cookies
and hijack a management session via a /sgmi URL that contains
malicious script, which is not quoted in the resulting error page.

Analysis
----------------
ED_PRI CAN-2004-0192 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0313
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0313
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040220 Remote Buffer Overflow in PSOProxy 0.91
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107730731900261&w=2
Reference: BID:9706
Reference: URL:http://www.securityfocus.com/bid/9706
Reference: XF:psoproxy-long-get-bo(15275)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15275

Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a
denial of service and possibly execute arbitrary code via a long HTTP
request, as demonstrated using a long (1) GET argument or (2) method
name.

Analysis
----------------
ED_PRI CAN-2004-0313 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0314
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0314
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040221 Cross Site Scripting in WebzEdit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107757029514146&w=2
Reference: XF:webzedit-done-xss(15289)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15289

Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9
and earlier allows remote attackers to execute arbitrary script as
other users via the message parameter.

Analysis
----------------
ED_PRI CAN-2004-0314 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0315
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0315
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040223 Remote Buffer Overflow in Avirt Voice 4.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756584609841&w=2
Reference: XF:avirt-voice-get-bo(15288)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15288
Reference: BID:9721
Reference: URL:http://www.securityfocus.com/bid/9721

Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
long GET request on port 1080.

Analysis
----------------
ED_PRI CAN-2004-0315 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0316
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0316
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20030223 Multiple Remote Buffer Overflow in Avirt Soho 4.3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756666701194&w=2
Reference: XF:avirt-soho-multiple-bo(15286)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15286
Reference: BID:9722
Reference: URL:http://www.securityfocus.com/bid/9722
Reference: BID:9723
Reference: URL:http://www.securityfocus.com/bid/9723

Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a
denial of service (crash) via (1) a large GET request to port 1080 or
(2) a large GET request of % characters to port 8080.

Analysis
----------------
ED_PRI CAN-2004-0316 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0317
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0317
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040223 Lam3rZ Security Advisory #1/2004: LSF eauth vulnerability leads to remote code execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756611501236&w=2
Reference: XF:lsf-eauth-execute-code(15282)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15282
Reference: BID:9719
Reference: URL:http://www.securityfocus.com/bid/9719

Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x
allows local users or remote attackers within the LSF cluster to cause
a denial of service (segmentation fault) and possibly execute
arbitrary code via a long LSF_From_PC parameter.

Analysis
----------------
ED_PRI CAN-2004-0317 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0318
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0318
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040223 Lam3rZ Security Advisory #2/2004: LSF eauth vulnerability leads to a possibility of controlling cluster jobs on behalf of other users
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756600403557&w=2
Reference: XF:lsf-eauth-process-hijack(15278)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15278
Reference: BID:9724
Reference: URL:http://www.securityfocus.com/bid/9724

Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID
environment variable, if it exists, instead of the real UID of the
user, which could allow remote attackers within the local cluster to
gain privileges.

Analysis
----------------
ED_PRI CAN-2004-0318 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0319
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0319
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040223 ezBoard Cross Site Scripting Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756639427140&w=2
Reference: XF:ezboard-font-xss(15287)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15287
Reference: BID:9725
Reference: URL:http://www.securityfocus.com/bid/9725

Cross-site scripting (XSS) vulnerability in the font tag in ezBoard
7.3u allows remote attackers to execute arbitrary script as other
users, as demonstrated using the background:url in a (1) font color or
(2) font face argument.

Analysis
----------------
ED_PRI CAN-2004-0319 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0321
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0321
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040223 Remote server crash in Team Factor <= 1.25
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756001412888&w=2
Reference: MISC:http://www.zone-h.org/advisories/read/id=4006
Reference: BID:9708
Reference: URL:http://www.securityfocus.com/bid/9708
Reference: XF:teamfactor-packet-dos(15274)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15274

Team Factor 1.25 and earlier allows remote attackers to cause a denial
of service (crash) via a packet that uses a negative number to specify
the size of the data block that follows, which causes Team Factor to
read unallocated memory.

Analysis
----------------
ED_PRI CAN-2004-0321 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0322
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0322
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756526625179&w=2
Reference: XF:xmb-multiple-scripts-xss(15292)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15292
Reference: BID:9726
Reference: URL:http://www.securityfocus.com/bid/9726

Cross-site scripting (XSS) vulnerability in XMB 1.8 Final SP2 allows
remote attackers to execute arbitrary script as other users via the
(1) member parameter in member.php, (2) uid parameter in u2uadmin.php,
(3) user parameter in editprofile.php, (4) align tag where bbcode is
allowed, or (5) img tag where bbcode is allowed.

Analysis
----------------
ED_PRI CAN-2004-0322 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0323
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0323
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756526625179&w=2
Reference: XF:xmb-multiple-sql-injection(15295)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15295
Reference: BID:9726
Reference: URL:http://www.securityfocus.com/bid/9726

Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow
remote attackers to inject arbitrary SQL and gain privileges via the
(1) ppp parameter in viewthread.php, (2) desc parameter in misc.php,
(3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in
forumdisplay.php, or (5) the addon parameter in stats.php.

Analysis
----------------
ED_PRI CAN-2004-0323 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0324
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0324
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040223 Lam3rZ Security Advisory #3/2004: A bug in Confirm leads to remote command execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107757320401858&w=2
Reference: XF:confirm-header-gain-access(15290)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15290
Reference: BID:9728
Reference: URL:http://www.securityfocus.com/bid/9728

Confirm 0.62 and earlier could allow remote attackers to execute
arbitrary code via an e-mail header that contains shell metacharacters
such as ", `, |, ;, or $.

Analysis
----------------
ED_PRI CAN-2004-0324 3
Vendor Acknowledgement: unknown discloser-claimed

BID:9728 could be the same vuln, but the website is not updated.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0325
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0325
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040223 TYPSoft FTP Server 1.10 multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107764173821905&w=2
Reference: BID:9702
Reference: URL:http://www.securityfocus.com/bid/9702
Reference: XF:typsoft-ftp-command-dos(15306)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15306

TYPSoft FTP Server 1.10 allows remote authenticated users to cause a
denial of service (CPU consumption) via "//../" arguments to (1) mkd,
(2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe, (8) rnfr,
(9) rnto, (10) rmd, or (11) xrmd, as demonstrated using "//../qwerty".

Analysis
----------------
ED_PRI CAN-2004-0325 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0326
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0326
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040222 GateKeeper Pro 4.7 buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755692400728&w=2
Reference: FULLDISC:20040222 GateKeeper Pro 4.7 buffer overflow
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/017703.html
Reference: BID:9716
Reference: URL:http://www.securityfocus.com/bid/9716
Reference: XF:gatekeeper-long-get-bo(15277)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15277

Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote
attackers to execute arbitrary code via a long GET request.

Analysis
----------------
ED_PRI CAN-2004-0326 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0327
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0327
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040223 ZH2004-09SA (security advisory): PhpNewsManager Remote arbitrary
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107772470111000&w=2
Reference: MISC:http://www.zone-h.org/advisories/read/id=4024
Reference: XF:phpnewsmanager-dotdot-directory-traversal(15283)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15283
Reference: BID:9720
Reference: URL:http://www.securityfocus.com/bid/9720

Directory traversal vulnerability in functions.php in PhpNewsManager
1.46 allows remote attackers to retrieve arbitrary files via ..  (dot
dot) sequences in the clang parameter.

Analysis
----------------
ED_PRI CAN-2004-0327 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0328
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0328
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040224 Gigabyte Broadband Router  - Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107766719227942&w=2
Reference: BID:9740
Reference: URL:http://www.securityfocus.com/bid/9740
Reference: XF:gigabyte-gnb46b-bypass-authentication(15313)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15313

Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00
allows local users on the same local network as the router to bypass
authentication by using a copy of the router's html menu on a separate
system.

Analysis
----------------
ED_PRI CAN-2004-0328 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0329
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0329
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040226 Denial Of Service in FreeChat 1.1.1a
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107781043621074&w=2
Reference: XF:freechat-string-dos(15321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15321
Reference: BID:9744
Reference: URL:http://www.securityfocus.com/bid/9744

FreeChat 1.1.1a allows remote attackers to cause a denial of service
(crash) via certain unexpected strings, as demonstrated using "aaaaa".

Analysis
----------------
ED_PRI CAN-2004-0329 3
Vendor Acknowledgement: unknown

BID:9744 could be the same vuln, but the site was not updated.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0330
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0330
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040226 [vulnwatch] Serv-U MDTM Command Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107781164214399&w=2
Reference: MISC:http://www.cnhonker.com/advisory/serv-u.mdtm.txt
Reference: XF:servu-mdtm-bo(15323)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15323
Reference: BID:9751
Reference: URL:http://www.securityfocus.com/bid/9751

Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote
authenticated users to execute arbitrary code via a long time zone
argument to the MDTM command.

Analysis
----------------
ED_PRI CAN-2004-0330 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0331
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0331
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040226  Dell OpenManage Web Server Heap Overflow (Pre-Auth)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107781539829143&w=2
Reference: MISC:http://sh0dan.org/files/domadv.txt
Reference: XF:dell-openmanage-ocsgetoeminpathfile-bo(15325)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15325
Reference: BID:9750
Reference: URL:http://www.securityfocus.com/bid/9750

Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows
remote attackers to cause a denial of service (crash) via a HTTP POST
with a long application variable.

Analysis
----------------
ED_PRI CAN-2004-0331 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0332
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0332
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040226 Extremail Security Problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107783767517850&w=2
Reference: XF:extremail-password-gain-access(15329)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15329
Reference: BID:9754
Reference: URL:http://www.securityfocus.com/bid/9754

Extremail 1.5.9 does not check passwords correctly when they are all
digits or begin with a digit, which allows remote attackers to gain
privileges.

Analysis
----------------
ED_PRI CAN-2004-0332 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0334
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0334
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040227 InnoMedia VideoPhone Authorization Bypass
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107799556111784&w=2

AXIS 2100 Network Camera allows remote attackers to bypass Basic
Authorization via an HTTP request to (1) videophone_admindetail.asp,
(2) videophone_syscfg.asp, (3) videophone_upgrade.asp, or (4)
videophone_sysctrl.asp that contains an ending / (slash).

Analysis
----------------
ED_PRI CAN-2004-0334 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0335
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0335
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: CF
Reference: BUGTRAQ:20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107799540630302&w=2
Reference: BUGTRAQ:20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html
Reference: XF:602pro-directory-listing(15349)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15349
Reference: BID:9780
Reference: URL:http://www.securityfocus.com/bid/9780

LAN SUITE Web Mail 602Pro, when configured to use the "Directory
browsing" feature, allows remote attackers to obtain a directory
listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3)
users/.

Analysis
----------------
ED_PRI CAN-2004-0335 3
Vendor Acknowledgement: no disputed
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: a followup post by the vendor indicates that "this is
a user configuration issue" and the feature is available "by design."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0337
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0337
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107799540630302&w=2
Reference: BUGTRAQ:20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html
Reference: XF:602pro-index-xss(15351)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15351
Reference: BID:9777
Reference: URL:http://www.securityfocus.com/bid/9777

Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro
allows remote attackers to execute arbitrary script or HTML as other
users via a URL to index.html, followed by a / (slash) and the desired
script.  NOTE: the vendor states that this bug could not be
reproduced, so this issue may be REJECTed in the future.

Analysis
----------------
ED_PRI CAN-2004-0337 3
Vendor Acknowledgement: no disputed
Content Decisions: INCLUSION

ACKNOWLEDGEMENT: a followup post by the vendor indicates that the
vendor could not replicate the issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0338
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0338
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040228 Invision Power Board SQL injection!
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107799527428834&w=2
Reference: XF:invision-search-sql-injection(15343)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15343
Reference: BID:9766
Reference: URL:http://www.securityfocus.com/bid/9766

SQL injection vulnerability in search.php for Invision Board Forum
allows remote attackers to execute arbitrary SQL queries via the st
parameter.

Analysis
----------------
ED_PRI CAN-2004-0338 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0339
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0339
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040228 New phpBB ViewTopic.php Cross Site Scripting Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107799508130700&w=2
Reference: XF:phpbb-viewtopicphp-xss(15348)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15348
Reference: BID:9765
Reference: URL:http://www.securityfocus.com/bid/9765

Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB,
possibly 2.0.6c and earlier, allows remote attackers to execute
arbitrary script or HTML as other users via the postorder parameter.

Analysis
----------------
ED_PRI CAN-2004-0339 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0340
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0340
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040228 Critical WFTPD buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107801208004699&w=2
Reference: XF:wftpd-ftp-commands-bo(15340)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15340
Reference: BID:9767
Reference: URL:http://www.securityfocus.com/bid/9767

Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro
Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows
local users to execute arbitrary code via long (1) LIST, (2) NLST,
or (3) STAT commands.

Analysis
----------------
ED_PRI CAN-2004-0340 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0341
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0341
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040228 Multiple WFTPD Denial of Service vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107801142924976&w=2
Reference: XF:wftpd-string-0Ahbyte-dos(15341)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15341
Reference: BID:9767
Reference: URL:http://www.securityfocus.com/bid/9767

WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a
0Ah byte (newline) is sent, which allows local users to cause a denial
of service (CPU consumption) by continuing to send a long command that
does not contain a newline.

Analysis
----------------
ED_PRI CAN-2004-0341 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0342
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0342
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040228 Multiple WFTPD Denial of Service vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107801142924976&w=2
Reference: XF:wftpd-ftp-command-dos(15342)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15342
Reference: BID:9767
Reference: URL:http://www.securityfocus.com/bid/9767

WFTPD Pro Server 3.21 Release 1 allows local users to cause a denial
of service (crash) via a (1) MKD or (2) XMKD command that causes an
absolute path of 260 characters to be used, which overwrites a cookie
with a null character, possibly due to an off-by-one error.

Analysis
----------------
ED_PRI CAN-2004-0342 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0360
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0360
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:200470305 O-088: Sun passwd(1) Command Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107852274423414&w=2
Reference: SUNALERT:57454
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57454
Reference: CERT-VN:VU#694782
Reference: URL:http://www.kb.cert.org/vuls/id/694782
Reference: CIAC:O-088
Reference: URL:http://www.ciac.org/ciac/bulletins/o-088.shtml
Reference: XF:solaris-passwd-gain-privileges(15327)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15327
Reference: BID:9757
Reference: URL:http://www.securityfocus.com/bid/9757

Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local
users to gain privileges via unknown attack vectors.

Analysis
----------------
ED_PRI CAN-2004-0360 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007