|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-84 - 40 candidates
I am proposing cluster RECENT-84 for review and voting by the Editorial Board. Name: RECENT-84 Description: Reserved candidates announced between 1/30/2002 and 3/11/2002 Size: 40 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0018 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0018 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020114 Category: SF Reference: MS:MS02-001 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-001.asp In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which could allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. Analysis ---------------- ED_PRI CAN-2002-0018 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0020 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0020 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020114 Category: SF Reference: MS:MS02-004 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-004.asp Reference: BID:4061 Reference: URL:http://www.securityfocus.com/bid/4061 Reference: XF:ms-telnet-option-bo(8094) Reference: URL:http://www.iss.net/security_center/static/8094.php Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options. Analysis ---------------- ED_PRI CAN-2002-0020 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0021 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0021 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020114 Category: SF Reference: MS:MS02-002 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-002.asp Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement. Analysis ---------------- ED_PRI CAN-2002-0021 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0022 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0022 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020114 Category: SF Reference: BUGTRAQ:20020213 dH & SECURITY.NNOV: buffer overflow in mshtml.dll Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101362984930597&w=2 Reference: MS:MS02-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp Reference: CERT:CA-2002-04 Reference: URL:http://www.cert.org/advisories/CA-2002-04.html Reference: XF:ie-html-directive-bo(8116) Reference: URL:http://www.iss.net/security_center/static/8116.php Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated. Analysis ---------------- ED_PRI CAN-2002-0022 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0023 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0023 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020114 Category: SF Reference: BUGTRAQ:20020101 IE GetObject() problems Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0000.html Reference: MS:MS02-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp Reference: BID:3767 Reference: URL:http://www.securityfocus.com/bid/3767 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. Analysis ---------------- ED_PRI CAN-2002-0023 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0024 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0024 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020114 Category: SF Reference: MS:MS02-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. Analysis ---------------- ED_PRI CAN-2002-0024 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0025 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0025 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020114 Category: SF Reference: MS:MS02-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document. Analysis ---------------- ED_PRI CAN-2002-0025 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0026 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0026 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020114 Category: SF Reference: MS:MS02-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made. Analysis ---------------- ED_PRI CAN-2002-0026 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0027 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0027 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020114 Category: SF Reference: BUGTRAQ:20011219 Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, Site Spoofing Bug Reference: URL:http://www.securityfocus.com/archive/1/246522 Reference: MS:MS02-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp Reference: BID:3721 Reference: URL:http://www.securityfocus.com/bid/3721 Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874. Analysis ---------------- ED_PRI CAN-2002-0027 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0049 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0049 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020202 Category: CF Reference: MS:MS02-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-003.asp Reference: BID:4053 Reference: URL:http://www.securityfocus.com/bid/4053 Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. Analysis ---------------- ED_PRI CAN-2002-0049 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0050 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0050 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020202 Category: SF Reference: MS:MS02-010 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-010.asp Reference: BID:4157 Reference: URL:http://online.securityfocus.com/bid/4157 Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. Analysis ---------------- ED_PRI CAN-2002-0050 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0052 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0052 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020202 Category: SF Reference: MS:MS02-009 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-009.asp Reference: BID:4158 Reference: URL:http://online.securityfocus.com/bid/4158 Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files. Analysis ---------------- ED_PRI CAN-2002-0052 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0054 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020202 Category: SF Reference: MS:MS02-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-011.asp SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via the server. Analysis ---------------- ED_PRI CAN-2002-0054 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0055 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020202 Category: SF Reference: BUGTRAQ:20020306 Vulnerability Details for MS02-012 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101558498401274&w=2 Reference: MS:MS02-012 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-012.asp SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 to cause a denial of service via a command with a malformed data transfer (BDAT) request. Analysis ---------------- ED_PRI CAN-2002-0055 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0059 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020207 Category: SF Reference: BUGTRAQ:20020311 security problem fixed in zlib 1.1.4 Reference: CERT:CA-2002-07 Reference: DEBIAN:DSA-122 Reference: BUGTRAQ:20020212 exploiting the zlib bug in openssh Reference: VULNWATCH:20020212 exploiting the zlib bug in openssh Reference: VULNWATCH:20020311 [VulnWatch] zlibscan : script to find suid binaries possibly affected by zlib vulnerability Reference: REDHAT:RHSA-2002:026 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-026.html Reference: REDHAT:RHSA-2002:027 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-027.html Reference: SUSE:SuSE-SA:2002:010 Reference: SUSE:SuSE-SA:2002:011 Reference: ENGARDE:ESA-20020311-008 Reference: MANDRAKE:MDKSA-2002:022 Reference: MANDRAKE:MDKSA-2002:023 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php Reference: BUGTRAQ:20020314 about zlib vulnerability Reference: BUGTRAQ:20020314 ZLib double free bug: Windows NT potentially unaffected Reference: CERT-VN:VU#368819 Reference: URL:http://www.kb.cert.org/vuls/id/368819 Reference: BID:4267 Reference: URL:http://online.securityfocus.com/bid/4267 The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data. Analysis ---------------- ED_PRI CAN-2002-0059 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0060 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0060 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020213 Category: SF Reference: BUGTRAQ:20020227 security advisory linux 2.4.x ip_conntrack_irc Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101483396412051&w=2 Reference: VULN-DEV:20020227 Fwd: [ANNOUNCE] Security Advisory about IRC DCC connection tracking Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101486352429653&w=2 Reference: CONFIRM:http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.html Reference: REDHAT:RHSA-2002:028 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-028.html IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions. Analysis ---------------- ED_PRI CAN-2002-0060 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0062 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0062 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020213 Category: SF Reference: REDHAT:RHSA-2002:020 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-020.html Reference: DEBIAN:DSA-113 Reference: URL:http://www.debian.org/security/2002/dsa-113 Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package which is based on it, allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0062 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0063 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0063 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020217 Category: SF Reference: CONFIRM:http://www.cups.org/relnotes.html Reference: DEBIAN:DSA-110 Reference: URL:http://www.debian.org/security/2002/dsa-110 Reference: MANDRAKE:MDKSA-2002:015 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-015.php Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values. Analysis ---------------- ED_PRI CAN-2002-0063 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0067 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0067 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020219 Category: SF Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/ Reference: REDHAT:REDHAT:RHSA-2002:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html Squid 2.4 STABLE2 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions. Analysis ---------------- ED_PRI CAN-2002-0067 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0068 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0068 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020219 Category: SF Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/ Reference: REDHAT:REDHAT:RHSA-2002:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possible execute arbitrary code with a malformed ftp:// URL. Analysis ---------------- ED_PRI CAN-2002-0068 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0069 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0069 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020219 Category: SF Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/ Reference: REDHAT:REDHAT:RHSA-2002:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html Memory leak in SNMP in Squid STABLE2 and earlier allows remote attackers to cause a denial of service. Analysis ---------------- ED_PRI CAN-2002-0069 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0070 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0070 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020221 Category: SF Reference: VULNWATCH:20020311 [VulnWatch] ADVISORY: Windows Shell Overflow Reference: NTBUGTRAQ:20020311 ADVISORY: Windows Shell Overflow Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0203&L=ntbugtraq&F=P&S=&P=2404 Reference: MS:MS02-014 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-014.asp Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. Analysis ---------------- ED_PRI CAN-2002-0070 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0080 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020221 Category: SF Reference: REDHAT:RHSA-2002:026 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-026.html Reference: MANDRAKE:MDKSA-2002:024 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3 rsync does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. Analysis ---------------- ED_PRI CAN-2002-0080 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0081 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020227 Category: SF Reference: VULN-DEV:20020225 Re: Rumours about Apache 1.3.22 exploits Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101468694824998&w=2 Reference: BUGTRAQ:20020227 Advisory 012002: PHP remote vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101484705523351&w=2 Reference: NTBUGTRAQ:20020227 PHP remote vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101484975231922&w=2 Reference: CONFIRM:http://www.php.net/downloads.php Reference: MISC:http://security.e-matters.de/advisories/012002.html Reference: REDHAT:RHSA-2002:035 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-035.html Reference: DEBIAN:DSA-115 Reference: URL:http://www.debian.org/security/2002/dsa-115 Reference: CERT:CA-2002-05 Reference: URL:http://www.cert.org/advisories/CA-2002-05.html Reference: CERT-VN:VU#297363 Reference: URL:http://www.kb.cert.org/vuls/id/297363 Reference: ENGARDE:ESA-20020301-006 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1924.html Reference: HP:HPSBTL0203-028 Reference: URL:http://online.securityfocus.com/advisories/3911 Reference: CONECTIVA:CLA-2002:468 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468 Reference: XF:php-file-upload-overflow(8281) Reference: URL:http://www.iss.net/security_center/static/8281.php Reference: BID:4183 Reference: URL:http://www.securityfocus.com/bid/4183 Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled. Analysis ---------------- ED_PRI CAN-2002-0081 1 Vendor Acknowledgement: yes advisory ABSTRACTION: there is mixed overlap between these different versions, in terms of the fixes provided. One could argue that these are different bugs in different versions, thus CD:SF-LOC would state that these should be separated. However, as of this writing there is a need to make some candidate publicly available despite the lack of full, clear details. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0082 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0082 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020301 Category: SF Reference: BUGTRAQ:20020227 mod_ssl Buffer Overflow Condition (Update Available) Reference: URL:http://online.securityfocus.com/archive/1/258646 Reference: BUGTRAQ:20020301 Apache-SSL buffer overflow (fix available) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101518491916936&w=2 Reference: BUGTRAQ:20020304 Apache-SSL 1.3.22+1.47 - update to security fix Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101528358424306&w=2 Reference: CONFIRM:http://www.apacheweek.com/issues/02-03-01#security Reference: BUGTRAQ:20020228 TSLSA-2002-0034 - apache Reference: ENGARDE:ESA-20020301-005 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1923.html Reference: CONECTIVA:CLA-2002:465 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465 Reference: REDHAT:RHSA-2002:041 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-041.html Reference: MANDRAKE:MDKSA-2002:020 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php Reference: REDHAT:RHSA-2002:042 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-042.html Reference: BID:4189 Reference: URL:http://online.securityfocus.com/bid/4189 Reference: XF:apache-modssl-bo(8308) Reference: URL:http://www.iss.net/security_center/static/8308.php The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. Analysis ---------------- ED_PRI CAN-2002-0082 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0083 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0083 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020306 Category: SF Reference: VULNWATCH:20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html Reference: BUGTRAQ:20020307 OpenSSH Security Advisory (adv.channelalloc) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101553908201861&w=2 Reference: BUGTRAQ:20020307 [PINE-CERT-20020301] OpenSSH off-by-one Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101552065005254&w=2 Reference: BUGTRAQ:20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101561384821761&w=2 Reference: CONFIRM:http://www.openbsd.org/advisories/ssh_channelalloc.txt Reference: ENGARDE:ESA-20020307-007 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1937.html Reference: SUSE:SuSE-SA:2002:009 Reference: URL:http://www.suse.de/de/support/security/2002_009_openssh_txt.html Reference: CONECTIVA:CLA-2002:467 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467 Reference: DEBIAN:DSA-119 Reference: URL:http://www.debian.org/security/2002/dsa-119 Reference: REDHAT:RHSA-2002:043 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-043.html Reference: CALDERA:CSSA-2002-SCO.11 Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0083 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0092 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0092 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020308 Category: SF Reference: VULN-DEV:20020220 Help needed with bufferoverflow in cvs Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101422243817321&w=2 Reference: VULN-DEV:20020220 Re: [Fwd: Help needed with bufferoverflow in cvs] Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101433077724524&w=2 Reference: DEBIAN:DSA-117 Reference: URL:http://www.debian.org/security/2002/dsa-117 Reference: REDHAT:RHSA-2002-026 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-026.html CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability. Analysis ---------------- ED_PRI CAN-2002-0092 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0012 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0012 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020110 Category: SF Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html Reference: CERT:CA-2002-03 Reference: URL:http://www.cert.org/advisories/CA-2002-03.html Reference: ISS:20020212 PROTOS Remote SNMP Attack Tool Reference: URL:http://www.iss.net/security_center/alerts/advise110.php Reference: CERT-VN:VU#107186 Reference: URL:http://www.kb.cert.org/vuls/id/107186 Reference: REDHAT:RHSA-2001:163 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-163.html Reference: CALDERA:CSSA-2002-SCO.4 Reference: SGI:20020201-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A Reference: MS:MS02-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-006.asp Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. Analysis ---------------- ED_PRI CAN-2002-0012 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0013 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0013 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020110 Category: SF Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html Reference: CERT:CA-2002-03 Reference: URL:http://www.cert.org/advisories/CA-2002-03.html Reference: ISS:20020212 PROTOS Remote SNMP Attack Tool Reference: URL:http://www.iss.net/security_center/alerts/advise110.php Reference: CERT-VN:VU#854306 Reference: URL:http://www.kb.cert.org/vuls/id/854306 Reference: REDHAT:RHSA-2001:163 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-163.html Reference: CALDERA:CSSA-2002-SCO.4 Reference: SGI:20020201-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A Reference: MS:MS02-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-006.asp Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. Analysis ---------------- ED_PRI CAN-2002-0013 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0053 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0053 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020202 Category: SF Reference: MISC:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0012 Reference: MISC:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0013 Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html Reference: MS:MS02-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-006.asp Reference: CERT:CA-2002-03 Reference: URL:http://www.cert.org/advisories/CA-2002-03.html Reference: CERT-VN:VU#854306 Reference: URL:http://www.kb.cert.org/vuls/id/854306 Reference: CERT-VN:VU#107186 Reference: URL:http://www.kb.cert.org/vuls/id/107186 Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CAN-2002-0012 and CAN-2002-0013, will be updated when more accurate information is available. Analysis ---------------- ED_PRI CAN-2002-0053 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0056 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0056 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020202 Category: SF Reference: MS:MS02-007 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-007.asp Reference: BUGTRAQ:20020219 MSDE, Sql Server 7 & 2000 Adhoc Heterogenous Queries Buffer Overflow and DOS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101422555428036&w=2 Reference: VULN-DEV:20020219 MSDE, Sql Server 7 & 2000 Adhoc Heterogenous Queries Buffer Overflow and DOS Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101413924631329&w=2 Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection. Analysis ---------------- ED_PRI CAN-2002-0056 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0058 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0058 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020202 Category: SF Reference: BUGTRAQ:20020305 Java HTTP proxy vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101534535304228&w=2 Reference: SUN:00216 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/216 Reference: MS:MS02-013 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-013.asp Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK. Analysis ---------------- ED_PRI CAN-2002-0058 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE ABSTRACTION: CD:SF-CODEBASE states that problems that stem from an issue in the same codebase should be MERGED. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0084 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0084 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020306 Category: SF Reference: MISC:http://www.esecurityonline.com/advisories/eSO4198.asp Buffer overflow in cachefsd in Solaris 2.6, 7, and 8 alows local users to gain root privileges via a long mount argument. Analysis ---------------- ED_PRI CAN-2002-0084 3 Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC states that problems of different types, in the same executable, should be SPLIT. The buffer overflow and DoS problems are therefore SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0085 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0085 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020306 Category: SF Reference: MISC:http://www.esecurityonline.com/advisories/eSO4197.asp cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request. Analysis ---------------- ED_PRI CAN-2002-0085 3 Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC states that problems of different types, in the same executable, should be SPLIT. The buffer overflow and DoS problems are therefore SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0086 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0086 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020306 Category: SF Reference: MISC:http://www.esecurityonline.com/advisories/eSO4126.asp Reference: MISC:http://www.esecurityonline.com/advisories/eSO4124.asp Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable. Analysis ---------------- ED_PRI CAN-2002-0086 3 Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC states that problems of the same type, in the same version of a single executable, should be MERGED; problems of different types should be SPLIT. Thus the 2 overflows should be MERGED, but they should be SPLIT from the file creation problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0087 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0087 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020306 Category: SF Reference: MISC:http://www.esecurityonline.com/advisories/eSO4125.asp bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files. Analysis ---------------- ED_PRI CAN-2002-0087 3 Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC states that problems of the same type, in the same version of a single executable, should be MERGED; problems of different types should be SPLIT. Thus the 2 overflows should be MERGED, but they should be SPLIT from the file creation problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0088 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0088 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020306 Category: SF Reference: MISC:http://www.esecurityonline.com/advisories/eSO4123.asp Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path. Analysis ---------------- ED_PRI CAN-2002-0088 3 Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC states that problems of the same type in the same executable should be SPLIT if they appear in different versions. The -d and PRODVERS overflows appear in Solaris 2.5 (and others), whereas the long media path does NOT appear in Solaris 2.5. Therefore, the long media path overflow should be SPLIT from the -d/PRODVERS overflow. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0089 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0089 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020306 Category: SF Reference: MISC:http://www.esecurityonline.com/advisories/eSO2397.asp Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file. Analysis ---------------- ED_PRI CAN-2002-0089 3 Vendor Acknowledgement: yes patch Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC states that problems of the same type in the same executable should be SPLIT if they appear in different versions. The -d and PRODVERS overflows appear in Solaris 2.5 (and others), whereas the long media path does NOT appear in Solaris 2.5. Therefore, the long media path overflow should be SPLIT from the -d/PRODVERS overflow. CD:SF-LOC also states that problems of the same type, in the same version, should be MERGED. Therefore, the -d and PRODVERS overflows should be in the same CVE item. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0090 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0090 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020306 Category: SF Reference: MISC:http://www.esecurityonline.com/advisories/eSO3761.asp Buffer overflow in lbxproxy in Solaris 8 allows local users to execute arbitrary code via a long display command line option. Analysis ---------------- ED_PRI CAN-2002-0090 3 Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0091 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0091 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020306 Category: SF Reference: MISC:http://www.esecurityonline.com/advisories/eSO2408.asp Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields. Analysis ---------------- ED_PRI CAN-2002-0091 3 Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
