|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-85 - 43 candidates
I am proposing cluster RECENT-85 for review and voting by the Editorial Board. Name: RECENT-85 Description: Candidates announced between 1/5/2002 and 2/5/2002 Size: 43 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0196 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0196 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020122 (Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory) Reference: URL:http://online.securityfocus.com/archive/1/251699 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=144966 Reference: BID:3924 Reference: URL:http://online.securityfocus.com/bid/3924 Reference: XF:cwpapi-getrelativepath-view-files(7981) Reference: URL:http://www.iss.net/security_center/static/7981.php GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root. Analysis ---------------- ED_PRI CAN-2002-0196 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0211 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0211 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020126 Vulnerability report for Tarantella Enterprise 3. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101208650722179&w=2 Reference: BUGTRAQ:20020404 Exploit for Tarantella Enterprise 3 installation (BID 3966) Reference: URL:http://online.securityfocus.com/archive/1/265845 Reference: CONFIRM:http://www.tarantella.com/security/bulletin-04.html Reference: BID:3966 Reference: URL:http://online.securityfocus.com/bid/3966 Reference: XF:tarantella-gunzip-tmp-race(7996) Reference: URL:http://www.iss.net/security_center/static/7996.php Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed. Analysis ---------------- ED_PRI CAN-2002-0211 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0226 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0226 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020201 Vulnerability in all versions of DCForum from dcscripts.com Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101258311519504&w=2 Reference: CONFIRM:http://www.dcscripts.com/bugtrac/DCForumID7/3.html Reference: BID:4014 Reference: URL:http://www.securityfocus.com/bid/4014 Reference: XF:dcforum-cgi-recover-passwords(8044) Reference: URL:http://www.iss.net/security_center/static/8044.php retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user. Analysis ---------------- ED_PRI CAN-2002-0226 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0230 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0230 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020204 [SUPERPETZ ADVISORY #002- Faq-O-Matic Cross-Site Scripting Vulnerability] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101285834018701&w=2 Reference: BUGTRAQ:20020205 Faq-O-Matic Cross-Site Scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101293973111873&w=2 Reference: CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=464940&forum_id=6367 Reference: DEBIAN:DSA-109 Reference: URL:http://www.debian.org/security/2002/dsa-109 Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message. Analysis ---------------- ED_PRI CAN-2002-0230 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: an an email archive for the faqomatic-users list, the vendor states "The fix for the cmd=<script> CSS bug is now in CVS." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0237 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0237 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020209 ALERT: ISS BlackICE Kernel Overflow Exploitable Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101321744807452&w=2 Reference: BUGTRAQ:20020204 Vulnerability in Black ICE Defender Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101286393404301&w=2 Reference: NTBUGTRAQ:20020209 ALERT: ISS BlackICE Kernel Overflow Exploitable Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101353165915171&w=2 Reference: BUGTRAQ:20020206 Black ICE Ping Vulnerability Side Note Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101302424803268&w=2 Reference: ISS:20020204 DoS and Potential Overflow Vulnerability in BlackICE Products Reference: URL:http://www.iss.net/security_center/alerts/advise109.php Reference: BID:4025 Reference: URL:http://online.securityfocus.com/bid/4025 Reference: XF:blackice-ping-flood-dos(8058) Reference: URL:http://www.iss.net/security_center/static/8058.php Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a flood of large ICMP ping packets. Analysis ---------------- ED_PRI CAN-2002-0237 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0197 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0197 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020122 psyBNC 2.3 Beta - encrypted text "spoofable" in others' irc terminals Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101173478806580&w=2 Reference: BUGTRAQ:20020122 psyBNC2.3 Beta - encrypted text spoofable in others irc terminal Reference: URL:http://online.securityfocus.com/archive/1/251832 Reference: XF:psybnc-view-encrypted-messages(7985) Reference: URL:http://www.iss.net/security_center/static/7985.php Reference: BID:3931 Reference: URL:http://www.securityfocus.com/bid/3931 psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate. Analysis ---------------- ED_PRI CAN-2002-0197 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0207 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0207 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: VULN-DEV:20020105 RealPlayer Buffer Problem Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html Reference: BUGTRAQ:20020124 Potential RealPlayer 8 Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/252414 Reference: BUGTRAQ:20020124 RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01] Reference: URL:http://online.securityfocus.com/archive/1/252425 Reference: MISC:http://sentinelchicken.com/advisories/realplayer/ Reference: BID:3809 Reference: URL:http://online.securityfocus.com/bid/3809 Reference: XF:realplayer-file-header-bo(7839) Reference: URL:http://www.iss.net/security_center/static/7839.php Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header. Analysis ---------------- ED_PRI CAN-2002-0207 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0209 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0209 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020125 Alteon ACEdirector signature/security bug Reference: URL:http://online.securityfocus.com/archive/1/252455 Reference: BUGTRAQ:20020312 Re: Alteon ACEdirector signature/security bug Reference: URL:http://online.securityfocus.com/archive/1/261548 Reference: BID:3964 Reference: URL:http://online.securityfocus.com/bid/3964 Reference: XF:acedirector-http-reveal-ip(8010) Reference: URL:http://www.iss.net/security_center/static/8010.php Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address. Analysis ---------------- ED_PRI CAN-2002-0209 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0198 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0198 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020122 pldaniels - ripMime 1.2.6 and lower? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101182636812381&w=2 Reference: CONFIRM:http://pldaniels.org/ripmime/CHANGELOG Reference: BID:3941 Reference: URL:http://online.securityfocus.com/bid/3941 Reference: XF:ripmime-long-filename-bo(7983) Reference: URL:http://www.iss.net/security_center/static/7983.php Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename. Analysis ---------------- ED_PRI CAN-2002-0198 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-CODEBASE ACKNOWLEDGEMENT: In the changelog, an item dated "Thu Nov 15 2001" says "Corrected buffer overrun with MIME_headers." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0199 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0199 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020119 Shoutcast server 1.8.3 win32 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101167484012724&w=2 Reference: BID:3934 Reference: URL:http://online.securityfocus.com/bid/3934 Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes. Analysis ---------------- ED_PRI CAN-2002-0199 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0200 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0200 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020122 CyberStop-Server-DoS-remote-attacks Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101174569103289&w=2 Reference: BID:3929 Reference: URL:http://online.securityfocus.com/bid/3929 Reference: XF:cyberstop-device-name-dos(7959) Reference: URL:http://www.iss.net/security_center/static/7959.php Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name Analysis ---------------- ED_PRI CAN-2002-0200 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0201 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0201 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020122 CyberStop-Server-DoS-remote-attacks Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101174569103289&w=2 Reference: BID:3930 Reference: URL:http://online.securityfocus.com/bid/3930 Reference: XF:cyberstop-long-request-dos(7960) Reference: URL:http://www.iss.net/security_center/static/7960.php Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow. Analysis ---------------- ED_PRI CAN-2002-0201 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0202 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0202 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20020123 Vulnerabilty in PaintBBS v1.2 Reference: URL:http://online.securityfocus.com/archive/1/251985 Reference: BID:3948 Reference: URL:http://online.securityfocus.com/bid/3948 Reference: XF:paintbbs-insecure-permissions(7982) Reference: URL:http://www.iss.net/security_center/static/7982.php PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable /oekaki/ folder. Analysis ---------------- ED_PRI CAN-2002-0202 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0203 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0203 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020124 ISSTW Security Advisory Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101190195430376&w=2 Reference: CONFIRM:http://www.tarantella.com/security/bulletin-03.html ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter. Analysis ---------------- ED_PRI CAN-2002-0203 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: A followup was posted that claimed that this issue was "mostly resolved" via BID:2890, which is CVE-2001-0805. However, (1) CVE-2001-0805 described a directory traversal issue and this one does not, and (2) CVE-2001-0805 was fixed after version 3.01, and this issue affects many more versions. Since different problem types and different versions are involved, CD:SF-LOC clearly indicates that the two problems should be SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0204 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0204 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020124 gnuchess buffer overflow vulnerabilty Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101189688815514&w=2 Reference: BID:3949 Reference: URL:http://online.securityfocus.com/bid/3949 Reference: XF:gnu-chess-bo(7991) Reference: URL:http://www.iss.net/security_center/static/7991.php Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command. Analysis ---------------- ED_PRI CAN-2002-0204 3 Vendor Acknowledgement: no disputed Content Decisions: DEFINITION INCLUSION: The original post includes a quote from the vendor, which states: "The GNU chess 5 code base was not written with security as a prime goal as it is intended to be run locally on the users own computer and does not provide a network interface... GNUchess has no Internet interface built-in." So, the discloser is trying to use the software in a way other than designed, and the software as provided has no vulnerabilities that an attacker could use to cause damage or gain privileges. Therefore, this report does not satisfy the CVE definition of a vulnerability or exposure, and probably should not be included in CVE, despite the fact that the vendor fixed the issue in 5.03. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0205 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0205 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: VULN-DEV:20020104 Cross-Site Scripting in PlumTree? Reference: URL:http://online.securityfocus.com/archive/82/248396 Reference: BUGTRAQ:20020124 Plumtree Corporate Portal Cross-Site Scripting (Patch Available) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101189911121808&w=2 Reference: BID:3799 Reference: URL:http://online.securityfocus.com/bid/3799 Reference: XF:plumtree-css-error(7817) Reference: URL:http://www.iss.net/security_center/static/7817.php Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter. Analysis ---------------- ED_PRI CAN-2002-0205 3 Vendor Acknowledgement: unknown discloser-claimed ACKNOWLEDGEMENT: the discloser says that the problem was resolved by the vendor in "supportnet article number #11012". However, the vendor's web page requires registration, so it could not be accessed. Therefore, there is insufficient information to be certain that the problem has been resolved. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0206 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0206 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020116 PHP-Nuke allows Command Execution & Much more Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101121913914205&w=2 Reference: BID:3889 Reference: URL:http://online.securityfocus.com/bid/3889 index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter. Analysis ---------------- ED_PRI CAN-2002-0206 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0208 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0208 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020125 Identifying PGP Corporate Desktop 7.1 with PGPfire Personal Desktop Firewall installed (no need to be enabled) on Microsoft Windows Based OSs Reference: URL:http://online.securityfocus.com/archive/1/252407 Reference: BID:3961 Reference: URL:http://online.securityfocus.com/bid/3961 Reference: XF:pgpfire-icmp-fingerprint(8008) Reference: URL:http://www.iss.net/security_center/static/8008.php PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire. Analysis ---------------- ED_PRI CAN-2002-0208 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0210 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0210 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020126 bru backup program Reference: URL:http://online.securityfocus.com/archive/1/252614 Reference: BID:3970 Reference: URL:http://online.securityfocus.com/bid/3970 Reference: XF:bru-tmp-file-symlink(8003) Reference: URL:http://www.iss.net/security_center/static/8003.php setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/brutest.$$ temporary file. Analysis ---------------- ED_PRI CAN-2002-0210 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0212 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0212 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020126 [ARL02-A01] Vulnerability in Hosting Controller Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101224151705897&w=2 Reference: MISC:http://hostingcontroller.com/English/patches/ForAll/index.html Reference: BID:3971 Reference: URL:http://online.securityfocus.com/bid/3971 Reference: XF:hosting-controller-brute-force(8006) Reference: URL:http://www.iss.net/security_center/static/8006.php The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack. Analysis ---------------- ED_PRI CAN-2002-0212 3 Vendor Acknowledgement: unknown discloser-claimed ACKNOWLEDGEMENT: The vendor web page has a patch labeled "Password Security Hot Fix (03/05/2002)." However, this is dated more than a month after the discloser said a patch was available. The readme in the patch explicitly omits details, and the patched "updateuserdesc.asp" file does not seem to be related. Therefore, it is most likely that the advertised patch does NOT fix the vulnerability reported in this CVE item, and the vendor acknowledgement is vague at best. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0213 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0213 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20020128 [ Hackerslab bug_paper ] Xkas application vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101223525118717&w=2 Reference: BID:3969 Reference: URL:http://online.securityfocus.com/bid/3969 Reference: XF:kashare-xkas-icon-symlink(8002) Reference: URL:http://www.iss.net/security_center/static/8002.php xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink attack on the VOLICON file, which copied to the .HSicon file in a shared directory. Analysis ---------------- ED_PRI CAN-2002-0213 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0214 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0214 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020128 Intel WLAN Driver storing 128bit WEP-Key in plain text! Reference: URL:http://online.securityfocus.com/archive/1/252607 Reference: BID:3968 Reference: URL:http://online.securityfocus.com/bid/3968 Reference: XF:intel-wlan-wep-plaintext(8015) Reference: URL:http://www.iss.net/security_center/static/8015.php Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in plaintext in a registry key with weak permissions, which allows local users to decrypt network traffic by reading the WEP key from the registry key. Analysis ---------------- ED_PRI CAN-2002-0214 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0215 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0215 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020128 [SUPERPETZ ADVISORY #001 - agora.cgi Secret Path Disclosure Vulnerability] Reference: URL:http://online.securityfocus.com/archive/1/252761 Reference: BID:3976 Reference: URL:http://online.securityfocus.com/bid/3976 Reference: XF:agora-cgi-revel-path(8011) Reference: URL:http://www.iss.net/security_center/static/8011.php Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message. Analysis ---------------- ED_PRI CAN-2002-0215 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0216 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0216 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020129 Xoops SQL fragment disclosure and SQL injection vulnerability Reference: URL:http://online.securityfocus.com/archive/1/252827 Reference: BID:3977 Reference: URL:http://online.securityfocus.com/bid/3977 Reference: XF:xoops-userinfo-information-disclosure(8028) Reference: URL:http://www.iss.net/security_center/static/8028.php userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter. Analysis ---------------- ED_PRI CAN-2002-0216 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0217 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0217 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020129 Xoops Private Message System Script injection Reference: URL:http://online.securityfocus.com/archive/1/252828 Reference: BID:3978 Reference: URL:http://online.securityfocus.com/bid/3978 Reference: BID:3981 Reference: URL:http://online.securityfocus.com/bid/3981 Reference: XF:xoops-private-message-css(8025) Reference: URL:http://www.iss.net/security_center/static/8025.php Reference: XF:xoops-pmlite-image-css(8030) Reference: URL:http://www.iss.net/security_center/static/8030.php Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php. Analysis ---------------- ED_PRI CAN-2002-0217 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests combining problems of the same type, that affect the same version, into a single item. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0218 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0218 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020129 sastcpd Buffer Overflow and Format String Vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/252891 Reference: BUGTRAQ:20020129 Re: [VulnWatch] sastcpd Buffer Overflow and Format String Vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/252847 Reference: MISC:http://www.sas.com/service/techsup/unotes/SN/004/004201.html Reference: BID:3980 Reference: URL:http://online.securityfocus.com/bid/3980 Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument. Analysis ---------------- ED_PRI CAN-2002-0218 3 Vendor Acknowledgement: unknown vague Content Decisions: SF-LOC, SF-EXEC, VAGUE ACKNOWLEDGEMENT: a followup post claims that the SAS advisory (listed as a MISC reference here) "appears to [address]" this vulnerability. However, that cannot be regarded as sufficient vendor acknowledgement for CVE. Reviewing the advisory indicates some evidence that the vendor is fixing this issue, but the vendor is not clear enough to be absolutely certain that the vendor is fixing *this* issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0219 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0219 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020129 sastcpd Buffer Overflow and Format String Vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/252891 Reference: BUGTRAQ:20020129 Re: [VulnWatch] sastcpd Buffer Overflow and Format String Vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/252847 Reference: MISC:http://www.sas.com/service/techsup/unotes/SN/004/004201.html Reference: BID:3979 Reference: URL:http://online.securityfocus.com/bid/3979 Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument. Analysis ---------------- ED_PRI CAN-2002-0219 3 Vendor Acknowledgement: unknown vague Content Decisions: SF-LOC, SF-EXEC, VAGUE ACKNOWLEDGEMENT: a followup post claims that the SAS advisory (listed as a MISC reference here) "appears to [address]" this vulnerability. However, that cannot be regarded as sufficient vendor acknowledgement for CVE. Reviewing the advisory indicates some evidence that the vendor is fixing this issue, but the vendor is not clear enough to be absolutely certain that the vendor is fixing *this* issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0220 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0220 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020129 PhpSmsSend remote execute commands bug Reference: URL:http://online.securityfocus.com/archive/1/252918 Reference: BID:3982 Reference: URL:http://online.securityfocus.com/bid/3982 Reference: XF:phpsmssend-command-execution(8019) Reference: URL:http://www.iss.net/security_center/static/8019.php phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute arbitrary commands via an SMS message containing shell metacharacters. Analysis ---------------- ED_PRI CAN-2002-0220 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0221 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0221 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020129 Vulnerabilities in EServ 2.97 Reference: URL:http://online.securityfocus.com/archive/1/252944 Reference: BID:3983 Reference: URL:http://online.securityfocus.com/bid/3983 Reference: XF:eserv-pasv-dos(8020) Reference: URL:http://www.iss.net/security_center/static/8020.php Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV. Analysis ---------------- ED_PRI CAN-2002-0221 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0222 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0222 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: Reference: BUGTRAQ:20020129 Vulnerabilities in EServ 2.97 Reference: URL:http://online.securityfocus.com/archive/1/252944 Reference: BID:3986 Reference: URL:http://online.securityfocus.com/bid/3986 Reference: XF:eserv-ftp-bounce(8021) Reference: URL:http://www.iss.net/security_center/static/8021.php Etype Eserv 2.97 allows remote attackers to to redirect traffic to other sites (aka FTP bounce) via the PORT command. Analysis ---------------- ED_PRI CAN-2002-0222 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0223 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0223 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020130 [ WWWThreads, UBBThreads ] Security Hole in upload system Reference: URL:http://online.securityfocus.com/archive/1/253172 Reference: XF:ubbthreads-file-upload(8022) Reference: URL:http://www.iss.net/security_center/static/8022.php Reference: BID:3993 Reference: URL:http://online.securityfocus.com/bid/3993 Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension. Analysis ---------------- ED_PRI CAN-2002-0223 3 Vendor Acknowledgement: unknown Content Decisions: SF-CODEBASE ABSTRACTION: The product was originally known as wwwthreads but was bought by Infopop and they changed the name to UBBthreads. By CD:SF-CODEBASE, the two issues should be MERGED. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0224 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0224 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020131 msdtc on 3372 Reference: URL:http://online.securityfocus.com/archive/1/253360 Reference: BUGTRAQ:20020419 KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS Reference: URL:http://online.securityfocus.com/archive/1/268593 Reference: BID:4006 Reference: URL:http://online.securityfocus.com/bid/4006 The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. Analysis ---------------- ED_PRI CAN-2002-0224 3 Vendor Acknowledgement: unknown vague Content Decisions: VAGUE ACKNOWLEDGEMENT: It can not be conclusively proven whether Microsoft has fixed this issue or not. Peter Grundl, author of the April 19 post, says that Microsoft bulletin MS02-018 fixes the problem, but Grundl says that MS02-018 "does not mention this vulnerability." Since Grundl is already credited in MS02-018 with finding an "HTR ISAPI extension" overflow (CAN-2002-0071), this issue is clearly different than CAN-2002-0071. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0225 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0225 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20020130 tac_plus version F4.0.4.alpha on at least Solaris 8 sparc Reference: URL:http://online.securityfocus.com/archive/1/253288 Reference: BID:4003 Reference: URL:http://www.securityfocus.com/bid/4003 Reference: XF:tacplus-insecure-accounting-files(8061) Reference: URL:http://www.iss.net/security_center/static/8061.php tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files. Analysis ---------------- ED_PRI CAN-2002-0225 3 Vendor Acknowledgement: unknown Content Decisions: EX-BETA Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0227 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0227 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020201 KICQ 2.0.0b1 can be remotely crashed Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101266856410129&w=2 Reference: BID:4018 Reference: URL:http://online.securityfocus.com/bid/4018 Reference: XF:kicq-telnet-dos(8064) Reference: URL:http://www.iss.net/security_center/static/8064.php KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message. Analysis ---------------- ED_PRI CAN-2002-0227 3 Vendor Acknowledgement: unknown Content Decisions: EX-BETA, EX-CLIENT-DOS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0228 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0228 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too) Reference: URL:http://online.securityfocus.com/archive/1/254021 Reference: XF:msn-messenger-reveal-information(8084) Reference: URL:http://www.iss.net/security_center/static/8084.php Reference: BID:4028 Reference: URL:http://online.securityfocus.com/bid/4028 Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites). Analysis ---------------- ED_PRI CAN-2002-0228 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0229 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0229 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: NTBUGTRAQ:20020203 PHP Safe Mode Filesystem Circumvention Problem Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101285016125377&w=2 Reference: BUGTRAQ:20020203 PHP Safe Mode Filesystem Circumvention Problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101286577109716&w=2 Reference: NTBUGTRAQ:20020205 Re: PHP Safe Mode Filesystem Circumvention Problem Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101303065423534&w=2 Reference: BUGTRAQ:20020206 DW020203-PHP clarification Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101304702002321&w=2 Reference: NTBUGTRAQ:20020206 DW020203-PHP clarification Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101303819613337&w=2 Reference: BID:4026 Reference: URL:http://online.securityfocus.com/bid/4026 Reference: XF:php-mysql-safemode-bypass(8105) Reference: URL:http://www.iss.net/security_center/static/8105.php Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements. Analysis ---------------- ED_PRI CAN-2002-0229 3 Vendor Acknowledgement: A followup post indicates that this type of vulnerability may only exist in certain unsafe MySQL configurations, in which case Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0231 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0231 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020203 Buffer overflow in mIRC allowing arbitary code to be executed. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101286747013955&w=2 Reference: MISC:http://www.uuuppz.com/research/adv-001-mirc.htm Reference: XF:mirc-nickname-bo(8083) Reference: URL:http://www.iss.net/security_center/static/8083.php Reference: BID:4027 Reference: URL:http://online.securityfocus.com/bid/4027 Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the client via a long nickname. Analysis ---------------- ED_PRI CAN-2002-0231 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0232 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0232 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020202 new advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101266821909189&w=2 Reference: BID:4017 Reference: URL:http://www.securityfocus.com/bid/4017 Reference: XF:mrtg-cgi-view-files(8062) Reference: URL:http://www.iss.net/security_center/static/8062.php Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the cfg parameter for (1) 14all.cgi, (2) 14all-1.1.cgi, (3) traffic.cgi, or (4) mrtg.cgi. Analysis ---------------- ED_PRI CAN-2002-0232 3 Vendor Acknowledgement: Content Decisions: SF-EXEC ABSTRACTION: CD:SF-EXEC suggests combining problems of the same type in multiple executables of the the same version of the same package. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0233 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0233 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020205 Viewing arbitrary file from the file system using Eshare Expressions 4 server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101292885809975&w=2 Reference: XF:expressions-dot-directory-traversal(8079) Reference: URL:http://www.iss.net/security_center/static/8079.php Reference: BID:4029 Reference: URL:http://www.securityfocus.com/bid/4029 Directory traversal vulnerability in eshare Expressions 4 Web server allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. Analysis ---------------- ED_PRI CAN-2002-0233 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0234 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0234 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020205 NetScreen Response to ScreenOS Port Scan DoS Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/254268 Reference: BUGTRAQ:20020201 NetScreen ScreenOS 2.6 Subject to Trust Interface DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101258281818524&w=2 Reference: BUGTRAQ:20020201 RE: NetScreen ScreenOS 2.6 Subject to Trust Interface DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101258887105690&w=2 Reference: BID:4015 Reference: URL:http://www.securityfocus.com/bid/4015 Reference: XF:netscreen-screenos-scan-dos(8057) Reference: URL:http://www.iss.net/security_center/static/8057.php NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which consumes all available connections. Analysis ---------------- ED_PRI CAN-2002-0234 3 Vendor Acknowledgement: yes followup Content Decisions: SECTOOL-DESIGN Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0235 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0235 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020205 Castelle Faxpress: Password used for NT Print queue can be discl osed in Plain Text Reference: URL:http://online.securityfocus.com/archive/1/254168 Reference: BID:4030 Reference: URL:http://www.securityfocus.com/bid/4030 Reference: XF:faxpress-plaintext-password(8086) Reference: URL:http://www.iss.net/security_center/static/8086.php Castelle FaxPress, possibly 6.3 and other versions, when configured to use the Network print queue, allows attackers to obtain the username and password by submitting an incorrect login, which causes Faxpress to leak the correct username and password in plaintext in an error event. Analysis ---------------- ED_PRI CAN-2002-0235 3 Vendor Acknowledgement: unknown discloser-claimed ACKNOWLEDGEMENT: Castelle tech support is not accessible by email; could not fill out support request form (registration code was needed). Sent general online feedback inquiry to http://www.castelle.com/feedback_form.htm on March 15, 2002. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0236 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0236 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020205 Published Report of Vulnerability in Lucent VitalSuite Software Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101294507827698&w=2 Reference: XF:vitalnet-unauth-access(7936) Reference: URL:http://www.iss.net/security_center/static/7936.php Reference: BID:3784 Reference: URL:http://www.securityfocus.com/bid/3784 Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user. Analysis ---------------- ED_PRI CAN-2002-0236 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0238 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0238 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020203 Netgear RT311/RT314 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101286360203461&w=2 Reference: XF:netgear-web-interface-css(8082) Reference: URL:http://www.iss.net/security_center/static/8082.php Reference: BID:4024 Reference: URL:http://online.securityfocus.com/bid/4024 Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script. Analysis ---------------- ED_PRI CAN-2002-0238 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
