|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-87 - 58 candidates
I am proposing cluster RECENT-87 for review and voting by the Editorial Board. Name: RECENT-87 Description: Candidates announced between 2/19/2002 and 2/28/2002 Size: 58 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0300 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0300 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020219 gnujsp: dir- and script-disclosure Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101415804625292&w=2 Reference: BUGTRAQ:20020220 Re: gnujsp: dir- and script-disclosure Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101422432123898&w=2 Reference: DEBIAN:DSA-114 Reference: URL:http://www.debian.org/security/2002/dsa-114 Reference: BID:4125 Reference: URL:http://online.securityfocus.com/bid/4125 gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file. Analysis ---------------- ED_PRI CAN-2002-0300 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0302 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0302 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020220 Symantec Enterprise Firewall (SEF) Notify Daemon data loss via SN MP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424225814604&w=2 Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20a.html Reference: BID:4139 Reference: URL:http://online.securityfocus.com/bid/4139 The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack. Analysis ---------------- ED_PRI CAN-2002-0302 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0329 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0329 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020227 RE: Open Bulletin Board javascript bug. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101485184605149&w=2 Reference: BUGTRAQ:20020227 Snitz 2000 Code Patch (was RE: Open Bulletin Board javascript bug.) Reference: URL:http://online.securityfocus.com/archive/1/258981 Reference: CONFIRM:http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660 Reference: BID:4192 Reference: URL:http://online.securityfocus.com/bid/4192 Reference: BID:4192 Reference: URL:http://www.securityfocus.com/bid/4192 Reference: XF:snitz-img-css(8309) Reference: URL:http://www.iss.net/security_center/static/8309.php Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag. Analysis ---------------- ED_PRI CAN-2002-0329 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0330 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0330 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020225 Open Bulletin Board javascript bug. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101466092601554&w=2 Reference: CONFIRM:http://community.iansoft.net/read.php?TID=5159 Reference: BID:4171 Reference: URL:http://online.securityfocus.com/bid/4171 Reference: XF:openbb-img-css(8278) Reference: URL:http://www.iss.net/security_center/static/8278.php Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag. Analysis ---------------- ED_PRI CAN-2002-0330 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0339 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0339 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CISCO:20020227 Cisco Security Advisory: Data Leak with Cisco Express Forwarding Reference: URL:http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml Reference: XF:ios-cef-information-leak(8296) Reference: URL:http://www.iss.net/security_center/static/8296.php Reference: BID:4191 Reference: URL:http://www.securityfocus.com/bid/4191 Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length. Analysis ---------------- ED_PRI CAN-2002-0339 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0292 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0292 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020219 [SA-2002:01] Slashcode login vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101414005501708&w=2 Reference: BID:4116 Reference: URL:http://online.securityfocus.com/bid/4116 Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field. Analysis ---------------- ED_PRI CAN-2002-0292 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0299 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0299 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020220 CNet CatchUp arbitrary code execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101438631921749&w=2 Reference: BID:3975 Reference: URL:http://online.securityfocus.com/bid/3975 CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan. Analysis ---------------- ED_PRI CAN-2002-0299 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0309 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0309 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020221 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101430810813853&w=2 Reference: BUGTRAQ:20020220 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424307617060&w=2 Reference: BID:4141 Reference: URL:http://online.securityfocus.com/bid/4141 SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information. Analysis ---------------- ED_PRI CAN-2002-0309 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0318 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0318 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020221 DoS Attack against many RADIUS servers Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440113410083&w=2 FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets. Analysis ---------------- ED_PRI CAN-2002-0318 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0293 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0293 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20020219 Security BugWare : Alcatel 4400 PBX hack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101413767925869&w=2 FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file. Analysis ---------------- ED_PRI CAN-2002-0293 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0294 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0294 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20020219 Security BugWare : Alcatel 4400 PBX hack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101413767925869&w=2 Reference: BID:4130 Reference: URL:http://online.securityfocus.com/bid/4130 Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system. Analysis ---------------- ED_PRI CAN-2002-0294 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0295 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0295 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20020219 Security BugWare : Alcatel 4400 PBX hack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101413767925869&w=2 Reference: BID:4133 Reference: URL:http://online.securityfocus.com/bid/4133 Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges. Analysis ---------------- ED_PRI CAN-2002-0295 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0296 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0296 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020219 Another local root vulnerability during installation of Tarantella Enterprise 3. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0187.html Reference: BUGTRAQ:20020224 Exploit for Tarantella Enterprise installation (bid 4115) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101467193803592&w=2 Reference: BID:4115 Reference: URL:http://www.securityfocus.com/bid/4115 The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file. Analysis ---------------- ED_PRI CAN-2002-0296 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0297 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0297 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020219 ScriptEase MiniWeb Server DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101415883727615&w=2 Reference: BID:4128 Reference: URL:http://online.securityfocus.com/bid/4128 Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request. Analysis ---------------- ED_PRI CAN-2002-0297 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0298 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0298 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020219 Four More ScriptEase MiniWeb Server v0.95 DoS Attacks Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424439220931&w=2 Reference: BID:4145 Reference: URL:http://online.securityfocus.com/bid/4145 ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) via certain HTTP GET requests containing (1) a %2e%2e (encoded dot-dot), (2) several /../ (dot dot) sequences, (3) a missing URI, or (4) several ../ in a URI that does not begin with a / (slash) character. Analysis ---------------- ED_PRI CAN-2002-0298 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0301 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0301 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020220 Re: Citrix NFuse 1.6 - additional network exposure Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424947801895&w=2 Reference: BID:4142 Reference: URL:http://online.securityfocus.com/bid/4142 Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters. Analysis ---------------- ED_PRI CAN-2002-0301 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0303 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0303 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020220 Security issue with GroupWise 6 and LDAP authentication in PostOffice Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101425369510983&w=2 Reference: BID:4154 Reference: URL:http://online.securityfocus.com/bid/4154 GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password. Analysis ---------------- ED_PRI CAN-2002-0303 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0304 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0304 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020220 SecurityOffice Security Advisory:// LilHTTP Web Server Protected File Access Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101432338000591&w=2 Reference: BUGTRAQ:20020320 LilHTTP Web Server Protected File Access Vulnerability (Solution) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101665069500433&w=2 Reference: MISC:http://www.summitcn.com/lilhttp/lildocs.html#WhatsNew Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request. Analysis ---------------- ED_PRI CAN-2002-0304 3 Vendor Acknowledgement: unknown discloser-claimed ACKNOWLEDGEMENT: the vendor's "What's New" page includes an entry for version 2.2, which states "fixed some known security issues with this server." It is not clear whether the vendor fixed THIS issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0305 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0305 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020221 Zero One Tech (ZOT) P100s PrintServer and SNMP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101432416503293&w=2 Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the default password, which could leave the server open to attack without the administrator's knowledge. Analysis ---------------- ED_PRI CAN-2002-0305 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0306 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0306 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020221 "Cthulhu xhAze" - Command execution in Ans.pl Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101430868616112&w=2 Reference: BID:4149 Reference: URL:http://online.securityfocus.com/bid/4149 ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the p (plugin) parameter. Analysis ---------------- ED_PRI CAN-2002-0306 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0307 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0307 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020221 "Cthulhu xhAze" - Command execution in Ans.pl Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101430868616112&w=2 Reference: BID:4147 Reference: URL:http://online.securityfocus.com/bid/4147 Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .. (dot dot) in the p parameter, which reads the target file and attempts to execute line using Perl's eval function. Analysis ---------------- ED_PRI CAN-2002-0307 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0308 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0308 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020221 AdMentor Login Flaw Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101430885516675&w=2 Reference: BID:4152 Reference: URL:http://online.securityfocus.com/bid/4152 admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments. Analysis ---------------- ED_PRI CAN-2002-0308 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0310 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0310 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020221 Netwin Webnews 1.1k Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101432236729631&w=2 Reference: BID:4156 Reference: URL:http://online.securityfocus.com/bid/4156 Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879. Analysis ---------------- ED_PRI CAN-2002-0310 3 Vendor Acknowledgement: Content Decisions: CF-DEFAULT, CF-PASS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0311 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0311 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020120 Unixware 7.1.1 scoadminreg.cgi local exploit Reference: URL:http://online.securityfocus.com/archive/1/251747 Reference: CALDERA:CSSA-2002-SCO.6 Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.6/CSSA-2002-SCO.6.txt Reference: BID:3936 Reference: URL:http://online.securityfocus.com/bid/3936 Reference: XF:unixware-webtop-execute-commands(7977) Reference: URL:http://www.iss.net/security_center/static/7977.php Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in scoadminreg.cgi or (2) service_action.cgi. Analysis ---------------- ED_PRI CAN-2002-0311 3 Vendor Acknowledgement: yes patch Content Decisions: SF-EXEC, VAGUE ABSTRACTION: while the Caldera advisory is vague, the severity of the issue, the affected program, and the timing of the advisory gives some hint that the advisory might be addressing the same issue that was reported a month previously. By reviewing the source code included in the specific patch (erg711951b.Z), one can see that the "$manager" variable - clearly the variable being manipulated by the posted exploit - is now being cleansed of shell metacharacters. Given this patch, plus the fact that Caldera did not dispute the poster's original claims, there is finally sufficient evidence that the Caldera advisory addresses the issue originally given in the Bugtraq post. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0312 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0312 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch) Reference: URL:http://online.securityfocus.com/archive/1/258365 Reference: NTBUGTRAQ:20020222 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch) Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0202&L=ntbugtraq&F=P&S=&P=10201 Reference: BUGTRAQ:20020221 SecurityOffice Security Advisory:// Essentia Web Server Directory Traversal Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101439734827908&w=2 Reference: XF:essentia-server-directory-traversal(8248) Reference: URL:http://www.iss.net/security_center/static/8248.php Reference: BID:4160 Reference: URL:http://www.securityfocus.com/bid/4160 Directory traversal vulnerability in Essentia Web Server 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. Analysis ---------------- ED_PRI CAN-2002-0312 3 Vendor Acknowledgement: yes followup Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0313 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0313 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch) Reference: URL:http://online.securityfocus.com/archive/1/258365 Reference: BUGTRAQ:20020221 SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440530023617&w=2 Reference: XF:essentia-server-long-request-dos(8249) Reference: URL:http://www.iss.net/security_center/static/8249.php Reference: BID:4159 Reference: URL:http://www.securityfocus.com/bid/4159 Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL. Analysis ---------------- ED_PRI CAN-2002-0313 3 Vendor Acknowledgement: yes followup Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0314 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0314 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020222 Morpheus, Kazaa and Grokster Remote DoS. Also Identity faking vulnerability. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101441689224760&w=2 Reference: BID:4122 Reference: URL:http://www.securityfocus.com/bid/4122 Reference: XF:fasttrack-message-service-dos(8273) Reference: URL:http://www.iss.net/security_center/static/8273.php fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up new windows per message. Analysis ---------------- ED_PRI CAN-2002-0314 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: EX-CLIENT-DOS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0315 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0315 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020222 Morpheus, Kazaa and Grokster Remote DoS. Also Identity faking vulnerability. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101441689224760&w=2 Reference: XF:fasttrack-message-service-spoof(8272) Reference: URL:http://www.iss.net/security_center/static/8272.php Reference: BID:4121 Reference: URL:http://www.securityfocus.com/bid/4121 fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof other users by modifying the username and network information in the message header. Analysis ---------------- ED_PRI CAN-2002-0315 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0316 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0316 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020222 XMB cross-scripting vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101447886404876&w=2 Reference: XF:xmb-php-css(8262) Reference: URL:http://www.iss.net/security_center/static/8262.php Reference: BID:4167 Reference: URL:http://www.securityfocus.com/bid/4167 Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x and earlier allows remote attackers to execute script as other XMB users by inserting the script into an IMG tag. Analysis ---------------- ED_PRI CAN-2002-0316 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0317 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0317 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020220 Gator installer Plugin allows any software to be installed Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101438671922874&w=2 Reference: MISC:http://www.gator.com/update/ Reference: XF:gator-activex-install(8266) Reference: URL:http://www.iss.net/security_center/static/8266.php Reference: BID:4161 Reference: URL:http://www.securityfocus.com/bid/4161 Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites to install arbitrary software by specifying a Trojan Gator installation file (setup.ex_) in the src parameter. Analysis ---------------- ED_PRI CAN-2002-0317 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: 2 days after disclosure, the vendor included a prominent "security fix" link on its front page, leading to an update page. The page did not include enough details to be certain that the vendor was fixing this vulnerability. Downloading the "GatorSecurityFix.exe" program and analyzing the ASCII strings in the program, it appears that it's trying to find and delete IEGator.dll - but it's still not clear whether that's a critical element of the vulnerability, or part of the process of updating. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0319 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0319 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020222 pforum: cross-site-scripting bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101446366708757&w=2 Reference: BID:4165 Reference: URL:http://www.securityfocus.com/bid/4165 Reference: XF:pforum-username-css(8263) Reference: URL:http://www.iss.net/security_center/static/8263.php Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username. Analysis ---------------- ED_PRI CAN-2002-0319 3 Vendor Acknowledgement: unknown foreign Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0320 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0320 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020221 Remote crashes in Yahoo messenger Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101439616623230&w=2 Reference: XF:yahoo-messenger-message-bo(8264) Reference: URL:http://www.iss.net/security_center/static/8264.php Reference: XF:yahoo-messenger-imvironment-bo(8265) Reference: URL:http://www.iss.net/security_center/static/8265.php Reference: BID:4162 Reference: URL:http://online.securityfocus.com/bid/4162 Reference: BID:4163 Reference: URL:http://online.securityfocus.com/bid/4163 Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field. Analysis ---------------- ED_PRI CAN-2002-0320 3 Vendor Acknowledgement: Content Decisions: SF-LOC INCLUSION: CD:EX-CLIENT-DOS suggests excluding problems that only cause a DoS within a client; however, this problem might be an exploitable buffer overflow (not proven), so this could be a more serious issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0321 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0321 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020221 Remote crashes in Yahoo messenger Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101439616623230&w=2 Reference: XF:yahoo-messenger-username-spoof(8267) Reference: URL:http://www.iss.net/security_center/static/8267.php Reference: BID:4164 Reference: URL:http://www.securityfocus.com/bid/4164 Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks. Analysis ---------------- ED_PRI CAN-2002-0321 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0322 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0322 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020223 Re: Remote crashes in Yahoo messenger Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101466489113920&w=2 Reference: BUGTRAQ:20020223 Re: Re: Remote crashes in Yahoo messenger Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101467298107635&w=2 Reference: BID:4173 Reference: URL:http://online.securityfocus.com/bid/4173 Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing. Analysis ---------------- ED_PRI CAN-2002-0322 3 Vendor Acknowledgement: Content Decisions: SF-LOC, DESIGN-NO-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0323 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0323 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020224 ScriptEase:WebServer Edition vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101465709621105&w=2 comment2.jse in ScriptEase:WebServer allows remote attackers to read arbitrary files by specifying the target file as an argument in the URL. Analysis ---------------- ED_PRI CAN-2002-0323 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0324 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0324 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020224 Greymatter 1.21c and earlier - remote login/pass exposure Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101465343308249&w=2 Reference: MISC:http://www.dangerousmonkey.com/dangblog/dangarch/00000051.htm Reference: XF:greymatter-gmrightclick-account-information(8277) Reference: URL:http://www.iss.net/security_center/static/8277.php Reference: BID:4169 Reference: URL:http://online.securityfocus.com/bid/4169 Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a "Clear And Exit" action. Analysis ---------------- ED_PRI CAN-2002-0324 3 Vendor Acknowledgement: no disputed disputed as poor configuration INCLUSION: the vendor effectively disputes the severity of the vulnerability since a proper logout of the tool (i.e., "Clear And Exit") would minimize the problem. However, the files would still be present during the user session, which means there is a race condition that could still be potentially exploited. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0325 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0325 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020226 BadBlue Yet Another Directory Traversal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101474689126219&w=2 Reference: BID:4179 Reference: URL:http://www.securityfocus.com/bid/4179 Reference: XF:badblue-dotdotdot-directory-traversal(8295) Reference: URL:http://www.iss.net/security_center/static/8295.php Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the URL. Analysis ---------------- ED_PRI CAN-2002-0325 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0326 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0326 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020226 BadBlue XSS vulnerabilities / Filesharing Server Worm Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101474387016066&w=2 Reference: BID:4180 Reference: URL:http://www.securityfocus.com/bid/4180 Reference: XF:badblue-url-css(8294) Reference: URL:http://www.iss.net/security_center/static/8294.php Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript. Analysis ---------------- ED_PRI CAN-2002-0326 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0327 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0327 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: VULN-DEV:20020222 Censoft TERM Emu bOf Reference: URL:http://online.securityfocus.com/archive/82/257731 Reference: BUGTRAQ:20020227 Century Software Term Exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101477608215471&w=2 Reference: XF:term-tty-bo(8291) Reference: URL:http://www.iss.net/security_center/static/8291.php Reference: BID:4174 Reference: URL:http://online.securityfocus.com/bid/4174 Buffer overflow in Century Software TERM allows local users to gain root privileges via a long tty argument to the callin program. Analysis ---------------- ED_PRI CAN-2002-0327 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0328 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0328 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020226 Re: Open Bulletin Board javascript bug. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101475420818274&w=2 Reference: BID:4182 Reference: URL:http://online.securityfocus.com/bid/4182 Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote attackers to execute arbitrary script as other Ikonboard users and steal cookies via Javascript in an IMG tag. Analysis ---------------- ED_PRI CAN-2002-0328 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0331 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0331 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020227 BPM STUDIO PRO 4.2 DIRECTORY ESCAPE VULNERABILITY Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101486044323352&w=2 Reference: XF:bpm-http-directory-traversal(8300) Reference: URL:http://www.iss.net/security_center/static/8300.php Reference: BID:4198 Reference: URL:http://online.securityfocus.com/bid/4198 Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request. Analysis ---------------- ED_PRI CAN-2002-0331 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0332 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0332 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020227 Remote exploit against xtelld and other fun Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494896516467&w=2 Reference: DEBIAN:DSA-121 Reference: URL:http://www.debian.org/security/2002/dsa-121 Reference: BID:4194 Reference: URL:http://www.securityfocus.com/bid/4194 Reference: XF:xtell-tty-directory-traversal(8313) Reference: URL:http://www.iss.net/security_center/static/8313.php Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to execute arbitrary code via (1) a long DNS hostname that is determined using reverse DNS lookups, (2) a long AUTH string, or (3) certain data in the xtell request. Analysis ---------------- ED_PRI CAN-2002-0332 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0333 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0333 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020227 Remote exploit against xtelld and other fun Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494896516467&w=2 Reference: DEBIAN:DSA-121 Reference: URL:http://www.debian.org/security/2002/dsa-121 Reference: BID:4194 Reference: URL:http://www.securityfocus.com/bid/4194 Reference: XF:xtell-tty-directory-traversal(8313) Reference: URL:http://www.iss.net/security_center/static/8313.php Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using a symlink with a short name, via a .. in the TTY argument. Analysis ---------------- ED_PRI CAN-2002-0333 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0334 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0334 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020227 Remote exploit against xtelld and other fun Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494896516467&w=2 Reference: DEBIAN:DSA-121 Reference: URL:http://www.debian.org/security/2002/dsa-121 Reference: BID:4197 Reference: URL:http://www.securityfocus.com/bid/4197 Reference: XF:xtell-log-symlink(8314) Reference: URL:http://www.iss.net/security_center/static/8314.php xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local users to modify files via a symlink attack on the .xtell-log file. Analysis ---------------- ED_PRI CAN-2002-0334 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0335 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0335 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020227 LBYTE&SECURITY.NNOV: Buffer overflows in Worldgroup Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101484128203523&w=2 Reference: BID:4186 Reference: URL:http://www.securityfocus.com/bid/4186 Reference: XF:worldgroup-http-get-bo(8298) Reference: URL:http://www.iss.net/security_center/static/8298.php Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request. Analysis ---------------- ED_PRI CAN-2002-0335 3 Vendor Acknowledgement: Content Decisions: SF-EXEC, SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0336 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0336 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020227 LBYTE&SECURITY.NNOV: Buffer overflows in Worldgroup Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101484128203523&w=2 Reference: XF:worldgroup-ftp-list-bo(8297) Reference: URL:http://www.iss.net/security_center/static/8297.php Reference: BID:4185 Reference: URL:http://www.securityfocus.com/bid/4185 Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a LIST command containing a large number of / (slash), * (wildcard), and .. characters. Analysis ---------------- ED_PRI CAN-2002-0336 3 Vendor Acknowledgement: Content Decisions: SF-EXEC, SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0337 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0337 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020227 2K, with RealPlayer Installed 100 % CPU utilization Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101495354424868&w=2 Reference: XF:realplayer-mp3-invalid-dos(8320) Reference: URL:http://www.iss.net/security_center/static/8320.php Reference: BID:4200 Reference: URL:http://www.securityfocus.com/bid/4200 RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files. Analysis ---------------- ED_PRI CAN-2002-0337 3 Vendor Acknowledgement: Content Decisions: EX-CLIENT-DOS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0338 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0338 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020227 SECURITY.NNOV: Special device access in The Bat! Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101483832026841&w=2 Reference: BID:4187 Reference: URL:http://www.securityfocus.com/bid/4187 Reference: XF:thebat-msdos-device-dos(8303) Reference: URL:http://www.iss.net/security_center/static/8303.php The Bat! 1.53d and 1.54beta, and possibly other versions, allows remote attackers to cause a denial of service (crash) via an attachment whose name includes an MS-DOS device name. Analysis ---------------- ED_PRI CAN-2002-0338 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0340 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0340 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020222 Windows Media Player executes WMF content in .MP3 files. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101447771102582&w=2 Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content. Analysis ---------------- ED_PRI CAN-2002-0340 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0341 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0341 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020227 SecurityOffice Security Advisory:// Novell GroupWise Web Access Path Disclosure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494830315071&w=2 GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter. Analysis ---------------- ED_PRI CAN-2002-0341 3 Vendor Acknowledgement: Content Decisions: REDISCOVERY, SF-LOC ABSTRACTION: this looks similar to CAN-1999-1006, but that issue was reported in 1999. However, the type of issue appears to be the same, as well as the affected version (5.5), so perhaps these 2 issues should be MERGED. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0342 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0342 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020226 BUG: Kmail client DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101475683425671&w=2 Reference: XF:kmail-message-body-dos(8283) Reference: URL:http://www.iss.net/security_center/static/8283.php Reference: BID:4177 Reference: URL:http://www.securityfocus.com/bid/4177 Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long. Analysis ---------------- ED_PRI CAN-2002-0342 3 Vendor Acknowledgement: unknown Content Decisions: EX-CLIENT-DOS INCLUSION: CD:EX-CLIENT-DOS suggests that if a problem only causes a DoS on the client side, and the scope of the problem is limited to the client, and the client only needs to be restarted to address the problem, then the problem should not be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0343 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0343 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020228 Hotline Client Plain password vuln. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101495128121299&w=2 Reference: XF:hotline-connect-plaintext-password(8327) Reference: URL:http://www.iss.net/security_center/static/8327.php Reference: BID:4210 Reference: URL:http://www.securityfocus.com/bid/4210 Hotline Client 1.8.5 stores sensitive user information, including passwords, in plaintext in the bookmarks file, which could allow local users with access to the bookmarks file to gain privileges by extracting the passwords. Analysis ---------------- ED_PRI CAN-2002-0343 3 Vendor Acknowledgement: Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0344 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0344 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020225 Symantec LiveUpdate Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101466781122312&w=2 Reference: BUGTRAQ:20020228 Re: "Javier Sanchez" jsanchez157@hotmail.com 02/25/2002 11:14 AM, Symantec Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101496301307285&w=2 Reference: BID:4170 Reference: URL:http://www.securityfocus.com/bid/4170 Reference: XF:nav-liveupdate-plaintext-account(8282) Reference: URL:http://www.iss.net/security_center/static/8282.php Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server. Analysis ---------------- ED_PRI CAN-2002-0344 3 Vendor Acknowledgement: yes followup Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0345 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0345 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020301 Re: "Peter Miller" pcmiller61@yahoo.com, 02/26/2002 03:48 AM RE: Symantec Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101529792821615&w=2 Reference: BUGTRAQ:20020226 RE: Symantec LiveUpdate Reference: URL:http://online.securityfocus.com/archive/1/258293 Reference: BID:4181 Reference: URL:http://www.securityfocus.com/bid/4181 Reference: XF:ghost-plaintext-account(8305) Reference: URL:http://www.iss.net/security_center/static/8305.php Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, which could allow an attacker to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0345 3 Vendor Acknowledgement: no disputed Content Decisions: DESIGN-WEAK-ENCRYPTION, INCLUSION INCLUSION: a followup post by Symantec (and another one by an independent party) claims that the key is only accessible to the Administrator account. If that is the case, then there are little or no gains to having this information that cannot already be obtained using the Administrator privileges. Perhaps this issue should not be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0346 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0346 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020228 Colbalt-RAQ-v4-Bugs&Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101495944202452&w=2 Reference: BID:4211 Reference: URL:http://www.securityfocus.com/bid/4211 Reference: XF:cobalt-raq-css(8321) Reference: URL:http://www.iss.net/security_center/static/8321.php Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi. Analysis ---------------- ED_PRI CAN-2002-0346 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0347 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0347 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020228 Colbalt-RAQ-v4-Bugs&Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101495944202452&w=2 Reference: BID:4208 Reference: URL:http://www.securityfocus.com/bid/4208 Reference: XF:cobalt-raq-directory-traversal(8322) Reference: URL:http://www.iss.net/security_center/static/8322.php Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request. Analysis ---------------- ED_PRI CAN-2002-0347 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0348 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0348 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020228 Colbalt-RAQ-v4-Bugs&Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101495944202452&w=2 Reference: XF:cobalt-raq-service-dos(8323) Reference: URL:http://www.iss.net/security_center/static/8323.php Reference: BID:4209 Reference: URL:http://www.securityfocus.com/bid/4209 service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument. Analysis ---------------- ED_PRI CAN-2002-0348 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0349 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0349 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020228 ... Tiny Personal Firewall ... Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494587110288&w=2 Reference: BID:4207 Reference: URL:http://www.securityfocus.com/bid/4207 Reference: XF:tinyfw-popup-gain-access(8324) Reference: URL:http://www.iss.net/security_center/static/8324.php Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the system even when the screen is locked, which could allow an attacker with physical access to the machine to hide activities or bypass access restrictions. Analysis ---------------- ED_PRI CAN-2002-0349 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
