|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-88 - 54 candidates
I am proposing cluster RECENT-88 for review and voting by the Editorial Board. Name: RECENT-88 Description: Candidates (mostly) reserved between 3/1/2002 and 4/30/2002 Size: 54 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0017 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0017 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020111 Category: SF Reference: ISS:20020403 Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon Reference: URL:http://www.iss.net/security_center/alerts/advise113.php Reference: SGI:20020201-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-P Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request. Analysis ---------------- ED_PRI CAN-2002-0017 1 Vendor Acknowledgement: yes advisory ABSTRACTION: while this issue may appear to be the same as CAN-2002-0012 or CAN-2002-0013, it is addressed by a different patch, so CD:SF-LOC suggests keeping this SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0040 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0040 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020116 Category: SF Reference: SGI:20020306-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020306-01-P Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to cause privileged applications to dump core via the HOSTALIASES environment variable, which might allow the users to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0040 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0051 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0051 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020202 Category: SF Reference: BUGTRAQ:20011205 SECURITY.NNOV: file locking and security (group policy DoS on Windows 2000 domain) Reference: URL:http://online.securityfocus.com/archive/1/244329 Reference: MS:MS02-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-016.asp Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. Analysis ---------------- ED_PRI CAN-2002-0051 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0064 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0064 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020219 Category: CF Reference: BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x Reference: URL:http://razor.bindview.com/publish/advisories/adv_FunkProxy.html Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system. Analysis ---------------- ED_PRI CAN-2002-0064 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0065 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0065 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020219 Category: SF Reference: BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x Reference: URL:http://razor.bindview.com/publish/advisories/adv_FunkProxy.html Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry. Analysis ---------------- ED_PRI CAN-2002-0065 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0066 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0066 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020219 Category: SF Reference: BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x Reference: URL:http://razor.bindview.com/publish/advisories/adv_FunkProxy.html Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges. Analysis ---------------- ED_PRI CAN-2002-0066 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0071 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0071 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020221 Category: SF Reference: ATSTAKE:A041002-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a041002-1.txt Reference: BUGTRAQ:20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101854087828265&w=2 Reference: VULNWATCH:20020411 [VulnWatch] KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. Analysis ---------------- ED_PRI CAN-2002-0071 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0072 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0072 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020221 Category: SF Reference: BUGTRAQ:20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101853851025208&w=2 Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer. Analysis ---------------- ED_PRI CAN-2002-0072 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0073 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0073 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020221 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request. Analysis ---------------- ED_PRI CAN-2002-0073 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0074 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0074 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020221 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. Analysis ---------------- ED_PRI CAN-2002-0074 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0075 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0075 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020221 Category: SF Reference: BUGTRAQ:20020411 [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101854677802990&w=2 Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. Analysis ---------------- ED_PRI CAN-2002-0075 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0076 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0076 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020221 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS02-013 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-013.asp Reference: SUN:00218 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218 Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability. Analysis ---------------- ED_PRI CAN-2002-0076 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0078 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0078 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020221 Category: SF Reference: MS:MS02-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-015.asp The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. Analysis ---------------- ED_PRI CAN-2002-0078 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0079 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0079 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020221 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20020410 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101846993304518&w=2 Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. Analysis ---------------- ED_PRI CAN-2002-0079 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0147 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0147 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020319 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." Analysis ---------------- ED_PRI CAN-2002-0147 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0148 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020319 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20020410 IIS allows universal CrossSiteScripting Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. Analysis ---------------- ED_PRI CAN-2002-0148 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0149 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0149 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020319 Category: SF Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. Analysis ---------------- ED_PRI CAN-2002-0149 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0150 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0150 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020319 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. Analysis ---------------- ED_PRI CAN-2002-0150 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0151 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0151 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020319 Category: SF Reference: BUGTRAQ:20020404 NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101793727306282&w=2 Reference: VULNWATCH:20020404 NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow Reference: MS:MS02-017 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-017.asp Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. Analysis ---------------- ED_PRI CAN-2002-0151 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0152 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0152 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020319 Category: SF Reference: BUGTRAQ:20020416 w00w00 on Microsoft IE/Office for Mac OS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101897994314015&w=2 Reference: MS:MS02-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-019.asp Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. Analysis ---------------- ED_PRI CAN-2002-0152 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0153 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0153 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020319 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS02-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-019.asp Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability. Analysis ---------------- ED_PRI CAN-2002-0153 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0154 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0154 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020319 Category: SF Reference: BUGTRAQ:20020305 Another Sql Server 7 Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101535353331625&w=2 Reference: BUGTRAQ:20020312 Many, many, many Sql Server 7 & 2000 Buffer Overflows Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100891252317406&w=2 Reference: MS:MS02-020 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-020.asp Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments. Analysis ---------------- ED_PRI CAN-2002-0154 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0159 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0159 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020327 Category: SF Reference: BUGTRAQ:20020403 iXsecurity.20020314.csadmin_fmt.a Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101787248913611&w=2 Reference: CISCO:20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows Reference: URL:http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002 Analysis ---------------- ED_PRI CAN-2002-0159 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0160 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0160 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020327 Category: SF Reference: BUGTRAQ:20020403 iXsecurity.20020316.csadmin_dir.a Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101786689128667&w=2 Reference: CISCO:20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows Reference: URL:http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. Analysis ---------------- ED_PRI CAN-2002-0160 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0163 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0163 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020328 Category: SF Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_2.txt Reference: FREEBSD:FreeBSD-SA-02:19 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101717809709222 Reference: MANDRAKE:MDKSA-2002:027 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php Heap overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses. Analysis ---------------- ED_PRI CAN-2002-0163 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0164 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0164 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020402 Category: SF Reference: CALDERA:CSSA-2002-009.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-009.0.txt Vulnerability in the MIT-SHM extension of the X server on Linux allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges. Analysis ---------------- ED_PRI CAN-2002-0164 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0166 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0166 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020409 Category: SF Reference: DEBIAN:DSA-125 Reference: URL:http://www.debian.org/security/2002/dsa-125 Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display. Analysis ---------------- ED_PRI CAN-2002-0166 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0167 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0167 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020410 Category: SF Reference: REDHAT:RHSA-2002:048 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-048.html Reference: CONECTIVA:CLA-2002:470 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470 Reference: BID:4339 Reference: URL:http://online.securityfocus.com/bid/4339 Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM. Analysis ---------------- ED_PRI CAN-2002-0167 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0168 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0168 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020410 Category: SF Reference: REDHAT:RHSA-2002:048 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-048.html Reference: CONECTIVA:CLA-2002:470 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470 Reference: BID:4336 Reference: URL:http://online.securityfocus.com/bid/4336 Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption. Analysis ---------------- ED_PRI CAN-2002-0168 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0170 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0170 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020411 Category: SF Reference: BUGTRAQ:20020301 [matt@zope.com: [Zope-Annce] Zope Hotfix 2002-03-01 (Ownership Roles Enforcement)] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101503023511996&w=2 Reference: CONFIRM:http://www.zope.org/Products/Zope/hotfixes/ Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration. Analysis ---------------- ED_PRI CAN-2002-0170 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0171 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0171 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020411 Category: SF Reference: SGI:20020406-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020406-01-P IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0171 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0172 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0172 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020411 Category: CF Reference: SGI:20020408-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020408-01-I /dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption). Analysis ---------------- ED_PRI CAN-2002-0172 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0173 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0173 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020411 Category: SF Reference: SGI:20020409-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020409-01-I Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges. Analysis ---------------- ED_PRI CAN-2002-0173 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0175 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0175 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020415 Category: SF Reference: BUGTRAQ:20020320 Bypassing libsafe format string protection Reference: URL:http://online.securityfocus.com/archive/1/263121 Reference: MANDRAKE:MDKSA-2002:026 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php Reference: BID:4326 Reference: URL:http://online.securityfocus.com/bid/4326 libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe. Analysis ---------------- ED_PRI CAN-2002-0175 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0176 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0176 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020415 Category: SF Reference: BUGTRAQ:20020320 Bypassing libsafe format string protection Reference: URL:http://online.securityfocus.com/archive/1/263121 Reference: MANDRAKE:MDKSA-2002:026 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php Reference: BID:4327 Reference: URL:http://online.securityfocus.com/bid/4327 The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe. Analysis ---------------- ED_PRI CAN-2002-0176 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0179 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0179 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020417 Category: SF Reference: DEBIAN:DSA-127 Reference: URL:http://www.debian.org/security/2002/dsa-127 Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows remote attackers to execute arbitrary code. Analysis ---------------- ED_PRI CAN-2002-0179 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0180 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0180 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020417 Category: SF Reference: BUGTRAQ:20020415 Remote buffer overflow in Webalizer Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101888467527673&w=2 Reference: CONFIRM:http://www.mrunix.net/webalizer/news.html Buffer overflow in Webalizer 2.01-06, when configured to use reverse DNS lookups, allows remote attackers to execute arbitrary code by connecting to the monitored web server from an IP address that resolves to a long hostname. Analysis ---------------- ED_PRI CAN-2002-0180 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0181 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0181 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020417 Category: SF Reference: BUGTRAQ:20020406 IMP 2.2.8 (SECURITY) released Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101828033830744&w=2 Reference: DEBIAN:DSA-126 Reference: URL:http://www.debian.org/security/2002/dsa-126 Reference: CALDERA:CSSA-2002-016.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-016.0.txt Cross-site scripting vulnerability in Horde before 1.2.8 and IMP before 2.2.8 allows remote attackers to execute script and steal cookies from other users. Analysis ---------------- ED_PRI CAN-2002-0181 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0184 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0184 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020419 Category: SF Reference: BUGTRAQ:20020425 [Global InterSec 2002041701] Sudo Password Prompt Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101974610509912&w=2 Reference: BUGTRAQ:20020425 Sudo version 1.6.6 now available (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101975443619600&w=2 Reference: MANDRAKE:MDKSA-2002:028 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-028.php3 Reference: DEBIAN:DSA-128 Reference: URL:http://www.debian.org/security/2002/dsa-128 Reference: REDHAT:RHSA-2002:072 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-072.html Reference: REDHAT:RHSA-2002:071 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-071.html Reference: ENGARDE:ESA-20020429-010 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2040.html Reference: BUGTRAQ:20020425 [slackware-security] sudo upgrade fixes a potential vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101979472822196&w=2 Reference: CONECTIVA:CLA-2002:475 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000475 Reference: TRUSTIX:TSLSA-2002-0046 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102010164413135&w=2 Heap overflow in sudo before 1.6.6 may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. Analysis ---------------- ED_PRI CAN-2002-0184 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1056 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1056 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020426 Category: SF Reference: MS:MS02-021 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-021.asp Reference: BID:4397 Reference: URL:http://online.securityfocus.com/bid/4397 Reference: BUGTRAQ:20020331 More Office XP Problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101760380418890&w=2 Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to. Analysis ---------------- ED_PRI CAN-2002-1056 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0037 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0037 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020116 Category: SF Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call that directly accesses the object. Analysis ---------------- ED_PRI CAN-2002-0037 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0039 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0039 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020116 Category: SF Reference: SGI:20020306-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020306-01-P rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via malformed RPC packets with invalid lengths. Analysis ---------------- ED_PRI CAN-2002-0039 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ABSTRACTION: while this advisory is clear about the cause of the problem, HP:HPSBUX0110-169 (CAN-2001-1124) also discusses a DoS of a core dump from malformed RPC requests. However, that advisory is so vague that it is not entirely clear whether it's addressing the same vulnerability or not. CD:VAGUE suggests that vague advisories (in this case, the one from HP) should get their own candidate when there is uncertainty due to vagueness. However, in this case, offline consultation with SGI demonstrates that CAN-2002-0039 and CAN-2001-1124 are indeed the same issue. Therefore they should be merged. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0041 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0041 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020116 Category: SF Reference: SGI:20020401-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020401-01-P Vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows local and remote attackers to cause a core dump. Analysis ---------------- ED_PRI CAN-2002-0041 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0077 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0077 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020221 Category: SF Reference: BUGTRAQ:20020113 Internet Explorer Pop-Up OBJECT Tag Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101103188711920&w=2 Reference: MS:MS02-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-015.asp Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. Analysis ---------------- ED_PRI CAN-2002-0077 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0158 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0158 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020327 Category: SF Reference: BUGTRAQ:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2 Reference: VULNWATCH:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. Analysis ---------------- ED_PRI CAN-2002-0158 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0162 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0162 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020328 Category: SF Reference: BUGTRAQ:20020327 Root compromise through LogWatch 2.1.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101724766216872 Reference: VULN-DEV:20020327 Root compromise through LogWatch 2.1.1 Reference: URL:http://online.securityfocus.com/archive/82/264233 Reference: CONFIRM:http://list.kaybee.org/archives/logwatch-announce/2002-March/000002.html Reference: REDHAT:RHSA-2002:053 Reference: REDHAT:RHSA-2002:054 LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary file. Analysis ---------------- ED_PRI CAN-2002-0162 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests that when one vulnerability appears in a different version than another, that there should be separate CVE items, even if the problems are of the same type. CAN-2002-0165 appears in 2.5; CAN-2002-0162 does not. Therefore these items should remain split. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0165 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0165 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020404 Category: SF Reference: BUGTRAQ:20020403 LogWatch 2.5 still vulnerable Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101787227513000&w=2 Reference: REDHAT:RHSA-2002:053 Reference: REDHAT:RHSA-2002:054 LogWatch 2.5 allows local users to gain root privileges via a symlink attack, a different vulnerability than CAN-2002-0162. Analysis ---------------- ED_PRI CAN-2002-0165 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests that when one vulnerability appears in a different version than another, that there should be separate CVE items, even if the problems are of the same type. CAN-2002-0165 appears in 2.5; CAN-2002-0162 does not. Therefore these items should remain split. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0177 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0177 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020416 Category: SF Reference: BUGTRAQ:20020402 icecast 1.3.11 remote shell/root exploit - #temp Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101780890326179&w=2 Reference: BUGTRAQ:20020403 Icecast temp patch (OR: Patches? We DO need stinkin' patches!!@$!) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101786838300906&w=2 Reference: BUGTRAQ:20020404 Full analysis of multiple remotely exploitable bugs in Icecast 1.3.11 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101793704306035&w=2 Reference: CONFIRM:http://www.xiph.org/archives/icecast/2616.html Reference: BID:4415 Reference: URL:http://online.securityfocus.com/bid/4415 Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client. Analysis ---------------- ED_PRI CAN-2002-0177 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC ACKNOWLEDGEMENT: a post to a vendor mailing list includesd the statement "Fix security exploit (icx.c)" - and icx.c is the exploit provided in the Bugtraq post. ABSTRACTION: the vendor patches indicate that multiple issues of the same type (buffer overflow) may exist, so CD:SF-LOC recommends combining them. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0185 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0185 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020419 Category: SF/CF/MP/SA/AN/unknown Reference: MISC:http://www.modpython.org/pipermail/mod_python/2002-April/001991.html Reference: MISC:http://www.modpython.org/pipermail/mod_python/2002-April/002003.html mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module. Analysis ---------------- ED_PRI CAN-2002-0185 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0350 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0350 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020301 DoS on HP ProCurve 4000M switch (possibly others) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101500123900612&w=2 Reference: BID:4212 Reference: URL:http://online.securityfocus.com/bid/4212 Reference: XF:hp-procurve-portscan-dos(8329) Reference: URL:http://www.iss.net/security_center/static/8329.php HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a denial of service via a port scan of the management IP address, which disables the telnet service. Analysis ---------------- ED_PRI CAN-2002-0350 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0351 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0351 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: DEBIAN:DSA-116 Reference: URL:http://www.debian.org/security/2002/dsa-116 Reference: XF:cfs-bo(8330) Reference: URL:http://www.iss.net/security_center/static/8330.php Reference: BID:4219 Reference: URL:http://online.securityfocus.com/bid/4219 Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x before 1.4.1-5, allow remote attackers to cause a denial of service and possibly execute arbitrary code. Analysis ---------------- ED_PRI CAN-2002-0351 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0352 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0352 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020302 Phorum Discussion Board Security Bug (Email Disclosure) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101508207206900&w=2 Reference: BID:4226 Reference: URL:http://online.securityfocus.com/bid/4226 Reference: XF:phorum-admin-users-information(8344) Reference: URL:http://www.iss.net/security_center/static/8344.php Phorum 3.3.2 allows remote attackers to determine the email addresses of the 10 most active users via a direct HTTP request to the stats.php program, which does not require authentication. Analysis ---------------- ED_PRI CAN-2002-0352 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0353 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0353 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF/CF/MP/SA/AN/unknown Reference: CONECTIVA:CLA-2002:474 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000474 Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00003.html The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length fields. Analysis ---------------- ED_PRI CAN-2002-0353 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0354 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0354 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102017952204097&w=2 Reference: NTBUGTRAQ:20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102020343728766&w=2 The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property. Analysis ---------------- ED_PRI CAN-2002-0354 3 Vendor Acknowledgement: yes Content Decisions: SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
