|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-91 - 54 candidates
I am proposing cluster RECENT-91 for review and voting by the Editorial Board. Name: RECENT-91 Description: Candidates announced between 3/22/2002 and 4/10/2002 Size: 54 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0382 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0382 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020521 Category: SF Reference: BUGTRAQ:20020327 Xchat /dns command execution vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101725430425490&w=2 Reference: REDHAT:RHSA-2002:097 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-097.html Reference: XF:xchat-dns-execute-commands(8704) Reference: URL:http://www.iss.net/security_center/static/8704.php Reference: BID:4376 Reference: URL:http://www.securityfocus.com/bid/4376 Xchat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters. Analysis ---------------- ED_PRI CAN-2002-0382 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0490 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0490 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020323 Instant Web Mail additional POP3 commands and mail headers Reference: URL:http://www.securityfocus.com/archive/1/264041 Reference: CONFIRM:http://instantwebmail.sourceforge.net/#changeLog Reference: XF:instant-webmail-pop-commands(8650) Reference: URL:http://www.iss.net/security_center/static/8650.php Reference: BID:4361 Reference: URL:http://www.securityfocus.com/bid/4361 Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php. Analysis ---------------- ED_PRI CAN-2002-0490 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the change log for version 0.60, dated March 17, 2002, says "For security reasons it is no longer possible to write extra headers besides the normal ones when composing messages." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0494 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0494 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020325 WebSight Directory System: cross-site-scripting bug Reference: URL:http://www.securityfocus.com/archive/1/263914 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=163389 Reference: BID:4357 Reference: URL:http://www.securityfocus.com/bid/4357 Reference: XF:websight-directory-system-css(8624) Reference: URL:http://www.iss.net/security_center/static/8624.php Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name. Analysis ---------------- ED_PRI CAN-2002-0494 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: A news item posted by the vendor titled "Important security fix!", dated 20020325, says "the problem was that in the administration area, there was no prevention from javascripts etc to being executed," and credits the poster. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0501 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0501 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020327 Format String Bug in Posadis DNS Server Reference: URL:http://online.securityfocus.com/archive/1/264450 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=165094 Reference: XF:posadis-logging-format-string(8653) Reference: URL:http://www.iss.net/security_center/static/8653.php Reference: BID:4378 Reference: URL:http://www.securityfocus.com/bid/4378 Format string in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages. Analysis ---------------- ED_PRI CAN-2002-0501 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: a vendor announcement fixes the vulnerability "As reported on Bugtraq March 27 2002." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0505 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0505 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CISCO:20020327 LDAP Connection Leak in CTI when User Authentication Fails Reference: URL:http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml Reference: XF:cisco-cti-memory-leak(8655) Reference: URL:http://www.iss.net/security_center/static/8655.php Reference: BID:4370 Reference: URL:http://www.securityfocus.com/bid/4370 Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords. Analysis ---------------- ED_PRI CAN-2002-0505 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0508 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0508 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020328 vuln in wwwisis: remote command execution and get files Reference: URL:http://online.securityfocus.com/archive/1/264682 Reference: BUGTRAQ:20020402 RE: [VulnWatch] vuln in wwwisis: remote command execution and get files Reference: URL:http://online.securityfocus.com/archive/1/265456 Reference: CONFIRM:http://www.bireme.br/security.htm Reference: BID:4384 Reference: URL:http://www.securityfocus.com/bid/4384 Reference: XF:wwwisis-remote-command-execution(8660) Reference: URL:http://www.iss.net/security_center/static/8660.php Reference: BID:4383 Reference: URL:http://www.securityfocus.com/bid/4383 Reference: VULNWATCH:20020328 [VulnWatch] vuln in wwwisis: remote command execution and get files Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0077.html wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters (1) prolog or (2) epilog. Analysis ---------------- ED_PRI CAN-2002-0508 1 Vendor Acknowledgement: yes advisory ABSTRACTION: CD:SF-LOC suggests doing a SPLIT when problems of different types are reported. However, in this case, there is insufficient detail to know whether the command execution and file read issues stem from different problems or not. While file reading and command execution are normally due to separate issues, the patches suggested by the vendor imply a single issue, namely that the prolog and epilog variables were not specified as special CGI variables. ACKNOWLEDGEMENT: An advisory on the vendor web site says "The security issue reported by Mr. Klaus Ripke [the discloser] exists. It affects only wwwisis 3.x." Additional details are then provided. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0511 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0511 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CALDERA:CSSA-2002-013.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-013.0.txt Reference: XF:nscd-dns-ptr-validation(8745) Reference: URL:http://www.iss.net/security_center/static/8745.php Reference: BID:4399 Reference: URL:http://www.securityfocus.com/bid/4399 The default configuration of Name Service Cache Daemon (nscd) in Caldera OpenLinux 3.1 and 3.1.1 uses cached PTR records instead of consulting the authoritative DNS server for the A record, which could make it easier for remote attackers to bypass applications that restrict access based on host names. Analysis ---------------- ED_PRI CAN-2002-0511 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0512 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0512 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CALDERA:CSSA-2002-005.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt Reference: BID:4400 Reference: URL:http://www.securityfocus.com/bid/4400 startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries. Analysis ---------------- ED_PRI CAN-2002-0512 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0513 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0513 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020330 popper_mod 1.2.1 and previous accounts compromise Reference: URL:http://online.securityfocus.com/archive/1/265438 Reference: CONFIRM:http://www.symatec-computer.com/forums/viewtopic.php?t=14 Reference: XF:symatec-popper-admin-access(8746) Reference: URL:http://www.iss.net/security_center/static/8746.php Reference: BID:4412 Reference: URL:http://www.securityfocus.com/bid/4412 The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator. Analysis ---------------- ED_PRI CAN-2002-0513 1 Vendor Acknowledgement: yes INCLUSION: Whether this dependency on .htaccess is a design problem or a configuration problem, this issue meets the definition of vulnerability and should be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0531 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0531 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020403 emumail.cgi Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0066.html Reference: CONFIRM:http://www.emumail.com/downloads/download_unix.html/ Reference: XF:emumail-cgi-view-files(8766) Reference: URL:http://www.iss.net/security_center/static/8766.php Reference: BID:4435 Reference: URL:http://www.securityfocus.com/bid/4435 Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter. Analysis ---------------- ED_PRI CAN-2002-0531 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: the download page for Webmail includes a statement dated April 11, 2002, which says "This patch corrects a security flaw in EMU Webmail which may allow remote users to exploit emumail.cgi under certain conditions to read files on the remote system." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0543 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0543 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020409 Abyss Webserver 1.0 Administration password file retrieval exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0110.html Reference: CONFIRM:http://www.aprelium.com/forum/viewtopic.php?t=24 Reference: BID:4466 Reference: URL:http://www.securityfocus.com/bid/4466 Reference: XF:abyss-unicode-directory-traversal(8805) Reference: URL:http://www.iss.net/security_center/static/8805.php Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request. Analysis ---------------- ED_PRI CAN-2002-0543 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: a posting to a vendor forum titled "Patched release 1.0.0.2" and dated 20020408 says that the patch is "against some form of dot-dot URLs refering to an aliased directory and that can allow people to read abyss.conf file." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0545 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0545 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CISCO:20020409 Aironet Telnet Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/Aironet-Telnet.shtml Reference: BID:4461 Reference: URL:http://www.securityfocus.com/bid/4461 Reference: XF:cisco-aironet-telnet-dos(8788) Reference: URL:http://www.iss.net/security_center/static/8788.php Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords. Analysis ---------------- ED_PRI CAN-2002-0545 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0516 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0516 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020327 squirrelmail 1.2.5 email user can execute command Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html Reference: BUGTRAQ:20020331 Re: squirrelmail 1.2.5 email user can execute command Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html Reference: BID:4385 Reference: URL:http://www.securityfocus.com/bid/4385 Reference: XF:squirrelmail-theme-command-execution(8671) Reference: URL:http://www.iss.net/security_center/static/8671.php SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie. Analysis ---------------- ED_PRI CAN-2002-0516 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0532 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0532 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020410 Re: emumail.cgi, one more local vulnerability (not verified) Reference: URL:http://online.securityfocus.com/archive/1/266930 Reference: XF:emumail-http-host-execute(8836) Reference: URL:http://www.iss.net/security_center/static/8836.php Reference: BID:4488 Reference: URL:http://www.securityfocus.com/bid/4488 EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters. Analysis ---------------- ED_PRI CAN-2002-0532 2 Vendor Acknowledgement: yes via-email ACKNOWLEDGEMENT: an inquiry was posted to http://www.emumail.com/support/tech_inquiry.html on June 3, 2002. WIthin 24 hours, techprod@emumail.com confirmed the vulnerability: "Yes this has been fixed...there is an update patch for 4.5 and 5.1 on our website. Known versions that are affected are 4.5 and 5.x, 4.0 and earlier version may be affected/" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0536 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0536 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020403 SQL injection in PHPGroupware Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0036.html Reference: BUGTRAQ:20020411 Re: SQL injection in PHPGroupware Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0143.html Reference: XF:phpgroupware-sql-injection(8755) Reference: URL:http://www.iss.net/security_center/static/8755.php Reference: BID:4424 Reference: URL:http://www.securityfocus.com/bid/4424 PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack. Analysis ---------------- ED_PRI CAN-2002-0536 2 Vendor Acknowledgement: yes followup INCLUSION: a followup from the vendor indicates that the issue is due to a non-default configuration of magic_quotes_gpc in phpGroupWare's configuration file. While this could be attributed to an apparent limitation of PHP itself (since the quotes apparently can't be cleanly enabled within the PHP programs themselves?), this vendor did not work around this issue, so the problem should be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0546 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0546 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020403 Re: Winamp: Mp3 file can control the minibrowser Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html Reference: BUGTRAQ:20020403 Winamp: Mp3 file can control the minibrowser Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html Reference: XF:winamp-mp3-browser-css(8753) Reference: URL:http://www.iss.net/security_center/static/8753.php Reference: BID:4414 Reference: URL:http://www.securityfocus.com/bid/4414 Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file. Analysis ---------------- ED_PRI CAN-2002-0546 2 Vendor Acknowledgement: yes followup ACKNOWLEDGEMENT: the vendor's changelog for version 2.80 says "minibrowser security fix," but it is not clear that the vendor is fixing *this* vulnerability, as there are several issues that affect 2.79 (at least CAN-2002-0546 and CAN-2002-0547, and possibly CAN-2002-0284). Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0474 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0474 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020329 Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/264897 Reference: BID:4394 Reference: URL:http://www.securityfocus.com/bid/4394 Reference: XF:zeroforum-img-css(8702) Reference: URL:http://www.iss.net/security_center/static/8702.php Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag. Analysis ---------------- ED_PRI CAN-2002-0474 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0475 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0475 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: MISC:http://www.securiteam.com/unixfocus/6W00Q202UM.html Reference: XF:phpbb-cross-site-scripting(7459) Reference: URL:http://www.iss.net/security_center/static/7459.php Reference: BID:4379 Reference: URL:http://www.securityfocus.com/bid/4379 Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message. Analysis ---------------- ED_PRI CAN-2002-0475 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0482 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0482 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020321 Webtraversal in PCI Netsupport Manager (all version up to 7 using web extensions) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0285.html Reference: BID:4348 Reference: URL:http://www.securityfocus.com/bid/4348 Reference: XF:netsupport-manager-directory-traversal(8610) Reference: URL:http://www.iss.net/security_center/static/8610.php Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. Analysis ---------------- ED_PRI CAN-2002-0482 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0485 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0485 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020322 One more way to bypass NAV Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101684260510079&w=2 Reference: BUGTRAQ:20020322 One more way to bypass NAV Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101681724810317&w=2 Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients. Analysis ---------------- ED_PRI CAN-2002-0485 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0486 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0486 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020322 Xpede passwords exposed (2 vuln.) Reference: URL:http://www.securityfocus.com/archive/1/263485 Reference: BID:4344 Reference: URL:http://www.securityfocus.com/bid/4344 Reference: XF:xpede-password-weak-encryption(8614) Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0486 3 Vendor Acknowledgement: Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests distinguishing between different issues. While the plaintext password and weak encryption are both related to cryptography, they are different types of cryptography errors: one, a lack of crypto when it was needed, and the other, a weak algorithm. Therefore, the two issues should be SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0487 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0487 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020322 Xpede passwords exposed (2 vuln.) Reference: URL:http://www.securityfocus.com/archive/1/263485 Reference: BID:4346 Reference: URL:http://www.securityfocus.com/bid/4346 Reference: XF:xpede-reauth-plaintext-password(8612) Reference: URL:http://www.iss.net/security_center/static/8612.php Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache. Analysis ---------------- ED_PRI CAN-2002-0487 3 Vendor Acknowledgement: Content Decisions: SF-LOC, DESIGN-WEAK-ENCRYPTION ABSTRACTION: CD:SF-LOC suggests distinguishing between different issues. While the plaintext password and weak encryption are both related to cryptography, they are different types of cryptography errors: one, a lack of crypto when it was needed, and the other, a weak algorithm. Therefore, the two issues should be SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0491 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0491 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020324 Cookie vulnerability in Alguest guestbook (PHP) Reference: URL:http://www.securityfocus.com/archive/1/263902 Reference: XF:alguest-php-admin-access(8623) Reference: URL:http://www.iss.net/security_center/static/8623.php Reference: BID:4355 Reference: URL:http://www.securityfocus.com/bid/4355 admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value. Analysis ---------------- ED_PRI CAN-2002-0491 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0492 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0492 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020325 dcshop.cgi anybody can delete *.setup for database Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0302.html dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter. Analysis ---------------- ED_PRI CAN-2002-0492 3 Vendor Acknowledgement: Content Decisions: EX-BETA INCLUSION: CD:EX-BETA suggests excluding beta software from CVE unless it is "permanent beta" or otherwise widespread. This software has been available in beta since 1999, so it should be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0493 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0493 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020325 re: Tomcat Security Exposure Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101709002410365&w=2 Reference: MISC:http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail@icarus.apache.org%3E Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions. Analysis ---------------- ED_PRI CAN-2002-0493 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0495 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0495 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020325 CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable) Reference: URL:http://www.securityfocus.com/archive/1/264169 Reference: MISC:http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7 Reference: BID:4368 Reference: URL:http://www.securityfocus.com/bid/4368 Reference: XF:cssearch-url-execute-commands(8636) Reference: URL:http://www.iss.net/security_center/static/8636.php csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi. Analysis ---------------- ED_PRI CAN-2002-0495 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: On the csSearch Pro web page, the vendor states "Security Alert: We recently discovered vulnerabilities in csSearch versions 2.3 and below. Please download and install csSearch 2.5 to correct the problem." This is not enough detail to be certain that the vendor is addressing this particular vulnerability. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0496 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0496 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020326 SouthWest Telnet talker server. DoS (Denial of Service Attack). Reference: URL:http://www.securityfocus.com/archive/1/264168 Reference: XF:southwest-http-port-dos(8626) Reference: URL:http://www.iss.net/security_center/static/8626.php Reference: BID:4362 Reference: URL:http://www.securityfocus.com/bid/4362 The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002. Analysis ---------------- ED_PRI CAN-2002-0496 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0498 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0498 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: CF Reference: BUGTRAQ:20020326 Etnus TotalView 5. Reference: URL:http://www.securityfocus.com/archive/1/264085 Reference: BID:4365 Reference: URL:http://www.securityfocus.com/bid/4365 Reference: XF:totalview-insecure-privileges(8635) Reference: URL:http://www.iss.net/security_center/static/8635.php Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users. Analysis ---------------- ED_PRI CAN-2002-0498 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0499 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0499 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020326 d_path() truncating excessive long path name vulnerability Reference: URL:http://www.securityfocus.com/archive/1/264117 Reference: MISC:http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html Reference: BID:4367 Reference: URL:http://www.securityfocus.com/bid/4367 Reference: XF:linux-dpath-truncate-path(8634) Reference: URL:http://www.iss.net/security_center/static/8634.php Reference: VULNWATCH:20020326 [VulnWatch] d_path() truncating excessive long path name vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories. Analysis ---------------- ED_PRI CAN-2002-0499 3 Vendor Acknowledgement: INCLUSION: the risks of this issue are not well understood, and there are no explicit exploit scenarios as of this writing (20020522), so this issue is presently theoretical. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0500 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0500 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020326 Retrieving information on local files in IE (GM#003-IE) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0331.html Reference: BID:4371 Reference: URL:http://www.securityfocus.com/bid/4371 Reference: XF:ie-dynsrc-information-disclosure(8658) Reference: URL:http://www.iss.net/security_center/static/8658.php Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size. Analysis ---------------- ED_PRI CAN-2002-0500 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0503 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0503 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020327 Citrix Nfuse directory traversal with boilerplate.asp Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0343.html Reference: BID:4382 Reference: URL:http://www.securityfocus.com/bid/4382 Reference: XF:nfuse-boilerplate-directory-traversal(8654) Reference: URL:http://www.iss.net/security_center/static/8654.php Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter. Analysis ---------------- ED_PRI CAN-2002-0503 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0504 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0504 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020327 NFuse Cross Site Scripting vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0334.html Reference: BID:4372 Reference: URL:http://www.securityfocus.com/bid/4372 Reference: XF:nfuse-launch-css(8659) Reference: URL:http://www.iss.net/security_center/static/8659.php Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp. Analysis ---------------- ED_PRI CAN-2002-0504 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0506 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0506 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020328 A possible buffer overflow in libnewt Reference: URL:http://online.securityfocus.com/archive/1/264699 Reference: XF:libnewt-bo(8700) Reference: URL:http://www.iss.net/security_center/static/8700.php Reference: BID:4393 Reference: URL:http://www.securityfocus.com/bid/4393 Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in programs that use libnewt. Analysis ---------------- ED_PRI CAN-2002-0506 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0507 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0507 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020328 Authentication with RSA SecurID and Outlook web access Reference: URL:http://online.securityfocus.com/archive/1/264705 Reference: BID:4390 Reference: URL:http://www.securityfocus.com/bid/4390 Reference: XF:exchange-owa-securid-bypass(8681) Reference: URL:http://www.iss.net/security_center/static/8681.php An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. Analysis ---------------- ED_PRI CAN-2002-0507 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0509 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0509 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020328 Oracle9i TSN DoS Attack Reference: URL:http://online.securityfocus.com/archive/1/264697 Reference: BID:4391 Reference: URL:http://www.securityfocus.com/bid/4391 Reference: XF:oracle-tns-onetcp-dos(8657) Reference: URL:http://www.iss.net/security_center/static/8657.php Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521. Analysis ---------------- ED_PRI CAN-2002-0509 3 Vendor Acknowledgement: ABSTRACTION: a followup post suggests that this issue is similar to, or the same as, another DoS that affected Oracle 8, announced to Bugtraq on 20010418. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0514 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0514 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020331 packet filter fingerprinting(open but closed, closed but filtered) Reference: URL:http://www.securityfocus.com/archive/1/265188 Reference: BID:4401 Reference: URL:http://www.securityfocus.com/bid/4401 Reference: XF:firewall-rst-fingerprint(8738) Reference: URL:http://www.iss.net/security_center/static/8738.php PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL. Analysis ---------------- ED_PRI CAN-2002-0514 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0515 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0515 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020331 packet filter fingerprinting(open but closed, closed but filtered) Reference: URL:http://www.securityfocus.com/archive/1/265188 Reference: BID:4403 Reference: URL:http://www.securityfocus.com/bid/4403 Reference: XF:firewall-rst-fingerprint(8738) Reference: URL:http://www.iss.net/security_center/static/8738.php IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs. Analysis ---------------- ED_PRI CAN-2002-0515 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0520 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0520 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: VULN-DEV:20020409 Security holes in ASP-Nuke Reference: URL:http://online.securityfocus.com/archive/82/266705 Reference: CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11 Reference: MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt Reference: BID:4475 Reference: URL:http://www.securityfocus.com/bid/4475 Reference: XF:aspnuke-image-css(8829) Reference: URL:http://www.iss.net/security_center/static/8829.php Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag. Analysis ---------------- ED_PRI CAN-2002-0520 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC ACKNOWLEDGEMENT: An automatic translation of the French web page gives an announcement dated April 8, 2002, whose meaning is sufficiently clear to indicate acknowledgement: "Thanks to frog-man, I could put the finger on several faults of safety on the Web site, now filled." ABSTRACTION: CD:SF-LOC suggests that problems should be SPLIT if they appear in different versions. Thus, the CSS issues in RC1 (IMG tags) are SPLIT from the CSS issues in RC2 (downloads.asp, Post.asp, profile.asp). Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0521 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0521 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: VULN-DEV:20020409 Security holes in ASP-Nuke Reference: URL:http://online.securityfocus.com/archive/82/266705 Reference: CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11 Reference: MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt Reference: BID:4481 Reference: URL:http://www.securityfocus.com/bid/4481 Reference: XF:aspnuke-downloads-post-css(8830) Reference: URL:http://www.iss.net/security_center/static/8830.php Reference: XF:aspnuke-user-profile-css(8831) Reference: URL:http://www.iss.net/security_center/static/8831.php Reference: BID:4477 Reference: URL:http://www.securityfocus.com/bid/4477 Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in (1) the name parameter in downloads.asp, (2) the message parameter in Post.asp, or (3) a web site URL in profile.asp. Analysis ---------------- ED_PRI CAN-2002-0521 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC ACKNOWLEDGEMENT: An automatic translation of the French web page gives an announcement dated April 8, 2002, whose meaning is sufficiently clear to indicate acknowledgement: "Thanks to frog-man, I could put the finger on several faults of safety on the Web site, now filled." ABSTRACTION: CD:SF-LOC suggests that problems should be SPLIT if they appear in different versions. Thus, the CSS issues in RC1 (IMG tags) are SPLIT from the CSS issues in RC2 (downloads.asp, Post.asp, profile.asp). ABSTRACTION: CD:SF-LOC suggests a SPLIT if problems are of different types. SecurityFocus appears to distinguish between "cross-agent scripting" (injecting HTML/script into a web page) and "cross-site scripting" (injecting HTML/script into a link). However, while the results and attack vectors are slightly different, the underlying cause is still the same: not properly filtering or quoting HTML/script characters that is echoed back to other users. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0522 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0522 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: VULN-DEV:20020409 Security holes in ASP-Nuke Reference: URL:http://online.securityfocus.com/archive/82/266705 Reference: CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11 Reference: MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt Reference: XF:aspnuke-account-hijacking(8832) Reference: URL:http://www.iss.net/security_center/static/8832.php Reference: BID:4484 Reference: URL:http://www.securityfocus.com/bid/4484 ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie. Analysis ---------------- ED_PRI CAN-2002-0522 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC ACKNOWLEDGEMENT: An automatic translation of the French web page gives an announcement dated April 8, 2002, whose meaning is sufficiently clear to indicate acknowledgement: "Thanks to frog-man, I could put the finger on several faults of safety on the Web site, now filled." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0523 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0523 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: VULN-DEV:20020409 Security holes in ASP-Nuke Reference: URL:http://online.securityfocus.com/archive/82/266705 Reference: CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11 Reference: MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt Reference: XF:aspnuke-cookie-reveal-information(8833) Reference: URL:http://www.iss.net/security_center/static/8833.php Reference: BID:4489 Reference: URL:http://www.securityfocus.com/bid/4489 ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie. Analysis ---------------- ED_PRI CAN-2002-0523 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC ACKNOWLEDGEMENT: An automatic translation of the French web page gives an announcement dated April 8, 2002, whose meaning is sufficiently clear to indicate acknowledgement: "Thanks to frog-man, I could put the finger on several faults of safety on the Web site, now filled." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0524 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0524 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: VULN-DEV:20020409 Security holes in ASP-Nuke Reference: URL:http://online.securityfocus.com/archive/82/266705 Reference: CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11 Reference: MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt Reference: XF:aspnuke-cookie-reveal-information(8833) Reference: URL:http://www.iss.net/security_center/static/8833.php Reference: BID:4489 Reference: URL:http://www.securityfocus.com/bid/4489 ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments, which leak the pathname in an error message. Analysis ---------------- ED_PRI CAN-2002-0524 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC ACKNOWLEDGEMENT: An automatic translation of the French web page gives an announcement dated April 8, 2002, whose meaning is sufficiently clear to indicate acknowledgement: "Thanks to frog-man, I could put the finger on several faults of safety on the Web site, now filled." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0527 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0527 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020408 KPMG-2002007: Watchguard SOHO Denial of Service Reference: URL:http://online.securityfocus.com/archive/1/266380 Reference: BID:4447 Reference: URL:http://www.securityfocus.com/bid/4447 Reference: XF:watchguard-soho-ipoptions-dos(8774) Reference: URL:http://www.iss.net/security_center/static/8774.php Reference: VULNWATCH:20020408 [VulnWatch] KPMG-2002007: Watchguard SOHO Denial of Service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0006.html Watchguard SOHO firewall before 5.0.35 allows remote attackers to cause a denial of service (crash and reboot) when SOHO forwards a packet with bad IP options. Analysis ---------------- ED_PRI CAN-2002-0527 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0528 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0528 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020410 KPMG-2002008: Watchguard SOHO IP Restrictions Flaw Reference: URL:http://online.securityfocus.com/archive/1/266948 Reference: XF:watchguard-soho-bypass-restrictions(8814) Reference: URL:http://www.iss.net/security_center/static/8814.php Reference: BID:4491 Reference: URL:http://www.securityfocus.com/bid/4491 Reference: VULNWATCH:20020410 [VulnWatch] KPMG-2002008: Watchguard SOHO IP Restrictions Flaw Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0009.html Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP restrictions for customized services that were set before the administrator upgrades to 5.0.35, which could allow remote attackers to bypass the intended access control rules. Analysis ---------------- ED_PRI CAN-2002-0528 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0530 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0530 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues Reference: URL:http://www.securityfocus.com/archive/1/266888 Reference: VULNWATCH:20020410 [VulnWatch] Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0010.html Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter. Analysis ---------------- ED_PRI CAN-2002-0530 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0533 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0533 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: VULN-DEV:20020404 (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101794993119738&w=2 Reference: BUGTRAQ:20020404 (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/265798 Reference: XF:phpbb-bbcode-function-dos(8764) Reference: URL:http://www.iss.net/security_center/static/8764.php Reference: BID:4432 Reference: URL:http://www.securityfocus.com/bid/4432 Reference: BID:4434 Reference: URL:http://www.securityfocus.com/bid/4434 Reference: VULNWATCH:20020404 [VulnWatch] (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0005.html phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. Analysis ---------------- ED_PRI CAN-2002-0533 3 Vendor Acknowledgement: Content Decisions: SF-CODEBASE ABSTRACTION: CD:SF-CODEBASE suggests that if the same issue is in multiple products that stem from the same codebase, then the issue should be combined. In this case, the same issue appears in both phpBB and PostBoard. While the discloser of the PostBoard issue says that it looks like the code was cut-and-pasted from phpBB, there is no independent evidence that the two products are linked (e.g., there are no vendor statements to this effect). So, the two issues have been SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0544 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0544 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:http://www.aprelium.com/news/abws103.html Reference: BID:4467 Reference: URL:http://www.securityfocus.com/bid/4467 Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plaintext in the abyss.conf file, which allows local users with access to the file to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0544 3 Vendor Acknowledgement: yes Content Decisions: DESIGN-WEAK-ENCRYPTION ACKNOWLEDGEMENT: the vendor's change log for version 1.0.3, dated June 3, 2002, says "The console access password is stored encrypted in the configuration file." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0547 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0547 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020426 Mp3 file can execute code in Winamp [Sandblad advisory #5] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0373.html Reference: MISC:http://www.winamp.com/download/newfeatures.jhtml Reference: BID:4609 Reference: URL:http://www.securityfocus.com/bid/4609 Reference: XF:winamp-mp3-id3v2-bo(8946) Reference: URL:http://www.iss.net/security_center/static/8946.php Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag. Analysis ---------------- ED_PRI CAN-2002-0547 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: the vendor's changelog for version 2.80 says "minibrowser security fix," but it is not clear that the vendor is fixing *this* vulnerability, as there are several issues that affect 2.79 (at least CAN-2002-0546 and CAN-2002-0547, and possibly CAN-2002-0284). An inquiry was sent to http://www.winamp.com/support/feedback_fereal.jhtml on June 3, 2002, with a request ID of 798504. A response was received 20020607 from support@winamp.com, asking me to resubmit at http://www.winamp.com/nsdn/home/feedback.jhtml, which was done 20020607. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0548 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0548 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020406 Anthill login and JavaScript vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0089.html Reference: XF:anthill-postbug-auth-bypass(8771) Reference: URL:http://www.iss.net/security_center/static/8771.php Reference: BID:4443 Reference: URL:http://www.securityfocus.com/bid/4443 Anthill allows remote attackers to bypass authentication and file bug reports by directly accessing the postbug.php program instead of enterbug.php. Analysis ---------------- ED_PRI CAN-2002-0548 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0549 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0549 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020406 Anthill login and JavaScript vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0089.html Reference: XF:anthill-bug-tracking-css(8770) Reference: URL:http://www.iss.net/security_center/static/8770.php Reference: BID:4442 Reference: URL:http://www.securityfocus.com/bid/4442 Cross-site scripting vulnerabilities in Anthill allow remote attackers to execute script as other Anthill users. Analysis ---------------- ED_PRI CAN-2002-0549 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0550 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0550 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020403 Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0052.html Reference: XF:dynamic-guestbook-command-execution(8762) Reference: URL:http://www.iss.net/security_center/static/8762.php Reference: BID:4423 Reference: URL:http://www.securityfocus.com/bid/4423 Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary code via shell metacharacters in the gbdaten parameter. Analysis ---------------- ED_PRI CAN-2002-0550 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0551 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0551 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020403 Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0052.html Reference: XF:dynamic-guestbook-css(8763) Reference: URL:http://www.iss.net/security_center/static/8763.php Reference: BID:4422 Reference: URL:http://www.securityfocus.com/bid/4422 Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestbook pages via the parameters (1) name, (2) mail, or (3) kommentar. Analysis ---------------- ED_PRI CAN-2002-0551 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0556 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0556 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020403 Quik-Serv Web Server v1.1B Arbitrary File Disclosure Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0051.html Reference: BID:4425 Reference: URL:http://www.securityfocus.com/bid/4425 Reference: XF:quikserv-dot-directory-traversal(8754) Reference: URL:http://www.iss.net/security_center/static/8754.php Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. Analysis ---------------- ED_PRI CAN-2002-0556 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0558 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0558 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020407 Typsoft FTP Server: yet another directory traversal vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0090.html Reference: XF:typsoft-ftp-directory-traversal(6165) Reference: URL:http://www.iss.net/security_center/static/6165.php Reference: BID:2489 Reference: URL:http://www.securityfocus.com/bid/2489 Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters. Analysis ---------------- ED_PRI CAN-2002-0558 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests that problems of the same type that appear in different versions should be SPLIT. In this case, the ../*.* problem appears in 0.97.1, whereas the .. or ... issues (CAN-2001-0294) were apparently fixed in 0.85, so these problems should be SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
