|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-92 - 57 candidates
I am proposing cluster RECENT-92 for review and voting by the Editorial Board. Name: RECENT-92 Description: Candidates announced between 4/11/2002 and 4/30/2002 Size: 57 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0042 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0042 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020116 Category: SF Reference: SGI:20020402-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020402-01-P Reference: XF:irix-xfs-dos(8839) Reference: URL:http://www.iss.net/security_center/static/8839.php Reference: BID:4511 Reference: URL:http://www.securityfocus.com/bid/4511 Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS. Analysis ---------------- ED_PRI CAN-2002-0042 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0538 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0538 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020415 Raptor Firewall FTP Bounce vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0166.html Reference: BUGTRAQ:20020417 Re: Raptor Firewall FTP Bounce vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0224.html Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.04.17.html Reference: XF:raptor-firewall-ftp-bounce(8847) Reference: URL:http://www.iss.net/security_center/static/8847.php Reference: BID:4522 Reference: URL:h ttp://www.securityfocus.com/bid/4522 FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability. Analysis ---------------- ED_PRI CAN-2002-0538 1 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0542 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0542 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020411 local root compromise in openbsd 3.0 and below Reference: URL:http://online.securityfocus.com/archive/1/267089 Reference: BUGTRAQ:20020411 OpenBSD Local Root Compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101855467811695&w=2 Reference: CONFIRM:http://www.openbsd.org/errata30.html#mail Reference: XF:openbsd-mail-root-privileges(8818) Reference: URL:http://www.iss.net/security_center/static/8818.php Reference: BID:4495 Reference: URL:http://www.securityfocus.com/bid/4495 mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron. Analysis ---------------- ED_PRI CAN-2002-0542 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0571 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0571 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020416 ansi outer join syntax in Oracle allows access to any data Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0175.html Reference: CIAC:M-071 Reference: URL:http://www.ciac.org/ciac/bulletins/m-071.shtml Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf Reference: XF:oracle-ansi-sql-bypass-acl(8855) Reference: URL:http://www.iss.net/security_center/static/8855.php Reference: BID:4523 Reference: URL:http://www.securityfocus.com/bid/4523 Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. Analysis ---------------- ED_PRI CAN-2002-0571 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0572 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0572 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020423 cheers Reference: URL:http://online.securityfocus.com/archive/1/269102 Reference: BUGTRAQ:20020422 Pine Internet Advisory: Setuid application execution may give local root in FreeBSD Reference: URL:http://online.securityfocus.com/archive/1/268970 Reference: VULNWATCH:20020422 [VulnWatch] Pine Internet Advisory: Setuid application execution may give local root in FreeBSD Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html Reference: FREEBSD:FreeBSD-SA-02:23 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc Reference: BID:4568 Reference: URL:http://www.securityfocus.com/bid/4568 FreeBSD 4.5 and earlier, and possibly other BSA-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files. Analysis ---------------- ED_PRI CAN-2002-0572 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0573 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0573 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020430 Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System Reference: URL:http://online.securityfocus.com/archive/1/270268 Reference: VULNWATCH:20020430 [VulnWatch] Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0049.html Reference: CERT:CA-2002-10 Reference: URL:http://www.cert.org/advisories/CA-2002-10.html Reference: CERT-VN:VU#638099 Reference: URL:http://www.kb.cert.org/vuls/id/638099 Reference: XF:solaris-rwall-format-string(8971) Reference: URL:http://www.iss.net/security_center/static/8971.php Reference: BID:4639 Reference: URL:http://www.securityfocus.com/bid/4639 Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed. Analysis ---------------- ED_PRI CAN-2002-0573 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0574 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0574 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: FREEBSD:FreeBSD-SA-02:21 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc Reference: BID:4539 Reference: URL:http://www.securityfocus.com/bid/4539 Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed. Analysis ---------------- ED_PRI CAN-2002-0574 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0575 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0575 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020426 Revised OpenSSH Security Advisory (adv.token) Reference: URL:http://online.securityfocus.com/archive/1/269701 Reference: BUGTRAQ:20020429 TSLSA-2002-0047 - openssh Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0394.html Reference: BUGTRAQ:20020420 OpenSSH Security Advisory (adv.token) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0298.html Reference: CALDERA:CSSA-2002-022.2 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-022.2.txt Reference: BID:4560 Reference: URL:http://www.securityfocus.com/bid/4560 Reference: XF:openssh-sshd-kerberos-bo(8896) Reference: URL:http://www.iss.net/security_center/static/8896.php Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0575 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0576 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0576 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020418 KPMG-2002013: Coldfusion Path Disclosure Reference: URL:http://online.securityfocus.com/archive/1/268263 Reference: VULNWATCH:20020418 [VulnWatch] KPMG-2002013: Coldfusion Path Disclosure Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22906 Reference: BID:4542 Reference: URL:http://www.securityfocus.com/bid/4542 Reference: XF:coldfusion-dos-device-path-disclosure(8866) Reference: URL:http://www.iss.net/security_center/static/8866.php ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. Analysis ---------------- ED_PRI CAN-2002-0576 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0598 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0598 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020419 KPMG-2002014: Foundstone Fscan Format String Bug Reference: URL:http://online.securityfocus.com/archive/1/268581 Reference: VULNWATCH:20020419 [VulnWatch] KPMG-2002014: Foundstone Fscan Format String Bug Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0030.html Reference: CONFIRM:http://www.foundstone.com/knowledge/fscan112_advisory.html Reference: XF:fscan-banner-format-string(8895) Reference: URL:http://www.iss.net/security_center/static/8895.php Reference: BID:4549 Reference: URL:http://www.securityfocus.com/bid/4549 Format string vulnerability in Foundstone FScan 1.12 with banner grabbing enabled allows remote attackers to execute arbitrary code on the scanning system via format string specifiers in the server banner. Analysis ---------------- ED_PRI CAN-2002-0598 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: in an advisory dated April 24, 2002, Foundstone states "Using FScan with banner selected via the -b command line switch could cause a problem if the banner received from the remote host contained C-style printf format specifiers e.g. percent symbols that matched string or numeric format specifiers." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0599 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0599 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020428 Blahz-DNS: Authentication bypass vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0395.html Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=87004 Reference: BID:4618 Reference: URL:http://www.securityfocus.com/bid/4618 Reference: XF:blahzdns-auth-bypass(8951) Reference: URL:http://www.iss.net/security_center/static/8951.php Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen. Analysis ---------------- ED_PRI CAN-2002-0599 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the fix for 0.25 says "Fixed the ability to bypass login security by sending commands directly to the backend php files." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0601 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0601 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: ISS:20020430 Remote Denial of Service Vulnerability in RealSecure Network Sensor Reference: URL:http://www.iss.net/security_center/alerts/advise116.php Reference: BUGTRAQ:20020430 ISS Advisory: Remote Denial of Service Vulnerability in RealSecure Network Sensor Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0420.html Reference: BID:4649 Reference: URL:http://www.securityfocus.com/bid/4649 ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers to cause a denial of service (crash) via malformed DHCP packets that cause RealSecure to dereference a null pointer. Analysis ---------------- ED_PRI CAN-2002-0601 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0610 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0610 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: CIAC:M-075 Reference: URL:http://www.ciac.org/ciac/bulletins/m-075.shtml Reference: HP:HPSBMP0204-014 Reference: URL:http://online.securityfocus.com/advisories/4082 Reference: BID:4652 Reference: URL:http://www.securityfocus.com/bid/4652 Reference: XF:hp-mpeix-ftp-access(8990) Reference: URL:http://www.iss.net/security_center/static/8990.php Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properly validate certain FTP commands, which allows attackers to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0610 1 Vendor Acknowledgement: yes advisory ABSTRACTION/INCLUSION: this advisory is too vague to know what type of vulnerability it is fixing, and whether this is a duplicate of other more detailed reports of FTP server vulnerabilities. However, CD:VAGUE does suggest that the issue should at least be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0613 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0613 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020428 dnstools: authentication bypass vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0390.html Reference: CONFIRM:http://www.dnstools.com/dnstools_2.0.1.tar.gz Reference: BID:4617 Reference: URL:http://www.securityfocus.com/bid/4617 Reference: XF:dnstools-auth-bypass(8948) Reference: URL:http://www.iss.net/security_center/static/8948.php dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters. Analysis ---------------- ED_PRI CAN-2002-0613 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the changelog.txt for Release 2.0 Beta 5 includes an entry dated 2002-04-27 which states: "Fixed major security hole in URL spoofing. No longer trusts the variables $is_logged_in or $user_dnstools_administrator." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0539 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0539 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020415 Demarc PureSecure 1.05 may be other (user can bypass login) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0168.html Reference: BUGTRAQ:20020417 Demarc Security Update Advisory Reference: URL:http://online.securityfocus.com/archive/1/267941 Reference: XF:puresecure-sql-injection(8854) Reference: URL:http://www.iss.net/security_center/static/8854.php Reference: BID:4520 Reference: URL:http://www.securityfocus.com/bid/4520 Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie. Analysis ---------------- ED_PRI CAN-2002-0539 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0553 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0553 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020413 SunSop: cross-site-scripting bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0154.html Reference: XF:sunshop-new-cust-css(8840) Reference: URL:http://www.iss.net/security_center/static/8840.php Reference: BID:4506 Reference: URL:http://www.securityfocus.com/bid/4506 Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration. Analysis ---------------- ED_PRI CAN-2002-0553 2 Vendor Acknowledgement: yes via-email ACKNOWLEDGEMENT: An e-mail inquiry sent to support@turnkeywebtools.com on June 3, 2002. A response was sent within an hour, saying "a patch was released before that vulnerability was released. If you upgrade to 2.6 you will have no worries." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0375 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0375 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020509 Category: SF Reference: VULN-DEV:20020417 Smalls holes on 5 products #1 Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101908986415768&w=2 Reference: BUGTRAQ:20020510 Fix available for Sgdynamo Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102107488402057&w=2 Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter. Analysis ---------------- ED_PRI CAN-2002-0375 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0389 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0389 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020523 Category: SF Reference: BUGTRAQ:20020417 Mailman/Pipermail private mailing list/local user vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101902003314968&w=2 Reference: MISC:http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103 Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives Analysis ---------------- ED_PRI CAN-2002-0389 3 Vendor Acknowledgement: no disputed INCLUSION: In a response to the bug report, the vendor says "I'm not inclined to fix this, since this arrangement is crucial to the web security of private archives." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0518 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0518 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: FREEBSD:FreeBSD-SA-02:20 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc Reference: XF:bsd-syncache-inpcb-dos(8875) Reference: URL:http://www.iss.net/security_center/static/8875.php Reference: BID:4524 Reference: URL:http://www.securityfocus.com/bid/4524 The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (a) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (b) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart. Analysis ---------------- ED_PRI CAN-2002-0518 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0525 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0525 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020411 Inn (Inter Net News) security problems Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html Reference: BID:4501 Reference: URL:http://www.securityfocus.com/bid/4501 Reference: XF:inn-rnews-inews-format-string(8834) Reference: URL:http://www.iss.net/security_center/static/8834.php Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses. Analysis ---------------- ED_PRI CAN-2002-0525 3 Vendor Acknowledgement: Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0526 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0526 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020411 Inn (Inter Net News) security problems Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, related to insecure open() calls. Analysis ---------------- ED_PRI CAN-2002-0526 3 Vendor Acknowledgement: Content Decisions: INCLUSION INCLUSION: the discloser alludes to "unsecure open() calls" but provides no other details. There is no mention of security issues from the vendor. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0529 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0529 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: CF Reference: BUGTRAQ:20020414 Vulnerability in HP Photosmart/Deskjet Drivers for Mac OS X (root compromise) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0169.html Reference: BID:4518 Reference: URL:http://www.securityfocus.com/bid/4518 Reference: XF:macos-photosmart-weak-permissions(8856) Reference: URL:http://www.iss.net/security_center/static/8856.php HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_imaging_connectivity with a Trojan horse. Analysis ---------------- ED_PRI CAN-2002-0529 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0534 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0534 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020416 Multiple Vulnerabilities in PostBoard Reference: URL:http://online.securityfocus.com/archive/1/267936 Reference: XF:postboard-bbcode-dos(8883) Reference: URL:http://www.iss.net/security_center/static/8883.php Reference: BID:4562 Reference: URL:http://www.securityfocus.com/bid/4562 PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. Analysis ---------------- ED_PRI CAN-2002-0534 3 Vendor Acknowledgement: Content Decisions: SF-CODEBASE ABSTRACTION: CD:SF-CODEBASE suggests that if the same issue is in multiple products that stem from the same codebase, then the issue should be combined. In this case, the same issue appears in both phpBB and PostBoard. While the discloser of the PostBoard issue says that it looks like the code was cut-and-pasted from phpBB, there is no independent evidence that the two products are linked (e.g., there are no vendor statements to this effect). So, the two issues have been SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0535 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0535 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020416 Multiple Vulnerabilities in PostBoard Reference: URL:http://online.securityfocus.com/archive/1/267936 Reference: BID:4559 Reference: URL:http://www.securityfocus.com/bid/4559 Reference: XF:postboard-img-css(8881) Reference: URL:http://www.iss.net/security_center/static/8881.php Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title. Analysis ---------------- ED_PRI CAN-2002-0535 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0537 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0537 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020411 SWS Vuln (small but important to those using it.) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0148.html Reference: XF:sws-insecure-admin-page(8849) Reference: URL:http://www.iss.net/security_center/static/8849.php Reference: BID:4503 Reference: URL:http://www.securityfocus.com/bid/4503 The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS. Analysis ---------------- ED_PRI CAN-2002-0537 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0540 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0540 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020419 Re: Nortel CVX 1800s will dump all local user names and passwords via SNMP Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0272.html Reference: BUGTRAQ:20020413 Nortel CVX 1800s will dump all local user names and passwords via SNMP Reference: URL:http://online.securityfocus.com/archive/1/267627 Reference: XF:nortel-default-snmp-string(8848) Reference: URL:http://www.iss.net/security_center/static/8848.php Reference: BID:4507 Reference: URL:http://www.securityfocus.com/bid/4507 Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration. Analysis ---------------- ED_PRI CAN-2002-0540 3 Vendor Acknowledgement: yes followup Content Decisions: CF-PASS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0541 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0541 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020411 iXsecurity.20020328.tivoli_tsm_dsmsvc.a Reference: URL:http://online.securityfocus.com/archive/1/267143 Reference: BUGTRAQ:20020411 iXsecurity.20020327.tivoli_tsm_dsmcad.a Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0126.html Reference: AIXAPAR:IC33211 Reference: CONFIRM:http://www.tivoli.com/support/storage_mgr/flash_httpport.html Reference: AIXAPAR:IC33212 Reference: BID:4500 Reference: URL:http://www.securityfocus.com/bid/4500 Reference: BID:4492 Reference: URL:http://www.securityfocus.com/bid/4492 Reference: XF:tivoli-storagemanager-client-bo(8817) Reference: URL:http://www.iss.net/security_center/static/8817.php Reference: XF:tivoli-storagemanager-login-bo(8825) Reference: URL:http://www.iss.net/security_center/static/8825.php Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581. Analysis ---------------- ED_PRI CAN-2002-0541 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC ABSTRACTION: CD:SF-EXEC suggests that if multiple executables in the same package by the same vendor have the same issue, then they should be MERGED. The client and server are both part of the TSM package. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0552 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0552 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020414 Vulnerabilities in the Melange Chat Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0157.html Reference: BUGTRAQ:20020416 Melange Chat POC DOS Reference: URL:http://online.securityfocus.com/archive/1/267932 Reference: BID:4510 Reference: URL:http://www.securityfocus.com/bid/4510 Reference: XF:melange-chat-config-bo(8845) Reference: URL:http://www.iss.net/security_center/static/8845.php Reference: XF:melange-chat-yell-bo(8842) Reference: URL:http://www.iss.net/security_center/static/8842.php Reference: BID:4508 Reference: URL:http://www.securityfocus.com/bid/4508 Reference: BID:4509 Reference: URL:http://www.securityfocus.com/bid/4509 Reference: XF:melange-chat-filename-bo(8846) Reference: URL:http://www.iss.net/security_center/static/8846.php Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long argument in the /yell command, (2) long lines in the /etc/melange.conf configuration file, (3) long file names, or possibly other attacks. Analysis ---------------- ED_PRI CAN-2002-0552 3 Vendor Acknowledgement: Content Decisions: SF-LOC ACCURACY: while the /yell argument can be triggered remotely, it is not clear whether the other overflows can be exploited by anybody other than the user who starts Melange. According to the Makefile.in for the server in the 2.0.2 beta code, the melange binary is not installed setuid or setgid, and /etc/melange.conf is not installed group- or world-writable. It should also be noted that the discloser provides a number of patches, some of which may be for remote overflows that were not specifically mentioned by the discloser. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0554 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0554 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020411 IBM Informix Web DataBlade: SQL injection Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0135.html Reference: BID:4496 Reference: URL:http://www.securityfocus.com/bid/4496 Reference: XF:informix-wdm-sql-injection(8826) Reference: URL:http://www.iss.net/security_center/static/8826.php webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request. Analysis ---------------- ED_PRI CAN-2002-0554 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0555 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0555 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020411 IBM Informix Web DataBlade: Auto-decoding HTML entities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0137.html Reference: BID:4498 Reference: URL:http://www.securityfocus.com/bid/4498 Reference: XF:informix-wbm-sql-decoding(8827) Reference: URL:http://www.iss.net/security_center/static/8827.php IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it. Analysis ---------------- ED_PRI CAN-2002-0555 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0577 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0577 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: HP:HPSBUX0204-191 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q2/0023.html Reference: BID:4582 Reference: URL:http://www.securityfocus.com/bid/4582 Reference: XF:hpux-passwd-dos(8939) Reference: URL:http://www.iss.net/security_center/static/8939.php Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of service. Analysis ---------------- ED_PRI CAN-2002-0577 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0579 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0579 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020419 Xpede many vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html Reference: BID:4552 Reference: URL:http://www.securityfocus.com/bid/4552 Reference: XF:xpede-insecure-admin-scripts(8900) Reference: URL:http://www.iss.net/security_center/static/8900.php WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password. Analysis ---------------- ED_PRI CAN-2002-0579 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0580 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0580 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020419 Xpede many vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html Reference: BID:4553 Reference: URL:http://www.securityfocus.com/bid/4553 Reference: XF:xpede-datasource-reveal-account(8902) Reference: URL:http://www.iss.net/security_center/static/8902.php WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks. Analysis ---------------- ED_PRI CAN-2002-0580 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0581 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0581 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020419 Xpede many vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html Reference: BID:4555 Reference: URL:http://www.securityfocus.com/bid/4555 Reference: XF:xpede-sprc-sql-injection(8903) Reference: URL:http://www.iss.net/security_center/static/8903.php WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script. Analysis ---------------- ED_PRI CAN-2002-0581 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0582 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0582 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020419 Xpede many vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html Reference: BID:4554 Reference: URL:http://www.securityfocus.com/bid/4554 Reference: XF:xpede-expense-directory-permissions(8905) Reference: URL:http://www.iss.net/security_center/static/8905.php WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows remote attackers to read the reports by accessing the directory. Analysis ---------------- ED_PRI CAN-2002-0582 3 Vendor Acknowledgement: Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests SPLITTING items of different types. If the "indexable and readable /reports/temp" problem were fixed, the system would still be vulnerable to the "brute force guessing" attack. So, these issues are treated as separate items, even though they are closely related. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0583 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0583 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020419 Xpede many vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html Reference: BID:4554 Reference: URL:http://www.securityfocus.com/bid/4554 Reference: XF:xpede-expense-directory-permissions(8905) Reference: URL:http://www.iss.net/security_center/static/8905.php WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack. Analysis ---------------- ED_PRI CAN-2002-0583 3 Vendor Acknowledgement: Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests SPLITTING items of different types. If the "indexable and readable /reports/temp" problem were fixed, the system would still be vulnerable to the "brute force guessing" attack. So, these issues are treated as separate items, even though they are closely related. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0584 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0584 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020419 Xpede many vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html Reference: BID:4556 Reference: URL:http://www.securityfocus.com/bid/4556 Reference: XF:xpede-timesheet-disclosure(8907) Reference: URL:http://www.iss.net/security_center/static/8907.php WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the ts_app_process.asp script, which is easily guessable because it is incremented by 1 for each new timesheet. Analysis ---------------- ED_PRI CAN-2002-0584 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0586 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0586 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020416 [CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html Reference: CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152 Reference: BID:4535 Reference: URL:http://www.securityfocus.com/bid/4535 Reference: XF:aolserver-dbproxy-format-string(8860) Reference: URL:http://www.iss.net/security_center/static/8860.php Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters. Analysis ---------------- ED_PRI CAN-2002-0586 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0587 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0587 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020416 [CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html Reference: CONFIRM:http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1 Reference: CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152 Buffer overflow in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to cause a denial of service or execute arbitrary code via the Error or Notice parameters. Analysis ---------------- ED_PRI CAN-2002-0587 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC INCLUSION: the original posters specifically state that they found "a format string and a buffer overflow vulnerability." The patch to log.c clearly indicates a fix for an overflow (vsprintf changed to vsnprintf). Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0588 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0588 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020418 [[ TH 026 Inc. ]] SA #1 - Multiple vulnerabilities in PVote 1.5 Reference: URL:http://online.securityfocus.com/archive/1/268231 Reference: CONFIRM:http://orbit-net.net:8001/php/pvote/ Reference: XF:pvote-add-delete-polls(8877) Reference: URL:http://www.iss.net/security_center/static/8877.php Reference: BID:4540 Reference: URL:http://www.securityfocus.com/bid/4540 PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php. Analysis ---------------- ED_PRI CAN-2002-0588 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-EXEC ACKNOWLEDGEMENT: the change log for 1.9 includes an item dated Thursday, 18 April 2002, which says "Major security bugfixes thanks to [the Bugtraq poster.]" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0589 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0589 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020418 [[ TH 026 Inc. ]] SA #1 - Multiple vulnerabilities in PVote 1.5 Reference: URL:http://online.securityfocus.com/archive/1/268231 Reference: CONFIRM:http://orbit-net.net:8001/php/pvote/ Reference: XF:pvote-change-admin-password(8878) Reference: URL:http://www.iss.net/security_center/static/8878.php Reference: BID:4541 Reference: URL:http://www.securityfocus.com/bid/4541 PVote before 1.9 allows remote attackers to change the administrative password and gain privileges by directly calling ch_info.php with the newpass and confirm parameters both set to the new password. Analysis ---------------- ED_PRI CAN-2002-0589 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-EXEC ACKNOWLEDGEMENT: the change log for 1.9 includes an item dated Thursday, 18 April 2002, which says "Major security bugfixes thanks to [the Bugtraq poster.]" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0590 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0590 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020419 [[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0263.html Reference: BID:4548 Reference: URL:http://www.securityfocus.com/bid/4548 Reference: XF:incredibb-html-css(8879) Reference: URL:http://www.iss.net/security_center/static/8879.php Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies as other IcrediBB users via the (1) title or (2) body of posts. Analysis ---------------- ED_PRI CAN-2002-0590 3 Vendor Acknowledgement: Content Decisions: EX-BETA Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0591 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0591 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020416 AIM's 'Direct Connection' feature could lead to arbitrary file creation Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0203.html Reference: BID:4526 Reference: URL:http://www.securityfocus.com/bid/4526 Reference: XF:aim-direct-connection-files(8870) Reference: URL:http://www.iss.net/security_center/static/8870.php Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename. Analysis ---------------- ED_PRI CAN-2002-0591 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0592 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0592 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020421 AIM Remote File Transfer/Direct Connection Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/269006 Reference: BID:4574 Reference: URL:http://www.securityfocus.com/bid/4574 AOL Instant Messenger (AIM) allows remote attackers to steal files that are being transferred to other clients by connecting to port 4443 (Direct Connection) or port 5190 (file transfer) before the intended user. Analysis ---------------- ED_PRI CAN-2002-0592 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0593 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0593 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS) Reference: URL:http://online.securityfocus.com/archive/1/270249 Reference: CONECTIVA:CLA-2002:490 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490 Reference: BID:4637 Reference: URL:http://www.securityfocus.com/bid/4637 Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI. Analysis ---------------- ED_PRI CAN-2002-0593 3 Vendor Acknowledgement: yes advisory Content Decisions: EX-CLIENT-DOS ABSTRACTION: the problem as indicated by the Bugtraq poster could be due to something other than an exploitable overflow. If the bug merely causes a client crash, then CD:EX-CLIENT-DOS suggests that it should not be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0594 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0594 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS) Reference: URL:http://online.securityfocus.com/archive/1/270249 Reference: CONECTIVA:CLA-2002:490 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490 Reference: BID:4640 Reference: URL:http://www.securityfocus.com/bid/4640 Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect. Analysis ---------------- ED_PRI CAN-2002-0594 3 Vendor Acknowledgement: yes advisory Content Decisions: EX-CLIENT-DOS ABSTRACTION: the problem as indicated by the Bugtraq poster could be due to something other than an exploitable overflow. If the bug merely causes a client crash, then CD:EX-CLIENT-DOS suggests that it should not be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0595 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0595 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020416 Webtrends Reporting Center Buffer Overflow (#NISR17042002C) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0207.html Reference: XF:webtrends-long-string-bo(8864) Reference: URL:http://www.iss.net/security_center/static/8864.php Reference: BID:4531 Reference: URL:http://www.securityfocus.com/bid/4531 Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reporting Center 4.0d allows remote attackers to execute arbitrary code via a long HTTP GET request to the /reports/ directory. Analysis ---------------- ED_PRI CAN-2002-0595 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0596 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0596 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020416 Webtrends Reporting Center Buffer Overflow (#NISR17042002C) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0207.html Reference: XF:webtrends-profile-path-disclosure(8865) Reference: URL:http://www.iss.net/security_center/static/8865.php WebTrends Reporting Center 4.0d allows remote attackers to determine the realt path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message. Analysis ---------------- ED_PRI CAN-2002-0596 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0597 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0597 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020417 KPMG-2002011: Windows 2000 microsoft-ds Denial of Service Reference: URL:http://online.securityfocus.com/archive/1/268066 Reference: VULNWATCH:20020417 [VulnWatch] KPMG-2002011: Windows 2000 microsoft-ds Denial of Service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0025.html Reference: XF:win2k-lanman-dos(8867) Reference: URL:http://www.iss.net/security_center/static/8867.php Reference: BID:4532 Reference: URL:http://www.securityfocus.com/bid/4532 LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445. Analysis ---------------- ED_PRI CAN-2002-0597 3 Vendor Acknowledgement: unknown discloser-claimed ACKNOWLEDGEMENT: a number of data sources suggest that KB article Q320751 addresses this issue, but it could not be found on the Microsoft web site as of 20020610. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0600 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0600 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020424 A bug in the Kerberos4 ftp client may cause heap overflow which leads to remote code execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0339.html Reference: XF:kerberos4-ftp-client-overflow(8938) Reference: URL:http://www.iss.net/security_center/static/8938.php Reference: BID:4592 Reference: URL:http://online.securityfocus.com/bid/4592 Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request. Analysis ---------------- ED_PRI CAN-2002-0600 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0606 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0606 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020429 3CDaemon DoS exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0428.html Reference: BID:4638 Reference: URL:http://www.securityfocus.com/bid/4638 Reference: XF:3cdaemon-ftp-bo(8970) Reference: URL:http://www.iss.net/security_center/static/8970.php Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long commands such as login. Analysis ---------------- ED_PRI CAN-2002-0606 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0607 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0607 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020419 Snitz Forums 2000 remote SQL query manipulation vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0279.html Reference: CONFIRM:http://forum.snitz.com/forum/topic.asp?TOPIC_ID=26770 Reference: XF:snitz-members-sql-injection(8898) Reference: URL:http://www.iss.net/security_center/static/8898.php Reference: BID:4558 Reference: URL:http://www.securityfocus.com/bid/4558 members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL. Analysis ---------------- ED_PRI CAN-2002-0607 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC ACKNPOWLEDGEMENT: in an online security forum, the vendor includes an item dated April 23, 2002, which states "There is a security bug in members.asp," offering a patch that clearly deals with clearing SQL injection attacks. ACCURACY: the parameters besides M_NAME were inferred from the vendor patch. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0608 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0608 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020422 Matu FTP remote buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0310.html Reference: XF:matu-ftp-long-string-bo(8911) Reference: URL:http://www.iss.net/security_center/static/8911.php Reference: BID:4572 Reference: URL:http://www.securityfocus.com/bid/4572 Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a long "220" banner. Analysis ---------------- ED_PRI CAN-2002-0608 3 Vendor Acknowledgement: unknown foreign Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0609 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0609 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: HP:HPSBMP0204-013 Reference: URL:http://online.securityfocus.com/advisories/4047 Reference: XF:hp-mpeix-ip-dos(8901) Reference: URL:http://www.iss.net/security_center/static/8901.php Reference: BID:4536 Reference: URL:http://www.securityfocus.com/bid/4536 Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a denial of service (system failure with "SA1457 out of i_port_timeout.fix_up_message_frame") via malformed IP packets. Analysis ---------------- ED_PRI CAN-2002-0609 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0611 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0611 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: VULN-DEV:20020416 FileSeek cgi script advisory Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0132.html Reference: XF:fileseek-cgi-directory-traversal(8858) Reference: URL:http://www.iss.net/security_center/static/8858.php Directory traversal vulnerability in FileSeek.cgi allows remote attackers to read arbitrary files via a ....// (modified dot dot) in the (1) head or (2) foot parameters, which are not properly filtered. Analysis ---------------- ED_PRI CAN-2002-0611 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0612 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0612 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: VULN-DEV:20020416 FileSeek cgi script advisory Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0132.html Reference: XF:fileseek-cgi-command-execution(8857) Reference: URL:http://www.iss.net/security_center/static/8857.php FileSeek.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) head or (2) foot parameters. Analysis ---------------- ED_PRI CAN-2002-0612 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0614 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0614 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020426 PHP-Survey Database Access Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0383.html Reference: BID:4612 Reference: URL:http://www.securityfocus.com/bid/4612 Reference: XF:phpsurvey-global-reveal-info(8950) Reference: URL:http://www.iss.net/security_center/static/8950.php PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server. Analysis ---------------- ED_PRI CAN-2002-0614 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
