|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-94 - 31 candidates
I am proposing cluster RECENT-94 for review and voting by the Editorial Board. Name: RECENT-94 Description: Misc. candidates, some from 2001 and most from April 2002 Size: 31 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-1378 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1378 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020715 Category: SF Reference: MISC:http://lists.ccil.org/pipermail/fetchmail-announce/2001-March/000015.html Reference: REDHAT:RHSA-2001:103 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-103.html fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files. Analysis ---------------- ED_PRI CAN-2001-1378 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1380 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20011018 Immunix OS update for OpenSSH Reference: BUGTRAQ:20011017 TSLSA-2001-0023 - OpenSSH Reference: BUGTRAQ:20010926 OpenSSH Security Advisory (adv.option) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100154541809940&w=2 Reference: BUGTRAQ:20011019 TSLSA-2001-0026 - OpenSSH Reference: REDHAT:RHSA-2001:114 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-114.html Reference: MANDRAKE:MDKSA-2001:081 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-081.php OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses. Analysis ---------------- ED_PRI CAN-2001-1380 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1382 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1382 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: CONFIRM:http://www.openwall.com/Owl/CHANGES-stable.shtml The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used. Analysis ---------------- ED_PRI CAN-2001-1382 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1383 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1383 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: REDHAT:RHSA-2001:110 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-110.html Reference: XF:linux-setserial-initscript-symlink(7177) Reference: URL:http://www.iss.net/security_center/static/7177.php Reference: BID:3367 Reference: URL:http://online.securityfocus.com/bid/3367 initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files. Analysis ---------------- ED_PRI CAN-2001-1383 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0014 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0014 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020110 Category: SF Reference: BUGTRAQ:20020105 Pine 4.33 (at least) URL handler allows embedded commands. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101027841605918&w=2 Reference: REDHAT:RHSA-2002:009 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-009.html Reference: ENGARDE:ESA-20020114-002 Reference: CONECTIVA:CLA-2002:460 Reference: FREEBSD:FreeBSD-SA-02:05 Reference: HP:HPSBTL0201-015 Reference: BID:3815 Reference: URL:http://online.securityfocus.com/bid/3815 URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&). Analysis ---------------- ED_PRI CAN-2002-0014 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0687 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0687 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020712 Category: SF Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers. Analysis ---------------- ED_PRI CAN-2002-0687 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0733 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0733 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: VULNWATCH:20020417 Smalls holes on 5 products #1 Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html Reference: CONFIRM:http://www.acme.com/software/thttpd/#releasenotes Reference: MISC:http://www.ifrance.com/kitetoua/tuto/5holes1.txt Reference: XF:thttpd-error-page-css(9029) Reference: URL:http://www.iss.net/security_center/static/9029.php Reference: BID:4601 Reference: URL:http://www.securityfocus.com/bid/4601 Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message. Analysis ---------------- ED_PRI CAN-2002-0733 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: In the release notes for 2.21, the vendor states "Fixed cross-site scripting bug relating to the built-in error pages." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0736 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0736 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020416 Back Office Web Administrator Authentication Bypass (#NISR17042002A) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html Reference: MSKB:Q316838 Reference: URL:http://support.microsoft.com/support/kb/articles/q316/8/38.asp Reference: BID:4528 Reference: URL:http://www.securityfocus.com/bid/4528 Reference: XF:backoffice-bypass-authentication(8862) Reference: URL:http://www.iss.net/security_center/static/8862.php Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank. Analysis ---------------- ED_PRI CAN-2002-0736 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0737 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0737 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020417 KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass Reference: URL:http://online.securityfocus.com/archive/1/268121 Reference: VULNWATCH:20020417 [VulnWatch] KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0026.html Reference: CONFIRM:http://www.sambar.com/security.htm Reference: XF:sambar-script-source-disclosure(8876) Reference: URL:http://www.iss.net/security_center/static/8876.php Reference: BID:4533 Reference: URL:http://www.securityfocus.com/bid/4533 Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character. Analysis ---------------- ED_PRI CAN-2002-0737 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: on the security page, last updated the day after the initial disclosure, the vendor states that "All releases prior to the 5.2 beta 1 release are vulnerable to having the source code associated with CGI scripts and JSP files exposed via an URL sequence." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0738 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0738 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0260.html Reference: CONFIRM:http://www.mhonarc.org/MHonArc/CHANGES Reference: XF:mhonarc-script-filtering-bypass(8894) Reference: URL:http://www.iss.net/security_center/static/8894.php Reference: BID:4546 Reference: URL:http://www.securityfocus.com/bid/4546 MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax. Analysis ---------------- ED_PRI CAN-2002-0738 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: In the changelog for 2002/04/18 (version 2.5.3), the vendor states "Beefed up HTML filtering in mhtxthtml.pl to eliminate some security exploits" and credits the Bugtraq researchers. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0748 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0748 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020423 LabVIEW Web Server DoS Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0323.html Reference: CONFIRM:http://digital.ni.com/public.nsf/websearch/4C3F86E655E5389886256BA00064B22F?OpenDocument Reference: XF:labview-http-get-dos(8919) Reference: URL:http://www.iss.net/security_center/static/8919.php Reference: BID:4577 Reference: URL:http://www.securityfocus.com/bid/4577 LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations. Analysis ---------------- ED_PRI CAN-2002-0748 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0754 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0754 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: FREEBSD:FreeBSD-SA-02:07 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc Reference: BID:3919 Reference: URL:http://www.securityfocus.com/bid/3919 Reference: XF:kerberos5-k5su-elevate-privileges(7956) Reference: URL:http://www.iss.net/security_center/static/7956.php Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow an unprivileged process to gain privileges if that process has a getlogin as root. Analysis ---------------- ED_PRI CAN-2002-0754 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0741 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0741 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020423 PsyBNC Remote Dos POC Reference: URL:http://online.securityfocus.com/archive/1/269131 Reference: BUGTRAQ:20020422 Re: psyBNC 2.3 DoS / Bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0322.html Reference: BID:4570 Reference: URL:http://www.securityfocus.com/bid/4570 Reference: XF:psybnc-long-password-dos(8912) Reference: URL:http://www.iss.net/security_center/static/8912.php psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC. Analysis ---------------- ED_PRI CAN-2002-0741 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0890 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0890 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20011221 Category: Reference: REDHAT:RHSA-2001:171 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-171.html Reference: BID:3987 Reference: URL:http://online.securityfocus.com/bid/3987 Reference: XF:xsane-temp-symlink(7714) Reference: URL:http://www.iss.net/security_center/static/7714.php Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files. Analysis ---------------- ED_PRI CAN-2001-0890 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE ABSTRACTION/INCLUSION: this is NOT a duplicate of CVE-2001-0887, although there are close relationships. SANE is a different codebase than XSane; XSane is a front end for SANE; but they are different products offered by different developers, so these issues are SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1379 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1379 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20010829 RUS-CERT Advisory 2001-08:01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99911895901812&w=2 Reference: VULNWATCH:20010829 [VulnWatch] RUS-CERT Advisory 2001-08:01 Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0040.html Reference: FREEBSD:FreeBSD-SA-02:03 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:03.mod_auth_pgsql.asc Reference: CONECTIVA:CLA-2001:427 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000427 Reference: REDHAT:RHSA-2001:124 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-124.html Reference: XF:apache-postgresql-authentication-module(7054) Reference: URL:http://www.iss.net/security_center/static/7054.php Reference: BID:3251 Reference: URL:http://online.securityfocus.com/bid/3251 Reference: BID:3253 Reference: XF:apache-postgresqlsys-authentication-module(7059) The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name. Analysis ---------------- ED_PRI CAN-2001-1379 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE ABSTRACTION: mod_auth_pgsql and mod_auth_pgsql_sys were by the same authors, which suggests a common codebase. So, CD:SF-CODEBASE suggests a MERGE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0730 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0730 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020421 Philip Chinery's Guestbook 1.1 fails to filter out js/html Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0309.html Reference: XF:guestbook-pl-css(8916) Reference: URL:http://www.iss.net/security_center/static/8916.php Reference: BID:4566 Reference: URL:http://www.securityfocus.com/bid/4566 Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage. Analysis ---------------- ED_PRI CAN-2002-0730 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0731 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0731 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020421 vqServer Demo Files Cross-Site Scripting Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0313.html Reference: XF:vqserver-samples-css(8935) Reference: URL:http://www.iss.net/security_center/static/8935.php Reference: BID:4573 Reference: URL:http://www.securityfocus.com/bid/4573 Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl. Analysis ---------------- ED_PRI CAN-2002-0731 3 Vendor Acknowledgement: Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0732 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0732 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020430 Levcgi.coms MyGuestbook JavaScript Injection Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0422.html Reference: CONFIRM:http://www.levcgi.com/programs.cgi?program=myguestbook&action=history Reference: XF:myguestbook-cgi-css(8968) Reference: URL:http://www.iss.net/security_center/static/8968.php Reference: BID:4651 Reference: URL:http://www.securityfocus.com/bid/4651 Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote attackers to execute arbitrary script or inject HTML via fields such as (1) user name or (2) comments. Analysis ---------------- ED_PRI CAN-2002-0732 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ACKNOWLEDGEMENT: in the history file for 1.1 released May 03, 2002, the vendor states that the new version "prevents any javascript from being posted" and "prevents HTML being used in the name field." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0739 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0739 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020420 Vulnerability in PostCalendar Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0288.html Reference: BID:4563 Reference: URL:http://www.securityfocus.com/bid/4563 Reference: XF:postcalendar-calendar-event-css(8899) Reference: URL:http://www.iss.net/security_center/static/8899.php Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page. Analysis ---------------- ED_PRI CAN-2002-0739 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0740 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0740 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020422 Slrnpull Buffer Overflow (-d parameter) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0302.html Reference: BUGTRAQ:20020425 slrnpull -d PoC Reference: URL:http://online.securityfocus.com/archive/1/269667 Reference: BUGTRAQ:20020430 Re: Slrnpull Buffer Overflow (-d parameter) Reference: URL:http://online.securityfocus.com/archive/1/270235 Reference: XF:slrnpull-d-spooldir-bo(8910) Reference: URL:http://www.iss.net/security_center/static/8910.php Reference: BID:4569 Reference: URL:http://www.securityfocus.com/bid/4569 Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument. Analysis ---------------- ED_PRI CAN-2002-0740 3 Vendor Acknowledgement: no disputed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0742 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0742 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: AIXAPAR:IY28880 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q2/0005.html Buffer overflow in pioout on AIX 4.3.3. Analysis ---------------- ED_PRI CAN-2002-0742 3 Vendor Acknowledgement: yes Content Decisions: VAGUE INCLUSION: this APAR description is too vague to be absolutely certain that it is a different issue than the pioout buffer overflow that is identified in CVE-2000-1123; however, that issue has its own APAR, so there is enough other evidence that the issues are different. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0743 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0743 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: AIXAPAR:IY29516 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q2/0005.html mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow. Analysis ---------------- ED_PRI CAN-2002-0743 3 Vendor Acknowledgement: yes Content Decisions: VAGUE INCLUSION: this APAR description is too vague to be absolutely certain that it is a buffer overflow. In addition, there is insufficient information to know if it's addressing a previously identified vulnerability such as CAN-2002-0041, CVE-2001-0565, or CAN-2000-0545. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0744 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0744 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: AIXAPAR:IY29517 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q2/0005.html namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow. Analysis ---------------- ED_PRI CAN-2002-0744 3 Vendor Acknowledgement: yes Content Decisions: VAGUE This APAR description is too vague to be absolutely certain that it is a buffer overflow. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0745 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0745 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: AIXAPAR:IY29518 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q2/0005.html Buffer overflow in uucp in AIX 4.3.3. Analysis ---------------- ED_PRI CAN-2002-0745 3 Vendor Acknowledgement: yes Content Decisions: VAGUE INCLUSION/ABSTRACTION: There is insufficient information to know whether this is the same issue as CAN-2001-1164, which itself is described in a vague advisory. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0746 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0746 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: AIXAPAR:IY29583 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q2/0005.html Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument. Analysis ---------------- ED_PRI CAN-2002-0746 3 Vendor Acknowledgement: yes Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0747 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0747 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: AIXAPAR:IY29589 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q2/0005.html Buffer overflow in lsmcode in AIX 4.3.3. Analysis ---------------- ED_PRI CAN-2002-0747 3 Vendor Acknowledgement: yes Content Decisions: VAGUE INCLUSION/ABSTRACTION: Due to the vagueness of this description, and especially the description of CAN-2001-1061, it is uncertain whether the two items are the same or not; however, CAN-2001-1061 has a separate APAR than this item, so there is sufficient evidence that they're somehow different. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0749 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0749 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020423 CGIscript.net - csMailto.cgi - Remote Command Execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0326.html Reference: XF:cgiscript-csmailto-command-execution(8930) Reference: URL:http://www.iss.net/security_center/static/8930.php Reference: BID:4579 Reference: URL:http://www.securityfocus.com/bid/4579 CGIscript.net csMailto.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the form-attachment field. Analysis ---------------- ED_PRI CAN-2002-0749 3 Vendor Acknowledgement: Content Decisions: SF-LOC ACKNOWLEDGEMENT: the change report for csMailto version 2 says "Added security. The form options are stored in a separate file." This would address the specified problem, but is it sufficient to indicate vendor acknowledgement? Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0750 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0750 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020423 CGIscript.net - csMailto.cgi - Remote Command Execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0326.html Reference: MISC:http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=5 CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field. Analysis ---------------- ED_PRI CAN-2002-0750 3 Vendor Acknowledgement: unknown vague Content Decisions: SF-LOC ACKNOWLEDGEMENT: the change report for csMailto version 2 says "Added security. The form options are stored in a separate file." This would address the specified problem, but is it sufficient to indicate vendor acknowledgement? Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0751 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0751 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020423 CGIscript.net - csMailto.cgi - Remote Command Execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0326.html Reference: MISC:http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=5 Reference: BID:4579 Reference: URL:http://www.securityfocus.com/bid/4579 CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified (1) form-to, (2) form-from, and (3) form-results parameters. Analysis ---------------- ED_PRI CAN-2002-0751 3 Vendor Acknowledgement: unknown vague Content Decisions: SF-LOC ACKNOWLEDGEMENT: the change report for csMailto version 2 says "Added security. The form options are stored in a separate file." This would address the specified problem, but is it sufficient to indicate vendor acknowledgement? Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0752 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0752 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: CF Reference: BUGTRAQ:20020423 CGIscript.net - csMailto.cgi - Remote Command Execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0326.html CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file. Analysis ---------------- ED_PRI CAN-2002-0752 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0753 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0753 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020416 Buffer Overrun in Talentsoft's Web+ (3) (#NISR17042002B) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0210.html Reference: XF:webplus-long-cookie-bop(8861) Reference: URL:http://www.iss.net/security_center/static/8861.php Reference: BID:4530 Reference: URL:http://www.securityfocus.com/bid/4530 Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie. Analysis ---------------- ED_PRI CAN-2002-0753 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
