|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-95 - 48 candidates
I am proposing cluster RECENT-95 for review and voting by the Editorial Board. Name: RECENT-95 Description: CANs announced between 2002/05/06 and 2002/05/31 Size: 48 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0703 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0703 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020716 Category: SF Reference: REDHAT:RHSA-2002:081 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-081.html Reference: MANDRAKE:MDKSA-2002:035 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-035.php Reference: XF:linux-utf8-incorrect-md5(9051) Reference: URL:http://www.iss.net/security_center/static/9051.php Reference: BID:4716 Reference: URL:http://www.securityfocus.com/bid/4716 An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data. Analysis ---------------- ED_PRI CAN-2002-0703 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0704 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0704 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020716 Category: SF Reference: BUGTRAQ:20020508 [CARTSA-20020402] Linux Netfilter NAT/ICMP code information leak Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102088521517722&w=2 Reference: REDHAT:RHSA-2002:086 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-086.html Reference: MANDRAKE:MDKSA-2002:030 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-030.php Reference: HP:HPSBTL0205-039 Reference: URL:http://online.securityfocus.com/advisories/4116 Reference: XF:linux-netfilter-information-leak(9043) Reference: URL:http://www.iss.net/security_center/static/9043.php Reference: BID:4699 Reference: URL:http://www.securityfocus.com/bid/4699 The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages. Analysis ---------------- ED_PRI CAN-2002-0704 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0734 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0734 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020506 b2 php remote command execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0027.html Reference: CONFIRM:http://cafelog.com/ Reference: BID:4673 Reference: URL:http://www.securityfocus.com/bid/4673 Reference: XF:b2-b2inc-command-execution(9013) Reference: URL:http://www.iss.net/security_center/static/9013.php b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a Trojan horse program stored on a remote server. Analysis ---------------- ED_PRI CAN-2002-0734 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: On the vendor's home page, an item dated "04.05.02" (May 4, 2002) states "Someone recently told me about a security hole in b2... The fix for the security hole is very simple: create a file named b2config.php and upload it in your b2-include folder." While this in itself doesn't include enough details to be certain that the vendor is fixing *this* problem, it would fix the problem, and later comments on the vendor's page would line up with the date of public announcement of this problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0755 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0755 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: FREEBSD:FreeBSD-SA-02:24 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc Reference: BID:4777 Reference: URL:http://www.securityfocus.com/bid/4777 Reference: XF:freebsd-k5su-gain-privileges(9125) Reference: URL:http://www.iss.net/security_center/static/9125.php Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root. Analysis ---------------- ED_PRI CAN-2002-0755 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0758 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0758 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: SUSE:SuSE-SA:2002:016 Reference: URL:http://www.suse.de/de/support/security/2002_016_sysconfig_txt.html Reference: BID:4695 Reference: URL:http://www.securityfocus.com/bid/4695 Reference: XF:suse-sysconfig-command-execution(9040) Reference: URL:http://www.iss.net/security_center/static/9040.php ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file. Analysis ---------------- ED_PRI CAN-2002-0758 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0759 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0759 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: FREEBSD:FreeBSD-SA-02:25 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc Reference: XF:bzip2-decompression-file-overwrite(9126) Reference: URL:http://www.iss.net/security_center/static/9126.php Reference: BID:4774 Reference: URL:http://www.securityfocus.com/bid/4774 bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, and other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive. Analysis ---------------- ED_PRI CAN-2002-0759 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0760 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0760 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: FREEBSD:FreeBSD-SA-02:25 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc Reference: BID:4775 Reference: URL:http://www.securityfocus.com/bid/4775 Reference: XF:bzip2-decompression-race-condition(9127) Reference: URL:http://www.iss.net/security_center/static/9127.php Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, and other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed. Analysis ---------------- ED_PRI CAN-2002-0760 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0761 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0761 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: FREEBSD:FreeBSD-SA-02:25 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc Reference: XF:bzip2-compression-symlink(9128) Reference: URL:http://www.iss.net/security_center/static/9128.php Reference: BID:4776 Reference: URL:http://www.securityfocus.com/bid/4776 bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, and other operating systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended. Analysis ---------------- ED_PRI CAN-2002-0761 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0762 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0762 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: SUSE:SuSE-SA:2002:017 Reference: URL:http://www.suse.de/de/support/security/2002_17_shadow.html Reference: XF:suse-shadow-filesize-limits(9102) Reference: URL:http://www.iss.net/security_center/static/9102.php Reference: BID:4757 Reference: URL:http://www.securityfocus.com/bid/4757 shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files. Analysis ---------------- ED_PRI CAN-2002-0762 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0765 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0765 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020527 OpenSSH 3.2.3 released (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html Reference: OPENBSD:20020522 004: SECURITY FIX: May 22, 2002 Reference: URL:http://www.openbsd.org/errata.html#sshbsdauth Reference: BID:4803 Reference: URL:http://www.securityfocus.com/bid/4803 Reference: XF:bsd-sshd-authentication-error(9215) Reference: URL:http://www.iss.net/security_center/static/9215.php sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password. Analysis ---------------- ED_PRI CAN-2002-0765 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0766 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0766 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: VULNWATCH:20020509 [VulnWatch] OpenBSD local DoS and root exploit Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0066.html Reference: BUGTRAQ:20020509 OpenBSD local DoS and root exploit Reference: URL:http://online.securityfocus.com/archive/1/271702 Reference: OPENBSD:20020508 003: SECURITY FIX: May 8, 2002 Reference: URL:http://www.openbsd.org/errata.html#fdalloc2 Reference: XF:openbsd-file-descriptor-dos(9048) Reference: URL:http://www.iss.net/security_center/static/9048.php OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor. Analysis ---------------- ED_PRI CAN-2002-0766 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0768 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0768 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: Reference: SUSE:SuSE-SA:2002:018 Reference: URL:http://www.suse.com/de/support/security/2002_18_lukemftp.html Reference: XF:lukemftp-pasv-bo(9130) Reference: URL:http://www.iss.net/security_center/static/9130.php Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command. Analysis ---------------- ED_PRI CAN-2002-0768 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0778 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0778 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: CF Reference: CISCO:20020528 Transparent Cache Engine and Content Engine TCP Relay Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/transparentcache-tcp-relay-vuln-pub.shtml Reference: XF:cisco-cache-content-tcp-forward(9082) Reference: URL:http://www.iss.net/security_center/static/9082.php Reference: BID:4751 Reference: URL:http://www.securityfocus.com/bid/4751 The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP. Analysis ---------------- ED_PRI CAN-2002-0778 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0788 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0788 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020508 NTFS and PGP interact to expose EFS encrypted data Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0052.html Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt Reference: XF:pgp-ntfs-reveal-data(9044) Reference: URL:http://www.iss.net/security_center/static/9044.php Reference: BID:4702 Reference: URL:http://www.securityfocus.com/bid/4702 An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information. Analysis ---------------- ED_PRI CAN-2002-0788 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: In the release notes for the hotfix, the vendor states "There is a conflict between Microsoft's Encrypted File System (EFS) on Windows 2000 and PGP’s file wiping feature. When you encrypt a file using EFS, Windows 2000 creates a temporary file that contains the cleartext of the encrypted file." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0789 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0789 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020511 Bug in mnogosearch-3.1.19 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0092.html Reference: CONFIRM:http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz Reference: MISC:http://www.mnogosearch.org/history.html#log31 Reference: BID:4724 Reference: URL:http://www.securityfocus.com/bid/4724 Reference: XF:mnogosearch-search-cgi-bo(9060) Reference: URL:http://www.iss.net/security_center/static/9060.php Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter. Analysis ---------------- ED_PRI CAN-2002-0789 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: a vague comment in the product history page includes an item for version 3.1.20 dated "27 Jun 2002," which states "Security bug has been fixed." This is not sufficient proof that the vendor has fixed *this* issue. HOWEVER, the ChangeLog in the source code for 3.1.20 includes an item dated 27 Jun 2002, which says "A security bug (trap on too long queries) fixed," which *does* qualify as sufficient proof. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0794 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0794 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: FREEBSD:FreeBSD-SA-02:26 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2002-05/0349.html Reference: BID:4879 Reference: URL:http://www.securityfocus.com/bid/4879 Reference: XF:freebsd-accept-filter-dos(9209) Reference: URL:http://www.iss.net/security_center/static/9209.php The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue. Analysis ---------------- ED_PRI CAN-2002-0794 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0795 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0795 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: FREEBSD:FreeBSD-SA-02:27 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc Reference: XF:freebsd-rc-delete-directories(9217) Reference: URL:http://www.iss.net/security_center/static/9217.php Reference: BID:4880 Reference: URL:http://www.securityfocus.com/bid/4880 The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files. Analysis ---------------- ED_PRI CAN-2002-0795 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0801 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0801 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: VULNWATCH:20020529 [VulnWatch] FW: Macromedia JRUN Buffer overflow vulnerability (#NISR29052002) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0085.html Reference: BUGTRAQ:20020529 Addendum to advisory #NISR29052002 (JRun buffer overflow) Reference: URL:http://online.securityfocus.com/archive/1/274601 Reference: BUGTRAQ:20020529 Macromedia JRUN Buffer overflow vulnerability (#NISR29052002) Reference: URL:http://online.securityfocus.com/archive/1/274528 Reference: CERT-VN:VU#703835 Reference: URL:http://www.kb.cert.org/vuls/id/703835 Reference: CERT:CA-2002-14 Reference: URL:http://www.cert.org/advisories/CA-2002-14.html Reference: XF:jrun-isapi-host-bo(9194) Reference: URL:http://www.iss.net/security_center/static/9194.php Reference: BID:4873 Reference: URL:http://www.securityfocus.com/bid/4873 Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file. Analysis ---------------- ED_PRI CAN-2002-0801 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0777 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0777 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020520 Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html Reference: XF:imail-ldap-bo(9116) Reference: URL:http://www.iss.net/security_center/static/9116.php Reference: BID:4780 Reference: URL:http://www.securityfocus.com/bid/4780 Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter. Analysis ---------------- ED_PRI CAN-2002-0777 2 Vendor Acknowledgement: yes via-email ACKNOWLEDGEMENT: the only apparent information by the vendor that MAY be related to this issue is at http://support.ipswitch.com/kb/IM-20020703-DM01.htm; there are two comments related to overflows: "Removed a buffer overflow error in Web Calendaring" and "ILDAP: Fixed a buffer overflow which could be used for a DOS attack." While the latter phrase might be related to the LDAP issue, it is in direct conflict with Foundstone's claim that the problem is exploitable, which may indicate that this is not really the same vulnerability. Inquiry posted to http://www.ipswitch.com/cgi/askatech.pl?action=build on July 17, 2002. Tracking number: T200207180016. Vendor confirmed the issue via an E-mail reply from evalhelp@ipswitch.com on July 18: "Yes, this has been repaired... The conclusive evidence is in the knowledge base article." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0790 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0790 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: AIXAPAR:IY24556 Reference: URL:http://techsupport.services.ibm.com/server/aix.uhuic_getrec?args=DVsteamboat.boulder.ibm.com+DBAIX2+DA6854+STIY24556+USbin clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0790 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0702 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0702 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020716 Category: SF Reference: BUGTRAQ:20020508 [NGSEC-2002-2] ISC DHCPDv3, remote root compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102089498828206&w=2 Reference: VULNWATCH:20020508 [VulnWatch] [NGSEC-2002-2] ISC DHCPDv3, remote root compromise Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0063.html Reference: CERT-VN:VU#854315 Reference: URL:http://www.kb.cert.org/vuls/id/854315 Reference: CERT:CA-2002-12 Reference: URL:http://www.cert.org/advisories/CA-2002-12.html Reference: CALDERA:CSSA-2002-028.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-028.0.txt Reference: MANDRAKE:MDKSA-2002:037 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-037.php Reference: SUSE:SuSE-SA:2002:019 Reference: URL:http://www.suse.de/de/support/security/2002_19_dhcp.html Reference: CONECTIVA:CLA-2002:483 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000483 Reference: XF:dhcpd-nsupdate-format-string(9039) Reference: URL:http://www.iss.net/security_center/static/9039.php Reference: BID:4701 Reference: URL:http://www.securityfocus.com/bid/4701 Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response. Analysis ---------------- ED_PRI CAN-2002-0702 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0735 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0735 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: VULN-DEV:20020506 ldap vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102070267500932&w=2 Reference: VULNWATCH:20020506 [VulnWatch] ldap vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html Reference: BUGTRAQ:20020506 ldap vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/271173 Reference: BID:4679 Reference: URL:http://www.securityfocus.com/bid/4679 Reference: XF:squidauthldap-logging-format-string(9019) Reference: URL:http://www.iss.net/security_center/static/9019.php Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages. Analysis ---------------- ED_PRI CAN-2002-0735 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0756 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0756 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html Reference: BID:4694 Reference: URL:http://www.securityfocus.com/bid/4694 Reference: XF:webmin-usermin-authpage-css(9036) Reference: URL:http://www.iss.net/security_center/static/9036.php Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies. Analysis ---------------- ED_PRI CAN-2002-0756 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0757 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0757 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/271466 Reference: MANDRAKE:MDKSA-2002:033 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php Reference: XF:webmin-usermin-sessionid-spoof(9037) Reference: URL:http://www.iss.net/security_center/static/9037.php Reference: BID:4700 Reference: URL:http://www.securityfocus.com/bid/4700 (1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations. Analysis ---------------- ED_PRI CAN-2002-0757 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0763 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0763 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: HP:HPSBUX0205-193 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q2/0037.html Reference: XF:hp-virtualvault-admin-access(9038) Reference: URL:http://www.iss.net/security_center/static/9038.php Reference: BID:4690 Reference: URL:http://www.securityfocus.com/bid/4690 Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server. Analysis ---------------- ED_PRI CAN-2002-0763 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0764 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0764 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020517 Phorum 3.3.2a remote command execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0147.html Reference: BUGTRAQ:20020518 Phorum 3.3.2a has another bug for remote command execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0153.html Reference: CONFIRM:http://www.phorum.org/ Reference: XF:phorum-php-command-execution(9107) Reference: URL:http://www.iss.net/security_center/static/9107.php Reference: BID:4763 Reference: URL:http://www.securityfocus.com/bid/4763 Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands. Analysis ---------------- ED_PRI CAN-2002-0764 3 Vendor Acknowledgement: yes Content Decisions: SF-EXEC ACKNOWLEDGEMENT: On the vendor's front page, there is a statement on Phorum 3.3.2b3 dated May 16, 2002, which says "This [fix] addresses a security issue where some included scripts could be called directly and allow foreign code to be run." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0767 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0767 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020613 simpleinit root exploit - file descriptor left open Reference: URL:http://online.securityfocus.com/archive/1/276739 Reference: BID:5001 Reference: URL:http://www.securityfocus.com/bid/5001 Reference: XF:simpleinit-file-descriptor-open(9357) Reference: URL:http://www.iss.net/security_center/static/9357.php simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges. Analysis ---------------- ED_PRI CAN-2002-0767 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0769 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0769 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020509 Cisco ATA-186 admin password can be trivially circumvented Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0083.html Reference: CISCO:20020523 ATA-186 Password Disclosure Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml Reference: XF:cisco-ata-bypass-auth(9057) Reference: URL:http://www.iss.net/security_center/static/9057.php Reference: XF:cisco-ata-reveal-info(9056) Reference: URL:http://www.iss.net/security_center/static/9056.php Reference: BID:4711 Reference: URL:http://www.securityfocus.com/bid/4711 Reference: BID:4712 Reference: URL:http://www.securityfocus.com/bid/4712 The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters. Analysis ---------------- ED_PRI CAN-2002-0769 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0770 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0770 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020514 Remote quake 2 3.2x server cvar leak Reference: URL:http://online.securityfocus.com/archive/1/272548 Reference: MISC:http://www.quakesrc.org/forum/topicDisplay.php?topicID=160 Reference: XF:quake2-unexpanded-var-disclosure(9095) Reference: URL:http://www.iss.net/security_center/static/9095.php Reference: BID:4744 Reference: URL:http://www.securityfocus.com/bid/4744 Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information. Analysis ---------------- ED_PRI CAN-2002-0770 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0771 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0771 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020518 cross-site scripting bug of ViewCVS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0161.html Reference: URL:http://online.securityfocus.com/archive/1/273102 Reference: XF:viewcvs-css(9112) Reference: URL:http://www.iss.net/security_center/static/9112.php Reference: BID:4818 Reference: URL:http://www.securityfocus.com/bid/4818 Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters. Analysis ---------------- ED_PRI CAN-2002-0771 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0772 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0772 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020517 Hosting Controller still have dangerous bugs! Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0142.html Reference: BID:4759 Reference: URL:http://www.securityfocus.com/bid/4759 Reference: XF:hosting-controller-dsnmanager-traversal(9104) Reference: URL:http://www.iss.net/security_center/static/9104.php Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. (dot dot) in the RootName parameter. Analysis ---------------- ED_PRI CAN-2002-0772 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0773 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0773 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020517 Hosting Controller still have dangerous bugs! Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0142.html Reference: BID:4761 Reference: URL:http://www.securityfocus.com/bid/4761 Reference: XF:hosting-controller-improotdir-commands(9105) Reference: URL:http://www.iss.net/security_center/static/9105.php imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath, and (3) oftpPath. Analysis ---------------- ED_PRI CAN-2002-0773 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0774 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0774 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: CF Reference: BUGTRAQ:20020519 Another vulnerability in hosting controller Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0168.html Reference: BID:4779 Reference: URL:http://www.securityfocus.com/bid/4779 Reference: XF:hosting-controller-default-account(9131) Reference: URL:http://www.iss.net/security_center/static/9131.php Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed. Analysis ---------------- ED_PRI CAN-2002-0774 3 Vendor Acknowledgement: Content Decisions: CF-PASS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0775 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0775 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: CF Reference: BUGTRAQ:20020519 Another vulnerability in hosting controller Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0168.html Reference: CONFIRM:http://www.hostingcontroller.com/english/patches/ForAll/download/drivebrowse.zip Reference: CONFIRM:http://hostingcontroller.com/english/logs/sp2log.html browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter. Analysis ---------------- ED_PRI CAN-2002-0775 3 Vendor Acknowledgement: yes advisory Content Decisions: CF-PASS ACKNOWLEDGEMENT: The "Readme" file in the "Drive Browse Bug Patch" released on May 21, 2002, says "This patch will fix the security bug where attacker may view the drive listing by direct URL insertion," and modifies browse.asp. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0779 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0779 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: VULNWATCH:20020508 [VulnWatch] cqure.net.20020412.bordermanager_36_mv1.a Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0060.html Reference: BUGTRAQ:20020508 cqure.net.20020412.bordermanager_36_mv1.a Reference: URL:http://online.securityfocus.com/archive/1/271475 Reference: BID:4696 Reference: URL:http://www.securityfocus.com/bid/4696 Reference: XF:novell-bordermanager-ftp-dos(9031) Reference: URL:http://www.iss.net/security_center/static/9031.php FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data. Analysis ---------------- ED_PRI CAN-2002-0779 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0780 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0780 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: VULNWATCH:20020508 [VulnWatch] cqure.net.20020412.bordermanager_36_mv1.a Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0060.html Reference: BUGTRAQ:20020508 cqure.net.20020412.bordermanager_36_mv1.a Reference: URL:http://online.securityfocus.com/archive/1/271475 Reference: BID:4697 Reference: URL:http://www.securityfocus.com/bid/4697 Reference: XF:novell-bordermanager-ipipx-dos(9032) Reference: URL:http://www.iss.net/security_center/static/9032.php IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a connection to port 8225 with a large amount of random data, which causes ipipxgw.nlm to ABEND. Analysis ---------------- ED_PRI CAN-2002-0780 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0781 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0781 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: VULNWATCH:20020508 [VulnWatch] cqure.net.20020412.bordermanager_36_mv1.a Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0060.html Reference: BUGTRAQ:20020508 cqure.net.20020412.bordermanager_36_mv1.a Reference: URL:http://online.securityfocus.com/archive/1/271475 Reference: BID:4698 Reference: URL:http://www.securityfocus.com/bid/4698 Reference: XF:novell-bordermanager-rtsp-dos(9033) Reference: URL:http://www.iss.net/security_center/static/9033.php RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND. Analysis ---------------- ED_PRI CAN-2002-0781 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0782 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0782 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020510 Re: cqure.net.20020412.bordermanager_36_mv1.a Reference: URL:http://online.securityfocus.com/archive/1/271957 Reference: BID:4726 Reference: URL:http://www.securityfocus.com/bid/4726 Reference: XF:novell-bordermanager-conntable-dos(9062) Reference: URL:http://www.iss.net/security_center/static/9062.php Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface. Analysis ---------------- ED_PRI CAN-2002-0782 3 Vendor Acknowledgement: Content Decisions: INCLUSION INCLUSION: any product is going to have some hard limits that simply can't be overcome ("Law of Physics" vulnerabilities). There does not seem to be any impact to this issue (server crash, misdirected packets, etc.) beyond the fact that the connection table is filled. The discloser does not say that these connections are eventually dropped; if they *aren't* eventually dropped, then maybe that is sufficient to include this issue in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0783 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0783 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020515 Opera javascript protocoll vulnerability [Sandblad advisory #6] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0117.html Reference: XF:opera-sameoriginpolicy-bypass(9096) Reference: URL:http://www.iss.net/security_center/static/9096.php Reference: BID:4745 Reference: URL:http://www.securityfocus.com/bid/4745 Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL. Analysis ---------------- ED_PRI CAN-2002-0783 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0784 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0784 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020507 Lysias Lidik Webserver suffers from a Directory Traversal Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0039.html Reference: CONFIRM:http://www.lysias.de/send/news/index.php?page=3 Reference: XF:lidek-webserver-directory-traversal(9028) Reference: URL:http://www.iss.net/security_center/static/9028.php Reference: BID:4691 Reference: URL:http://www.securityfocus.com/bid/4691 Directory traversal vulnerability in Lysias Lidik web server 0.7b allows remote attackers to list directories via an HTTP request with a ... (modified dot dot). Analysis ---------------- ED_PRI CAN-2002-0784 3 Vendor Acknowledgement: yes advisory Content Decisions: EX-BETA ACKNOWLEDGEMENT: In a statement dated "08.05.2002" (May 8), the vendor appears to acknowledge the problem in German. A Google translation to English states: "The side IT Checkpoint.net announces today a Security [issue] in the program LYSIAS Lidik written by us. The Web server contains a substantial safety gap, user should [avoid] the beta version ... for the time being." INCLUSION: CD:EX-BETA suggests that an issue in beta software should not be included in CVE. As implied by the vendor's acknowledgement, this issue only appears to be in beta software, so maybe it should not be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0785 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0785 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020508 Hole in AOL Instant Messenger Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0086.html Reference: XF:aim-addbuddy-bo(9058) Reference: URL:http://www.iss.net/security_center/static/9058.php Reference: BID:4709 Reference: URL:http://www.securityfocus.com/bid/4709 AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow. Analysis ---------------- ED_PRI CAN-2002-0785 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0786 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0786 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: VULNWATCH:20020510 [VulnWatch] Two (2) Critical Path inJoin V4.0 Directory Server Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0068.html Reference: BID:4718 Reference: URL:http://www.securityfocus.com/bid/4718 Reference: XF:injoin-admin-interface-view-files(9054) Reference: URL:http://www.iss.net/security_center/static/9054.php iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter. Analysis ---------------- ED_PRI CAN-2002-0786 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0787 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0787 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: VULNWATCH:20020510 [VulnWatch] Two (2) Critical Path inJoin V4.0 Directory Server Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0068.html Reference: XF:injoin-admin-interface-css(9053) Reference: URL:http://www.iss.net/security_center/static/9053.php Reference: BID:4717 Reference: URL:http://www.securityfocus.com/bid/4717 Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1) LOCID or (2) OC parameters. Analysis ---------------- ED_PRI CAN-2002-0787 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0791 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0791 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020508 Re: cqure.net.20020408.netware_nwftpd.a Reference: URL:http://online.securityfocus.com/archive/1/271589 Reference: VULNWATCH:20020508 [VulnWatch] cqure.net.20020408.netware_nwftpd.a Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0059.html Reference: MISC:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2962252.htm Reference: XF:netware-ftp-dos(9034) Reference: URL:http://www.iss.net/security_center/static/9034.php Reference: BID:4693 Reference: URL:http://www.securityfocus.com/bid/4693 Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length. Analysis ---------------- ED_PRI CAN-2002-0791 3 Vendor Acknowledgement: unknown vague Content Decisions: VAGUE ACKNOWLEDGEMENT: KB article TID2962252, which had been modified on 20020508 (the day of release), is too vague to be certain that it is addressing this vulnerability. It says that it "Eliminated high-utilization problems that could occur when invalid commands (improper syntax or length) were sent to the FTP server," but an invalid command could be "User" with no arguments, or "AHLNF:," or any number of different malformed inputs. There are no credits or cross-references to be certain that it is addressing this issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0792 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0792 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: CISCO:20020515 Content Service Switch Web Management HTTP Processing Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/css-http-post-pub.shtml Reference: BID:4747 Reference: URL:http://www.securityfocus.com/bid/4747 Reference: BID:4748 Reference: URL:http://www.securityfocus.com/bid/4748 Reference: XF:cisco-css-http-dos(9083) Reference: URL:http://www.iss.net/security_center/static/9083.php The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. Analysis ---------------- ED_PRI CAN-2002-0792 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, VAGUE ABSTRACTION: The "HTTPS POST" requests and "XML data" requests seem like they may be different types of vulnerabilities, which would suggest that they be SPLIT due to CD:SF-LOC; however, Cisco has confirmed via email that these are two separate attack vectors for the same underlying parsing problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0793 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0793 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020531 Multiple vulnerabilities in QNX Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html Reference: BID:4902 Reference: URL:http://www.securityfocus.com/bid/4902 Reference: XF:qnx-rtos-monitor-f(9231) Reference: URL:http://www.iss.net/security_center/static/9231.php Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility. Analysis ---------------- ED_PRI CAN-2002-0793 3 Vendor Acknowledgement: Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0798 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0798 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: HP:HPSBUX0205-194 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q2/0059.html Reference: XF:hpux-sd-view-files(9207) Reference: URL:http://www.iss.net/security_center/static/9207.php Reference: BID:4886 Reference: URL:http://www.securityfocus.com/bid/4886 Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of service. Analysis ---------------- ED_PRI CAN-2002-0798 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ACCURACY: the HP advisory is too vague to understand how a problem that allows data views for files allows a DoS instead of being able to read sensitive information. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0799 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0799 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020521 YoungZSoft CMailServer overflow, PATCH + WAREZ!@#! Reference: URL:http://online.securityfocus.com/archive/1/273512 Reference: BID:4789 Reference: URL:http://www.securityfocus.com/bid/4789 Reference: XF:cmailserver-user-bo(9132) Reference: URL:http://www.iss.net/security_center/static/9132.php Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument. Analysis ---------------- ED_PRI CAN-2002-0799 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
