|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-96 - 32 candidates
I am proposing cluster RECENT-96 for review and voting by the Editorial Board. Name: RECENT-96 Description: CANs announced between 2002/06/02 and 2002/06/28 Size: 32 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0186 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0186 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020420 Category: SF Reference: BUGTRAQ:20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102397345410856&w=2 Reference: VULNWATCH:20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html Reference: MS:MS02-030 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-030.asp Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension." Analysis ---------------- ED_PRI CAN-2002-0186 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0187 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0187 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020420 Category: SF Reference: BUGTRAQ:20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102397345410856&w=2 Reference: VULNWATCH:20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html Reference: MS:MS02-030 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-030.asp Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag." Analysis ---------------- ED_PRI CAN-2002-0187 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0359 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0359 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020502 Category: SF Reference: BUGTRAQ:20020620 [LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102459162909825&w=2 Reference: SGI:20020605-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I Reference: SGI:20020606-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allows remote attackers to call dangerous RPC functions, including those that can mount or unmount xfs file systems, to gain root privileges. Analysis ---------------- ED_PRI CAN-2002-0359 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0364 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0364 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020508 Category: SF Reference: BUGTRAQ:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102392069305962&w=2 Reference: NTBUGTRAQ:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102392308608100&w=2 Reference: VULNWATCH:20020612 [VulnWatch] ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612] Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html Reference: MS:MS02-028 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-028.asp Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." Analysis ---------------- ED_PRI CAN-2002-0364 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0366 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0366 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020508 Category: SF Reference: MISC:http://www.nextgenss.com/vna/ms-ras.txt Reference: MS:MS02-029 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-029.asp Reference: BID:4852 Reference: URL:http://www.securityfocus.com/bid/4852 Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry. Analysis ---------------- ED_PRI CAN-2002-0366 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0371 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0371 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020508 Category: SF Reference: BUGTRAQ:20020604 Buffer overflow in MSIE gopher code Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102320516707940&w=2 Reference: MS:MS02-027 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-027.asp Reference: BUGTRAQ:20020613 Microsoft releases critical fix that breaks their own software! Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102397955217618&w=2 Reference: BUGTRAQ:20020613 Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70 Reference: URL:http://online.securityfocus.com/archive/1/276848 Reference: CERT-VN:VU#440275 Reference: URL:http://www.kb.cert.org/vuls/id/440275 Reference: MISC:http://www.pivx.com/workaround_fail.html Reference: XF:ie-gopher-bo(9247) Reference: URL:http://www.iss.net/security_center/static/9247.php Reference: BID:4930 Reference: URL:http://www.securityfocus.com/bid/4930 Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response. Analysis ---------------- ED_PRI CAN-2002-0371 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0372 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0372 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020508 Category: SF Reference: MS:MS02-032 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". Analysis ---------------- ED_PRI CAN-2002-0372 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0373 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0373 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020508 Category: SF Reference: MS:MS02-032 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service". Analysis ---------------- ED_PRI CAN-2002-0373 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0392 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0392 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020530 Category: SF Reference: CONFIRM:http://httpd.apache.org/info/security_bulletin_20020617.txt Reference: VULNWATCH:20020617 [VulnWatch] Apache httpd: vulnerability with chunked encoding Reference: ISS:20020617 Remote Compromise Vulnerability in Apache HTTP Server Reference: BUGTRAQ:20020617 Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server Reference: BUGTRAQ:20020617 Re: Remote Compromise Vulnerability in Apache HTTP Server Reference: BUGTRAQ:20020618 Fixed version of Apache 1.3 available Reference: BUGTRAQ:20020619 Implications of Apache vuln for Oracle Reference: BUGTRAQ:20020619 Remote Apache 1.3.x Exploit Reference: BUGTRAQ:20020620 Apache Exploit Reference: BUGTRAQ:20020620 TSLSA-2002-0056 - apache Reference: BUGTRAQ:20020621 [SECURITY] Remote exploit for 32-bit Apache HTTP Server known Reference: BUGTRAQ:20020622 Ending a few arguments with one simple attachment. Reference: BUGTRAQ:20020622 blowchunks - protecting existing apache servers until upgrades arrive Reference: CERT:CA-2002-17 Reference: URL:http://www.cert.org/advisories/CA-2002-17.html Reference: SGI:20020605-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A Reference: SGI:20020605-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I Reference: REDHAT:RHSA-2002:103 Reference: MANDRAKE:MDKSA-2002:039 Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. Analysis ---------------- ED_PRI CAN-2002-0392 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0615 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0615 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020612 Category: SF Reference: MS:MS02-032 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp Reference: BID:4821 Reference: URL:http://online.securityfocus.com/bid/4821 The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". Analysis ---------------- ED_PRI CAN-2002-0615 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0616 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0616 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020612 Category: SF Reference: MS:MS02-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." Analysis ---------------- ED_PRI CAN-2002-0616 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0617 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0617 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020612 Category: SF Reference: MS:MS02-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." Analysis ---------------- ED_PRI CAN-2002-0617 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0618 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0618 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020612 Category: SF Reference: NTBUGTRAQ:20020524 Excel XP xml stylesheet problems Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102256054320377&w=2 Reference: MISC:http://www.guninski.com/ex$el2.html Reference: MS:MS02-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp Reference: BID:4821 Reference: URL:http://online.securityfocus.com/bid/4821 The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution". Analysis ---------------- ED_PRI CAN-2002-0618 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0619 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0619 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020612 Category: SF Reference: MS:MS02-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp Reference: BUGTRAQ:20020514 dH team & SECURITY.NNOV: A variant of "Word Mail Merge" vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102139136019862&w=2 The Mail Merge Tool in Microsoft Word 2002 for Windows, Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). Analysis ---------------- ED_PRI CAN-2002-0619 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0621 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0621 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020612 Category: SF Reference: BUGTRAQ:20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002) Reference: MS:MS02-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitray code in the LocalSystem security context by via input to the OWC package installer. Analysis ---------------- ED_PRI CAN-2002-0621 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0622 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0622 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020612 Category: SF Reference: BUGTRAQ:20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002) Reference: MS:MS02-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution". Analysis ---------------- ED_PRI CAN-2002-0622 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0623 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0623 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020612 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS02-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun". Analysis ---------------- ED_PRI CAN-2002-0623 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0631 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0631 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020621 Category: SF Reference: SGI:20020607-02-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020607-02-I Vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root root privileges. Analysis ---------------- ED_PRI CAN-2002-0631 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0639 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0639 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020628 Category: SF Reference: ISS:20020626 OpenSSH Remote Challenge Vulnerability Reference: BUGTRAQ:20020626 OpenSSH Security Advisory (adv.iss) Reference: BUGTRAQ:20020626 Revised OpenSSH Security Advisory (adv.iss) Reference: BUGTRAQ:20020627 How to reproduce OpenSSH Overflow. Reference: NETBSD:2002-005 Reference: CERT-VN:VU#369347 Reference: CERT:CA-2002-18 Reference: HP:HPSBUX0206-195 Reference: BID:5093 Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication. Analysis ---------------- ED_PRI CAN-2002-0639 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0640 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0640 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020628 Category: SF Reference: BUGTRAQ:20020626 Revised OpenSSH Security Advisory (adv.iss) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102514631524575&w=2 Reference: BUGTRAQ:20020626 OpenSSH Security Advisory (adv.iss) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102514371522793&w=2 Reference: BUGTRAQ:20020627 How to reproduce OpenSSH Overflow. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102521542826833&w=2 Reference: BUGTRAQ:20020628 Sun statement on the OpenSSH Remote Challenge Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102532054613894&w=2 Reference: CERT-VN:VU#369347 Reference: URL:http://www.kb.cert.org/vuls/id/369347 Reference: CERT:CA-2002-18 Reference: URL:http://www.cert.org/advisories/CA-2002-18.html Reference: DEBIAN:DSA-134 Reference: URL:http://www.debian.org/security/2002/dsa-134 Reference: HP:HPSBUX0206-195 Reference: BID:5093 Reference: URL:http://www.securityfocus.com/bid/5093 Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt). Analysis ---------------- ED_PRI CAN-2002-0640 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0651 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0651 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020628 Category: SF Reference: BUGTRAQ:20020626 Remote buffer overflow in resolver code of libc Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102513011311504&w=2 Reference: NTBUGTRAQ:20020703 Buffer overflow and DoS i BIND Reference: CERT:CA-2002-19 Reference: URL:http://www.cert.org/advisories/CA-2002-19.html Reference: CERT:VU#803539 Reference: URL:http://www.kb.cert.org/vuls/id/803539 Reference: FREEBSD:FreeBSD-SA-02:28.resolv Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102520962320134&w=2 Reference: NETBSD:NetBSD-SA2002-006 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc Reference: MANDRAKE:MDKSA-2002:043 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers. Analysis ---------------- ED_PRI CAN-2002-0651 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0652 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0652 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020630 Category: SF Reference: BUGTRAQ:20020620 [LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102459162909825&w=2 Reference: SGI:20020605-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I Reference: SGI:20020606-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs(). Analysis ---------------- ED_PRI CAN-2002-0652 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0653 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020702 Category: SF Reference: BUGTRAQ:20020624 Apache mod_ssl off-by-one vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102513970919836&w=2 Reference: REDHAT:RHSA-2002:134 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-134.html Reference: CALDERA:CSSA-2002-031.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-031.0.txt Off-by-one buffer overflow in mod_ssl Apache module versions 2.8.9 and earlier allows local users execute arbitrary code as the Apache server user. Analysis ---------------- ED_PRI CAN-2002-0653 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0665 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0665 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020704 Category: SF Reference: BUGTRAQ:20020628 wp-02-0009: Macromedia JRun Admin Server Authentication Bypass Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102529402127195&w=2 Reference: VULNWATCH:20020628 [VulnWatch] wp-02-0009: Macromedia JRun Admin Server Authentication Bypass Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.html Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23164 Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL. Analysis ---------------- ED_PRI CAN-2002-0665 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0688 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0688 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020712 Category: SF Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes. Analysis ---------------- ED_PRI CAN-2002-0688 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0701 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0701 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020712 Category: SF Reference: FREEBSD:FreeBSD-SA-02:30 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102650797504351&w=2 Reference: OPENBSD:20020627 009: SECURITY FIX: June 27, 2002 Reference: URL:http://www.openbsd.org/errata.html#ktrace ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges. Analysis ---------------- ED_PRI CAN-2002-0701 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0716 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0716 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020722 Category: SF Reference: BUGTRAQ:20020604 SRT Security Advisory (SRT2002-06-04-1711): SCO crontab Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102323070305101&w=2 Reference: VULN-DEV:20020604 SRT Security Advisory (SRT2002-06-04-1711): SCO crontab Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102323386107641&w=2 Reference: CALDERA:CSSA-2002-SCO.35 Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument. Analysis ---------------- ED_PRI CAN-2002-0716 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0378 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0378 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020516 Category: CF Reference: REDHAT:RHSA-2002:089 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-089.html Reference: MANDRAKE:MDKSA-2002:042 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-042.php The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3 and Mandrake 8.1 and 8.2 accepts print jobs from arbitrary remote hosts. Analysis ---------------- ED_PRI CAN-2002-0378 3 Vendor Acknowledgement: yes advisory Content Decisions: INCLUSION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0620 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0620 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020612 Category: SF Reference: MS:MS02-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp Reference: BID:4853 Reference: URL:http://online.securityfocus.com/bid/4853 Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API. Analysis ---------------- ED_PRI CAN-2002-0620 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0796 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0796 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020604 Entercept Ricochet Security Advisory: Solaris snmpdx Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102321107714554&w=2 Reference: SUN:00219 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/219 Reference: BID:4932 Reference: URL:http://www.securityfocus.com/bid/4932 Reference: XF:solaris-snmpdx-format-string(9241) Reference: URL:http://www.iss.net/security_center/static/9241.php Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges. Analysis ---------------- ED_PRI CAN-2002-0796 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0797 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0797 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020604 Entercept Ricochet Security Advisory: Solaris snmpdx Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102321107714554&w=2 Reference: SUN:00219 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/219 Reference: XF:solaris-mibiisa-bo(9242) Reference: URL:http://www.iss.net/security_center/static/9242.php Reference: BID:4933 Reference: URL:http://www.securityfocus.com/bid/4933 Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges. Analysis ---------------- ED_PRI CAN-2002-0797 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0800 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0800 Final-Decision: Interim-Decision: Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020601 BadBlue Web Server v1.7.0 Directory Contents Disclosure Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0003.html Reference: XF:badblue-directory-contents-disclosure(9239) Reference: URL:http://www.iss.net/security_center/static/9239.php Reference: BID:4912 Reference: URL:http://www.securityfocus.com/bid/4912 BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. Analysis ---------------- ED_PRI CAN-2002-0800 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
