|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-98 - 42 candidates
I am proposing cluster RECENT-98 for review and voting by the Editorial Board. Name: RECENT-98 Description: CANs announced between 2002/04/28 and 2002/05/31 Size: 42 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0844 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0844 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020809 Category: SF Reference: VULNWATCH:20020525 [VulnWatch] [DER ADV#8] - Local off by one in CVSD Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html Reference: CALDERA:CSSA-2002-035.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt Reference: BUGTRAQ:20020525 [DER ADV#8] - Local off by one in CVSD Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102233767925177&w=2 Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. Analysis ---------------- ED_PRI CAN-2002-0844 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0887 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0887 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20010522 [SRT2001-10] - scoadmin /tmp issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99057164129869&w=2 Reference: CALDERA:CSSA-2002-SCO.22 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.22/CSSA-2002-SCO.22.txt Reference: BID:4875 Reference: URL:http://www.securityfocus.com/bid/4875 Reference: XF:openserver-scoadmin-symlink(9210) Reference: URL:http://www.iss.net/security_center/static/9210.php scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary log files. Analysis ---------------- ED_PRI CAN-2002-0887 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The Caldera advisory credits "Kevin Finisterre (dotslash@snosoft.com)" with this issue, and he is credited by the original poster to Bugtraq. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0889 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0889 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULN-DEV:20020428 QPopper 4.0.4 buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102003707432457&w=2 Reference: BUGTRAQ:20020428 QPopper 4.0.4 buffer overflow Reference: URL:http://online.securityfocus.com/archive/1/269969 Reference: CALDERA:CSSA-2002-SCO.20 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.20/CSSA-2002-SCO.20.txt Reference: XF:qpopper-bulldir-bo(8949) Reference: URL:http://www.iss.net/security_center/static/8949.php Reference: BID:4614 Reference: URL:http://www.securityfocus.com/bid/4614 Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a long bulldir argument in the user's .qpopper-options configuration file. Analysis ---------------- ED_PRI CAN-2002-0889 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0891 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0891 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020527 Netscreen 25 unauthorised reboot issue Reference: URL:http://online.securityfocus.com/archive/1/274240 Reference: CONFIRM:http://www.netscreen.com/support/ns25_reboot.html Reference: XF:netscreen-screenos-username-dos(9186) Reference: URL:http://www.iss.net/security_center/static/9186.php Reference: BID:4842 Reference: URL:http://www.securityfocus.com/bid/4842 The web interface (WebUI) of NetScreen ScreenOS from 2.6.1r8 to versions before 3.1.0r1 allows remote attackers to cause a denial of service (crash) via a long user name. Analysis ---------------- ED_PRI CAN-2002-0891 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0892 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0892 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: CF Reference: BUGTRAQ:20020522 Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1 Reference: URL:http://online.securityfocus.com/archive/1/273615 Reference: VULNWATCH:20020522 [VulnWatch] Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1 Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0077.html Reference: CONFIRM:http://www.newatlanta.com/do/findFaq?faq_id=151 Reference: BID:4793 Reference: URL:http://www.securityfocus.com/bid/4793 Reference: XF:servletexec-jsp10servlet-path-disclosure(9139) Reference: URL:http://www.iss.net/security_center/static/9139.php The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message. Analysis ---------------- ED_PRI CAN-2002-0892 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: The ServletExec FAQ item 151 has the question "If I request a JSP page that does not exist I receive a response in my browser which discloses the absolute path to my web server's document root or to the document root of my web application. Isn't this a security risk?" The response is: "Use the errorPage init parameter with the JSP10Servlet so that the JSP10Servlet will no longer use the default response which discloses the path." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0898 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0898 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: NTBUGTRAQ:20020527 Reading ANY local file in Opera (GM#001-OP) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102256058220402&w=2 Reference: BUGTRAQ:20020527 Reading ANY local file in Opera (GM#001-OP) Reference: URL:http://online.securityfocus.com/archive/1/274202 Reference: CONFIRM:http://www.opera.com/windows/changelog/log603.html Reference: BID:4834 Reference: URL:http://www.securityfocus.com/bid/4834 Reference: XF:opera-browser-file-retrieval(9188) Reference: URL:http://www.iss.net/security_center/static/9188.php Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbiotrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline. Analysis ---------------- ED_PRI CAN-2002-0898 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the change log for Opera 6.0.3 says "Fixed security issue with file upload, as reported by GreyMagic Software," the discoverers of the issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0904 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0904 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULN-DEV:20020529 New Kismet Packages available - SayText() and suid kismet_server issues Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102269718506080&w=2 Reference: BUGTRAQ:20020528 New Kismet Packages available - SayText() and suid kismet_server issues Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0259.html Reference: CONFIRM:http://www.kismetwireless.net/CHANGELOG Reference: BID:4883 Reference: URL:http://www.securityfocus.com/bid/4883 Reference: XF:kismet-saytext-command-execution(9213) Reference: URL:http://www.iss.net/security_center/static/9213.php SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument. Analysis ---------------- ED_PRI CAN-2002-0904 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: In the vendor changelog, an entry dated "May 27 2002" says "Fixed remote-exploitable hole (ack!) with specially crafted SSID's" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0947 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0947 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020612 Oracle Reports Server Buffer Overflow (#NISR12062002B) Reference: URL:http://online.securityfocus.com/archive/1/276524 Reference: VULNWATCH:20020612 [VulnWatch] Oracle Reports Server Buffer Overflow (#NISR12062002B) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html Reference: CERT-VN:VU#997403 Reference: URL:http://www.kb.cert.org/vuls/id/997403 Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf Reference: MISC:http://www.nextgenss.com/vna/ora-reports.txt Reference: BID:4848 Reference: URL:http://www.securityfocus.com/bid/4848 Reference: XF:oracle-reports-server-bo(9289) Reference: URL:http://www.iss.net/security_center/static/9289.php Buffer overflow in rwcgi60 CGI program for Oracle 9iAS Reports Server 6.0.8.18.0 and earlier allows remote attackers to execute arbitrary code via a long database name parameter. Analysis ---------------- ED_PRI CAN-2002-0947 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0965 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0965 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020612 Oracle TNS Listener Buffer Overflow (#NISR12062002A) Reference: URL:http://online.securityfocus.com/archive/1/276526 Reference: VULNWATCH:20020612 [VulnWatch] Oracle TNS Listener Buffer Overflow (#NISR12062002A) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0096.html Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf Reference: BID:4845 Reference: URL:http://www.securityfocus.com/bid/4845 Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file. Analysis ---------------- ED_PRI CAN-2002-0965 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: while the Oracle advisory itself does not explicitly mention a buffer overflow, the link to this document on Oracle's advisory page says "Buffer Overflow Vulnerability in Oracle Net (Oracle9i Database Server)." This, combined with the acknowledgement to the disclosers and correlated dates, provides sufficient information to indicate acknowledgement. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0802 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0802 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: MISC:http://marc.theaimsgroup.com/?l=postgresql-general&m=102032794322362 The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks. Analysis ---------------- ED_PRI CAN-2002-0802 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0876 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0876 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020530 [[ TH 026 Inc. ]] SA #3 - Shambala Server 4.5, Directory Traversal and DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0282.html Reference: BUGTRAQ:20020709 Exploit for previously reported DoS issues in Shambala Server 4.5 Reference: URL:http://online.securityfocus.com/archive/1/281265 Reference: BID:4897 Reference: URL:http://www.securityfocus.com/bid/4897 Reference: XF:shambala-web-request-dos(9225) Reference: URL:http://www.iss.net/security_center/static/9225.php Web server for Shambala 4.5 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request. Analysis ---------------- ED_PRI CAN-2002-0876 3 Vendor Acknowledgement: ACCURACY: while the initial announcement says that the vulnerability is in the GET request, a followup exploit doesn't send a GET at all. One thing that is common to both is an exclamation point (!), but the discloser does not provide enough information to know for sure whether that is the true factor. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0877 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0877 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020530 [[ TH 026 Inc. ]] SA #3 - Shambala Server 4.5, Directory Traversal and DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0282.html Reference: BID:4896 Reference: URL:http://www.securityfocus.com/bid/4896 Reference: XF:shambala-dotdot-directory-traversal(9224) Reference: URL:http://www.iss.net/security_center/static/9224.php Directory traversal vulnerability in the FTP server for Shambala 4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) LIST (ls) or (2) GET commands. Analysis ---------------- ED_PRI CAN-2002-0877 3 Vendor Acknowledgement: Content Decisions: SF-LOC, REDISCOVERY INCLUSION: a separate .. issue was published in 2000 (CAN-2001-0758), which also affects Shambala 4.5. CD:SF-LOC might suggest merging that issue with this one (same problem type in the same version), but since the vendor hasn't fixed the original problem and it's been 2 years since the announcement of the previous vulnerability, maybe they should be separated. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0879 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0879 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020529 Gafware's CFXImage vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0256.html Reference: XF:cfximage-dotdot-directory-traversal(9196) Reference: URL:http://www.iss.net/security_center/static/9196.php Reference: BID:4882 Reference: URL:http://www.securityfocus.com/bid/4882 showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to read arbitrary files via (1) a .. or (2) a C: style pathname in the FILE parameter. Analysis ---------------- ED_PRI CAN-2002-0879 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC ABSTRACTION: it could be argued that .. and C: pathname problems, while closely related, are different enough that they should be SPLIT. Fixing a .. issue won't necessarily fix a C: issue, or vice versa. On the other hand, both of these issues are instances of the "trusted form fields" problem. ACKNOWLEDGEMENT: www.gafware.com was unavailable on 2002/07/26, so it could not be determined whether the vendor has fixed the vulnerability or not. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0880 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0880 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: CISCO:20020522 Multiple Vulnerabilities in Cisco IP Telephones Reference: URL:http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attackers to cause a denial of service (crash) via malformed packets as demonstrated by (1) "jolt", (2) "jolt2", (3) "raped", (4) "hping2", (5) "bloop", (6) "bubonic", (7) "mutant", (8) "trash", and (9) "trash2." Analysis ---------------- ED_PRI CAN-2002-0880 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, INCLUSION, SF-CODEBASE INCLUSION/ABSTRACTION: It could be argued that some of these vulnerabilities (jolt, jolt2, etc.) are already separately identified in CVE; however, it is unlikely that the VoIP phones share the same codebase as the Microsoft systems that were subject to the original jolt/jolt2. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0881 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0881 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020522 Multiple Vulnerabilities in CISCO VoIP Phones Reference: URL:http://online.securityfocus.com/archive/1/273673 Reference: CISCO:20020522 Multiple Vulnerabilities in Cisco IP Telephones Reference: URL:http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml Reference: BID:4799 Reference: URL:http://www.securityfocus.com/bid/4799 Reference: XF:cisco-ipphone-configuration-access(9144) Reference: URL:http://www.iss.net/security_center/static/9144.php Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default administrative password, which allows atackers with physical access to the phone to modify the configuration settings. Analysis ---------------- ED_PRI CAN-2002-0881 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, CF-PASS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0882 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0882 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020522 Multiple Vulnerabilities in CISCO VoIP Phones Reference: URL:http://online.securityfocus.com/archive/1/273673 Reference: CISCO:20020522 Multiple Vulnerabilities in Cisco IP Telephones Reference: URL:http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml Reference: BID:4794 Reference: URL:http://www.securityfocus.com/bid/4794 Reference: XF:cisco-ipphone-portinformation(9143) Reference: URL:http://www.iss.net/security_center/static/9143.php Reference: XF:cisco-ipphone-streamingstatistics-dos(9142) Reference: URL:http://www.iss.net/security_center/static/9142.php Reference: BID:4798 Reference: URL:http://www.securityfocus.com/bid/4798 The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script. Analysis ---------------- ED_PRI CAN-2002-0882 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-EXEC ABSTRACTION: while there are two separate instances of attacks on two separate URLs with two different results, the underlying vulnerability ("can't handle too-large integer") is the same, and the affected products/versions are the same; therefore, CD:SF-LOC and CD:SF-EXEC suggest that these problems should be MERGED. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0883 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0883 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: COMPAQ:SSRT2179 Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT2179.shtml Reference: XF:compaq-proliant-gain-access(9202) Reference: URL:http://www.iss.net/security_center/static/9202.php Reference: BID:4802 Reference: URL:http://www.securityfocus.com/bid/4802 Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator 1.0 and 1.10, allows authenticated users with Telnet, SSH, or console access to conduct unauthorized activities. Analysis ---------------- ED_PRI CAN-2002-0883 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0884 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0884 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020522 [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd Reference: URL:http://online.securityfocus.com/archive/1/273584 Reference: VULNWATCH:20020521 [VulnWatch] [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0074.html Reference: CALDERA:CSSA-2002-SCO.29 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt Reference: XF:solaris-inrarpd-code-execution(9150) Reference: URL:http://www.iss.net/security_center/static/9150.php Reference: BID:4791 Reference: URL:http://www.securityfocus.com/bid/4791 Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error. Analysis ---------------- ED_PRI CAN-2002-0884 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0885 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0885 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020522 [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd Reference: URL:http://online.securityfocus.com/archive/1/273584 Reference: VULNWATCH:20020521 [VulnWatch] [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0074.html Reference: MISC:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt Reference: XF:solaris-inrarpd-code-execution(9150) Reference: URL:http://www.iss.net/security_center/static/9150.php Reference: BID:4791 Reference: URL:http://www.securityfocus.com/bid/4791 Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and possibly other operating systems including Caldera UnixWare and Open UNIX, allow remote attackers to execute arbitrary code, possibly via the functions (1) syserr and (2) error. Analysis ---------------- ED_PRI CAN-2002-0885 3 Vendor Acknowledgement: unknown vague Content Decisions: SF-LOC, SF-CODEBASE, VAGUE ACCURACY: Caldera advisory CSSA-2002-SCO.29 is titled "format string vulnerability," which implies that it only addressed the reported format string issues but not the apparent overflows; since the original report was for Solaris, there is a possibility that the overflows did not affect Caldera. The original report is unclear as to whether the "3 remotely exploitable" overflows are related to the syserr/error functions at all; the allegedly vulnerable source code provided by the reporter only seems to demonstrate one vulnerability (in the vsprintf call in error()), while the only other *possible* vulnerability would be an sprintf call in syserr(), although that call's inputs are most likely not controllable by the attacker. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0886 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0886 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: CISCO:20020523 CBOS - Improving Resilience to Denial-of-Service Attacks Reference: URL:http://www.cisco.com/warp/public/707/CBOS-DoS.shtml Reference: XF:cisco-cbos-dhcp-dos(9151) Reference: URL:http://www.iss.net/security_center/static/9151.php Reference: BID:4813 Reference: URL:http://www.securityfocus.com/bid/4813 Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to the CPE. Analysis ---------------- ED_PRI CAN-2002-0886 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: while there are slightly different attack vectors, clearly problems (1) and (2) are of the same type, and should stay MERGED within the same item, by CD:SF-LOC. Problem (3), while it deals with a flood of packets, still requires large packets, which could be the underlying cause of problem (3); therefore, (3) is also MERGED into this item. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0888 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0888 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020527 Vulnerability in 3Com® OfficeConnect® Remote 812 ADSL Router Reference: URL:http://online.securityfocus.com/archive/1/274239 Reference: BUGTRAQ:20020612 Part II: Vulnerability in 3Com® OfficeConnect® Remote 812 ADSL Router Reference: URL:http://online.securityfocus.com/archive/1/276586 Reference: BID:4841 Reference: URL:http://www.securityfocus.com/bid/4841 Reference: XF:3com-officeconnect-pat-access(9185) Reference: URL:http://www.iss.net/security_center/static/9185.php 3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, allows remote attackers to bypass port access restrictions by connecting to an approved port and quickly connecting to the desired port, which is allowed by the router. Analysis ---------------- ED_PRI CAN-2002-0888 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0893 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0893 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: CF Reference: BUGTRAQ:20020522 Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1 Reference: URL:http://online.securityfocus.com/archive/1/273615 Reference: VULNWATCH:20020522 [VulnWatch] Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1 Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0077.html Reference: XF:servletexec-dotdot-directory-traversal(9140) Reference: URL:http://www.iss.net/security_center/static/9140.php Reference: BID:4795 Reference: URL:http://www.securityfocus.com/bid/4795 Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to read arbitrary files via a URL-encoded request to com.newatlanta.servletexec.JSP10Servlet containing "..%5c" (modified dot-dot) sequences. Analysis ---------------- ED_PRI CAN-2002-0893 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0894 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0894 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: CF Reference: BUGTRAQ:20020522 Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1 Reference: URL:http://online.securityfocus.com/archive/1/273615 Reference: VULNWATCH:20020522 [VulnWatch] Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1 Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0077.html Reference: XF:servletexec-long-jsp-dos(9141) Reference: URL:http://www.iss.net/security_center/static/9141.php Reference: BID:4796 Reference: URL:http://www.securityfocus.com/bid/4796 NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a denial of service (crash) via (1) a request for a long .jsp file, or (2) a long URL sent directly to com.newatlanta.servletexec.JSP10Servlet. Analysis ---------------- ED_PRI CAN-2002-0894 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0895 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0895 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020522 MatuFtpServer Remote Buffer Overflow and Possible DoS Reference: URL:http://online.securityfocus.com/archive/1/273581 Reference: BID:4792 Reference: URL:http://www.securityfocus.com/bid/4792 Reference: XF:matuftpserver-pass-bo(9138) Reference: URL:http://www.iss.net/security_center/static/9138.php Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PASS (password) command. Analysis ---------------- ED_PRI CAN-2002-0895 3 Vendor Acknowledgement: ACKNOWLEDGEMENT: vendor web page is in Japanese, so acknowledgement could not be determined. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0896 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0896 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020515 swatch bug in throttle Reference: URL:http://online.securityfocus.com/archive/1/272582 Reference: BID:4746 Reference: URL:http://www.securityfocus.com/bid/4746 Reference: XF:swatch-event-reporting-failure(9100) Reference: URL:http://www.iss.net/security_center/static/9100.php The throttle capability in Swatch may fail to report certain events if (1) the same type of event occurs after the throttle period, or (2) when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection. Analysis ---------------- ED_PRI CAN-2002-0896 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0897 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0897 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULNWATCH:20020524 [VulnWatch] [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0079.html Reference: BUGTRAQ:20020524 [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/274020 Reference: BID:4820 Reference: URL:http://www.securityfocus.com/bid/4820 Reference: XF:localweb2k-protection-bypass(9165) Reference: URL:http://www.iss.net/security_center/static/9165.php LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory. Analysis ---------------- ED_PRI CAN-2002-0897 3 Vendor Acknowledgement: ACKNOWLEDGEMENT: email inquiry sent to bugalert@intranet-server.co.uk on July 28, 2002. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0899 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0899 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULNWATCH:20020527 [VulnWatch] [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability #2 Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0084.html Reference: BUGTRAQ:20020527 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability #2 Reference: URL:http://online.securityfocus.com/archive/1/274205 Reference: BID:4833 Reference: URL:http://www.securityfocus.com/bid/4833 Reference: XF:falcon-protected-file-access(9179) Reference: URL:http://www.iss.net/security_center/static/9179.php Falcon web server 2.0.0.1021 and earlier allows remote attackers to bypass access restrictions for protected files via a URL whose directory portion ends in a . (dot). Analysis ---------------- ED_PRI CAN-2002-0899 3 Vendor Acknowledgement: ACKNOWLEDGEMENT: email inquiry sent to support@blueface.com on 2002/07/28. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0900 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0900 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020524 pks public key server DOS and remote execution Reference: URL:http://online.securityfocus.com/archive/1/274107 Reference: BID:4828 Reference: URL:http://www.securityfocus.com/bid/4828 Reference: XF:pgp-pks-search-bo(9171) Reference: URL:http://www.iss.net/security_center/static/9171.php Buffer overflow in pks PGP public key web server allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability. Analysis ---------------- ED_PRI CAN-2002-0900 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0901 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0901 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020527 AMANDA security issues Reference: URL:http://online.securityfocus.com/archive/1/274215 Reference: XF:amanda-operator-bo(9182) Reference: URL:http://www.iss.net/security_center/static/9182.php Reference: XF:amanda-amindexd-bo(9181) Reference: URL:http://www.iss.net/security_center/static/9181.php Reference: BID:4836 Reference: URL:http://www.securityfocus.com/bid/4836 Reference: BID:4840 Reference: URL:http://www.securityfocus.com/bid/4840 Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar. Analysis ---------------- ED_PRI CAN-2002-0901 3 Vendor Acknowledgement: Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0902 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0902 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020526 Cross Site Scripting Vulnerability in phpBB2's [IMG] tag and remote avatar Reference: URL:http://online.securityfocus.com/archive/1/274273 Reference: BID:4858 Reference: URL:http://www.securityfocus.com/bid/4858 Reference: XF:phpbb-bbcode-image-css(9178) Reference: URL:http://www.iss.net/security_center/static/9178.php Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script. Analysis ---------------- ED_PRI CAN-2002-0902 3 Vendor Acknowledgement: unknown discloser-claimed ABSTRACTION: while this seems very similar to CAN-2002-0475, that issue dealt with script in enclosed IMG tags, e.g. [IMG]script[/IMG]. This is a different exploit, *and* a different affected version, so the issues are SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0903 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0903 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020526 wbbboard 1.1.1 registration _new_users_vulnerability_ Reference: URL:http://online.securityfocus.com/archive/1/274269 Reference: XF:burningboard-bbs-account-hijacking(9177) Reference: URL:http://www.iss.net/security_center/static/9177.php Reference: BID:4859 Reference: URL:http://www.securityfocus.com/bid/4859 register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, which allows remote attackers to hijack new user accounts via a brute force attack on the new user ID and the code value. Analysis ---------------- ED_PRI CAN-2002-0903 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0905 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0905 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020529 Informix SE-7.25 /lib/sqlexec Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0270.html Reference: BID:4891 Reference: URL:http://www.securityfocus.com/bid/4891 Reference: XF:informix-sqlexec-bo(9219) Reference: URL:http://www.iss.net/security_center/static/9219.php Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable. Analysis ---------------- ED_PRI CAN-2002-0905 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0908 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0908 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020524 Cisco IDS Device Manager 3.1.1 Advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0214.html Reference: BID:4760 Reference: URL:http://www.securityfocus.com/bid/4760 Reference: XF:cisco-ids-directory-traversal(9174) Reference: URL:http://www.iss.net/security_center/static/9174.php Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTPS request. Analysis ---------------- ED_PRI CAN-2002-0908 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0909 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0909 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULN-DEV:20020531 Mnews 1.22 PoC exploit Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102297259123103&w=2 Reference: BUGTRAQ:20020531 SRT Security Advisory (SRT2002-04-31-1159): Mnews Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0287.html Reference: BUGTRAQ:20020531 Mnews 1.22 PoC exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102306166201275&w=2 Reference: BID:4899 Reference: URL:http://www.securityfocus.com/bid/4899 Reference: BID:4900 Reference: URL:http://www.securityfocus.com/bid/4900 Reference: XF:mnews-nntp-response-bo(9226) Reference: URL:http://www.iss.net/security_center/static/9226.php Reference: XF:mnews-multiple-local-bo(9227) Reference: URL:http://www.iss.net/security_center/static/9227.php Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote NNTP server to execute arbitrary code via long responses, or local users can gain privileges via long command line arguments (2) -f, (3) -n, (4) -D, (5) -M, or (6) -P, or via long environment variables (7) JNAMES or (8) MAILSERVER. Analysis ---------------- ED_PRI CAN-2002-0909 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0910 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0910 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020525 Re: Netstd 3.07-17 multiple remote buffer overflows Reference: URL:http://online.securityfocus.com/archive/1/274143 Reference: BUGTRAQ:20020524 Netstd 3.07-17 multiple remote buffer overflows Reference: URL:http://online.securityfocus.com/archive/1/273987 Reference: XF:netstd-utilities-bo(9164) Reference: URL:http://www.iss.net/security_center/static/9164.php Reference: BID:4816 Reference: URL:http://www.securityfocus.com/bid/4816 Buffer overflows in netstd 3.07-17 package allows remote DNS servers to execute arbitrary code via a long FQDN reply, as observed in the utilities (1) linux-ftpd, (2) pcnfsd, (3) tftp, (4) traceroute, or (5) from/to. Analysis ---------------- ED_PRI CAN-2002-0910 3 Vendor Acknowledgement: Content Decisions: INCLUSION, VAGUE INCLUSION: a followup-post says that the original advisory included some factual errors, e.g. that netstd 3.07-17 was not on the Debian platform as claimed by the poster, and bug reports were not filed despite the poster's indication that the vendor had been contacted. In conjunction with very little detail about the nature of the vulnerabilities, perhaps this item does not have enough information to be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0912 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0912 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: DEBIAN:DSA-129 Reference: URL:http://www.debian.org/security/2002/dsa-129 Reference: XF:debian-in-uucpd-dos(9230) Reference: URL:http://www.iss.net/security_center/static/9230.php Reference: BID:4910 Reference: URL:http://www.securityfocus.com/bid/4910 in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow. Analysis ---------------- ED_PRI CAN-2002-0912 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ACCURACY: while this sounds like a buffer overflow, Debian does not explicitly say this, which could imply that there is a different problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0915 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0915 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020528 Xandros based linux autorun -c Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0260.html Reference: XF:xandros-autorun-view-files(9211) Reference: URL:http://www.iss.net/security_center/static/9211.php Reference: BID:4884 Reference: URL:http://www.securityfocus.com/bid/4884 autorun in Xandros based Linux distributions allows local users to read the first line of arbitrary files via the -c parameter, which causes autorun to print the first line of the file. Analysis ---------------- ED_PRI CAN-2002-0915 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0917 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0917 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020529 CGIscript.net - csPassword.cgi - Multiple Vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/274727 Reference: BID:4885 Reference: URL:http://www.securityfocus.com/bid/4885 Reference: XF:cgiscript-cspassword-htpasswd-access(9220) Reference: URL:http://www.iss.net/security_center/static/9220.php CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users. Analysis ---------------- ED_PRI CAN-2002-0917 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0918 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0918 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020529 CGIscript.net - csPassword.cgi - Multiple Vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/274727 Reference: XF:cgiscript-cspassword-information-disclosure(9221) Reference: URL:http://www.iss.net/security_center/static/9221.php Reference: BID:4887 Reference: URL:http://www.securityfocus.com/bid/4887 CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error. Analysis ---------------- ED_PRI CAN-2002-0918 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0919 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0919 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020529 CGIscript.net - csPassword.cgi - Multiple Vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/274727 Reference: BID:4888 Reference: URL:http://www.securityfocus.com/bid/4888 Reference: XF:cgiscript-cspassword-htaccess-modification(9222) Reference: URL:http://www.iss.net/security_center/static/9222.php CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page. Analysis ---------------- ED_PRI CAN-2002-0919 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0920 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0920 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020529 CGIscript.net - csPassword.cgi - Multiple Vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/274727 Reference: BID:4889 Reference: URL:http://online.securityfocus.com/bid/4889 Reference: XF:cgiscript-cspassword-tmpfile-access(9223) Reference: URL:http://www.iss.net/security_center/static/9223.php CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed. Analysis ---------------- ED_PRI CAN-2002-0920 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0939 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0939 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020513 nCipher Security Advisory #3: MSCAPI CSP Install Wizard Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0103.html Reference: XF:mscapi-csp-key-generation(9076) Reference: URL:http://www.iss.net/security_center/static/9076.php Reference: BID:4729 Reference: URL:http://online.securityfocus.com/bid/4729 The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only). Analysis ---------------- ED_PRI CAN-2002-0939 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests that two problems of the same type, with different versions, should be SPLIT. The domesticinstall.exe issue is in 5.50 and 5.54, but the Install Wizard is only in 5.50. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
