|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-99 - 37 candidates
I am proposing cluster RECENT-99 for review and voting by the Editorial Board. Name: RECENT-99 Description: CANs announced between 2002/06/01 and 2002/06/11 Size: 37 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0804 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0804 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 Prior To 2.14.2, 2.16 Prior To 2.16rc2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=129466 Reference: REDHAT:RHSA-2002:109 Reference: BID:4964 Reference: URL:http://online.securityfocus.com/bid/4964 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname. Analysis ---------------- ED_PRI CAN-2002-0804 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0805 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0805 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=134575 Reference: REDHAT:RHSA-2002:109 Reference: BID:4964 Reference: URL:http://online.securityfocus.com/bid/4964 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. Analysis ---------------- ED_PRI CAN-2002-0805 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0806 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0806 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=141557 Reference: REDHAT:RHSA-2002:109 Reference: BID:4964 Reference: URL:http://online.securityfocus.com/bid/4964 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option. Analysis ---------------- ED_PRI CAN-2002-0806 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0808 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0808 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=107718 Reference: REDHAT:RHSA-2002:109 Reference: BID:4964 Reference: URL:http://online.securityfocus.com/bid/4964 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs. Analysis ---------------- ED_PRI CAN-2002-0808 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0809 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0809 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=148674 Reference: REDHAT:RHSA-2002:109 Reference: BID:4964 Reference: URL:http://online.securityfocus.com/bid/4964 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. Analysis ---------------- ED_PRI CAN-2002-0809 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0810 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0810 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=92263 Reference: REDHAT:RHSA-2002:109 Reference: BID:4964 Reference: URL:http://online.securityfocus.com/bid/4964 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. Analysis ---------------- ED_PRI CAN-2002-0810 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0911 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0911 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: CALDERA:CSSA-2002-024.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-024.0.txt Reference: BID:4923 Reference: URL:http://www.securityfocus.com/bid/4923 Reference: XF:volution-manager-plaintext-password(9240) Reference: URL:http://www.iss.net/security_center/static/9240.php Caldera Volution Manager 1.1 stores the Directory Administrator password in cleartext in the slapd.conf file, which could allow local users to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0911 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0914 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0914 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020601 SECURITY.NNOV: Courier CPU exhaustion + bonus on imap-uw Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0295.html Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=93065 Reference: BID:4908 Reference: URL:http://www.securityfocus.com/bid/4908 Reference: XF:courier-mta-year-dos(9228) Reference: URL:http://www.iss.net/security_center/static/9228.php Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop. Analysis ---------------- ED_PRI CAN-2002-0914 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the changelog includes an item dated 2002-05-20 that says "rfc822_parsedt.c (rfc822_parsedt): Ignore obviously invalid years (someone else can worry about Y10K)." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0916 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0916 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULNWATCH:20020603 [VulnWatch] [DER #11] - Remotey exploitable fmt string bug in squid Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0087.html Reference: BUGTRAQ:20020604 [DER #11] - Remotey exploitable fmt string bug in squid Reference: URL:http://online.securityfocus.com/archive/1/275347 Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/diff-2.4.STABLE6-2.4.STABLE7.gz Reference: BID:4929 Reference: URL:http://www.securityfocus.com/bid/4929 Reference: XF:msntauth-squid-format-string(9248) Reference: URL:http://www.iss.net/security_center/static/9248.php Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call. Analysis ---------------- ED_PRI CAN-2002-0916 1 Vendor Acknowledgement: yes diff ACKNOWLEDGEMENT: while there are no vendor advisories that explicitly mention the format string issues, it is obvious from the diff (and via e-mail confirmation) that major changes were made to the code, which addressed the format string and buffer overflow issues as originally reported. It should be noted that the Squid distribution is fixed, but the original Stellar-X is not (as of July 29). Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0945 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0945 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020608 SeaNox Devwex - Denial of Service and Directory traversal Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html Reference: CONFIRM:http://www.seanox.de/projects.devwex.php Reference: XF:devwex-get-bo(9298) Reference: URL:http://www.iss.net/security_center/static/9298.php Reference: BID:4979 Reference: URL:http://www.securityfocus.com/bid/4979 Buffer overflow in SeaNox Devwex allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. Analysis ---------------- ED_PRI CAN-2002-0945 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: The vendor's "Historie" page (accessible on the left hand menu) has an item dated June 1, 2002, which states (based on a Google translation): "the directory handling [was] revised around a safe and errortolerant path processing. The ms Java could be brought by ueberladene [long?] Requests to VM to [cause a] crash." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0946 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0946 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020608 SeaNox Devwex - Denial of Service and Directory traversal Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html Reference: CONFIRM:http://www.seanox.de/projects.devwex.php Reference: BID:4978 Reference: URL:http://www.securityfocus.com/bid/4978 Reference: XF:devwex-dotdot-directory-traversal(9299) Reference: URL:http://www.iss.net/security_center/static/9299.php Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 allows remote attackers to read arbitrary files via ..\ (dot dot) sequences in an HTTP request. Analysis ---------------- ED_PRI CAN-2002-0946 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: The vendor's "Historie" page (accessible on the left hand menu) has an item dated June 1, 2002, which states (based on a Google translation): "the directory handling [was] revised around a safe and errortolerant path processing. The ms Java could be brought by ueberladene [long?] Requests to VM to [cause a] crash." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0958 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0958 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020606 [ARL02-A12] PHP(Reactor) Cross Site Scripting Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0034.html Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=91877 Reference: XF:phpreactor-browse-xss(9280) Reference: URL:http://www.iss.net/security_center/static/9280.php Reference: BID:4952 Reference: URL:http://www.securityfocus.com/bid/4952 Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section. Analysis ---------------- ED_PRI CAN-2002-0958 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the vendor changelog for 1.2.7p1 says "fixed 2 XSS errors." A source code diff of inc/global.inc.php in phpreactor-1.2.7 and phpreactor-1.2.7p1 shows that the only change was a call to strip_tags() when setting the $go variable. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0967 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0967 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020606 eDonkey 2000 ed2k: URL Buffer Overflow Reference: URL:http://online.securityfocus.com/archive/1/275708 Reference: CONFIRM:http://www.edonkey2000.com/ Reference: XF:edonkey2000-ed2k-filename-bo(9278) Reference: URL:http://www.iss.net/security_center/static/9278.php Reference: BID:4951 Reference: URL:http://www.securityfocus.com/bid/4951 Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long "ed2k:" URL. Analysis ---------------- ED_PRI CAN-2002-0967 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: on the vendor's home page, an item dated 6.5.02 states "An security exploit in the windows GUI client has been fixed... Thanks to Shane Hird [the notifier] for pointing it out to us." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1051 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1051 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020606 Format String bug in TrACESroute 6.0 GOLD Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0040.html Reference: BUGTRAQ:20020721 Nanog traceroute format string exploit. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102737546927749&w=2 Reference: BUGTRAQ:20020723 Re: Nanog traceroute format string exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0254.html Reference: BUGTRAQ:20020724 Re: Nanog traceroute format string exploit. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102753136231920&w=2 Reference: SUSE:SuSE-SA:2000:041 Reference: URL:http://www.suse.de/de/security/2000_041_traceroute_txt.html Reference: BID:4956 Reference: URL:http://www.securityfocus.com/bid/4956 Reference: XF:tracesroute-t-format-string(9291) Reference: URL:http://www.iss.net/security_center/static/9291.php Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T (terminator) command line argument. Analysis ---------------- ED_PRI CAN-2002-1051 1 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0803 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0803 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 Prior To 2.14.2, 2.16 Prior To 2.16rc2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=126801 Reference: REDHAT:RHSA-2002:109 Reference: BID:4964 Reference: URL:http://online.securityfocus.com/bid/4964 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. Analysis ---------------- ED_PRI CAN-2002-0803 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0807 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0807 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=146447 Reference: REDHAT:RHSA-2002:109 Reference: BID:4964 Reference: URL:http://online.securityfocus.com/bid/4964 Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. Analysis ---------------- ED_PRI CAN-2002-0807 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0811 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0811 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=130821 Reference: REDHAT:RHSA-2002:109 Reference: BID:4964 Reference: URL:http://online.securityfocus.com/bid/4964 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. Analysis ---------------- ED_PRI CAN-2002-0811 3 Vendor Acknowledgement: yes advisory Content Decisions: INCLUSION INCLUSION: The developers are not certain whether this bug is truly exploitable or not. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0878 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0878 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020604 sql injection in Logisense software Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0010.html Reference: BID:4931 Reference: URL:http://www.securityfocus.com/bid/4931 Reference: XF:logisense-sql-injection(9268) Reference: URL:http://www.iss.net/security_center/static/9268.php SQL injection vulnerability in the login form for LogiSense software including (1) Hawk-i Billing, (2) Hawk-i ASP and (3) DNS Manager allows remote attackers to bypass authentication via SQL code in the password field. Analysis ---------------- ED_PRI CAN-2002-0878 3 Vendor Acknowledgement: Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0907 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0907 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020604 SHOUTcast 1.8.9 bufferoverflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0016.html Reference: BID:4934 Reference: URL:http://www.securityfocus.com/bid/4934 Reference: XF:shoutcast-icy-remote-bo(9251) Reference: URL:http://www.iss.net/security_center/static/9251.php Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-". Analysis ---------------- ED_PRI CAN-2002-0907 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0913 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0913 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULN-DEV:20020604 SRT Security Advisory (SRT2002-06-04-1011): slurp Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102323341407280&w=2 Reference: BUGTRAQ:20020604 SRT Security Advisory (SRT2002-06-04-1011): slurp Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0014.html Reference: XF:slurp-syslog-format-string(9270) Reference: URL:http://www.iss.net/security_center/static/9270.php Reference: BID:4935 Reference: URL:http://www.securityfocus.com/bid/4935 Format string vulnerability in log_doit function of Slurp NNTP client 1.1.0 allows a malicious news server to execute arbitrary code on the client via format strings in a server response. Analysis ---------------- ED_PRI CAN-2002-0913 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0921 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0921 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html Reference: XF:cgiscript-csnews-information-disclosure(9331) Reference: URL:http://www.iss.net/security_center/static/9331.php CGIScript.net csNews.cgi allows remote attackers to obtain potentially sensitive information, such as the full server pathname and other configuration settings, via the viewnews command with an invalid database, which leaks the information in error messages. Analysis ---------------- ED_PRI CAN-2002-0921 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0922 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0922 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html Reference: XF:cgiscript-csnews-admin-access(9333) Reference: URL:http://www.iss.net/security_center/static/9333.php Reference: XF:cgiscript-csnews-file-disclosure(9332) Reference: URL:http://www.iss.net/security_center/static/9332.php Reference: BID:4991 Reference: URL:http://www.securityfocus.com/bid/4991 Reference: BID:4993 Reference: URL:http://www.securityfocus.com/bid/4993 CGIScript.net csNews.cgi allows remote attackers to obtain database files via a direct URL-encoded request to (1) default%2edb or (2) default%2edb.style, or remote authenticated users to perform administrative actions via (3) a database parameter set to default%2edb. Analysis ---------------- ED_PRI CAN-2002-0922 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests that all issues of the same type be MERGED. While there are separate "components" involved here, in the sense that there are varying authentication requirements, the underlying issue is basically the same: a canonicalization problem due to encoding. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0923 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0923 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html Reference: BID:4994 Reference: URL:http://www.securityfocus.com/bid/4994 Reference: XF:cgiscript-csnews-admin-access(9333) Reference: URL:http://www.iss.net/security_center/static/9333.php CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the (1) pheader or (2) pfooter parameters in the "Advanced Settings" capability. Analysis ---------------- ED_PRI CAN-2002-0923 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0924 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0924 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html Reference: BID:4451 Reference: URL:http://online.securityfocus.com/bid/4451 CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability. Analysis ---------------- ED_PRI CAN-2002-0924 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0931 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0931 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020610 [ARL02-A15] Multiple Security Issues in MyHelpdesk Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.html Reference: BID:4967 Reference: URL:http://www.securityfocus.com/bid/4967 Reference: BID:4970 Reference: URL:http://www.securityfocus.com/bid/4970 Reference: XF:myhelpdesk-new-ticket-xss(9319) Reference: URL:http://www.iss.net/security_center/static/9319.php Reference: XF:myhelpdesk-index-php-xss(9320) Reference: URL:http://www.iss.net/security_center/static/9320.php Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a (1) Title or (2) Description when a new ticket is created by a support assistant, via the "id" parameter to the index.php script with the (3) tickettime, (4) ticketfiles, or (5) updateticketlog operations, or (6) via the update section when a ticket is edited. Analysis ---------------- ED_PRI CAN-2002-0931 3 Vendor Acknowledgement: Content Decisions: SF-LOC, SF-EXEC ABSTRACTION: CD:SF-LOC suggests combining problems of the same type into the same item. Some may distinguish between "script injection into links" and "script injection into HTML pages," but these can also be thought of different attack vectors into the problem of "not quoting or cleansing script when it is presented to another party," so CVE takes the approach that these issues are the same. CD:SF-EXEC further suggests that problems of the same type, in the same version, should be combined. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0932 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0932 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020610 [ARL02-A15] Multiple Security Issues in MyHelpdesk Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.html Reference: BID:4971 Reference: URL:http://www.securityfocus.com/bid/4971 Reference: XF:myhelpdesk-sql-injection(9321) Reference: URL:http://www.iss.net/security_center/static/9321.php SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the "id" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog. Analysis ---------------- ED_PRI CAN-2002-0932 3 Vendor Acknowledgement: Content Decisions: SF-LOC, SF-EXEC ABSTRACTION: CD:SF-LOC suggests combining problems of the same type into the same item. Some may distinguish between "script injection into links" and "script injection into HTML pages," but these can also be thought of different attack vectors into the problem of "not quoting or cleansing script when it is presented to another party," so CVE takes the approach that these issues are the same. CD:SF-EXEC further suggests that problems of the same type, in the same version, should be combined. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0933 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0933 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020610 Datalex BookIt! Consumer Password Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0063.html Reference: BID:4972 Reference: URL:http://www.securityfocus.com/bid/4972 Reference: XF:bookit-plaintext-passwords(9316) Reference: URL:http://www.iss.net/security_center/static/9316.php Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords in plaintext in a cookie, which could allow remote attackers to gain privileges via Cross-site scripting or sniffing attacks. Analysis ---------------- ED_PRI CAN-2002-0933 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0934 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0934 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020610 AlienForm2 CGI script: arbitrary file read/write Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0068.html Reference: BID:4983 Reference: URL:http://www.securityfocus.com/bid/4983 Reference: XF:alienform2-directory-traversal(9325) Reference: URL:http://www.iss.net/security_center/static/9325.php Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. (dot dot) sequence in the parameters (1) _browser_out or (2) _out_file. Analysis ---------------- ED_PRI CAN-2002-0934 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0936 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0936 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULNWATCH:20020611 [VulnWatch] Generic Crash-JSP Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0095.html Reference: XF:jsp-engine-wprinterjob-dos(9339) Reference: URL:http://www.iss.net/security_center/static/9339.php Reference: BID:4995 Reference: URL:http://www.securityfocus.com/bid/4995 The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). Analysis ---------------- ED_PRI CAN-2002-0936 3 Vendor Acknowledgement: Content Decisions: SF-CODEBASE ACCURACY: The original post includes no version information. ABSTRACTION: It is not particularly clear what codebase relationships may exist between Tomcat and JRun. It's possible that this is not a bug in the implementations, rather in J2EE or JRE. The fact that the same obscure piece of code demonstrates the issue in both places, indicates some type of commonality. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0937 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0937 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULNWATCH:20020611 [VulnWatch] Generic Crash-JSP Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0095.html Reference: XF:jsp-engine-wprinterjob-dos(9339) Reference: URL:http://www.iss.net/security_center/static/9339.php Reference: BID:4997 Reference: URL:http://www.securityfocus.com/bid/4997 The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). Analysis ---------------- ED_PRI CAN-2002-0937 3 Vendor Acknowledgement: Content Decisions: SF-CODEBASE ACCURACY: The original post includes no version information. ABSTRACTION: It is not particularly clear what codebase relationships may exist between Tomcat and JRun. It's possible that this is not a bug in the implementations, rather in J2EE or JRE. The fact that the same obscure piece of code demonstrates the issue in both places, indicates some type of commonality. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0949 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0949 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020605 Some vulnerabilities in the Telindus 11xx router series Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0028.html Reference: BID:4946 Reference: URL:http://www.securityfocus.com/bid/4946 Reference: XF:telindus-adsl-information-leak(9277) Reference: URL:http://www.iss.net/security_center/static/9277.php Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext. Analysis ---------------- ED_PRI CAN-2002-0949 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0956 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0956 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULNWATCH:20020606 [VulnWatch] KPMG-2002019: BlackICE Agent not Firewalling After Standby Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0090.html Reference: BUGTRAQ:20020606 KPMG-2002019: BlackICE Agent not Firewalling After Standby Reference: URL:http://online.securityfocus.com/archive/1/275710 Reference: BID:4950 Reference: URL:http://www.securityfocus.com/bid/4950 Reference: XF:blackice-standby-inactivate(9275) Reference: URL:http://www.iss.net/security_center/static/9275.php BlackICE Agent 3.1.eal does not always reactivate after a system standby, which could allow remote attackers and local users to bypass intended firewall restrictions. Analysis ---------------- ED_PRI CAN-2002-0956 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0959 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0959 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020606 Splatt Forum XSS Reference: URL:http://online.securityfocus.com/archive/1/275744 Reference: VULNWATCH:20020606 [VulnWatch] Splatt Forum XSS Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0091.html Reference: XF:splatt-forum-img-xss(9279) Reference: URL:http://www.iss.net/security_center/static/9279.php Reference: BID:4953 Reference: URL:http://www.securityfocus.com/bid/4953 Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an [img] tag with a closing quote followed by the script. Analysis ---------------- ED_PRI CAN-2002-0959 3 Vendor Acknowledgement: unknown foreign ACKNOWLEDGEMENT: vendor ack could not be determined because the vendor's web site is in Italian. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0960 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0960 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020606 CBMS: XSS and SQL Injection holes Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0043.html Reference: BID:4957 Reference: URL:http://www.securityfocus.com/bid/4957 Reference: XF:cbms-php-xss(9294) Reference: URL:http://www.iss.net/security_center/static/9294.php Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allows remote attackers to execute arbitrary script as other CBMS users. Analysis ---------------- ED_PRI CAN-2002-0960 3 Vendor Acknowledgement: unknown vague Content Decisions: SF-LOC ACKNOWLEDGEMENT: Vendor acknowledgement is too vague. The vendor's web page says "Please download the latest version of cbms (0.7.1) due to numerous security fixes!" and the changelog includes an item dated 5/24/2002 that says "Fixed security issue dealing with how queries are constructed," but this is too vague to know whether the vendor was fixing the XSS issue, the SQL issue, both, or none. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0961 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0961 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020606 CBMS: XSS and SQL Injection holes Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0043.html Reference: BID:4957 Reference: URL:http://www.securityfocus.com/bid/4957 Reference: XF:cbms-php-sql-injection(9295) Reference: URL:http://www.iss.net/security_center/static/9295.php Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote attackers to conduct unauthorized operations as other users, e.g. by deleting clients via dltclnt.php, possibly in a SQL injection attack. Analysis ---------------- ED_PRI CAN-2002-0961 3 Vendor Acknowledgement: unknown vague Content Decisions: SF-LOC ACKNOWLEDGEMENT: The vendor's acknowledgement is too vague. The vendor's web page says "Please download the latest version of cbms (0.7.1) due to numerous security fixes!" and the changelog includes an item dated 5/24/2002 that says "Fixed security issue dealing with how queries are constructed," but this is too vague to know whether the vendor was fixing the XSS issue, the SQL issue, both, or none. ACCURACY: the notifier says that this is a SQL injection issue, but there doesn't appear to be any "malformed" SQL in the provided exploit; it seems to indicate a well-formed ID, which could mean that this is an "authentication bypass" type of vulnerability. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0962 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0962 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020610 [ARL02-A13] Multiple Security Issues in GeekLog Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html Reference: CONFIRM:http://geeklog.sourceforge.net/article.php?story=20020610013358149 Reference: XF:geeklog-index-comment-xss(9310) Reference: URL:http://www.iss.net/security_center/static/9310.php Reference: XF:geeklog-calendar-event-xss(9309) Reference: URL:http://www.iss.net/security_center/static/9309.php Reference: BID:4969 Reference: URL:http://www.securityfocus.com/bid/4969 Reference: BID:4974 Reference: URL:http://www.securityfocus.com/bid/4974 Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php. Analysis ---------------- ED_PRI CAN-2002-0962 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0963 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0963 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020610 [ARL02-A13] Multiple Security Issues in GeekLog Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html Reference: CONFIRM:http://geeklog.sourceforge.net/article.php?story=20020610013358149 Reference: BID:4968 Reference: URL:http://www.securityfocus.com/bid/4968 Reference: XF:geeklog-sql-injection(9311) Reference: URL:http://www.iss.net/security_center/static/9311.php SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter. Analysis ---------------- ED_PRI CAN-2002-0963 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
