|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-100 - 35 candidates
I am proposing cluster RECENT-100 for review and voting by the Editorial Board. Name: RECENT-100 Description: CANs announced between 2002/06/12 and 2002/06/28 Size: 35 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0906 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0906 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: CERT-VN:VU#814627 Reference: URL:http://www.kb.cert.org/vuls/id/814627 Reference: CONFIRM:http://www.sendmail.org/8.12.5.html Reference: BID:5122 Reference: XF:sendmail-dns-txt-bo(9443) Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server. Analysis ---------------- ED_PRI CAN-2002-0906 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0952 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0952 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: CISCO:20020619 Cisco ONS15454 IP TOS Bit Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ons-tos-vuln-pub.shtml Reference: XF:cisco-ons-tcc-dos(9377) Reference: URL:http://www.iss.net/security_center/static/9377.php Reference: BID:5058 Reference: URL:http://www.securityfocus.com/bid/5058 Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service (reset) by sending IP packets with non-zero Type of Service (TOS) bits to the Timing Control Card (TCC) LAN interface. Analysis ---------------- ED_PRI CAN-2002-0952 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0968 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0968 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020613 Remote DoS in AnalogX SimpleServer:www 1.16 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0106.html Reference: BUGTRAQ:20020702 Re: Remote DoS in AnlaogX SimpleServer:www 1.16 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102563702928443&w=2 Reference: CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm Reference: BID:5006 Reference: URL:http://www.securityfocus.com/bid/5006 Reference: XF:analogx-simpleserver-at-dos(9338) Reference: URL:http://www.iss.net/security_center/static/9338.php Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name. Analysis ---------------- ED_PRI CAN-2002-0968 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the change log for version 1.23 says "Fixed possible exploit with large string commands." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0991 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0991 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020624 Sharity Cifslogin Buffer Overflow (arguments) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0300.html Reference: HP:HPSBUX0207-200 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0016.html Reference: XF:hp-cifs-login-bo(9431) Reference: URL:http://www.iss.net/security_center/static/9431.php Reference: BID:5088 Reference: URL:http://www.securityfocus.com/bid/5088 Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u parameters. Analysis ---------------- ED_PRI CAN-2002-0991 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1000 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1000 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020626 Foundstone Advisory - Buffer Overflow in AnalogX SimpleServer:Shout (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0338.html Reference: CONFIRM:http://www.analogx.com/contents/download/network/ssshout.htm Reference: BID:5104 Reference: URL:http://www.securityfocus.com/bid/5104 Reference: XF:analogx-simpleserver-shout-bo(9427) Reference: URL:http://www.iss.net/security_center/static/9427.php Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long request to TCP port 8001. Analysis ---------------- ED_PRI CAN-2002-1000 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the changelog on the vendor web site includes an entry for version 1.02 that "Fixed assert error found by Foundstone [the discloser]." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1024 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1024 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: CERT-VN:VU#290140 Reference: URL:http://www.kb.cert.org/vuls/id/290140 Reference: CISCO:20020627 Scanning for SSH Can Cause a Crash Reference: URL:http://www.cisco.com/warp/public/707/SSH-scanning.shtml Reference: XF:cisco-ssh-scan-dos(9437) Reference: URL:http://www.iss.net/security_center/static/9437.php Reference: BID:5114 Reference: URL:http://www.securityfocus.com/bid/5114 Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attackers to cause a denial of service (CPU consumption) via a large packet that was designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144). Analysis ---------------- ED_PRI CAN-2002-1024 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0859 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0859 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020815 Category: SF Reference: BUGTRAQ:20020619 Microsoft SQL Server 2000 OpenDataSource Buffer Overflow (#NISR19062002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102450188620081&w=2 Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. Analysis ---------------- ED_PRI CAN-2002-0859 2 Vendor Acknowledgement: yes via-email ACKNOWLEDGEMENT: the KB article referenced by NGSSoftware does not explicitly acknowledge the issue; however, Microsoft did acknowledge the issue via an email inquiry. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0938 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0938 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020614 XSS in CiscoSecure ACS v3.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html Reference: BUGTRAQ:20020621 Re: XSS in CiscoSecure ACS v3.0 Reference: URL:http://online.securityfocus.com/archive/1/278222 Reference: BID:5026 Reference: URL:http://www.securityfocus.com/bid/5026 Reference: XF:ciscosecure-web-css(9353) Reference: URL:http://www.iss.net/security_center/static/9353.php Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. Analysis ---------------- ED_PRI CAN-2002-0938 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0941 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0941 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020617 nCipher Advisory #4: Console Java apps can leak passphrases on Windows Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0172.html Reference: BID:5024 Reference: URL:http://www.securityfocus.com/bid/5024 Reference: XF:ncipher-consolecallback-passphrase-leak(9354) Reference: URL:http://www.iss.net/security_center/static/9354.php The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application that is prompting for the passphrase, which could allow attackers to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0941 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0944 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0944 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020617 DeepMetrix LiveStats javascript injection Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0207.html Reference: XF:livestats-report-execute-code(9390) Reference: URL:http://www.iss.net/security_center/static/9390.php Reference: BID:5047 Reference: URL:http://www.securityfocus.com/bid/5047 Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the (1) user-agent or (2) referrer, which are not filtered by the stats program. Analysis ---------------- ED_PRI CAN-2002-0944 2 Vendor Acknowledgement: yes via-email ACKNOWLEDGEMENT: an email inquiry was sent to support@deepmetrix.com on August 10, 2002. A response was received on August 14, 2002: "At this time we are aware of this issue and it currently being researched for the best possible solution. Once such a solution has been added to the LiveStats bundle, it will be posted to the following page: http://www.deepmetrix.com/livestats6_corp/service/release_notes.asp" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0953 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0953 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020617 PHP source injection in PHPAddress Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0182.html Reference: BUGTRAQ:20020619 Source Injection into PHPAddress Reference: URL:http://online.securityfocus.com/archive/1/277987 Reference: XF:phpaddress-include-remote-files(9379) Reference: URL:http://www.iss.net/security_center/static/9379.php Reference: BID:5039 Reference: URL:http://www.securityfocus.com/bid/5039 globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen and register_globals variables enabled, allows remote attackers to execute arbitrary PHP code via a URL to the code in the LangCookie parameter. Analysis ---------------- ED_PRI CAN-2002-0953 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1002 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1002 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020812 NOVL-2002-2963081 - Novell iManager (eMFrame 1.2.1) DoS Attack Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0093.html Reference: BUGTRAQ:20020627 Cluestick Advisory #001 Reference: URL:http://online.securityfocus.com/archive/1/279683 Reference: XF:netware-imanage-username-dos(9444) Reference: URL:http://www.iss.net/security_center/static/9444.php Reference: BID:5117 Reference: URL:http://www.securityfocus.com/bid/5117 Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name. Analysis ---------------- ED_PRI CAN-2002-1002 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0684 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0684 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020711 Category: SF Reference: REDHAT:RHSA-2002:139 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-139.html Reference: BUGTRAQ:20020704 Re: Remote buffer overflow in resolver code of libc Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102581482511612&w=2 Reference: SUSE:SuSE-SA:2002:026 Reference: CERT:CA-2002-19 Reference: CERT-VN:VU#542971 Reference: URL:http://www.kb.cert.org/vuls/id/542971 Reference: MANDRAKE:MDKSA-2002:050 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-050.php Reference: CONECTIVA:CLSA-2002:507 Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507 Reference: REDHAT:RHSA-2002:133 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-133.html Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr. Analysis ---------------- ED_PRI CAN-2002-0684 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-EXEC, SF-CODEBASE ABSTRACTION: This issue is very similar to CAN-2002-0651, and may be more closely described by CERT-VN:VU#542971. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0821 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0821 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020801 Category: SF Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00005.html Reference: CONECTIVA:CLSA-2002:505 Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505 Reference: REDHAT:RHSA-2002:169 Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. Analysis ---------------- ED_PRI CAN-2002-0821 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, SF-LOC ABSTRACTION: the Ethereal advisory does not provide explicit details for the SOCKS/etc. dissector "core dump" issues. However, since it does say that there are "buffer overlfow and pointer problems," this implies that there are two different types of vulnerabilities; thus the BGP/WCP buffer overflows and SOCKS/etc. "core dumps" should be given separate identifiers. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0822 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0822 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020801 Category: SF Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00005.html Reference: CONECTIVA:CLA-2002:505 Reference: REDHAT:RHSA-2002:169 Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump. Analysis ---------------- ED_PRI CAN-2002-0822 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, SF-LOC ABSTRACTION: the Ethereal advisory does not provide explicit details for the SOCKS/etc. dissector "core dump" issues. However, since it does say that there are "buffer overlfow and pointer problems," this implies that there are two different types of vulnerabilities; thus the BGP/WCP buffer overflows and SOCKS/etc. "core dumps" should be given separate identifiers. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0827 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0827 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020806 Category: unknown Reference: CALDERA:CSSA-2002-SCO.27.txt Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.27/CSSA-2002-SCO.27.txt Reference: XF:ppptalk-local-elevated-privileges(9380) Reference: URL:http://www.iss.net/security_center/static/9380.php Reference: BID:5051 Reference: URL:http://www.securityfocus.com/bid/5051 Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to gain root privileges via (1) ppptalk or (2) ppp, a different vulnerability than CAN-2002-0824. Analysis ---------------- ED_PRI CAN-2002-0827 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ABSTRACTION/INCLUSION: CD:VAGUE suggests that vague advisories from vendors should be provided with different CVE identifiers. In this case, security@caldera.com explicitly confirmed that this is a different issue than CAN-2002-0824. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0925 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0925 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020612 [CERT-intexxia] mmmail POP3-SMTP Daemon Format String Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0095.html Reference: BUGTRAQ:20020612 [CERT-intexxia] mmftpd FTP Daemon Format String Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/276523 Reference: CONFIRM:http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt Reference: CONFIRM:http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt Reference: BID:4990 Reference: URL:http://www.securityfocus.com/bid/4990 Reference: XF:mmmail-mmsyslog-format-string(9336) Reference: URL:http://www.iss.net/security_center/static/9336.php Reference: BID:4999 Reference: URL:http://www.securityfocus.com/bid/4999 Reference: XF:mmftpd-mmsyslog-format-string(9337) Reference: URL:http://www.iss.net/security_center/static/9337.php Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier. Analysis ---------------- ED_PRI CAN-2002-0925 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-CODEBASE, SF-EXEC ACKNOWLEDGEMENT: the changelog for mmmail 0.0.8, dated June 4, 2002, states: "A pretty serious bug was fixed (which only affected glibc-based systems), where syslog() would potentially be called with user supplied parts, including fmt sequences," and credits the researchers. A similar entry is included in the changelog for mmmail 0.0.14. ABSTRACTION: CD:SF-CODEBASE suggests combining issues that stem from the same codebase. While that is not quite the case here, the fact that there's the same vendor, same filename, same function, and same patch (and same diff), suggests that this issue should be treated as a same-codebase issue. On the other hand, the mmail and mmftpd packages are separately available for download, which would suggest a SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0926 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0926 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020617 Directory Traversal in Wolfram Research's webMathematica Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0174.html Reference: XF:webmathematica-dot-directory-traversal(9373) Reference: URL:http://www.iss.net/security_center/static/9373.php Reference: BID:5035 Reference: URL:http://www.securityfocus.com/bid/5035 Directory traversal vulnerability in Wolfram Research webMathematica allows remote attackers to read arbitrary files via a .. (dot dot) in the MSPStoreID parameter. Analysis ---------------- ED_PRI CAN-2002-0926 3 Vendor Acknowledgement: unknown discloser-claimed ACKNOWLEDGEMENT: email inquiry sent to support@wolfram.com on August 2, 2002. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0928 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0928 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020621 Pirch 98 Link Handling Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0256.html Reference: BID:5079 Reference: URL:http://www.securityfocus.com/bid/5079 Reference: XF:pirch-irc-link-bo(9409) Reference: URL:http://www.iss.net/security_center/static/9409.php Buffer overflow in the Pirch 98 IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hyperlink in a channel or private message. Analysis ---------------- ED_PRI CAN-2002-0928 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0929 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0929 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULNWATCH:20020625 [VulnWatch] cqure.net.20020604.netware_dhcpsrvr Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0126.html Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2962999 Reference: BID:5097 Reference: URL:http://www.securityfocus.com/bid/5097 Reference: XF:netware-dhcp-dos(9428) Reference: URL:http://www.iss.net/security_center/static/9428.php Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service (reboot) via long DHCP requests. Analysis ---------------- ED_PRI CAN-2002-0929 3 Vendor Acknowledgement: yes Content Decisions: VAGUE, SF-LOC ACKNOWLEDGEMENT: the vendor has a technical information document with a "DHCP vulnerability fix," in which "The NetWare server would abend when receiving a 'non-standard' dhcp request." Since this document was created 12JUL2002 (2 weeks after disclosure), and it uses the same phrasing as the original Bugtraq posts, there is sufficient evidence that the document addresses this issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0930 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0930 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020625 cqure.net.20020521.netware_nwftpd_fmtstr Reference: URL:http://online.securityfocus.com/archive/1/278689 Reference: VULNWATCH:20020625 [VulnWatch] cqure.net.20020521.netware_nwftpd_fmtstr Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0127.html Reference: BID:5099 Reference: URL:http://www.securityfocus.com/bid/5099 Reference: XF:netware-ftp-username-dos(9429) Reference: URL:http://www.iss.net/security_center/static/9429.php Format string vulnerability in the FTP server for Novell Netware 6.0 SP1 (NWFTPD) allows remote attackers to cause a denial of service (ABEND) via format strings in the USER command. Analysis ---------------- ED_PRI CAN-2002-0930 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0935 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0935 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULNWATCH:20020620 [VulnWatch] KPMG-2002025: Apache Tomcat Denial of Service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0120.html Reference: BUGTRAQ:20020620 KPMG-2002025: Apache Tomcat Denial of Service Reference: URL:http://online.securityfocus.com/archive/1/277940 Reference: XF:tomcat-null-thread-dos(9396) Reference: URL:http://www.iss.net/security_center/static/9396.php Reference: BID:5067 Reference: URL:http://www.securityfocus.com/bid/5067 Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang. Analysis ---------------- ED_PRI CAN-2002-0935 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0940 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0940 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020513 nCipher Security Advisory #3: MSCAPI CSP Install Wizard Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0103.html Reference: BUGTRAQ:20020617 nCipher Advisory #3: MSCAPI keys erroneously module-protected - update Reference: URL:http://online.securityfocus.com/archive/1/277241 Reference: BID:4729 Reference: URL:http://online.securityfocus.com/bid/4729 domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only). Analysis ---------------- ED_PRI CAN-2002-0940 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests that two problems of the same type, with different versions, should be SPLIT. The domesticinstall.exe issue is in 5.50 and 5.54, but the Install Wizard is only in 5.50. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0942 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0942 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020614 Lumigent Log Explorer 3.xx extended stored procedures buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0146.html Reference: BUGTRAQ:20020614 Follow-up on Lumigent Log Explorer 3.xx extended stored procedures buffer overflow Reference: URL:http://online.securityfocus.com/archive/1/277026 Reference: CONFIRM:http://www.lumigent.com/LogExplorer/Support/whatsnew3_03.htm Reference: BID:5016 Reference: URL:http://www.securityfocus.com/bid/5016 Reference: BID:5017 Reference: URL:http://www.securityfocus.com/bid/5017 Reference: BID:5018 Reference: URL:http://www.securityfocus.com/bid/5018 Reference: XF:logexplorer-mssql-xplogattach-bo(9346) Reference: URL:http://www.iss.net/security_center/static/9346.php Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers with database permissions to execute arbitrary code via long arguments to the extended stored procedures (1) xp_logattach_StartProf, (2) xp_logattach_setport, or (3) xp_logattach. Analysis ---------------- ED_PRI CAN-2002-0942 3 Vendor Acknowledgement: yes followup Content Decisions: SF-EXEC ACCURACY/ABSTRACTION: The vendor's release notes include an item for version 3.02 that states "Log Explorer version 3.02 fixes the buffer overflow problem that occurs with some extended stored procedures when a parameter passed to these procedures is excessively long." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0943 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0943 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020618 Metacart vuln. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0200.html Reference: XF:metacart2sql-insecure-database-access(9393) Reference: URL:http://www.iss.net/security_center/static/9393.php Reference: BID:5042 Reference: URL:http://www.securityfocus.com/bid/5042 MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb. Analysis ---------------- ED_PRI CAN-2002-0943 3 Vendor Acknowledgement: ACKNOWLEDGEMENT: email inquiry sent to webmaster@metalinks.com (the only available address) oin August 10, 2002. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0948 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0948 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020613 Re: SSI & CSS execution in MakeBook 2.2 Reference: URL:http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00135.html Reference: BUGTRAQ:20020612 SSI & CSS execution in MakeBook 2.2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0094.html Reference: CONFIRM:http://www.tesol.net/scriptmail.html Reference: CONFIRM:http://www.linguistic-funland.com/scripts/MakeBook/makebook.script Reference: BID:4996 Reference: URL:http://online.securityfocus.com/bid/4996 Reference: XF:makebook-name-field-validation(9356) Reference: URL:http://www.iss.net/security_center/static/9356.php Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered. Analysis ---------------- ED_PRI CAN-2002-0948 3 Vendor Acknowledgement: yes followup Content Decisions: SF-LOC ACKNOWLEDGEMENT: On the Author's main web page, the Author states: "Yo, BugTraq visitors... The exploit you're trying only works if what you enter is posted to an HTML page on a server that executes SSI (SSI exploit) or posted to any general HTML page (CSS/Javascript exploit)." The source code for the makebook script also filters the characters. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0950 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0950 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020613 [SNS Advisory No.54] Active! mail Executing the Script upon the Opening of a Mail Message Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0108.html Reference: BID:5007 Reference: URL:http://www.securityfocus.com/bid/5007 Reference: XF:activemail-script-tag-header(9358) Reference: URL:http://www.iss.net/security_center/static/9358.php Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and 2.0 allows remote attackers to execute arbitrary code via a certain e-mail header, which is not properly filtered. Analysis ---------------- ED_PRI CAN-2002-0950 3 Vendor Acknowledgement: unknown foreign Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0951 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0951 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020613 [LBYTE] Ruslan Communications <BODY>Builder SQL modification Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0120.html Reference: BID:5008 Reference: URL:http://www.securityfocus.com/bid/5008 Reference: XF:bodybuilder-bypass-authentication(9359) Reference: URL:http://www.iss.net/security_center/static/9359.php SQL injection vulnerability in Ruslan <Body>Builder allows remote attackers to gain administrative privileges via a "'--" sequence in the username and password. Analysis ---------------- ED_PRI CAN-2002-0951 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0954 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0954 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020712 The answer to the PIX encryption issue Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102651159507659&w=2 Reference: VULNWATCH:20020621 [VulnWatch] Weak Cisco Pix Password Encryption Algorithm Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0121.html The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques. Analysis ---------------- ED_PRI CAN-2002-0954 3 Vendor Acknowledgement: unknown vague Content Decisions: DESIGN-WEAK-ENCRYPTION INCLUSION: The weak encryption issue still requires a brute force attack, although less brute force is needed than in other products. ACKNOLWEDGEMENT: the vendor posts a follow-up that focuses on the limited scope of the attack. It is unclear whether the vendor agrees with the claimes (in whole or in part), so this cannot be regarded as vendor acknowledgement. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0955 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0955 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020621 [AP] YaBB Cross-Site Scripting vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0261.html Reference: BID:5078 Reference: URL:http://www.securityfocus.com/bid/5078 Reference: XF:yabb-invalid-thread-xss(9408) Reference: URL:http://www.iss.net/security_center/static/9408.php Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message. Analysis ---------------- ED_PRI CAN-2002-0955 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0957 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0957 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULNWATCH:20020619 [VulnWatch] KPMG-2002023: BlackICE Agent Temporary Memory Buildup Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0114.html Reference: XF:blackice-excessive-memory-consumption(9405) Reference: URL:http://www.iss.net/security_center/static/9405.php The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a high tcp.maxconnections setting, which could allow remote attackers to cause a denial of service (memory consumption) via a large number of connections to the BlackICE system that consumes more resources than intended by the user. Analysis ---------------- ED_PRI CAN-2002-0957 3 Vendor Acknowledgement: yes Content Decisions: CF-DEFAULT, SECTOOL-DESIGN Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0964 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0964 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020620 Half-life fake players bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0248.html Reference: XF:halflife-mulitple-player-dos(9412) Reference: URL:http://www.iss.net/security_center/static/9412.php Reference: BID:5076 Reference: URL:http://www.securityfocus.com/bid/5076 Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the player limit and prevents other players from connecting until the original responses have timed out. Analysis ---------------- ED_PRI CAN-2002-0964 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0966 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0966 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020618 4D 6.7 DOS and Buffer Overflow Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0208.html Reference: XF:4d-long-http-bo(9374) Reference: URL:http://www.iss.net/security_center/static/9374.php Reference: BID:5045 Reference: URL:http://www.securityfocus.com/bid/5045 Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request. Analysis ---------------- ED_PRI CAN-2002-0966 3 Vendor Acknowledgement: Content Decisions: SF-LOC, VAGUE, INCLUSION INCLUSION: This may be a similar issue to CAN-2002-0578, since both are buffer overflows and the 6.7.3 version is specified. Therefore it may be appropriate to merge issues as recommended by CD:SF-LOC. For this report, though, the notifier claims that version 6.8 addresses doesn't have this problem, in which case it could be that CAN-2002-0578 was not fixed, but this issue was, in which case CD:SF-LOC would suggest a SPLIT. Or something like that. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1008 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1008 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020626 ALERT: Lil'HTTP Server (Summit Computer Networks) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0332.html Reference: BUGTRAQ:20020708 Technical Details of Urlcount.cgi Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0072.html Reference: XF:lilhttp-report-urlcount-xss(9445) Reference: URL:http://www.iss.net/security_center/static/9445.php Reference: BID:5115 Reference: URL:http://www.securityfocus.com/bid/5115 Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT capability prints the original request. Analysis ---------------- ED_PRI CAN-2002-1008 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1071 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1071 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020617 Re: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS -- 643R testing Reference: URL:http://online.securityfocus.com/archive/1/277307 Reference: BUGTRAQ:20020617 ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS Reference: URL:http://online.securityfocus.com/archive/1/277242 Reference: BUGTRAQ:20020617 Follow: ZyXEL 642R-11 AJ.6 service DoS -- additional informations Reference: URL:http://online.securityfocus.com/archive/1/277303 Reference: XF:zyxel-tcp-packet-dos(9372) Reference: URL:http://www.iss.net/security_center/static/9372.php Reference: BID:5034 Reference: URL:http://www.securityfocus.com/bid/5034 ZyXEL Prestige 642R allows remote attackers to cause a denial of service in the Telnet, FTP, and DHCP services (crash) via a TCP packet with both the SYN and ACK flags set. Analysis ---------------- ED_PRI CAN-2002-1071 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
