|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-101 - 53 candidates
I am proposing cluster RECENT-101 for review and voting by the Editorial Board. Name: RECENT-101 Description: CANs announced between 2002/07/01 and 2002/07/17 Size: 53 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0819 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0819 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020801 Category: SF Reference: BUGTRAQ:20020706 LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102607688730228&w=2 Reference: VULN-DEV:20020613 Re: LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102614898620164&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=kde-multimedia&m=102607939232023&w=2 Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is not properly handled in a call to the arts_fatal function. Analysis ---------------- ED_PRI CAN-2002-0819 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0855 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0855 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020813 Category: SF Reference: BUGTRAQ:20020724 cross-site scripting bug of Mailman Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0268.html Reference: CONFIRM:http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html Reference: REDHAT:RHSA-2002:176 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-176.html Reference: REDHAT:RHSA-2002:177 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-177.html Reference: REDHAT:RHSA-2002:178 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-178.html Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options. Analysis ---------------- ED_PRI CAN-2002-0855 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0995 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0995 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020702 PHPAuction bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0014.html Reference: CONFIRM:http://www.phpauction.org/viewnew.php?id=5 Reference: XF:phpauction-admin-account-creation(9462) Reference: URL:http://www.iss.net/security_center/static/9462.php Reference: BID:5141 Reference: URL:http://www.securityfocus.com/bid/5141 login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table. Analysis ---------------- ED_PRI CAN-2002-0995 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: the vendor's web site includes an advisory dated the day after the initial Bugtraq post, which states "This fix addresses the admin/login.php file and the possible security breach that could occur without this change. It now has certain security checks added for a safer admin back-end." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1004 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1004 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020703 Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0029.html Reference: CONFIRM:http://www.argosoft.com/applications/mailserver/changelist.asp Reference: BID:5144 Reference: URL:http://www.securityfocus.com/bid/5144 Reference: XF:argosoft-dotdot-directory-traversal(9477) Reference: URL:http://www.iss.net/security_center/static/9477.php Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL. Analysis ---------------- ED_PRI CAN-2002-1004 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the vendor's change log includes an entry for 1.8.1.6 dated July 03, 2002, which states "Fixed security problem with the Webmail Reverse Directory Traversal, discovered by team n. finity [the discloser]." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1006 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1006 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020701 PTL-2002-03 Betsie XSS Vuln Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0002.html Reference: CONFIRM:http://www.bbc.co.uk/education/betsie/parser.pl.txt Reference: BID:5135 Reference: URL:http://www.securityfocus.com/bid/5135 Reference: XF:betsie-parserl-xss(9468) Reference: URL:http://www.iss.net/security_center/static/9468.php Cross-site scripting vulnerability in BBC Education Text to Speech Internet Enhancer (Betsie) 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl. Analysis ---------------- ED_PRI CAN-2002-1006 1 Vendor Acknowledgement: yes patch ACKNOWLEDGEMENT: the comments inside the parserl.pl script itself (version 1.5.12 on August 18, 2002) include a statement to "Beat cross-site scripting vulnerability," and the original Bugtraq poster is thanked at the top of the page. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1013 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1013 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020702 CORE-20020620: Inktomi Traffic Server Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0023.html Reference: CONFIRM:http://support.inktomi.com/kb/070202-003.html Reference: BID:5098 Reference: URL:http://www.securityfocus.com/bid/5098 Reference: XF:inktomi-trafficserver-manager-bo(9465) Reference: URL:http://www.iss.net/security_center/static/9465.php Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument. Analysis ---------------- ED_PRI CAN-2002-1013 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1014 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1014 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020712 [SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html Reference: CONFIRM:http://service.real.com/help/faq/security/bufferoverrun07092002.html Reference: XF:realplayer-rjs-controlnimage-bo(9538) Reference: URL:http://www.iss.net/security_center/static/9538.php Reference: BID:5217 Reference: URL:http://www.securityfocus.com/bid/5217 Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image. Analysis ---------------- ED_PRI CAN-2002-1014 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1015 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1015 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020712 [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html Reference: CONFIRM:http://service.real.com/help/faq/security/bufferoverrun07092002.html Reference: XF:realplayer-rjs-file-download(9539) Reference: URL:http://www.iss.net/security_center/static/9539.php Reference: BID:5210 Reference: URL:http://www.securityfocus.com/bid/5210 RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. Analysis ---------------- ED_PRI CAN-2002-1015 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1025 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1025 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020701 [VulnWatch] KPMG-2002026: Jrun sourcecode Disclosure Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.html Reference: BUGTRAQ:20020701 KPMG-2002026: Jrun sourcecode Disclosure Reference: URL:http://online.securityfocus.com/archive/1/280062 Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23164 Reference: BID:5134 Reference: URL:http://www.securityfocus.com/bid/5134 Reference: XF:jrun-null-view-source(9459) Reference: URL:http://www.iss.net/security_center/static/9459.php JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed. Analysis ---------------- ED_PRI CAN-2002-1025 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1030 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1030 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020708 [VulnWatch] KPMG-2002029: Bea Weblogic Performance Pack Denial of Service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html Reference: BUGTRAQ:20020708 KPMG-2002029: Bea Weblogic Performance Pack Denial of Service Reference: URL:http://online.securityfocus.com/archive/1/281046 Reference: CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm Reference: BID:5159 Reference: URL:http://www.securityfocus.com/bid/5159 Reference: XF:weblogic-race-condition-dos(9486) Reference: URL:http://www.iss.net/security_center/static/9486.php Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. Analysis ---------------- ED_PRI CAN-2002-1030 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: the advisory credits KPMG (the discloser) for discovering the issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1031 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1031 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020707 KF Web Server version 1.0.2 shows file and directory content Reference: URL:http://online.securityfocus.com/archive/1/281102 Reference: VULNWATCH:20020707 [VulnWatch] KF Web Server version 1.0.2 shows file and directory content Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0007.html Reference: CONFIRM:http://www.keyfocus.net/kfws/support/ Reference: BID:5177 Reference: URL:http://www.securityfocus.com/bid/5177 Reference: XF:kfwebserver-null-view-dir(9500) Reference: URL:http://www.iss.net/security_center/static/9500.php KeyFocus (KF) web server 1.0.2 allows remote attackers to list directories and read restricted files via an HTTP request containing a %00 (null) character. Analysis ---------------- ED_PRI CAN-2002-1031 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the vendor's change log for 1.0.3, dated July 4, 2002, states: "Security vulnerability - %00. If the requested URL contains a %00 after a directory name, then the server used to generate an index of the files in the directory." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1039 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1039 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html Reference: BUGTRAQ:20020714 Double Choco Latte multiple vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102668783632589&w=2 Reference: CONFIRM:http://dcl.sourceforge.net/index.php Reference: XF:dcl-dotdot-directory-traversal(9743) Reference: URL:http://www.iss.net/security_center/static/9743.php Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Attachments feature. Analysis ---------------- ED_PRI CAN-2002-1039 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the vendor's changelog, dated July 6, 2002, states: "Fix to prevent file download spoofing." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1035 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1035 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020701 BufferOverflow in OmniHTTPd 2.09 Reference: URL:http://online.securityfocus.com/archive/1/280132 Reference: XF:omnihttpd-http-version-bo(9457) Reference: URL:http://www.iss.net/security_center/static/9457.php Reference: BID:5136 Reference: URL:http://www.securityfocus.com/bid/5136 Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of service (crash) via an HTTP request with a long, malformed HTTP 1version number. Analysis ---------------- ED_PRI CAN-2002-1035 2 Vendor Acknowledgement: yes via-email ACKNOWLEDGEMENT: an email inquiry was sent to support@omnicron.ca on August 22, 2002, and the vendor replied on August 24 that the vulnerability was fixed in version 2.10. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0093 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0093 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020313 Category: SF Reference: COMPAQ:SSRT0794 Reference: URL:http://archives.neohapsis.com/archives/compaq/2002-q3/0009.html Reference: XF:tru64-ipcs-bo(9613) Reference: URL:http://www.iss.net/security_center/static/9613.php Reference: BID:5241 Reference: URL:http://www.securityfocus.com/bid/5241 Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow attackers to execute arbitrary code, a different vulnerability than CAN-2001-0423. Analysis ---------------- ED_PRI CAN-2002-0093 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, INCLUSION INCLUSION: The advisory is too vague to tell whether it is addressing the same issue as CAN-2001-0423. However, Rich Boren confirmed via email that the problems are different. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0992 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0992 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: HP:HPSBUX0207-196 Reference: URL:http://online.securityfocus.com/advisories/4258 Reference: XF:hp-ipv6-dce-dos(9475) Reference: URL:http://www.iss.net/security_center/static/9475.php Reference: BID:5143 Reference: URL:http://www.securityfocus.com/bid/5143 Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of service (crash) via an attack that modifies internal data. Analysis ---------------- ED_PRI CAN-2002-0992 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, SF-EXEC INCLUSION: the advisory is too vague to understand the nature of the vulnerability. In addition, it does not say whether a local or remote attacker can actually cause the crash to happen. If the crash can't be forced, then this would not qualify for inclusion in CVE; we simply don't have enough information to know one way or another. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0994 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0994 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020703 SunPCi II VNC weak authentication scheme vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0003.html Reference: BID:5146 Reference: URL:http://www.securityfocus.com/bid/5146 Reference: XF:sunpci-vnc-weak-authentication(9476) Reference: URL:http://www.iss.net/security_center/static/9476.php SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications. Analysis ---------------- ED_PRI CAN-2002-0994 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0996 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0996 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020715 pwc.20020630.nims_modweb.b Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0153.html Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963051 Reference: BID:5231 Reference: URL:http://www.securityfocus.com/bid/5231 Reference: XF:netmail-web-interface-bo(9560) Reference: URL:http://www.iss.net/security_center/static/9560.php Reference: BID:5230 Reference: URL:http://www.securityfocus.com/bid/5230 Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) WebAdmin or (2) ModWeb. Analysis ---------------- ED_PRI CAN-2002-0996 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC, SF-LOC ABSTRACTION: a review of the Novell TID documents for NIMS 3.0.3c versus 3.0.3a indicates that 3.0.3a included an imapd which did not change in 3.0.3c; however, 3.0.3a did not include the WebAdmin or the ModWeb binaries. Therefore the WebAdmin/ModWeb vulnerabilities appeared in a different version than the imapd problem, so WebAdmin/ModWeb should be SPLIT from imapd per CD:SF-EXEC; but WebAdmin/ModWeb should be MERGED together since they appear in the same version and have the same type of bug. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0997 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0997 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020715 pwc.20020630.nims_3.0.3_imapd.a Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0152.html Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2962974 Reference: BID:5232 Reference: URL:http://www.securityfocus.com/bid/5232 Reference: XF:netmail-imap-dos(9559) Reference: URL:http://www.iss.net/security_center/static/9559.php Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service. Analysis ---------------- ED_PRI CAN-2002-0997 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC, SF-LOC ABSTRACTION: a review of the Novell TID documents for NIMS 3.0.3c versus 3.0.3a indicates that 3.0.3a included an imapd which did not change in 3.0.3c; however, 3.0.3a did not include the WebAdmin or the ModWeb binaries. Therefore the WebAdmin/ModWeb vulnerabilities appeared in a different version than the imapd problem, so WebAdmin/ModWeb should be SPLIT from imapd per CD:SF-EXEC. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0998 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0998 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020712 Several problems in CARE 2002 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0128.html Reference: CONFIRM:http://www.care2x.com/modul.php?thispage=headlines&m_titel=NEWS&m_item=Headlines&lang=en Reference: BID:5218 Reference: URL:http://www.securityfocus.com/bid/5218 Reference: XF:care2002-include-read-files(9552) Reference: URL:http://www.iss.net/security_center/static/9552.php Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function. Analysis ---------------- ED_PRI CAN-2002-0998 3 Vendor Acknowledgement: yes advisory Content Decisions: EX-BETA ACKNOWLEDGEMENT: the front web page for CARE 2002 states that "A possible major vulnerability as pointed out by avart(at)gmx.de is now patched," and includes a reference that ultimately leads to the Bugtraq post. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0999 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0999 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020712 Several problems in CARE 2002 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0128.html Reference: CONFIRM:http://www.care2x.com/modul.php?thispage=headlines&m_titel=NEWS&m_item=Headlines&lang=en Reference: BID:5219 Reference: URL:http://www.securityfocus.com/bid/5219 Reference: XF:care2002-sql-injection(9553) Reference: URL:http://www.iss.net/security_center/static/9553.php Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unautheorized database operations. Analysis ---------------- ED_PRI CAN-2002-0999 3 Vendor Acknowledgement: yes advisory Content Decisions: EX-BETA, SF-LOC ACKNOWLEDGEMENT: the front web page for CARE 2002 states that "A possible major vulnerability as pointed out by avart(at)gmx.de is now patched," and includes a reference that ultimately leads to the Bugtraq post. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1001 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1001 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020701 Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0006.html Reference: CONFIRM:http://www.analogx.com/contents/download/network/proxy.htm Reference: XF:analogx-proxy-http-bo(9455) Reference: URL:http://www.iss.net/security_center/static/9455.php Reference: XF:analogx-proxy-socks4a-bo(9456) Reference: URL:http://www.iss.net/security_center/static/9456.php Reference: BID:5138 Reference: URL:http://www.securityfocus.com/bid/5138 Reference: BID:5139 Reference: URL:http://www.securityfocus.com/bid/5139 Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long HTTP request to TCP port 6588 or (2) a SOCKS 4A request to TCP port 1080 with a long DNS hostname. Analysis ---------------- ED_PRI CAN-2002-1001 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC, SF-EXEC ACKNOWLEDGEMENT: the changelog on the vendor web site includes an entry for version 4.12 that "Fixed DNS caching bug reported by Foundstone [the discloser]." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1003 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1003 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020708 Foundstone Advisory - Buffer Overflow in MyWebServer (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0073.html Reference: XF:mywebserver-long-url-bo(9501) Reference: URL:http://www.iss.net/security_center/static/9501.php Reference: BID:5184 Reference: URL:http://www.securityfocus.com/bid/5184 Buffer overflow in MyWebServer 1.02 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. Analysis ---------------- ED_PRI CAN-2002-1003 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1007 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1007 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020701 CSS in blackboard Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0005.html Reference: XF:blackboard-login-xss(9467) Reference: URL:http://www.iss.net/security_center/static/9467.php Reference: BID:5137 Reference: URL:http://www.securityfocus.com/bid/5137 Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via (1) the course_id parameter in a link to login.pl, (2) the CTID parameter in ProcessInfo.cgi, or (3) the Message parameter in index.cgi. Analysis ---------------- ED_PRI CAN-2002-1007 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1009 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1009 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020711 Lil'HTTP Pbcgi.cgi XSS Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0112.html Reference: BID:5211 Reference: URL:http://www.securityfocus.com/bid/5211 Reference: XF:lilhttp-pbcgi-xss(9548) Reference: URL:http://www.iss.net/security_center/static/9548.php Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) "Name" or (2) "E-mail" parameters. Analysis ---------------- ED_PRI CAN-2002-1009 3 Vendor Acknowledgement: Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1010 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1010 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020703 [VulnWatch] Lotus Domino R4 File Retrieval Vulnerability... Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0001.html Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a "?" character, which is treated as a wildcard character and bypasses the web handlers. Analysis ---------------- ED_PRI CAN-2002-1010 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1011 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1011 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020715 Tivoli TMF Endpoint Buffer Overflow Reference: URL:http://online.securityfocus.com/archive/1/282292 Reference: VULNWATCH:20020715 Tivoli TMF Endpoint Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0023.html Reference: MISC:http://www.tivoli.com/secure/support/documents/security/mgt-fwk-http-vul.html Reference: XF:tivoli-tmr-endpoint-bo(9555) Reference: URL:http://www.iss.net/security_center/static/9555.php Reference: BID:5235 Reference: URL:http://www.securityfocus.com/bid/5235 Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request. Analysis ---------------- ED_PRI CAN-2002-1011 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC, SF-EXEC ABSTRACTION: The Endpoint problem is addressed by Fixpack 2 or 3.7.1-TMF-0066, but the ManagedNodes problem will not be addressed until 4.1, according to the discloser. Therefore CD:SF-LOC/SF-EXEC suggests a SPLIT between these items, since the vulnerabilities appear in different versions. ACKNOWLEDGEMENT: the discloser provides a URL to a security advisory, but that advisory requires user registration (and possibly a maintenance contract) to access, so vendor acknowledgement could not be determined. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1012 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1012 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020715 Tivoli TMF ManagedNode Buffer Overflow Reference: URL:http://online.securityfocus.com/archive/1/282283 Reference: VULNWATCH:20020715 Tivoli TMF ManagedNode Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0024.html Reference: MISC:http://www.tivoli.com/secure/support/documents/security/mgt-fwk-http-vul.html Reference: BID:5233 Reference: URL:http://www.securityfocus.com/bid/5233 Reference: XF:tivoli-tmr-managednode-bo(9556) Reference: URL:http://www.iss.net/security_center/static/9556.php Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request. Analysis ---------------- ED_PRI CAN-2002-1012 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC, SF-EXEC ABSTRACTION: The Endpoint problem is addressed by Fixpack 2 or 3.7.1-TMF-0066, but the ManagedNodes problem will not be addressed until 4.1, according to the discloser. Therefore CD:SF-LOC/SF-EXEC suggests a SPLIT between these items, since the vulnerabilities appear in different versions. ACKNOWLEDGEMENT: the discloser provides a URL to a security advisory, but that advisory requires user registration (and possibly a maintenance contract) to access, so vendor acknowledgement could not be determined. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1018 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1018 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020712 [VulnWatch] Vulnerability found: The Adobe eBook Library (fwd) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html Reference: VULN-DEV:20020712 Vulnerability found: The Adobe eBook Library Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102649215618643&w=2 Reference: BUGTRAQ:20020712 Vulnerability found: The Adobe eBook Library Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102650064028760&w=2 The library feature for Adobe Content Server 3.0 does not verify if a customer has already checked out an eBook, which allows remote attackers to cause a denial of service (resource exhaustion) by checking out the same book multiple times. Analysis ---------------- ED_PRI CAN-2002-1018 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1019 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1019 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020712 [VulnWatch] Vulnerability found: The Adobe eBook Library (fwd) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html Reference: VULN-DEV:20020712 Vulnerability found: The Adobe eBook Library Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102649215618643&w=2 Reference: BUGTRAQ:20020712 Vulnerability found: The Adobe eBook Library Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102650064028760&w=2 The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp. Analysis ---------------- ED_PRI CAN-2002-1019 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1020 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1020 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020712 [VulnWatch] Vulnerability found: The Adobe eBook Library (fwd) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html Reference: VULN-DEV:20020712 Vulnerability found: The Adobe eBook Library Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102649215618643&w=2 Reference: BUGTRAQ:20020712 Vulnerability found: The Adobe eBook Library Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102650064028760&w=2 The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook even when the maximum number of loans is exceeded by accessing the "Add to bookbag" feature when the server reports that no more copies are available. Analysis ---------------- ED_PRI CAN-2002-1020 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1021 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1021 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020712 Three BadBlue Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html Reference: BID:5226 Reference: URL:http://www.securityfocus.com/bid/5226 Reference: XF:badblue-null-file-disclosure(9557) Reference: URL:http://www.iss.net/security_center/static/9557.php BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte. Analysis ---------------- ED_PRI CAN-2002-1021 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1022 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1022 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020712 Three BadBlue Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html Reference: XF:badblue-plaintext-passwords(9558) Reference: URL:http://www.iss.net/security_center/static/9558.php Reference: BID:5228 Reference: URL:http://www.securityfocus.com/bid/5228 BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local nad possibly remote attackers to gain privileges. Analysis ---------------- ED_PRI CAN-2002-1022 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1023 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1023 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020712 Three BadBlue Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html Reference: XF:badblue-get-dos(9528) Reference: URL:http://www.iss.net/security_center/static/9528.php Reference: BID:5187 Reference: URL:http://www.securityfocus.com/bid/5187 BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI. Analysis ---------------- ED_PRI CAN-2002-1023 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1026 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1026 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020701 KPMG-2002028: Sitespring Server Denial of Service Reference: URL:http://online.securityfocus.com/archive/1/280079 Reference: VULNWATCH:20020701 [VulnWatch] KPMG-2002028: Sitespring Server Denial of Service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0140.html Reference: XF:sitespring-sybase-dos(9458) Reference: URL:http://www.iss.net/security_center/static/9458.php Reference: BID:5132 Reference: URL:http://www.securityfocus.com/bid/5132 Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow. Analysis ---------------- ED_PRI CAN-2002-1026 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1027 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1027 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020717 KPMG-2002032: Macromedia Sitespring Cross Site Scripting Reference: URL:http://online.securityfocus.com/archive/1/282742 Reference: VULNWATCH:20020717 [VulnWatch] KPMG-2002032: Macromedia Sitespring Cross Site Scripting Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0029.html Reference: BID:5249 Reference: URL:http://www.securityfocus.com/bid/5249 Reference: XF:sitespring-500error-xss(9588) Reference: URL:http://www.iss.net/security_center/static/9588.php Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter. Analysis ---------------- ED_PRI CAN-2002-1027 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1028 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1028 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020716 Outpost24 Advisory: Oddsock PlaylistGenerator Multiple BufferOverlow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0175.html Reference: MISC:http://www.oddsock.org/tools/gen_songrequester/#Release%202.2%20Notes%20: Reference: BID:5248 Reference: URL:http://www.securityfocus.com/bid/5248 Reference: XF:oddsock-song-requester-dos(9585) Reference: URL:http://www.iss.net/security_center/static/9585.php Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service (crash) via long arguments. Analysis ---------------- ED_PRI CAN-2002-1028 3 Vendor Acknowledgement: unknown vague Content Decisions: SF-LOC, SF-EXEC ACKNOWLEDGEMENT: vendor ack is not absolutely certain. While the changelog indicates that version 2.2 fixed a buffer overflow, it's not clear whether it fixes *this* buffer overflow. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1029 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1029 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020704 Worldspan DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0048.html Reference: XF:worldspan-res-manager-dos(9490) Reference: URL:http://www.iss.net/security_center/static/9490.php Reference: BID:5169 Reference: URL:http://www.securityfocus.com/bid/5169 Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990. Analysis ---------------- ED_PRI CAN-2002-1029 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1033 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1033 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020711 Portcullis Security Advisory - Directory Traversal Vulnerability in SunPS iRunbook 2.5.2 Reference: URL:http://online.securityfocus.com/archive/1/281786 Reference: BID:5209 Reference: URL:http://www.securityfocus.com/bid/5209 Reference: XF:sun-irunbook-information-disclosure(9549) Reference: URL:http://www.iss.net/security_center/static/9549.php Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via a "..:" sequence (dot-dot variant) in the argument. Analysis ---------------- ED_PRI CAN-2002-1033 3 Vendor Acknowledgement: Content Decisions: SF-LOC ABSTRACTION: while ".." and "/full/path" issues are closely related, they are different types of issues, which suggests a SPLIT by CD:SF-LOC. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1034 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1034 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020711 Portcullis Security Advisory - Directory Traversal Vulnerability in SunPS iRunbook 2.5.2 Reference: URL:http://online.securityfocus.com/archive/1/281786 Reference: BID:5209 Reference: URL:http://www.securityfocus.com/bid/5209 Reference: XF:sun-irunbook-information-disclosure(9549) Reference: URL:http://www.iss.net/security_center/static/9549.php none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via an absolute pathname in the argument. Analysis ---------------- ED_PRI CAN-2002-1034 3 Vendor Acknowledgement: Content Decisions: SF-LOC ABSTRACTION: while ".." and "/full/path" issues are closely related, they are different types of issues, which suggests a SPLIT by CD:SF-LOC. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1036 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1036 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020710 XSS Hole in Fluid Dynamics search Engine Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0096.html Reference: BUGTRAQ:20020710 RE: XSS Hole in Fluid Dynamics Search engine Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0094.html Reference: CONFIRM:http://www.xav.com/scripts/search/changes.htm#4 Reference: BID:5199 Reference: URL:http://www.securityfocus.com/bid/5199 Reference: XF:fd-search-xss(9533) Reference: URL:http://www.iss.net/security_center/static/9533.php Cross-site scripting vulnerability in search.pl for Fluid Dynamics Search Engine (FDSE) before 2.0.0.0055 allows remote attackers to execute web script via the (1) Rank or (2) Match parameters. Analysis ---------------- ED_PRI CAN-2002-1036 3 Vendor Acknowledgement: yes followup Content Decisions: SF-LOC ACCURACY: the "Match" parameter was mentioned by the vendor in the changelog for v2.0.0.0055. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1037 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1037 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html Reference: BUGTRAQ:20020714 Double Choco Latte multiple vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102668783632589&w=2 Reference: CONFIRM:http://dcl.sourceforge.net/index.php Reference: BID:5182 Reference: URL:http://www.securityfocus.com/bid/5182 Reference: XF:dcl-html-injection(9532) Reference: URL:http://www.iss.net/security_center/static/9532.php Cross-site scripting vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to inject arbitrary HTML, including script, into web pages via the (1) Ticket# Find, (2) Priorities, (3) Severities, (4) Projects, (5) WO# Find, (6) Departments and (7) Users features. Analysis ---------------- ED_PRI CAN-2002-1037 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ACKNOWLEDGEMENT: the vendor's changelog, dated July 6, 2002, states: "Escaping of html in data displayed from entry to avoid exploits." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1038 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1038 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html Reference: BUGTRAQ:20020714 Double Choco Latte multiple vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102668783632589&w=2 Reference: CONFIRM:http://dcl.sourceforge.net/index.php Reference: XF:dcl-file-upload(9742) Reference: URL:http://www.iss.net/security_center/static/9742.php Double Choco Latte (DCL) before 20020706 does not properly verify if a file was uploaded, which allows remote attackers to conduct certain operations on arbitrary files via the (1) Projects: Upload File Attachment or (2) Work Orders: Import features. Analysis ---------------- ED_PRI CAN-2002-1038 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ACKNOWLEDGEMENT: the vendor's changelog, dated July 6, 2002, states: "File upload verification to prevent spoofing." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1040 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1040 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: AIXAPAR:IY29749 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0000.html Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames. Analysis ---------------- ED_PRI CAN-2002-1040 3 Vendor Acknowledgement: yes patch Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1041 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1041 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: AIXAPAR:IY23359 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0000.html Reference: AIXAPAR:IY29579 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0000.html Unknown vulnerability in DCE (1) SMIT panels and (2) configuration commands, possibly related to relative pathnames. Analysis ---------------- ED_PRI CAN-2002-1041 3 Vendor Acknowledgement: yes patch Content Decisions: SF-LOC, VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1042 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1042 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020709 iPlanet Remote File Viewing Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html Reference: BID:5191 Reference: URL:http://www.securityfocus.com/bid/5191 Reference: XF:iplanet-search-view-files(9517) Reference: URL:http://www.iss.net/security_center/static/9517.php Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter. Analysis ---------------- ED_PRI CAN-2002-1042 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1043 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1043 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020711 Popcorn vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html Reference: XF:popcorn-mail-dos(9547) Reference: URL:http://www.iss.net/security_center/static/9547.php Reference: BID:5212 Reference: URL:http://www.securityfocus.com/bid/5212 Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject ("\t\t"). Analysis ---------------- ED_PRI CAN-2002-1043 3 Vendor Acknowledgement: no unsupported Content Decisions: EX-CLIENT-DOS, SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1044 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1044 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020711 Popcorn vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html Reference: XF:popcorn-mail-dos(9547) Reference: URL:http://www.iss.net/security_center/static/9547.php Reference: BID:5212 Reference: URL:http://www.securityfocus.com/bid/5212 Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Subject field. Analysis ---------------- ED_PRI CAN-2002-1044 3 Vendor Acknowledgement: no unsupported Content Decisions: EX-CLIENT-DOS, SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1045 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1045 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020711 Popcorn vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html Reference: XF:popcorn-mail-dos(9547) Reference: URL:http://www.iss.net/security_center/static/9547.php Reference: BID:5212 Reference: URL:http://www.securityfocus.com/bid/5212 Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Date field that is converted into a year greater than 2037. Analysis ---------------- ED_PRI CAN-2002-1045 3 Vendor Acknowledgement: no unsupported Content Decisions: EX-CLIENT-DOS, SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1046 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1046 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020709 [VulnWatch] KPMG-2002030: Watchguard Firebox Dynamic VPN Configuration Protocol DoS Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0012.html Reference: BID:5186 Reference: URL:http://www.securityfocus.com/bid/5186 Reference: XF:firebox-dvcp-dos(9509) Reference: URL:http://www.iss.net/security_center/static/9509.php Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP port 4110. Analysis ---------------- ED_PRI CAN-2002-1046 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1047 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1047 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020701 [VulnWatch] KPMG-2002027: Watchguard Soho FTP authentication flaw Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0139.html Reference: XF:firebox-soho-ftp-insecure(9511) Reference: URL:http://www.iss.net/security_center/static/9511.php The FTP service in Watchguard Soho Firewall 5.0.35a allows remote attackers to gain privileges with a correct password but an incorrect user name. Analysis ---------------- ED_PRI CAN-2002-1047 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1052 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1052 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020717 KPMG-2002031: Jigsaw Webserver Path Disclosure Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102691753204392&w=2 Reference: VULNWATCH:20020717 [VulnWatch] KPMG-2002031: Jigsaw Webserver Path Disclosure Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0028.html Reference: VULNWATCH:20020717 [VulnWatch] KPMG-2002034: Jigsaw Webserver DOS device DoS Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0031.html Reference: BUGTRAQ:20020717 KPMG-2002034: Jigsaw Webserver DOS device DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102692936820193&w=2 Reference: BID:5258 Reference: URL:http://www.securityfocus.com/bid/5258 Reference: XF:jigsaw-dos-device-dos(9587) Reference: URL:http://www.iss.net/security_center/static/9587.php Reference: XF:jigsaw-aux-path-disclosure(9586) Reference: URL:http://www.iss.net/security_center/static/9586.php Reference: BID:5251 Reference: URL:http://www.securityfocus.com/bid/5251 Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device. Analysis ---------------- ED_PRI CAN-2002-1052 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests combining problems of the same types that affect the same versions. While the results of accessing the "con" device are different than that for the "aux" device, both are instances of the same vulnerability type - "doesn't filter MSDOS device names." Therefore these problems are combined. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1070 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1070 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020716 Wiki module postnuke Cross Site Scripting Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0190.html Reference: XF:phpwiki-xss(9627) Reference: URL:http://www.iss.net/security_center/static/9627.php Reference: BID:5254 Reference: URL:http://www.securityfocus.com/bid/5254 Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki users via the pagename parameter. Analysis ---------------- ED_PRI CAN-2002-1070 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1089 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1089 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: CF Reference: BUGTRAQ:20020717 [AP] Oracle Reports Server Information Disclosure Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0203.html rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks. Analysis ---------------- ED_PRI CAN-2002-1089 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
