|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-102 - 53 candidates
I am proposing cluster RECENT-102 for review and voting by the Editorial Board. Name: RECENT-102 Description: CANs announced between 2002/07/18 and 2002/07/31 Size: 53 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0391 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0391 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020528 Category: SF Reference: ISS:20020731 Remote Buffer Overflow Vulnerability in Sun RPC Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823 Reference: BUGTRAQ:20020731 Remote Buffer Overflow Vulnerability in Sun RPC Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102813809232532&w=2 Reference: BUGTRAQ:20020801 RPC analysis Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102821785316087&w=2 Reference: BUGTRAQ:20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102831443208382&w=2 Reference: CERT:CA-2002-25 Reference: URL:http://www.cert.org/advisories/CA-2002-25.html Reference: CERT-VN:VU#192995 Reference: URL:http://www.kb.cert.org/vuls/id/192995 Reference: DEBIAN:DSA-142 Reference: URL:http://www.debian.org/security/2002/dsa-142 Reference: DEBIAN:DSA-143 Reference: URL:http://www.debian.org/security/2002/dsa-143 Reference: DEBIAN:DSA-146 Reference: URL:http://www.debian.org/security/2002/dsa-146 Reference: DEBIAN:DSA-149 Reference: URL:http://www.debian.org/security/2002/dsa-149 Reference: FREEBSD:FreeBSD-SA-02:34.rpc Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102821928418261&w=2 Reference: SGI:20020801-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A Reference: SGI:20020801-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A Reference: NETBSD:NetBSD-SA2002-011 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc Reference: REDHAT:RHSA-2002:166 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-166.html Reference: REDHAT:RHSA-2002:172 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-172.html Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. Analysis ---------------- ED_PRI CAN-2002-0391 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0638 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0638 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020627 Category: SF Reference: VULNWATCH:20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html Reference: BUGTRAQ:20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102795787713996&w=2 Reference: CERT-VN:VU#405955 Reference: URL:http://www.kb.cert.org/vuls/id/405955 Reference: REDHAT:RHSA-2002:132 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-132.html Reference: MANDRAKE:MDKSA-2002:047 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php Reference: BUGTRAQ:20020730 TSLSA-2002-0064 - util-linux Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html Reference: HP:HPSBTL0207-054 Reference: URL:http://online.securityfocus.com/advisories/4320 Reference: XF:utillinux-chfn-race-condition(9709) Reference: URL:http://www.iss.net/security_center/static/9709.php Reference: BID:5344 Reference: URL:http://www.securityfocus.com/bid/5344 setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. Analysis ---------------- ED_PRI CAN-2002-0638 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0655 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020702 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20020730 OpenSSL Security Altert - Remote Buffer Overflows Reference: REDHAT:RHSA-2002:155 Reference: DEBIAN:DSA-136 Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl) Reference: BUGTRAQ:20020730 TSLSA-2002-0063 - openssl Reference: BUGTRAQ:20020730 OpenSSL patches for other versions Reference: ENGARDE:ESA-20020730-019 Reference: BUGTRAQ:20020730 GLSA: OpenSSL Reference: SUSE:SuSE-SA:2002:027 Reference: CERT:CA-2002-23 Reference: URL:http://www.cert.org/advisories/CA-2002-23.html Reference: CERT-VN:VU#308891 Reference: URL:http://www.kb.cert.org/vuls/id/308891 Reference: CALDERA:CSSA-2002-033.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt Reference: CALDERA:CSSA-2002-033.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt Reference: FREEBSD:FreeBSD-SA-02:33 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc Reference: MANDRAKE:MDKSA-2002:046 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php Reference: CONECTIVA:CLA-2002:513 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513 Reference: BID:5364 Reference: URL:http://www.securityfocus.com/bid/5364 OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. Analysis ---------------- ED_PRI CAN-2002-0655 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0656 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020702 Category: SF Reference: BUGTRAQ:20020730 OpenSSL Security Altert - Remote Buffer Overflows Reference: REDHAT:RHSA-2002:155 Reference: DEBIAN:DSA-136 Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl) Reference: BUGTRAQ:20020730 TSLSA-2002-0063 - openssl Reference: BUGTRAQ:20020730 OpenSSL patches for other versions Reference: ENGARDE:ESA-20020730-019 Reference: BUGTRAQ:20020730 GLSA: OpenSSL Reference: SUSE:SuSE-SA:2002:027 Reference: CERT:CA-2002-23 Reference: URL:http://www.cert.org/advisories/CA-2002-23.html Reference: CERT-VN:VU#102795 Reference: URL:http://www.kb.cert.org/vuls/id/102795 Reference: CERT-VN:VU#258555 Reference: URL:http://www.kb.cert.org/vuls/id/258555 Reference: CALDERA:CSSA-2002-033.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt Reference: CALDERA:CSSA-2002-033.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt Reference: FREEBSD:FreeBSD-SA-02:33 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc Reference: MANDRAKE:MDKSA-2002:046 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php Reference: CONECTIVA:CLA-2002:513 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513 Reference: XF:openssl-ssl2-masterkey-bo(9714) Reference: URL:http://www.iss.net/security_center/static/9714.php Reference: BID:5362 Reference: URL:http://www.securityfocus.com/bid/5362 Reference: BID:5363 Reference: URL:http://www.securityfocus.com/bid/5363 Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. Analysis ---------------- ED_PRI CAN-2002-0656 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0658 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020702 Category: SF Reference: MANDRAKE:MDKSA-2002:045 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-045.php Reference: REDHAT:RHSA-2002:164 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-164.html Reference: REDHAT:RHSA-2002:154 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-154.html Reference: REDHAT:RHSA-2002:153 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-153.html Reference: CALDERA:CSSA-2002-032.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-032.0.txt Reference: DEBIAN:DSA-137 Reference: URL:http://www.debian.org/security/2002/dsa-137 Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.007] OpenPKG Security Advisory (mm) Reference: HP:HPSBTL0208-056 Reference: URL:http://online.securityfocus.com/advisories/4392 Reference: FREEBSD:FreeBSD-SN-02:05 Reference: URL:http://online.securityfocus.com/advisories/4431 Reference: SUSE:SuSE-SA:2002:028 Reference: URL:http://www.suse.com/de/security/2002_028_mod_ssl.html Reference: XF:mm-tmpfile-symlink(9719) Reference: URL:http://www.iss.net/security_center/static/9719.php Reference: BID:5352 Reference: URL:http://online.securityfocus.com/bid/5352 OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack. Analysis ---------------- ED_PRI CAN-2002-0658 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0659 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020702 Category: SF Reference: BUGTRAQ:20020730 OpenSSL Security Altert - Remote Buffer Overflows Reference: DEBIAN:DSA-136 Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl) Reference: BUGTRAQ:20020730 TSLSA-2002-0063 - openssl Reference: BUGTRAQ:20020730 OpenSSL patches for other versions Reference: ENGARDE:ESA-20020730-019 Reference: BUGTRAQ:20020730 GLSA: OpenSSL Reference: CERT:CA-2002-23 Reference: URL:http://www.cert.org/advisories/CA-2002-23.html Reference: CERT-VN:VU#748355 Reference: URL:http://www.kb.cert.org/vuls/id/748355 Reference: REDHAT:RHSA-2002:164 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-164.html Reference: REDHAT:RHSA-2002:161 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-161.html Reference: REDHAT:RHSA-2002:160 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-160.html Reference: CALDERA:CSSA-2002-033.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt Reference: CALDERA:CSSA-2002-033.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt Reference: FREEBSD:FreeBSD-SA-02:33 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc Reference: CONECTIVA:CLA-2002:516 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516 Reference: BID:5366 Reference: URL:http://www.securityfocus.com/bid/5366 Reference: XF:openssl-asn1-parser-dos(9718) Reference: URL:http://www.iss.net/security_center/static/9718.php The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. Analysis ---------------- ED_PRI CAN-2002-0659 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0695 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0695 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020712 Category: SF Reference: MS:MS02-040 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-040.asp Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command. Analysis ---------------- ED_PRI CAN-2002-0695 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0710 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0710 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020718 Category: SF Reference: BUGTRAQ:20020730 Directory traversal vulnerability in sendform.cgi Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102809084218422&w=2 Reference: VULNWATCH:20020731 [VulnWatch] Directory traversal vulnerability in sendform.cgi Reference: CONFIRM:http://www.scn.org/~bb615/scripts/sendform.html Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter. Analysis ---------------- ED_PRI CAN-2002-0710 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: On the vendor's home page, an item dated July 22, 2002, says "New: security fix: This limits reading world-readable 'blurb' files (that can be used with HTML forms with this script) to certain directories defined in the script by the Web administrator." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0813 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0813 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020730 Category: SF Reference: BUGTRAQ:20020727 Phenoelit Advisory, 0815 ++ * - Cisco_tftp Reference: URL:http://online.securityfocus.com/archive/1/284634 Reference: CISCO:20020730 TFTP Long Filename Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml Reference: BUGTRAQ:20020822 Cisco IOS exploit PoC Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103002169829669&w=2 Reference: XF:cisco-tftp-filename-bo(9700) Reference: URL:http://www.iss.net/security_center/static/9700.php Reference: BID:5328 Reference: URL:http://www.securityfocus.com/bid/5328 Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename. Analysis ---------------- ED_PRI CAN-2002-0813 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0814 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0814 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020730 Category: SF Reference: BUGTRAQ:20020724 VMware GSX Server Remote Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102752511030425&w=2 Reference: BUGTRAQ:20020726 Re: VMware GSX Server Remote Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102765223418716&w=2 Reference: NTBUGTRAQ:20020805 VMware GSX Server 2.0.1 Release and Security Alert Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0057.html Reference: CONFIRM:http://www.vmware.com/download/gsx_security.html Reference: XF:vmware-gsx-auth-bo(9663) Reference: URL:http://www.iss.net/security_center/static/9663.php Reference: BID:5294 Reference: URL:http://www.securityfocus.com/bid/5294 Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument. Analysis ---------------- ED_PRI CAN-2002-0814 1 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0816 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0816 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020731 Category: SF Reference: BUGTRAQ:20020719 tru64 proof of concept /bin/su non-exec bypass Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102709593117171&w=2 Reference: COMPAQ:SSRT2257 Reference: URL:http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html Reference: BID:5272 Reference: URL:http://online.securityfocus.com/bid/5272 Reference: XF:tru64-su-bo(9640) Reference: URL:http://www.iss.net/security_center/static/9640.php Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument. Analysis ---------------- ED_PRI CAN-2002-0816 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0817 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0817 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020801 Category: SF Reference: BUGTRAQ:20020731 The SUPER Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102812622416695&w=2 Reference: DEBIAN:DSA-139 Reference: URL:http://www.debian.org/security/2002/dsa-139 Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument. Analysis ---------------- ED_PRI CAN-2002-0817 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0820 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0820 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020801 Category: SF Reference: VULNWATCH:20020731 [VulnWatch] FreeBSD <=4.6 kernel problems, yet Linux and *BSD much better than Windows Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0047.html Reference: BUGTRAQ:20020819 Freebsd FD exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102979180524452&w=2 Reference: FREEBSD:FreeBSD-SA-02:23 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc Reference: MISC:http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=d429cd2ef1d3a2b7&seekm=ai6c0q%242289%241%40FreeBSD.csie.NCTU.edu.tw#link16 FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges. Analysis ---------------- ED_PRI CAN-2002-0820 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0824 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0824 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020803 Category: SF Reference: FREEBSD:FreeBSD-SA-02:32.pppd Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102812546815606&w=2 Reference: NETBSD:NetBSD-SA2002-010 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-010.txt.asc pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device. Analysis ---------------- ED_PRI CAN-2002-0824 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0825 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0825 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020805 Category: SF Reference: CONFIRM:http://www.padl.com/Articles/PotentialBufferOverflowin.html Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code. Analysis ---------------- ED_PRI CAN-2002-0825 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1049 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1049 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020729 HylaFAX - Various Vulnerabilities Fixed Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html Reference: DEBIAN:DSA-148 Reference: URL:http://www.debian.org/security/2002/dsa-148 Reference: CONFIRM:http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=300 Reference: BID:5348 Reference: URL:http://www.securityfocus.com/bid/5348 Reference: XF:hylafax-faxgetty-tsi-dos(9728) Reference: URL:http://www.iss.net/security_center/static/9728.php Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service (crash) via the TSI data element. Analysis ---------------- ED_PRI CAN-2002-1049 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1050 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1050 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020729 HylaFAX - Various Vulnerabilities Fixed Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html Reference: DEBIAN:DSA-148 Reference: URL:http://www.debian.org/security/2002/dsa-148 Reference: CONFIRM:http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=312 Reference: BID:5349 Reference: URL:http://www.securityfocus.com/bid/5349 Reference: XF:hylafax-faxgetty-image-bo(9729) Reference: URL:http://www.iss.net/security_center/static/9729.php Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service (and possibly execute arbitrary code via a long line of image data. Analysis ---------------- ED_PRI CAN-2002-1050 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1054 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020722 Pablo Sofware Solutions FTP server Directory Traversal Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/283665 Reference: VULNWATCH:20020722 [VulnWatch] Pablo Sofware Solutions FTP server Directory Traversal Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0035.html Reference: CONFIRM:http://www.pablovandermeer.nl/ftpserversrc.zip Reference: BID:5283 Reference: URL:http://www.securityfocus.com/bid/5283 Reference: XF:pablo-ftp-directory-traversal(9647) Reference: URL:http://www.iss.net/security_center/static/9647.php Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via "..\" (dot-dot backslash) sences in a LIST command. Analysis ---------------- ED_PRI CAN-2002-1054 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the Release/whatsnew.txt file in the source code includes an item dated [07/21/2002], Version 1.10, states "Fixed security hole in GetDirectoryList (LIST \..\) (thanks to: http://www.sec uriteinfo.com) [the discloser]" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1059 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020723 Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102744150718462&w=2 Reference: BUGTRAQ:20020723 Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102746007908689&w=2 Reference: CONFIRM:http://www.vandyke.com/products/securecrt/security07-25-02.html Reference: XF:securecrt-ssh1-identifier-bo(9650) Reference: URL:http://www.iss.net/security_center/static/9650.php Reference: BID:5287 Reference: URL:http://www.securityfocus.com/bid/5287 Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string. Analysis ---------------- ED_PRI CAN-2002-1059 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1060 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1060 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020724 CacheFlow CacheOS Cross-site Scripting Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0283.html Reference: CONFIRM:http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm Reference: BID:5305 Reference: URL:http://www.securityfocus.com/bid/5305 Reference: XF:cacheos-unresolved-error-xss(9674) Reference: URL:http://www.iss.net/security_center/static/9674.php Cross-site scripting vulnerability in CacheFlow CacheOS 4.1.06 and earlier allows remote attackers to insert arbitrary HTML, including script, via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error message. Analysis ---------------- ED_PRI CAN-2002-1060 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the changelog, dated 07/15/2002, includes the following item for V4.1.07(build 18110): "Modified default user-configurable error pages to eliminate cross-site scripting attack." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1076 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1076 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020725 IPSwitch IMail ADVISORY/EXPLOIT/PATCH Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html Reference: BUGTRAQ:20020729 Hoax Exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html Reference: BUGTRAQ:20020729 Re: Hoax Exploit (2c79cbe14ac7d0b8472d3f129fa1df55 RETURNS) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20020731-DM02.htm Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20020729-DM01.htm Reference: BID:5323 Reference: URL:http://www.securityfocus.com/bid/5323 Reference: XF:imail-web-messaging-bo(9679) Reference: URL:http://www.iss.net/security_center/static/9679.php Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0. Analysis ---------------- ED_PRI CAN-2002-1076 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the release notes for version 7.12 say "Fixed a buffer over-run which could result in a vulnerability (bugtraq id 5323)." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1088 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1088 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020725 Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0296.html Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963273 Reference: BID:5313 Reference: URL:http://www.securityfocus.com/bid/5313 Reference: XF:groupwise-rcpt-bo(9671) Reference: URL:http://www.iss.net/security_center/static/9671.php Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command. Analysis ---------------- ED_PRI CAN-2002-1088 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: while the Novell TID does not itself contain vendor acknowledgement, the vendor's security advisory page has a link to the TID with the phrase "Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1057 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1057 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020723 MailMax security advisory/exploit/patch Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0245.html Reference: BID:5285 Reference: URL:http://www.securityfocus.com/bid/5285 Reference: XF:mailmax-pop3max-user-bo(9651) Reference: URL:http://www.iss.net/security_center/static/9651.php Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows remote attackers to execute arbitrary code via a long USER command. Analysis ---------------- ED_PRI CAN-2002-1057 2 Vendor Acknowledgement: yes via-email ACKNOWLEDGEMENT: e-mail inquiry sent on August 28, 2002, via interface at https://supportcenteronline.com/ics/support/default.asp?deptID=468. Vendor acknowledged the issue on August 29: "This report is accurate and we have a patch fixing the issue available for our customers." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0657 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020702 Category: SF Reference: BUGTRAQ:20020730 OpenSSL Security Altert - Remote Buffer Overflows: Reference: DEBIAN:DSA-136 Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl) Reference: BUGTRAQ:20020730 OpenSSL patches for other versions Reference: SUSE:SuSE-SA:2002:027 Reference: CERT:CA-2002-23 Reference: URL:http://www.cert.org/advisories/CA-2002-23.html Reference: CERT-VN:VU#561275 Reference: URL:http://www.kb.cert.org/vuls/id/561275 Reference: CALDERA:CSSA-2002-033.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt Reference: CALDERA:CSSA-2002-033.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt Reference: FREEBSD:FreeBSD-SA-02:33 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc Reference: MANDRAKE:MDKSA-2002:046 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php Reference: CONECTIVA:CLA-2002:513 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513 Reference: XF:openssl-ssl3-masterkey-bo(9715) Reference: URL:http://www.iss.net/security_center/static/9715.php Reference: BID:5361 Reference: URL:http://online.securityfocus.com/bid/5361 Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key. Analysis ---------------- ED_PRI CAN-2002-0657 3 Vendor Acknowledgement: yes advisory Content Decisions: EX-BETA Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0815 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0815 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020730 Category: SF Reference: BUGTRAQ:20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102796732924658&w=2 Reference: BUGTRAQ:20020729 RE: XWT Foundation Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102798282208686&w=2 The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain. Analysis ---------------- ED_PRI CAN-2002-0815 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0993 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0993 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: HP:HPSBUX0207-201 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0023.html Reference: BID:5267 Reference: URL:http://www.securityfocus.com/bid/5267 Reference: XF:hp-isee-unauth-access(9620) Reference: URL:http://www.iss.net/security_center/static/9620.php Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users access to access restricted files. Analysis ---------------- ED_PRI CAN-2002-0993 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1016 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1016 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2002-July/000559.html Reference: XF:adobe-ebook-bypass-restrictions(9634) Reference: URL:http://www.iss.net/security_center/static/9634.php Reference: BID:5273 Reference: URL:http://www.securityfocus.com/bid/5273 Adobe eBook Reader allows a user to bypass restrictions for copy, print, lend, and give operations by backing up key data files, performing the operations, and restoring the original data files. Analysis ---------------- ED_PRI CAN-2002-1016 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1017 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1017 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020730 Vulnerability: protected Adobe eBooks can be copied between computers Reference: URL:http://online.securityfocus.com/archive/1/285093 Reference: XF:adobe-ebook-bypass-activation(9740) Reference: URL:http://www.iss.net/security_center/static/9740.php Reference: BID:5358 Reference: URL:http://www.securityfocus.com/bid/5358 Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other systems by using the backup feature, capturing the encryption Challenge, and using the appropriate hash function to generate the activation code. Analysis ---------------- ED_PRI CAN-2002-1017 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1048 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1048 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020727 Phenoelit Advisory #0815 +-+ Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0345.html Reference: BID:5331 Reference: URL:http://www.securityfocus.com/bid/5331 HP JetDirect printers allow remote attackers to obtain the administrative password for the (1) web and (2) telnet services via an SNMP request to the variable (.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0. Analysis ---------------- ED_PRI CAN-2002-1048 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: the acknowledgement for this issue is uncertain, as HP:HPSBUX0207-204 is too vague to know whether it's addressing this issue, a previously announced one, or neither. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1055 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020727 phenoelit advisory, Brother Printers ++/- Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0353.html Reference: BID:5339 Reference: URL:http://www.securityfocus.com/bid/5339 Reference: XF:brother-nc-password-bo(9701) Reference: URL:http://www.iss.net/security_center/static/9701.php Buffer overflow in administrative web server for Brother NC-3100h printer allows remote attackers to cause a denial of service via a long password. Analysis ---------------- ED_PRI CAN-2002-1055 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1058 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1058 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020723 Cobalt Qube 3 Administration page Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0261.html Reference: XF:cobalt-qube-admin-access(9669) Reference: URL:http://www.iss.net/security_center/static/9669.php Reference: BID:5297 Reference: URL:http://www.securityfocus.com/bid/5297 Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file. Analysis ---------------- ED_PRI CAN-2002-1058 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1061 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1061 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html Reference: XF:jana-pop3-logging-bo(9685) Reference: URL:http://www.iss.net/security_center/static/9685.php Reference: XF:jana-smtp-logging-bo(9686) Reference: URL:http://www.iss.net/security_center/static/9686.php Reference: BID:5320 Reference: URL:http://www.securityfocus.com/bid/5320 Reference: BID:5322 Reference: URL:http://www.securityfocus.com/bid/5322 Reference: XF:jana-http-proxy-bo(9683) Reference: URL:http://www.iss.net/security_center/static/9683.php Reference: BID:5324 Reference: URL:http://www.securityfocus.com/bid/5324 Reference: BID:5319 Reference: URL:http://www.securityfocus.com/bid/5319 Reference: XF:jana-http-logging-bo(9682) Reference: URL:http://www.iss.net/security_center/static/9682.php Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP GET request with a long major version number, (2) an HTTP GET request to the HTTP proxy on port 3128 with a long major version number, (3) a long OK reply from a POP3 server, and (4) a long SMTP server response. Analysis ---------------- ED_PRI CAN-2002-1061 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1062 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1062 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html Reference: XF:jana-socks5-bo(9684) Reference: URL:http://www.iss.net/security_center/static/9684.php Reference: BID:5321 Reference: URL:http://www.securityfocus.com/bid/5321 Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to execute arbitrary code via long (1) Username, (2) Password, or (3) Hostname entries. Analysis ---------------- ED_PRI CAN-2002-1062 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC, SF-EXEC ABSTRACTION: while the *exploit* is a buffer overflow, the problem was explicitly reported as a signedness error that enabled the overflow; therefore, this is treated as a different issue than the Jana overflows, in accordance with CD:SF-LOC. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1063 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1063 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html Reference: XF:jana-ftp-pasv-dos(9687) Reference: URL:http://www.iss.net/security_center/static/9687.php Reference: BID:5325 Reference: URL:http://www.securityfocus.com/bid/5325 Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of FTP PASV requests, which consumes all available FTP ports. Analysis ---------------- ED_PRI CAN-2002-1063 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1064 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1064 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html Reference: XF:jana-pop3-bruteforce(9688) Reference: URL:http://www.iss.net/security_center/static/9688.php Reference: BID:5326 Reference: URL:http://www.securityfocus.com/bid/5326 Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server. Analysis ---------------- ED_PRI CAN-2002-1064 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1065 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1065 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html Reference: XF:jana-pop3-bruteforce(9688) Reference: URL:http://www.iss.net/security_center/static/9688.php Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, does not restrict the number of unsuccessful login attempts, which makes it easier for remote attackers to gain privileges via brute force username and password guessing. Analysis ---------------- ED_PRI CAN-2002-1065 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1066 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1066 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html Reference: XF:jana-pop3-index-bo(9689) Reference: URL:http://www.iss.net/security_center/static/9689.php Reference: BID:5327 Reference: URL:http://www.securityfocus.com/bid/5327 Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large message index value in a (1) RETR or (2) DELE command to the POP3 server, which exceeds the array limits and allows a buffer overflow attack. Analysis ---------------- ED_PRI CAN-2002-1066 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1067 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1067 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020727 0815 ++ */ SEH_Web Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0336.html Reference: BID:5329 Reference: URL:http://www.securityfocus.com/bid/5329 Reference: XF:seh-ic9-password-bo(9702) Reference: URL:http://www.iss.net/security_center/static/9702.php Administrative web interface for IC9 Pocket Print Server Firmware 7.1.30 and 7.1.36f allows remote attackers to cause a denial of service (reboot and reset) via a long password, possibly due to a buffer overflow. Analysis ---------------- ED_PRI CAN-2002-1067 3 Vendor Acknowledgement: no disputed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1068 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1068 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020727 Phenoelit Advisory #0815 ++-+ dp_300 (DLINK) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0341.html Reference: VULN-DEV:20020727 Phenoelit Advisory #0815 ++-+ dp_300 (DLINK) Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102779425117680&w=2 Reference: XF:dlink-dp-post-dos(9703) Reference: URL:http://www.iss.net/security_center/static/9703.php Reference: BID:5330 Reference: URL:http://www.securityfocus.com/bid/5330 The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request. Analysis ---------------- ED_PRI CAN-2002-1068 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1072 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1072 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: VULNWATCH:20020724 [VulnWatch] Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0036.html Reference: BUGTRAQ:20020724 Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1) Reference: URL:http://online.securityfocus.com/archive/1/283999 Reference: BID:5292 Reference: URL:http://www.securityfocus.com/bid/5292 Reference: XF:zyxel-jolt-dos(9655) Reference: URL:http://www.iss.net/security_center/static/9655.php ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented "jolt" style ICMP packet. Analysis ---------------- ED_PRI CAN-2002-1072 3 Vendor Acknowledgement: Content Decisions: INCLUSION ABSTRACTION: It is possible that this overlaps CAN-2001-1194(2). Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1073 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1073 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020717 MERCUR Mailserver advisory/remote exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0195.html Reference: XF:mercur-control-service-bo(9618) Reference: URL:http://www.iss.net/security_center/static/9618.php Reference: BID:5261 Reference: URL:http://www.securityfocus.com/bid/5261 Buffer overflow in the control service for MERCUR Mailserver 4.2 allows remote attackers to execute arbitrary code via a long password. Analysis ---------------- ED_PRI CAN-2002-1073 3 Vendor Acknowledgement: ACKNOWLEDGEMENT: email inquiry sent to support@atrium-software.com on August 29, 2002. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1075 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1075 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020724 Pegasus mail DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0277.html Reference: BID:5302 Reference: URL:http://www.securityfocus.com/bid/5302 Reference: XF:pegasus-message-header-bo(9673) Reference: URL:http://www.iss.net/security_center/static/9673.php Buffer overflow in Pegasus mail client 4.01 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) To or (2) From headers. Analysis ---------------- ED_PRI CAN-2002-1075 3 Vendor Acknowledgement: ACKNOWLEDGEMENT: email inquiry sent to tech-support@pmail.gen.nz on August 29, 2002. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1077 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1077 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020730 IPSwitch IMail Advisory #2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0399.html Reference: BID:5365 Reference: URL:http://www.securityfocus.com/bid/5365 Reference: XF:imail-iwebcal-content-length-dos(9722) Reference: URL:http://www.iss.net/security_center/static/9722.php IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field. Analysis ---------------- ED_PRI CAN-2002-1077 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1078 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1078 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020729 Abyss Web Server version 1.0.3 shows file and directory content Reference: URL:http://online.securityfocus.com/archive/1/284904 Reference: VULNWATCH:20020729 [VulnWatch] Abyss Web Server version 1.0.3 shows file and directory content Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0043.html Reference: BID:5345 Reference: URL:http://www.securityfocus.com/bid/5345 Reference: XF:abyss-slash-directory-traversal(9721) Reference: URL:http://www.iss.net/security_center/static/9721.php Abyss Web Server 1.0.3 allows remote attackers to list directory contents via an HTTP GET request that ends in a large number of / (slash) characters. Analysis ---------------- ED_PRI CAN-2002-1078 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1082 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1082 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html Reference: BUGTRAQ:20020725 ezContents multiple vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/284229 Reference: XF:ezcontents-image-file-upload(9698) Reference: URL:http://www.iss.net/security_center/static/9698.php The Image Upload capability for ezContents 1.40 and earlier allows remote attackers to cause ezContents to perform operations on local files as if they were uploaded. Analysis ---------------- ED_PRI CAN-2002-1082 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1083 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1083 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html Reference: BUGTRAQ:20020725 ezContents multiple vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/284229 Reference: XF:ezcontents-dotdot-directory-traversal(9710) Reference: URL:http://www.iss.net/security_center/static/9710.php Directory traversal vulnerabilities in ezContents 1.41 and earlier allow remote attackers to cause ezContents to (1) create directories using the Maintain Images:Add New:Create Subdirectory item, or (2) list directories using the Maintain Images file listing, via .. (dot dot) sequences. Analysis ---------------- ED_PRI CAN-2002-1083 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1084 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1084 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html Reference: BUGTRAQ:20020725 ezContents multiple vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/284229 Reference: XF:ezcontents-verifylogin-post-data(9711) Reference: URL:http://www.iss.net/security_center/static/9711.php The VerifyLogin function in ezContents 1.41 and earlier does not properly halt program execution if a user fails to log in properly, which allows remote attackers to modify and view restricted information via HTTP POST requests. Analysis ---------------- ED_PRI CAN-2002-1084 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1085 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1085 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html Reference: BUGTRAQ:20020725 ezContents multiple vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/284229 Reference: XF:ezcontents-diary-entry-xss(9712) Reference: URL:http://www.iss.net/security_center/static/9712.php Multiple cross-site scripting vulnerabilities in ezContents 1.41 and earlier allow remote attackers to execute script and steal cookies via the diary and other capabilities. Analysis ---------------- ED_PRI CAN-2002-1085 3 Vendor Acknowledgement: Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1086 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1086 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html Reference: BUGTRAQ:20020725 ezContents multiple vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/284229 Reference: XF:ezcontents-sql-injection(9713) Reference: URL:http://www.iss.net/security_center/static/9713.php Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier allow remote attackers to conduct unauthorized activities. Analysis ---------------- ED_PRI CAN-2002-1086 3 Vendor Acknowledgement: Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1087 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1087 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: VULNWATCH:20020725 [VulnWatch] ezContents multiple vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html Reference: BUGTRAQ:20020725 ezContents multiple vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/284229 The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request. Analysis ---------------- ED_PRI CAN-2002-1087 3 Vendor Acknowledgement: Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
