|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-103 - 41 candidates
I am proposing cluster RECENT-103 for review and voting by the Editorial Board. Name: RECENT-103 Description: CANs announced between 2002/08/01 and 2002/08/15 Size: 41 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0632 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0632 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020621 Category: SF Reference: SGI:20020804-01-P Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier allows clients to read arbitrary files on a BDS server. Analysis ---------------- ED_PRI CAN-2002-0632 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0679 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0679 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020709 Category: SF Reference: BUGTRAQ:20020812 ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Database Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102917002523536&w=2 Reference: CERT:CA-2002-26 Reference: URL:http://www.cert.org/advisories/CA-2002-26.html Reference: CERT-VN:VU#387387 Reference: URL:http://www.kb.cert.org/vuls/id/387387 Reference: CALDERA:CSSA-2002-SCO.28.1 Reference: COMPAQ:SSRT2274 Reference: AIXAPAR:IY32792 Reference: AIXAPAR:IY32793 Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure. Analysis ---------------- ED_PRI CAN-2002-0679 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0700 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0700 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020712 Category: SF Reference: MS:MS02-041 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-041.asp Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise." Analysis ---------------- ED_PRI CAN-2002-0700 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0718 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0718 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020722 Category: SF Reference: MS:MS02-041 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-041.asp Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function." Analysis ---------------- ED_PRI CAN-2002-0718 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0719 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0719 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020722 Category: SF Reference: MS:MS02-041 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-041.asp SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files. Analysis ---------------- ED_PRI CAN-2002-0719 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0720 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0720 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020722 Category: SF Reference: MS:MS02-042 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-042.asp A handler routine for the Network Connection Manager (NCM) allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code. Analysis ---------------- ED_PRI CAN-2002-0720 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0721 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0721 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020722 Category: SF Reference: BUGTRAQ:20020816 Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102950473002959&w=2 Reference: NTBUGTRAQ:20020816 Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102950792606475&w=2 Reference: MS:MS02-043 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-043.asp Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. Analysis ---------------- ED_PRI CAN-2002-0721 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0818 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0818 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020801 Category: SF Reference: BUGTRAQ:20020718 wwwoffle-2.7b and prior segfaults with negative Content-Length value Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0194.html Reference: SUSE:SuSE-SA:2002:029 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102821890317683&w=2 Reference: DEBIAN:DSA-144 Reference: URL:http://www.debian.org/security/2002/dsa-144 Reference: XF:wwwoffle-neg-length-bo(9619) Reference: URL:http://www.iss.net/security_center/static/9619.php Reference: BID:5260 Reference: URL:http://www.securityfocus.com/bid/5260 wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value. Analysis ---------------- ED_PRI CAN-2002-0818 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0823 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0823 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020802 Category: SF Reference: BUGTRAQ:20020801 Winhelp32 Remote Buffer Overrun Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102822806329440&w=2 Reference: NTBUGTRAQ:20020801 Winhlp32.exe Remote BufferOverrun Reference: MSKB:Q293338 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;en-us;q293338 Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter. Analysis ---------------- ED_PRI CAN-2002-0823 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0826 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0826 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020806 Category: SF Reference: ATSTAKE:A080802-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a080802-1.txt Reference: CONFIRM:http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command. Analysis ---------------- ED_PRI CAN-2002-0826 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the vendor's patches/upgrades page includes an item for 3.1.2 that "corrects a security issue relating to the processing of the SITE CPWD command... Fixed buffer overrun in CPWD command" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0829 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0829 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020806 Category: SF Reference: FREEBSD:FreeBSD-SA-02:35.ffs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865404413458&w=2 Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system. Analysis ---------------- ED_PRI CAN-2002-0829 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0830 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0830 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020806 Category: SF Reference: FREEBSD:FreeBSD-SA-02:36.nfs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865517214722&w=2 Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop. Analysis ---------------- ED_PRI CAN-2002-0830 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0831 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0831 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020806 Category: SF Reference: FREEBSD:FreeBSD-SA-02:37.kqueue Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865142610126&w=2 The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end. Analysis ---------------- ED_PRI CAN-2002-0831 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0845 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0845 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020809 Category: SF Reference: BUGTRAQ:20020808 EEYE: Sun(TM) ONE / iPlanet Web Server 4.1 and 6.0 Remote Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102890933623192&w=2 Reference: CONFIRM:http://www.sun.com/service/support/software/iplanet/alerts/transferencodingalert-23july2002.html Reference: XF:iplanet-chunked-encoding-bo(9799) Reference: URL:http://www.iss.net/security_center/static/9799.php Reference: BID:5433 Reference: URL:http://www.securityfocus.com/bid/5433 Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding. Analysis ---------------- ED_PRI CAN-2002-0845 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0846 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0846 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020809 Category: SF Reference: BUGTRAQ:20020808 EEYE: Macromedia Shockwave Flash Malformed Header Overflow Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23293 The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length. Analysis ---------------- ED_PRI CAN-2002-0846 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0847 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0847 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020809 Category: SF Reference: DEBIAN:DSA-145 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102874450402924&w=2 Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=88790 Reference: XF:tinyproxy-memory-corruption(9079) Reference: URL:http://www.iss.net/security_center/static/9079.php Reference: BID:4731 Reference: URL:http://www.securityfocus.com/bid/4731 tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free). Analysis ---------------- ED_PRI CAN-2002-0847 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: the vendor's changelog for 1.5.0 states: "Fixed a bunch of memory leaks, and situations where memory was being freed twice (a potential security problem.)" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0848 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0848 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020809 Category: SF Reference: CISCO:20020807 Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing. Analysis ---------------- ED_PRI CAN-2002-0848 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0851 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0851 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020810 Category: SF Reference: VULNWATCH:20020809 Local Root Exploit Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0068.html Reference: SUSE:SuSE-SA:2002:030 Reference: XF:isdn4linux-ipppd-format-string(9811) Reference: URL:http://www.iss.net/security_center/static/9811.php Reference: BID:5437 Reference: URL:http://www.securityfocus.com/bid/5437 Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog. Analysis ---------------- ED_PRI CAN-2002-0851 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0852 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0852 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020812 Category: SF Reference: CISCO:20020812 Cisco VPN Client Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. Analysis ---------------- ED_PRI CAN-2002-0852 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0853 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0853 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020812 Category: SF Reference: CISCO:20020812 Cisco VPN Client Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. Analysis ---------------- ED_PRI CAN-2002-0853 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0856 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0856 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020813 Category: SF Reference: ISS:20020813 Remote Denial of Service Vulnerability in Oracle9i SQL*NET Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf Reference: XF:oracle-listener-debug-dos(9237) Reference: URL:http://www.iss.net/security_center/static/9237.php SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. Analysis ---------------- ED_PRI CAN-2002-0856 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0871 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0871 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: DEBIAN:DSA-151 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102927065426172&w=2 Reference: BUGTRAQ:20020814 GLSA: xinetd Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102935383506155&w=2 xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services cause a denial of service via the pipe. Analysis ---------------- ED_PRI CAN-2002-0871 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0872 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0872 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: DEBIAN:DSA-152 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102927221427782&w=2 l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions. Analysis ---------------- ED_PRI CAN-2002-0872 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0873 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0873 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020813 New l2tpd release 0.68 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102925612907148&w=2 Reference: DEBIAN:DSA-152 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102927221427782&w=2 Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow. Analysis ---------------- ED_PRI CAN-2002-0873 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0970 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0970 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020812 Re: IE SSL Vulnerability (Konqueror affected too) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918241005893&w=2 Reference: DEBIAN:DSA-155 Reference: URL:http://www.debian.org/security/2002/dsa-155 The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. Analysis ---------------- ED_PRI CAN-2002-0970 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0660 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0660 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020702 Category: SF Reference: DEBIAN:DSA-140 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102858558321355&w=2 Reference: REDHAT:RHSA-2002:151 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-151.html Reference: REDHAT:RHSA-2002:152 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-152.html Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CAN-2002-0728. Analysis ---------------- ED_PRI CAN-2002-0660 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0661 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0661 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020702 Category: SF Reference: BUGTRAQ:20020809 Apache 2.0 vulnerability affects non-Unix platforms Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102892744011436&w=2 Reference: BUGTRAQ:20020816 Apache 2.0.39 directory traversal and path disclosure bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102951160411052&w=2 Reference: CONFIRM:http://httpd.apache.org/info/security_bulletin_20020908a.txt Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters. Analysis ---------------- ED_PRI CAN-2002-0661 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0812 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0812 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020730 Category: SF Reference: VULNWATCH:20020809 [VulnWatch] Foundstone Labs Advisory - Information Leakage in Orinoco and Compaq Access Points Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string. Analysis ---------------- ED_PRI CAN-2002-0812 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0828 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0828 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020806 Category: SF Reference: BUGTRAQ:20020805 IE SSL Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102866120821995&w=2 Reference: BUGTRAQ:20020812 IE SSL Exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918200405308&w=2 The SSL capability for Internet Explorer 5, 5.5, and 6 does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. Analysis ---------------- ED_PRI CAN-2002-0828 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0832 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0832 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020806 Category: SF Reference: BUGTRAQ:20020804 Bypassing cookie restrictions in IE 5+6 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102864890006745&w=2 Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature. Analysis ---------------- ED_PRI CAN-2002-0832 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0833 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0833 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020806 Category: SF Reference: BUGTRAQ:20020805 [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102858453720304&w=2 Reference: BUGTRAQ:20020808 [SNS Advisory No.55 rev.2] Eudora 5.x for Windows Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102883538924494&w=2 Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string. Analysis ---------------- ED_PRI CAN-2002-0833 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0849 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0849 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020809 Category: SF Reference: BUGTRAQ:20020808 iDEFENSE Security Advisory: iSCSI Default Configuration File Settings Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102882056105806&w=2 Reference: BUGTRAQ:20020808 Re: [VulnWatch] iDEFENSE Security Advisory: iSCSI Default Configuration File Settings Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102891036424424&w=2 Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password. Analysis ---------------- ED_PRI CAN-2002-0849 3 Vendor Acknowledgement: unknown Content Decisions: EX-BETA INCLUSION: some vendors, including Cisco and SuSE, have said that they are not vulnerable to this issue. If the only vulnerable system is a beta product, then CD:EX-BETA suggests excluding it from CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0854 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0854 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020812 Category: SF Reference: SUSE:SuSE-SA:2002:030 Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the i4l package on SuSE 7.3, 8.0, and possibly other operating systems, may allow local users to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0854 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0857 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0857 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020815 Category: SF Reference: BUGTRAQ:20020814 Oracle Listener Control Format String Vulnerabilities (#NISR14082002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102933735716634&w=2 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file. Analysis ---------------- ED_PRI CAN-2002-0857 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0858 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0858 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020815 Category: SF Reference: BUGTRAQ:20020812 Vulnerability in Oracle Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918005402808&w=2 catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges. Analysis ---------------- ED_PRI CAN-2002-0858 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: CF-PASS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0870 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0870 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: CISCO:20020814 Cisco Content Service Switch 11000 Series Web Management Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL instead of navigating through the interface, possibly via a variant of the original attack, as identified by Cisco bug ID CSCdw08549. Analysis ---------------- ED_PRI CAN-2002-0870 3 Vendor Acknowledgement: yes advisory Content Decisions: BADPATCH, VAGUE, SF-LOC INCLUSION/ABSTRACTION: CD:SF-LOC suggests that if an issue appears in a version that does not exhibit another issue, then those two issues should be SPLIT. While the advisory is vague as to whether there were 2 separate failure points, the presence of a new Cisco bug ID suggests that there is; in addition, admins who fixed their systems with respect to CVE-2001-0622, would still be vulnerable, which further suggests a SPLIT (per the newly-formed CD:BADPATCH). Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0874 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0874 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: DEBIAN:DSA-150 Reference: URL:http://www.debian.org/security/2002/dsa-150 Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files. Analysis ---------------- ED_PRI CAN-2002-0874 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0974 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0974 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020815 Delete arbitrary files using Help and Support Center [MSRC 1198dg] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102942549832077&w=2 Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm. Analysis ---------------- ED_PRI CAN-2002-0974 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0980 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0980 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020815 SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102942234427691&w=2 Reference: VULN-DEV:20020815 SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0 Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102943486811091&w=2 Reference: NTBUGTRAQ:20020815 SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102937705527922&w=2 The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL. Analysis ---------------- ED_PRI CAN-2002-0980 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1005 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1005 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020804 Advisory: ArGoSoft Mail Server Pro 1.8.1.7 DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0515.html Reference: BID:5395 Reference: URL:http://www.securityfocus.com/bid/5395 Reference: XF:argosoft-autoresponse-dos(9759) Reference: URL:http://www.iss.net/security_center/static/9759.php ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the email to the user while autoresponse is enabled, which creates an inifinite loop. Analysis ---------------- ED_PRI CAN-2002-1005 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1032 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: CONFIRM:http://www.keyfocus.net/kfws/support/ Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed HTTP header. Analysis ---------------- ED_PRI CAN-2002-1032 3 Vendor Acknowledgement: yes changelog Content Decisions: VAGUE ACKNOWLEDGEMENT: the vendor's change log for 1.0.6, dated August 2, 2002, states: "Security vulnerability - malformed header. A security vulnerability exists in all previous versions where a hacker using a special malformed http header could cause a buffer overflow." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
