|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster CERT-2003a - 40 candidates
I am proposing cluster CERT-2003a for review and voting by the Editorial Board. Name: CERT-2003a Description: CANs in CERT advisories or vulnerability notes from 2002/2003 Size: 40 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0036 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0036 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020116 Category: SF Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt Reference: CERT-VN:VU#587579 Reference: URL:http://www.kb.cert.org/vuls/id/587579 Integer signedness error in MIT Kerberos V5 ASN.1 decoder allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. Analysis ---------------- ED_PRI CAN-2002-0036 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0836 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0836 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020808 Category: SF Reference: REDHAT:RHSA-2002:194 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-194.html Reference: MANDRAKE:MDKSA-2002:070 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php Reference: DEBIAN:DSA-207 Reference: URL:http://www.debian.org/security/2002/dsa-207 Reference: BUGTRAQ:20021018 GLSA: tetex Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103497852330838&w=2 Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005975415582&w=2 Reference: CONECTIVA:CLA-2002:537 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537 Reference: HP:HPSBTL0210-073 Reference: URL:http://www.securityfocus.com/advisories/4567 Reference: CERT-VN:VU#169841 Reference: URL:http://www.kb.cert.org/vuls/id/169841 Reference: BID:5978 Reference: URL:http://www.securityfocus.com/bid/5978 Reference: XF:dvips-system-execute-commands(10365) Reference: URL:http://www.iss.net/security_center/static/10365.php dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. Analysis ---------------- ED_PRI CAN-2002-0836 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0840 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020808 Category: SF Reference: BUGTRAQ:20021002 Apache 2 Cross-Site Scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103357160425708&w=2 Reference: VULNWATCH:20021002 Apache 2 Cross-Site Scripting Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2 Reference: CONECTIVA:CLA-2002:530 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 Reference: ENGARDE:ESA-20021007-024 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2414.html Reference: MANDRAKE:MDKSA-2002:068 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php Reference: DEBIAN:DSA-187 Reference: URL:http://www.debian.org/security/2002/dsa-187 Reference: DEBIAN:DSA-188 Reference: URL:http://www.debian.org/security/2002/dsa-188 Reference: DEBIAN:DSA-195 Reference: URL:http://www.debian.org/security/2002/dsa-195 Reference: HP:HPSBUX0210-224 Reference: URL:http://online.securityfocus.com/advisories/4617 Reference: BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103376585508776&w=2 Reference: BUGTRAQ:20021017 TSLSA-2002-0069-apache Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html Reference: SGI:20021105-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I Reference: CERT-VN:VU#240329 Reference: URL:http://www.kb.cert.org/vuls/id/240329 Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Analysis ---------------- ED_PRI CAN-2002-0840 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0842 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0842 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020808 Category: SF Reference: BUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549708626309&w=2 Reference: NTBUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549708626309&w=2 Reference: VULNWATCH:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0076.html Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf Reference: CERT-VN:VU#849993 Reference: URL:http://www.kb.cert.org/vuls/id/849993 Reference: BUGTRAQ:20030218 CSSA-2003-007.0 Advisory withdrawn. Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav mo Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104559446010858&w=2 Reference: BUGTRAQ:20030218 Re: CSSA-2003-007.0 Advisory withdrawn. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104560577227981&w=2 Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2003-February/004258.html Reference: XF:oracle-appserver-davpublic-dos(11330) Reference: URL:http://www.iss.net/security_center/static/11330.php Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror(). Analysis ---------------- ED_PRI CAN-2002-0842 1 Vendor Acknowledgement: yes advisory ACCURACY: a SCO advisory was released which mentioned this CAN, but it was quickly rescinded. This CAN is for the issue addressed by Oracle only. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1103 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1103 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: CERT-VN:VU#761651 Reference: URL:http://www.kb.cert.org/vuls/id/761651 Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via (1) malformed or (2) large ISAKMP packets. Analysis ---------------- ED_PRI CAN-2002-1103 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1146 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1146 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: REDHAT:RHSA-2002:197 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-197.html Reference: CERT-VN:VU#738331 Reference: URL:http://www.kb.cert.org/vuls/id/738331 Reference: NETBSD:NetBSD-SA2002-015 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-015.txt.asc Reference: FREEBSD:FreeBSD-SA-02:42 Reference: XF:dns-resolver-lib-read-bo(10295) Reference: URL:http://www.iss.net/security_center/static/10295.php Reference: CONECTIVA:CLA-2002:535 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535 The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). Analysis ---------------- ED_PRI CAN-2002-1146 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1156 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1156 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020926 Category: SF Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04 Reference: CONFIRM:http://www.apache.org/dist/httpd/CHANGES_2.0 Reference: HP:HPSBUX0210-224 Reference: URL:http://online.securityfocus.com/advisories/4617 Reference: CERT-VN:VU#910713 Reference: URL:http://www.kb.cert.org/vuls/id/910713 Reference: BID:6065 Reference: URL:http://online.securityfocus.com/bid/6065 Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled. Analysis ---------------- ED_PRI CAN-2002-1156 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The change log for 2.0.43 includes the item: "SECURITY: Allow POST requests and CGI scripts to work when DAV is enabled on the location." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1199 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1199 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021011 Category: SF Reference: BUGTRAQ:20021010 Multiple vendor ypxfrd map handling vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103426842025029&w=2 Reference: CERT-VN:VU#538033 Reference: URL:http://www.kb.cert.org/vuls/id/538033 Reference: CALDERA:CSSA-2002-SCO.40 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40 Reference: COMPAQ:SSRT2339 Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F47903 Reference: XF:ypxfrd-file-disclosure(10329) Reference: URL:http://www.iss.net/security_center/static/10329.php Reference: BID:5937 Reference: URL:http://www.securityfocus.com/bid/5937 The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments. Analysis ---------------- ED_PRI CAN-2002-1199 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1219 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021016 Category: SF Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8 Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2 Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html Reference: CERT:CA-2002-31 Reference: URL:http://www.cert.org/advisories/CA-2002-31.html Reference: CERT-VN:VU#852283 Reference: URL:http://www.kb.cert.org/vuls/id/852283 Reference: FREEBSD:FreeBSD-SA-02:43 Reference: ENGARDE:ESA-20021114-029 Reference: SUSE:SuSE-SA:2002:044 Reference: MANDRAKE:MDKSA-2002:077 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php Reference: DEBIAN:DSA-196 Reference: URL:http://www.debian.org/security/2002/dsa-196 Reference: CONECTIVA:CLA-2002:546 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546 Reference: CALDERA:CSSA-2003-SCO.2 Reference: CIAC:N-013 Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) Reference: URL:http://online.securityfocus.com/archive/1/300019 Reference: COMPAQ:SSRT2408 Reference: URL:http://online.securityfocus.com/advisories/4999 Reference: SGI:20021201-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2 Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818 Reference: BID:6160 Reference: URL:http://www.securityfocus.com/bid/6160 Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). Analysis ---------------- ED_PRI CAN-2002-1219 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1220 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1220 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021016 Category: SF Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8 Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2 Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html Reference: CERT:CA-2002-31 Reference: URL:http://www.cert.org/advisories/CA-2002-31.html Reference: CERT-VN:VU#229595 Reference: URL:http://www.kb.cert.org/vuls/id/229595 Reference: FREEBSD:FreeBSD-SA-02:43 Reference: ENGARDE:ESA-20021114-029 Reference: SUSE:SuSE-SA:2002:044 Reference: MANDRAKE:MDKSA-2002:077 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php Reference: DEBIAN:DSA-196 Reference: URL:http://www.debian.org/security/2002/dsa-196 Reference: CALDERA:CSSA-2003-SCO.2 Reference: CIAC:N-013 Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) Reference: URL:http://online.securityfocus.com/archive/1/300019 Reference: COMPAQ:SSRT2408 Reference: URL:http://online.securityfocus.com/advisories/4999 Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2 BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size. Analysis ---------------- ED_PRI CAN-2002-1220 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1221 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021016 Category: SF Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8 Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2 Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html Reference: CERT:CA-2002-31 Reference: URL:http://www.cert.org/advisories/CA-2002-31.html Reference: CERT-VN:VU#581682 Reference: URL:http://www.kb.cert.org/vuls/id/581682 Reference: FREEBSD:FreeBSD-SA-02:43 Reference: ENGARDE:ESA-20021114-029 Reference: SUSE:SuSE-SA:2002:044 Reference: MANDRAKE:MDKSA-2002:077 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php Reference: DEBIAN:DSA-196 Reference: URL:http://www.debian.org/security/2002/dsa-196 Reference: CONECTIVA:CLA-2002:546 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546 Reference: CALDERA:CSSA-2003-SCO.2 Reference: CIAC:N-013 Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) Reference: URL:http://online.securityfocus.com/archive/1/300019 Reference: COMPAQ:SSRT2408 Reference: URL:http://online.securityfocus.com/advisories/4999 Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2 BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. Analysis ---------------- ED_PRI CAN-2002-1221 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1265 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1265 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CERT-VN:VU#266817 Reference: URL:http://www.kb.cert.org/vuls/id/266817 Reference: SGI:20021103-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021103-01-P Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: XF:sun-rpc-libc-dos(10539) Reference: URL:http://www.iss.net/security_center/static/10539.php The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). Analysis ---------------- ED_PRI CAN-2002-1265 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1272 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1272 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021106 Category: SF Reference: CERT:CA-2002-32 Reference: URL:http://www.cert.org/advisories/CA-2002-32.html Reference: CERT-VN:VU#181721 Reference: URL:http://www.kb.cert.org/vuls/id/181721 Reference: BID:6220 Reference: URL:http://online.securityfocus.com/bid/6220 Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges. Analysis ---------------- ED_PRI CAN-2002-1272 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1296 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1296 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021113 Category: SF Reference: BUGTRAQ:20021127 Solaris priocntl exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103842619803173&w=2 Reference: CERT-VN:VU#683673 Reference: URL:http://www.kb.cert.org/vuls/id/683673 Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/49131 Reference: BID:6262 Reference: URL:http://online.securityfocus.com/bid/6262 Reference: XF:solaris-priocntl-pcclname-modules(10717) Reference: URL:http://www.iss.net/security_center/static/10717.php Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module. Analysis ---------------- ED_PRI CAN-2002-1296 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1317 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1317 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021125 Category: SF Reference: ISS:20021125 Solaris fs.auto Remote Compromise Vulnerability Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541 Reference: BUGTRAQ:20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103825150527843&w=2 Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879 Reference: CERT:CA-2002-34 Reference: URL:http://www.cert.org/advisories/CA-2002-34.html Reference: SGI:20021202-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I Reference: XF:solaris-fsauto-execute-code(10375) Reference: URL:http://www.iss.net/security_center/static/10375.php Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. Analysis ---------------- ED_PRI CAN-2002-1317 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1327 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1327 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021126 Category: SF Reference: BUGTRAQ:20021219 Foundstone Research Labs Advisory - Exploitable Windows XP Media Files Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104025849109384&w=2 Reference: MS:MS02-072 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-072.asp Reference: CERT:CA-2002-37 Reference: URL:http://www.cert.org/advisories/CA-2002-37.html Reference: CERT-VN:VU#591890 Reference: URL:http://www.kb.cert.org/vuls/id/591890 Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise." Analysis ---------------- ED_PRI CAN-2002-1327 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1337 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021203 Category: SF Reference: ISS:20030303 Remote Sendmail Header Processing Vulnerability Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 Reference: CONFIRM:http://www.sendmail.org/8.12.8.html Reference: BUGTRAQ:20030303 sendmail 8.12.8 available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104673778105192&w=2 Reference: CERT:CA-2003-07 Reference: URL:http://www.cert.org/advisories/CA-2003-07.html Reference: FREEBSD:FreeBSD-SA-03:04 Reference: REDHAT:RHSA-2003:073 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-073.html Reference: SGI:20030301-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P Reference: AIXAPAR:IY40500 Reference: AIXAPAR:IY40501 Reference: AIXAPAR:IY40502 Reference: CERT-VN:VU#398025 Reference: URL:http://www.kb.cert.org/vuls/id/398025 Reference: SUSE:SuSE-SA:2003:013 Reference: MANDRAKE:MDKSA-2003:028 Reference: NETBSD:NetBSD-SA2003-002 Reference: CONECTIVA:CLA-2003:571 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 Reference: DEBIAN:DSA-257 Reference: URL:http://www.debian.org/security/2003/dsa-257 Reference: HP:HPSBUX0302-246 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104679411316818&w=2 Reference: CALDERA:CSSA-2003-SCO.6 Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 Reference: CALDERA:CSSA-2003-SCO.5 Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 Reference: BUGTRAQ:20030304 GLSA: sendmail (200303-4) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678862409849&w=2 Reference: BUGTRAQ:20030303 Fwd: APPLE-SA-2003-03-03 sendmail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678862109841&w=2 Reference: BUGTRAQ:20030304 [LSD] Technical analysis of the remote sendmail vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678739608479&w=2 Reference: XF:sendmail-header-processing-bo(10748) Reference: URL:http://www.iss.net/security_center/static/10748.php Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. Analysis ---------------- ED_PRI CAN-2002-1337 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1361 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1361 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021214 Category: SF Reference: BUGTRAQ:20021205 Cobalt RaQ4 Remote root exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103912513522807&w=2 Reference: CERT:CA-2002-35 Reference: URL:http://www.cert.org/advisories/CA-2002-35.html Reference: CERT-VN:VU#810921 Reference: URL:http://www.kb.cert.org/vuls/id/810921 Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/49377 overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter. Analysis ---------------- ED_PRI CAN-2002-1361 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1413 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1413 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020821 NOVL-2002-2963349 - Rconag6 Secure IP Login Vulnerability - NW6SP2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0216.html Reference: CERT-VN:VU#746251 Reference: URL:http://www.kb.cert.org/vuls/id/746251 Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963349 Reference: XF:netware-rconj-no-password(9928) Reference: URL:http://www.iss.net/security_center/static/9928.php Reference: BID:5541 Reference: URL:http://www.securityfocus.com/bid/5541 RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection. Analysis ---------------- ED_PRI CAN-2002-1413 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0001 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030102 Category: SF Reference: ATSTAKE:A010603-1 Reference: URL:http://www.atstake.com/research/advisories/2003/a010603-1.txt Reference: BUGTRAQ:20030110 More information regarding Etherleak Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104222046632243&w=2 Reference: VULNWATCH:20030110 More information regarding Etherleak Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html Reference: MISC:http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf Reference: CERT-VN:VU#412115 Reference: URL:http://www.kb.cert.org/vuls/id/412115 Reference: REDHAT:RHSA-2003:025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-025.html Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. Analysis ---------------- ED_PRI CAN-2003-0001 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0003 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0003 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030102 Category: SF Reference: BUGTRAQ:20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104394414713415&w=2 Reference: NTBUGTRAQ:20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104393588232166&w=2 Reference: MS:MS03-001 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-001.asp Reference: CERT:CA-2003-03 Reference: URL:http://www.cert.org/advisories/CA-2003-03.html Reference: CERT-VN:VU#610986 Reference: URL:http://www.kb.cert.org/vuls/id/610986 Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. Analysis ---------------- ED_PRI CAN-2003-0003 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0015 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030107 Category: SF Reference: VULNWATCH:20030120 Advisory 01/2003: CVS remote vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html Reference: MISC:http://security.e-matters.de/advisories/012003.html Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2003-January/003606.html Reference: BUGTRAQ:20030124 Test program for CVS double-free. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104342550612736&w=2 Reference: BUGTRAQ:20030202 Exploit for CVS double free() for Linux pserver Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104428571204468&w=2 Reference: CERT:CA-2003-02 Reference: URL:http://www.cert.org/advisories/CA-2003-02.html Reference: CONFIRM:http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14 Reference: REDHAT:RHSA-2003:012 Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-012.html Reference: REDHAT:RHSA-2003:013 Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-013.html Reference: SUSE:SuSE-SA:2003:0007 Reference: DEBIAN:DSA-233 Reference: URL:http://www.debian.org/security/2003/dsa-233 Reference: CALDERA:CSSA-2003-006.0 Reference: FREEBSD:FreeBSD-SA-03:01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104438807203491&w=2 Reference: CALDERA:CSSA-2003-006 Reference: BUGTRAQ:20030122 [security@slackware.com: [slackware-security] New CVS packages available] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104333092200589&w=2 Reference: CERT-VN:VU#650937 Reference: URL:http://www.kb.cert.org/vuls/id/650937 Double-free vulnerabiity in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands. Analysis ---------------- ED_PRI CAN-2003-0015 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0027 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0027 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030110 Category: SF Reference: BUGTRAQ:20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104326556329850&w=2 Reference: MISC:http://www.entercept.com/news/uspr/01-22-03.asp Reference: CERT-VN:VU#850785 Reference: URL:http://www.kb.cert.org/vuls/id/850785 Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure. Analysis ---------------- ED_PRI CAN-2003-0027 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0058 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0058 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030131 Category: SF Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt Reference: CERT-VN:VU#661243 Reference: URL:http://www.kb.cert.org/vuls/id/661243 MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. Analysis ---------------- ED_PRI CAN-2003-0058 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0059 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030131 Category: SF Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt Reference: CERT-VN:VU#684563 Reference: URL:http://www.kb.cert.org/vuls/id/684563 Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys. Analysis ---------------- ED_PRI CAN-2003-0059 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0060 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0060 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030131 Category: SF Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt Reference: CERT-VN:VU#787523 Reference: URL:http://www.kb.cert.org/vuls/id/787523 Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names. Analysis ---------------- ED_PRI CAN-2003-0060 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0095 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030218 Category: SF Reference: VULNWATCH:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a) Reference: BUGTRAQ:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549693426042&w=2 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf Reference: CERT:CA-2003-05 Reference: URL:http://www.cert.org/advisories/CA-2003-05.html Reference: CERT-VN:VU#953746 Reference: URL:http://www.kb.cert.org/vuls/id/953746 Reference: XF:oracle-username-bo(11328) Reference: URL:http://www.iss.net/security_center/static/11328.php Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP. Analysis ---------------- ED_PRI CAN-2003-0095 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0029 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0029 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020116 Category: SF Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html Reference: CERT:CA-2002-31 Reference: URL:http://www.cert.org/advisories/CA-2002-31.html Reference: CERT-VN:VU#844360 Reference: URL:http://www.kb.cert.org/vuls/id/844360 Reference: NETBSD:NetBSD-SA2002-028 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc Reference: SGI:20021201-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P Reference: XF:bind-dns-libresolv-bo(10624) Reference: URL:http://www.iss.net/security_center/static/10624.php Reference: BID:6186 Reference: URL:http://www.securityfocus.com/bid/6186 Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CAN-2002-0684. Analysis ---------------- ED_PRI CAN-2002-0029 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0370 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0370 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020508 Category: SF Reference: VULNWATCH:20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html Reference: BUGTRAQ:20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103428193409223&w=2 Reference: MS:MS02-054 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-054.asp Reference: CERT-VN:VU#383779 Reference: URL:http://www.kb.cert.org/vuls/id/383779 Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: XF:win-zip-decompression-bo(10251) Reference: URL:http://www.iss.net/security_center/static/10251.php Reference: BID:5873 Reference: URL:http://www.securityfocus.com/bid/5873 Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. Analysis ---------------- ED_PRI CAN-2002-0370 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0666 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0666 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020708 Category: SF Reference: BINDVIEW:20021018 Denial of Service in IPSEC implementations Reference: URL:http://razor.bindview.com/publish/advisories/adv_ipsec.html Reference: CERT-VN:VU#459371 Reference: URL:http://www.kb.cert.org/vuls/id/459371 Reference: NETBSD:NetBSD-SA2002-016 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc Reference: XF:ipsec-packet-integer-overflow(10411) Reference: URL:http://www.iss.net/security_center/static/10411.php IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors. Analysis ---------------- ED_PRI CAN-2002-0666 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0838 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0838 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020808 Category: SF Reference: BUGTRAQ:20020926 iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103305615613319&w=2 Reference: BUGTRAQ:20020926 Errata: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103305778615625&w=2 Reference: REDHAT:RHSA-2002:207 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-207.html Reference: REDHAT:RHSA-2002:212 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-212.html Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: DEBIAN:DSA-176 Reference: URL:http://www.debian.org/security/2002/dsa-176 Reference: DEBIAN:DSA-179 Reference: URL:http://www.debian.org/security/2002/dsa-179 Reference: DEBIAN:DSA-182 Reference: URL:http://www.debian.org/security/2002/dsa-182 Reference: CALDERA:CSSA-2002-053.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-053.0.txt Reference: CONECTIVA:CLA-2002:542 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000542 Reference: MANDRAKE:MDKSA-2002:069 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:069 Reference: MANDRAKE:MDKSA-2002:071 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:071 Reference: BUGTRAQ:20021017 GLSA: ggv Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103487806800388&w=2 Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-1.txt Reference: CERT-VN:VU#600777 Reference: URL:http://www.kb.cert.org/vuls/id/600777 Reference: BID:5808 Reference: URL:http://www.securityfocus.com/bid/5808 Reference: XF:gv-sscanf-function-bo(10201) Reference: URL:http://www.iss.net/security_center/static/10201.php Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf. Analysis ---------------- ED_PRI CAN-2002-0838 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: CAN-2002-0838 and CAN-2002-1223 are different overflows that stem from different packages. The KDE security advisory makes this clear. Therefore CD:SF-LOC suggests keeping them SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1235 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1235 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021024 Category: SF Reference: BUGTRAQ:20021023 MITKRB5-SA-2002-002: Buffer overflow in kadmind4 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103539530729206&w=2 Reference: BUGTRAQ:20021027 Re: Buffer overflow in kadmind4 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103582805330339&w=2 Reference: BUGTRAQ:20021026 Updated: MITKRB5-SA-2002-002: Buffer overflow in kadmind4 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103564944215101&w=2 Reference: CERT:CA-2002-29 Reference: URL:http://www.cert.org/advisories/CA-2002-29.html Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_attacksig.txt Reference: CONFIRM:http://www.pdc.kth.se/heimdal/ Reference: CERT-VN:VU#875073 Reference: URL:http://www.kb.cert.org/vuls/id/875073 Reference: MANDRAKE:MDKSA-2002:073 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-073.php Reference: DEBIAN:DSA-185 Reference: URL:http://www.debian.org/security/2002/dsa-185 Reference: DEBIAN:DSA-184 Reference: URL:http://www.debian.org/security/2002/dsa-184 Reference: DEBIAN:DSA-183 Reference: URL:http://www.debian.org/security/2002/dsa-183 Reference: CONECTIVA:CLA-2002:534 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000534 Reference: REDHAT:RHSA-2002:242 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-242.html Reference: FREEBSD:FreeBSD-SA-02:40 Reference: NETBSD:NetBSD-SA2002-026 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-026.txt.asc Reference: BUGTRAQ:20021027 KRB5-SORCERER2002-10-27 Security Update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0399.html Reference: BUGTRAQ:20021028 GLSA: krb5 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103582517126392&w=2 Reference: XF:kerberos-kadmind-bo(10430) Reference: URL:http://www.iss.net/security_center/static/10430.php Reference: BID:6024 Reference: URL:http://www.securityfocus.com/bid/6024 The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack. Analysis ---------------- ED_PRI CAN-2002-1235 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1345 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1345 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021209 Category: SF Reference: BUGTRAQ:20021211 Directory Traversal Vulnerabilities in FTP Clients Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103962838628940&w=2 Reference: CERT-VN:VU#210409 Reference: URL:http://www.kb.cert.org/vuls/id/210409 Reference: SGI:20021205-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences. Analysis ---------------- ED_PRI CAN-2002-1345 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE, SUITE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1357 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1357 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021214 Category: SF Reference: VULNWATCH:20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html Reference: CERT:CA-2002-36 Reference: URL:http://www.cert.org/advisories/CA-2002-36.html Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. Analysis ---------------- ED_PRI CAN-2002-1357 3 Vendor Acknowledgement: yes advisory Content Decisions: SUITE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1358 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1358 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021214 Category: SF/CF/MP/SA/AN/unknown Reference: VULNWATCH:20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html Reference: CERT:CA-2002-36 Reference: URL:http://www.cert.org/advisories/CA-2002-36.html Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. Analysis ---------------- ED_PRI CAN-2002-1358 3 Vendor Acknowledgement: unknown Content Decisions: SUITE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1359 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1359 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021214 Category: SF/CF/MP/SA/AN/unknown Reference: VULNWATCH:20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html Reference: CERT:CA-2002-36 Reference: URL:http://www.cert.org/advisories/CA-2002-36.html Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. Analysis ---------------- ED_PRI CAN-2002-1359 3 Vendor Acknowledgement: unknown Content Decisions: SUITE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1360 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1360 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021214 Category: SF Reference: VULNWATCH:20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html Reference: CERT:CA-2002-36 Reference: URL:http://www.cert.org/advisories/CA-2002-36.html Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. Analysis ---------------- ED_PRI CAN-2002-1360 3 Vendor Acknowledgement: unknown Content Decisions: SUITE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0026 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0026 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030110 Category: SF Reference: CERT:CA-2003-01 Reference: URL:http://www.cert.org/advisories/CA-2003-01.html Reference: CERT-VN:VU#284857 Reference: URL:http://www.kb.cert.org/vuls/id/284857 Reference: REDHAT:RHSA-2003:011 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-011.html Reference: DEBIAN:DSA-231 Reference: URL:http://www.debian.org/security/2003/dsa-231 Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname. Analysis ---------------- ED_PRI CAN-2003-0026 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0030 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0030 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030110 Category: SF Reference: CERT-VN:VU#247545 Reference: URL:http://www.kb.cert.org/vuls/id/247545 Reference: BUGTRAQ:20030313 Protegrity buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104758650516677&w=2 Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension Feature (SEF) before 2.2.3.9 allow attackers with SQL access to execute arbitrary code via the extended stored procedures (1) xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select. Analysis ---------------- ED_PRI CAN-2003-0030 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0096 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0096 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030218 Category: SF Reference: VULNWATCH:20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b) Reference: BUGTRAQ:20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549743326864&w=2 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf Reference: CERT-VN:VU#840666 Reference: URL:http://www.kb.cert.org/vuls/id/840666 Reference: VULNWATCH:20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c) Reference: BUGTRAQ:20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549782327321&w=2 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf Reference: CERT-VN:VU#743954 Reference: URL:http://www.kb.cert.org/vuls/id/743954 Reference: VULNWATCH:20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e) Reference: BUGTRAQ:20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550346303295&w=2 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf Reference: CERT-VN:VU#663786 Reference: URL:http://www.kb.cert.org/vuls/id/663786 Reference: CERT:CA-2003-05 Reference: URL:http://www.cert.org/advisories/CA-2003-05.html Reference: XF:oracle-bfilename-directory-bo(11325) Reference: URL:http://www.iss.net/security_center/static/11325.php Reference: XF:oracle-tzoffset-bo(11326) Reference: URL:http://www.iss.net/security_center/static/11326.php Reference: XF:oracle-totimestamptz-bo(11327) Reference: URL:http://www.iss.net/security_center/static/11327.php Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function. Analysis ---------------- ED_PRI CAN-2003-0096 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: since all of these overflows affect the same Oracle versions, they are merged into a single identifier as suggested by CD:SF-LOC. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
