|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster CONFIRM-2002a - 51 candidates
I am proposing cluster CONFIRM-2002a for review and voting by the Editorial Board. Name: CONFIRM-2002a Description: CANs with clear vendor ack. from March 2002 to Sep 2002 Size: 51 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0376 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0376 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020513 Category: SF Reference: ATSTAKE:A091002-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a091002-1.txt Reference: BUGTRAQ:20020925 Fwd: QuickTime for Windows ActiveX security advisory Reference: URL:http://online.securityfocus.com/archive/1/293095 Reference: XF:quicktime-activex-pluginspage-bo(10077) Reference: URL:http://www.iss.net/security_center/static/10077.php Reference: BID:5685 Reference: URL:http://www.securityfocus.com/bid/5685 Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field. Analysis ---------------- ED_PRI CAN-2002-0376 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0627 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0627 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020617 Category: SF Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089 Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf Reference: CIAC:M-123 Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml Reference: XF:viewstation-unicode-retrieve-password(9348) Reference: URL:http://www.iss.net/security_center/static/9348.php Reference: BID:5632 Reference: URL:http://www.securityfocus.com/bid/5632 The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests. Analysis ---------------- ED_PRI CAN-2002-0627 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0630 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0630 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020617 Category: SF Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089 Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf Reference: CIAC:M-123 Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml Reference: XF:viewstation-icmp-dos(9350) Reference: URL:http://www.iss.net/security_center/static/9350.php Reference: BID:5637 Reference: URL:http://www.securityfocus.com/bid/5637 The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets. Analysis ---------------- ED_PRI CAN-2002-0630 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0850 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0850 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020809 Category: SF Reference: BUGTRAQ:20020906 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103133995920090&w=2 Reference: VULNWATCH:20020905 [VulnWatch] Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0106.html Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/ReadMe.txt Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted. Analysis ---------------- ED_PRI CAN-2002-0850 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The release notes for PGP Corporate Desktop 7.1.x state: "While PGP supports long file names, it encounters problems when it tries to encrypt or decrypt files that have names longer than 200 characters... For more information on this issue, see Foundstone Labs Advisory - 080202-PCRO." While the advisory ID is different than the one in Foundstone's Bugtraq post, Foundstone did confirm via email that both ID's reference the same issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1109 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1109 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CONFIRM:http://marc.theaimsgroup.com/?l=amavis-announce&m=103121272122242&w=2 Reference: BUGTRAQ:20020905 GLSA: amavis Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103124270321404&w=2 Reference: XF:amavis-securetar-tar-dos(10056) Reference: URL:http://www.iss.net/security_center/static/10056.php securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter. Analysis ---------------- ED_PRI CAN-2002-1109 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1117 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1117 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020906 Veritas Backup Exec opens networks for NetBIOS based attacks? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134395124579&w=2 Reference: BUGTRAQ:20020906 UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134930629683&w=2 Reference: CONFIRM:http://seer.support.veritas.com/docs/238618.htm Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares. Analysis ---------------- ED_PRI CAN-2002-1117 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1122 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1122 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020911 Category: SF Reference: VULNWATCH:20020918 Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS Scanner Reference: ISS:20020918 Flaw in Internet Scanner Parsing Mechanism Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21165 Reference: XF:is-http-response-bo(10130) Reference: URL:http://www.iss.net/security_center/static/10130.php Reference: BID:5738 Reference: URL:http://www.securityfocus.com/bid/5738 Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response. Analysis ---------------- ED_PRI CAN-2002-1122 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1135 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1135 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: BUGTRAQ:20020922 PHP source injection in phpWebSite Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103279980906880&w=2 Reference: CONFIRM:http://phpwebsite.appstate.edu/article.php?sid=400 Reference: XF:phpwebsite-modsecurity-file-include(10164) Reference: URL:http://www.iss.net/security_center/static/10164.php Reference: BID:5779 Reference: URL:http://www.securityfocus.com/bid/5779 modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code. Analysis ---------------- ED_PRI CAN-2002-1135 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1153 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1153 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020919 KPMG-2002035: IBM Websphere Large Header DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103244572803950&w=2 Reference: CONFIRM:ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/pq62144/readme.txt Reference: XF:websphere-host-header-bo(10140) Reference: URL:http://www.iss.net/security_center/static/10140.php Reference: BID:5749 Reference: URL:http://www.securityfocus.com/bid/5749 IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host". Analysis ---------------- ED_PRI CAN-2002-1153 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1154 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1154 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020925 Category: SF Reference: CONFIRM:http://www.analog.cx/security5.html Reference: XF:analog-anlgform-dos(10344) Reference: URL:http://www.iss.net/security_center/static/10344.php anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log. Analysis ---------------- ED_PRI CAN-2002-1154 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1414 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1414 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: VULN-DEV:20020806 qmailadmin SUID buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102859603029424&w=2 Reference: BUGTRAQ:20020724 Re: qmailadmin SUID buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0016.html Reference: CONFIRM:http://www.inter7.com/qmailadmin/ChangeLog Reference: BID:5404 Reference: URL:http://www.securityfocus.com/bid/5404 Reference: XF:qmailadmin-templatedir-bo(9786) Reference: URL:http://www.iss.net/security_center/static/9786.php Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable. Analysis ---------------- ED_PRI CAN-2002-1414 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The changelog includes an item dated August 6, 2002, which states "Fixed local overflow in template code." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1417 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1417 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0199.html Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963297 Reference: BID:5523 Reference: URL:http://www.securityfocus.com/bid/5523 Reference: XF:novell-netbasic-directory-traversal(9910) Reference: URL:http://www.iss.net/security_center/static/9910.php Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the directory separator. Analysis ---------------- ED_PRI CAN-2002-1417 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1418 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1418 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0199.html Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963297 Reference: XF:novell-netbasic-interpreter-bo(9911) Reference: URL:http://www.iss.net/security_center/static/9911.php Reference: BID:5524 Reference: URL:http://www.securityfocus.com/bid/5524 Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (ABEND) via a long module name. Analysis ---------------- ED_PRI CAN-2002-1418 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1430 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1430 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020730 [ADVISORY]: Arbitrary file disclosure vulnerability in Sympoll 1.2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0401.html Reference: CONFIRM:http://www.ralusp.net/downloads/sympoll/changelog.txt Reference: BID:5360 Reference: URL:http://www.securityfocus.com/bid/5360 Reference: XF:sympoll-php-view-files(9723) Reference: URL:http://www.iss.net/security_center/static/9723.php Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters. Analysis ---------------- ED_PRI CAN-2002-1430 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the vendor's changelog for version 1.3 includes an item labeled "IMPORTANT SECURITY FIX" and crediting an individual who is also credited by the author of the Bugtraq post. The dates of the Bugtraq post and vendor changelog are also the same (July 30). ACCURACY: while neither the Bugtraq poster nor the vendor say that PHP variables are directly modified through URL parameters, that is the behavior that is otherwise prevented by the register_globals feature, and typical of vulnerabilities in many PHP scripts. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1435 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1435 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020822 Arbitrary code execution problem in Achievo Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html Reference: CONFIRM:http://www.achievo.org/lists/2002/Aug/msg00092.html Reference: XF:achievo-php-execute-code(9947) Reference: URL:http://www.iss.net/security_center/static/9947.php Reference: BID:5552 Reference: URL:http://www.securityfocus.com/bid/5552 class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code. Analysis ---------------- ED_PRI CAN-2002-1435 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1436 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1436 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963307 Reference: XF:netware-perl-code-execution(9916) Reference: URL:http://www.iss.net/security_center/static/9916.php Reference: BID:5520 Reference: URL:http://www.securityfocus.com/bid/5520 The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request. Analysis ---------------- ED_PRI CAN-2002-1436 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1437 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1437 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963307 Reference: BID:5522 Reference: URL:http://www.securityfocus.com/bid/5522 Reference: XF:netware-perl-directory-traversal(9915) Reference: URL:http://www.iss.net/security_center/static/9915.php Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences. Analysis ---------------- ED_PRI CAN-2002-1437 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1438 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1438 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963307 Reference: XF:netware-perl-information-disclosure(9917) Reference: URL:http://www.iss.net/security_center/static/9917.php Reference: BID:5521 Reference: URL:http://www.securityfocus.com/bid/5521 The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option. Analysis ---------------- ED_PRI CAN-2002-1438 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1443 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1443 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC) Reference: URL:http://online.securityfocus.com/archive/1/286527 Reference: NTBUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC) Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html Reference: MISC:http://sec.greymagic.com/adv/gm001-mc/ Reference: CONFIRM:http://toolbar.google.com/whatsnew.php3 Reference: BID:5426 Reference: URL:http://www.securityfocus.com/bid/5426 The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler. Analysis ---------------- ED_PRI CAN-2002-1443 1 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1446 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1446 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020819 nCipher Advisory #5: C_Verify validates incorrect symmetric signatures Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0172.html Reference: CONFIRM:http://www.ncipher.com/support/advisories/advisory5_c_verify.html Reference: BID:5498 Reference: URL:http://www.securityfocus.com/bid/5498 Reference: XF:ncipher-cverify-improper-verification(9895) Reference: URL:http://www.iss.net/security_center/static/9895.php The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages. Analysis ---------------- ED_PRI CAN-2002-1446 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1448 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1448 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: CF Reference: BUGTRAQ:20020805 SNMP vulnerability in AVAYA Cajun firmware Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0519.html Reference: CONFIRM:http://support.avaya.com/security/Unauthorized_SNMP/index.jhtml Reference: XF:avaya-cajun-default-snmp(9769) Reference: URL:http://www.iss.net/security_center/static/9769.php Reference: BID:5396 Reference: URL:http://www.securityfocus.com/bid/5396 An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges. Analysis ---------------- ED_PRI CAN-2002-1448 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: the vendor's security advisory credits Jacek Lipkowski, the author of the Bugtraq post. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1463 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1463 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020802 Security Advisory: Raptor Firewall Weak ISN Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0492.html Reference: CONFIRM:http://www.symantec.com/techsupp/bulletin/archive/firewall/082002firewall.html Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections. Analysis ---------------- ED_PRI CAN-2002-1463 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1467 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1467 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020808 Macromedia Flash plugin can read local files Reference: URL:http://online.securityfocus.com/archive/1/286625 Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23294 Reference: BID:5429 Reference: URL:http://www.securityfocus.com/bid/5429 Reference: XF:flash-same-domain-disclosure(9797) Reference: URL:http://www.iss.net/security_center/static/9797.php Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file). Analysis ---------------- ED_PRI CAN-2002-1467 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1469 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1469 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020820 vulnerabilities in scponly Reference: URL:http://online.securityfocus.com/archive/1/288245 Reference: CONFIRM:http://www.sublimation.org/scponly/ Reference: BID:5526 Reference: URL:http://www.securityfocus.com/bid/5526 Reference: XF:scponly-ssh-env-upload(9913) Reference: URL:http://www.iss.net/security_center/static/9913.php scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs. Analysis ---------------- ED_PRI CAN-2002-1469 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: on the release notes for scponly is an item titled "aug 2002 addendum" and states "Derek D. Martin [the discloser] sent me an exploitable vulnerability condition that can be used to run arbitrary commands, thus circumventing scponly!" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1496 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1496 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020922 remote exploitable heap overflow in Null HTTPd 0.5.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0284.html Reference: CONFIRM:http://freshmeat.net/releases/97910/ Reference: BID:5774 Reference: URL:http://www.securityfocus.com/bid/5774 Reference: XF:null-httpd-contentlength-bo(10160) Reference: URL:http://www.iss.net/security_center/static/10160.php Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header. Analysis ---------------- ED_PRI CAN-2002-1496 1 Vendor Acknowledgement: yes changelog Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1497 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1497 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: CONFIRM:http://freshmeat.net/releases/97910/ Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response. Analysis ---------------- ED_PRI CAN-2002-1497 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the changelog for 0.5.1 includes a statement that the new version "fixes XSS filtering in 404 responses." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1502 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1502 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020912 xbreaky symlink vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0131.html Reference: CONFIRM:http://xbreaky.sourceforge.net/ Reference: BID:5700 Reference: URL:http://www.securityfocus.com/bid/5700 Reference: XF:xbreaky-breakyhighscores-symlink(10078) Reference: URL:http://www.iss.net/security_center/static/10078.php Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file. Analysis ---------------- ED_PRI CAN-2002-1502 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: on the front page for xbreaky, a changelog dated September 12, 2002, says "Marco van Berkum [the discloser] discovered a bug in xbreaky" and includes a short description of the problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1407 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1407 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020810 TinySSL Vendor Statement: Basic Constraints Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0096.html Reference: BUGTRAQ:20020805 IE SSL Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102866120821995&w=2 Reference: BID:5410 Reference: URL:http://www.securityfocus.com/bid/5410 TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. Analysis ---------------- ED_PRI CAN-2002-1407 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1420 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1420 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020812 OpenBSD Security Advisory: Select Boundary Condition (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918817012863&w=2 Reference: BID:5442 Reference: URL:http://www.securityfocus.com/bid/5442 Reference: XF:openbsd-select-bo(9809) Reference: URL:http://www.iss.net/security_center/static/9809.php Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation. Analysis ---------------- ED_PRI CAN-2002-1420 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1493 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1493 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020914 Lycos HTMLGear Guestbook Script Injection Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0198.html Reference: VULNWATCH:20020926 [VulnWatch] BugTraq ID: 5728 Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0132.html Reference: BID:5728 Reference: URL:http://www.securityfocus.com/bid/5728 Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag. Analysis ---------------- ED_PRI CAN-2002-1493 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1519 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1519 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html Reference: BUGTRAQ:20020926 Watchguard firewall appliances security issues Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html Reference: BID:5814 Reference: URL:http://www.securityfocus.com/bid/5814 Reference: XF:firebox-vclass-cli-format-string(10217) Reference: URL:http://www.iss.net/security_center/static/10217.php Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possible execute arbitrary code via format string specifiers in the password parameter. Analysis ---------------- ED_PRI CAN-2002-1519 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1520 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1520 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html Reference: BUGTRAQ:20020926 Watchguard firewall appliances security issues Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html Reference: BID:5815 Reference: URL:http://www.securityfocus.com/bid/5815 Reference: XF:firebox-vclass-cli-admin-privileges(10218) Reference: URL:http://www.iss.net/security_center/static/10218.php The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges. Analysis ---------------- ED_PRI CAN-2002-1520 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0626 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0626 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020617 Category: CF Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089 Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf Reference: CIAC:M-123 Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml Reference: XF:viewstation-default-blank-password(9347) Reference: URL:http://www.iss.net/security_center/static/9347.php Reference: BID:5631 Reference: URL:http://www.securityfocus.com/bid/5631 Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities. Analysis ---------------- ED_PRI CAN-2002-0626 3 Vendor Acknowledgement: unknown Content Decisions: CF-PASS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0628 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0628 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020617 Category: SF Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089 Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf Reference: CIAC:M-123 Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml Reference: XF:viewstation-telnet-login-dos(9349) Reference: URL:http://www.iss.net/security_center/static/9349.php Reference: BID:5635 Reference: URL:http://www.securityfocus.com/bid/5635 The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack. Analysis ---------------- ED_PRI CAN-2002-0628 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0629 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0629 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020617 Category: SF Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089 Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf Reference: CIAC:M-123 Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml Reference: XF:viewstation-telnet-login-dos(9349) Reference: URL:http://www.iss.net/security_center/static/9349.php Reference: BID:5636 Reference: URL:http://www.securityfocus.com/bid/5636 The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server. Analysis ---------------- ED_PRI CAN-2002-0629 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0664 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0664 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020704 Category: CF Reference: VULNWATCH:20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs Reference: BUGTRAQ:20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134154721846&w=2 Reference: XF:zmerge-admindb-script-access(10057) Reference: URL:http://www.iss.net/security_center/static/10057.php Reference: BID:5101 Reference: URL:http://www.securityfocus.com/bid/5101 The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts. Analysis ---------------- ED_PRI CAN-2002-0664 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0669 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0669 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020709 Category: SF Reference: ATSTAKE:A071202-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt Reference: XF:pingtel-xpressa-web-dos(9564) Reference: URL:http://www.iss.net/security_center/static/9564.php The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs. Analysis ---------------- ED_PRI CAN-2002-0669 3 Vendor Acknowledgement: unknown Content Decisions: INCLUSION INCLUSION: the format of the @Stake advisory makes it difficult to understand whether this is a vulnerability, or the *result* of a vulnerability. It seems to indicate that administrative access to the web interface is required, but it does not say whether an administrator should not be allowed to make such deleterious changes. An earlier "section" of the advisory suggests that the web interface administrator can be compromised via other vulnerabilities such as a default admin password (CAN-2002-0667). If "exploitation" of this issue is *only* allowed by admins, and admins *should* be allowed to make such changes (even if they cause undesired effects), then this is not a new vulnerability - rather, it would be a consequence of other vulnerabilities. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1090 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1090 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020903 Category: SF Reference: CONFIRM:http://www.stafford.uklinux.net/libesmtp/ChangeLog.txt Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses. Analysis ---------------- ED_PRI CAN-2002-1090 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1120 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1120 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020910 Category: SF Reference: VULNWATCH:20020910 Foundstone Labs Advisory - Buffer Overflow in Savant Web Server Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0112.html Reference: XF:savant-long-url-bo(10076) Reference: URL:http://www.iss.net/security_center/static/10076.php Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. Analysis ---------------- ED_PRI CAN-2002-1120 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1121 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1121 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020911 Category: SF Reference: VULNWATCH:20020912 Bypassing SMTP Content Protection with a Flick of a Button Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.html Reference: BUGTRAQ:20020912 Bypassing SMTP Content Protection with a Flick of a Button Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184267105132&w=2 Reference: BUGTRAQ:20020912 MIMEDefang update (was Re: Bypassing SMTP Content Protection ) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184501408453&w=2 Reference: BUGTRAQ:20020912 Roaring Penguin fixes for "Bypassing SMTP Content Protection with a Flick of a Button" Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html Reference: BUGTRAQ:20020912 FW: Bypassing SMTP Content Protection with a Flick of a Button Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html Reference: MISC:http://www.securiteam.com/securitynews/5YP0A0K8CM.html Reference: XF:smtp-content-filtering-bypass(10088) Reference: URL:http://www.iss.net/security_center/static/10088.php SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type. Analysis ---------------- ED_PRI CAN-2002-1121 3 Vendor Acknowledgement: unknown Content Decisions: SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1149 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1149 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020924 Information Disclosure with Invision Board installation (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103290602609197&w=2 Reference: XF:invision-phpinfo-information-disclosure(10178) Reference: URL:http://www.iss.net/security_center/static/10178.php The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings. Analysis ---------------- ED_PRI CAN-2002-1149 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1150 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1150 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020913 NetMeeting 3.01 Local RDS Session Hijacking Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103228375116204&w=2 Reference: XF:netmeeting-rds-session-hijacking(10119) Reference: URL:http://www.iss.net/security_center/static/10119.php The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document. Analysis ---------------- ED_PRI CAN-2002-1150 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1166 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1166 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020927 Category: SF Reference: VULNWATCH:20020930 iDEFENSE Security Advisory 09.30.2002: Buffer Overflow in WN Server Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0138.html Reference: BUGTRAQ:20020930 iDEFENSE Security Advisory 09.30.2002: Buffer Overflow in WN Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103340145725050&w=2 Reference: XF:wn-server-get-bo(10223) Reference: URL:http://www.iss.net/security_center/static/10223.php Reference: BID:5831 Reference: URL:http://www.securityfocus.com/bid/5831 Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows remote attackers to execute arbitrary code via a long GET request. Analysis ---------------- ED_PRI CAN-2002-1166 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1338 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1338 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021203 Category: SF Reference: BUGTRAQ:20020408 Multiple local files detection issues with OWC in IE (GM#008-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101830175621193&w=2 Reference: MISC:http://security.greymagic.com/adv/gm008-ie/ The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files. Analysis ---------------- ED_PRI CAN-2002-1338 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1339 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1339 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021203 Category: SF Reference: BUGTRAQ:20020408 Multiple local files detection issues with OWC in IE (GM#008-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101830175621193&w=2 Reference: MISC:http://security.greymagic.com/adv/gm008-ie/ The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files. Analysis ---------------- ED_PRI CAN-2002-1339 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1340 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1340 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021203 Category: SF Reference: BUGTRAQ:20020408 Multiple local files detection issues with OWC in IE (GM#008-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101830175621193&w=2 Reference: MISC:http://security.greymagic.com/adv/gm008-ie/ The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence of local files by detecting an exception. Analysis ---------------- ED_PRI CAN-2002-1340 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1399 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1399 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030107 Category: SF Reference: BUGTRAQ:20020819 Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978152712430&w=2 Reference: MISC:http://archives.postgresql.org/pgsql-hackers/2002-08/msg00708.php Reference: MISC:http://archives.postgresql.org/pgsql-hackers/2002-08/msg00713.php Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cash_out(2). Analysis ---------------- ED_PRI CAN-2002-1399 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: A large number of buffer overflows and other issues were discovered in PostgreSQL 7.2.x during August 2002. The process of sorting out these different issues was quite arduous. While CD:SF-LOC might suggest combining most of the overflows into a single item, some security advisories are vague enough that it seems appropriate to create separate candidates for the separate reports, so that vendors may clarify to their customers which problems they did (or did not) fix. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1459 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1459 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020813 L-Forum XSS and upload spoofing Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0115.html Reference: CONFIRM:http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278 Reference: CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=579278&group_id=53716&atid=471343 Reference: XF:lforum-html-message-xss(9838) Reference: URL:http://www.iss.net/security_center/static/9838.php Reference: BID:5462 Reference: URL:http://www.securityfocus.com/bid/5462 Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject. Analysis ---------------- ED_PRI CAN-2002-1459 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests a SPLIT of items if one item appears in a different version than another. As noted in the Bugtraq post and vendor acknowledgement, the bugs with the "Enable HTML" option *off* were fixed, but related bugs when "Enable HTML" is *off* were NOT fixed. Therefore these items should be SPLIT. ACKNOWLEDGEMENT: the vendor bug report 579278, dated July 9, 2002, says "subject, from and e-mail fields ain't passed through htmlspecialchars" (i.e. cleansed of XSS) and credits the Bugtraq poster. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1460 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1460 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020813 L-Forum XSS and upload spoofing Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0115.html Reference: CONFIRM:http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278 Reference: CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=579278&group_id=53716&atid=471343 Reference: BID:5463 Reference: URL:http://www.securityfocus.com/bid/5463 Reference: XF:lforum-upload-read-files(9839) Reference: URL:http://www.iss.net/security_center/static/9839.php L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files. Analysis ---------------- ED_PRI CAN-2002-1460 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ACKNOWLEDGEMENT: the vendor bug report 579278, dated July 9, 2002, says "subject, from and e-mail fields ain't passed through htmlspecialchars" (i.e. cleansed of XSS) and credits the Bugtraq poster. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1483 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1483 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: VULNWATCH:20020919 Advisory: File disclosure in DB4Web Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0124.html Reference: BUGTRAQ:20020917 Advisory: File disclosure in DB4Web Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0197.html Reference: CONFIRM:http://www.db4web.de/download/homepage/hotfix/readme_en.txt Reference: XF:db4web-db4webc-directory-traversal(10123) Reference: URL:http://www.iss.net/security_center/static/10123.php Reference: BID:5723 Reference: URL:http://www.securityfocus.com/bid/5723 db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote attackers to read arbitrary files via an HTTP request whose argument is a filename of the form (1) C: (drive letter), (2) //absolute/path (double-slash), or (3) .. (dot-dot). Analysis ---------------- ED_PRI CAN-2002-1483 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1503 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1503 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020904 AFD 1.2.14 multiple local root compromises Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0029.html Reference: CONFIRM:http://www.dwd.de/AFD/txt/CHANGES Reference: BID:5626 Reference: URL:http://www.securityfocus.com/bid/5626 Reference: XF:afd-multiple-binaries-bo(10036) Reference: URL:http://www.iss.net/security_center/static/10036.php Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc. Analysis ---------------- ED_PRI CAN-2002-1503 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC, SF-EXEC ACKNOWLEDGEMENT: in the Changelog, an item dated 31.08.2002 (August 31) says "Fix multiple local root exploits in get_afd_path() and get_mon_path()" and credits the discloser. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
