|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster MISC-2002b - 63 candidates
I am proposing cluster MISC-2002b for review and voting by the Editorial Board. Name: MISC-2002b Description: Misc CANs from Sep 2002 to Dec 2002 Size: 63 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-1127 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1127 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020918 Category: SF Reference: VULNWATCH:20020918 iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3. Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0122.html Reference: XF:osf1-uucp-source-bo(10146) Reference: URL:http://www.iss.net/security_center/static/10146.php Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long source (-s) command line parameter. Analysis ---------------- ED_PRI CAN-2002-1127 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1128 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1128 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020918 Category: SF Reference: VULNWATCH:20020918 iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3. Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0122.html Reference: XF:osf1-inc-mh-bo(10147) Reference: URL:http://www.iss.net/security_center/static/10147.php Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable. Analysis ---------------- ED_PRI CAN-2002-1128 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1129 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1129 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020918 Category: SF Reference: VULNWATCH:20020918 iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3. Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0122.html Reference: BUGTRAQ:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103248659816294&w=2 Reference: XF:osf1-dxterm-xrm-bo(10148) Reference: URL:http://www.iss.net/security_center/static/10148.php Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument. Analysis ---------------- ED_PRI CAN-2002-1129 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-CODEBASE ABSTRACTION: there may be a codebase relationship between this problem and other "-xrm" overflows, as reported in other terminal programs such as CVE-2002-0517 and CVE-1999-0040. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1133 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1133 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020920 Category: SF Reference: BUGTRAQ:20020923 iDEFENSE Security Advisory 09.23.2002: Directory Traversal in Dino's Webserver Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103281444824285&w=2 Reference: VULNWATCH:20020923 iDEFENSE Security Advisory 09.23.2002: Directory Traversal in Dino's Webserver Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0127.html Reference: XF:dinos-dotdot-directory-traversal(10168) Reference: URL:http://www.iss.net/security_center/static/10168.php Reference: BID:5782 Reference: URL:http://www.securityfocus.com/bid/5782 Encoded directory traversal vulnerability in Dino's web server 2.1 allows remote attackers to read arbitrary files via ".." (dot dot) sequences with URL-encoded (1) "/" (%2f") or (2) "\" (%5c) characters. Analysis ---------------- ED_PRI CAN-2002-1133 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1176 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1176 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020930 Category: SF Reference: BUGTRAQ:20021219 Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104025874209567&w=2 Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file. Analysis ---------------- ED_PRI CAN-2002-1176 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC ABSTRACTION: The Artist tag overflow in the 2.81 version applies always, while it only applies in the Media Display window in 3.0, so they are "different" enough overflows appearing in different versions; thus separate candidates are assigned. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1177 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1177 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020930 Category: SF Reference: BUGTRAQ:20021219 Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104025874209567&w=2 Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag. Analysis ---------------- ED_PRI CAN-2002-1177 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC ABSTRACTION: The Artist tag overflow in the 2.81 version applies always, while it only applies in the Media Display window in 3.0, so they are "different" enough overflows appearing in different versions; thus separate candidates are assigned. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1201 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1201 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021011 Category: SF Reference: BUGTRAQ:20021009 Flood ACK packets cause AIX DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103418410408599&w=2 Reference: XF:aix-tcp-flood-dos(10326) Reference: URL:http://www.iss.net/security_center/static/10326.php IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers. Analysis ---------------- ED_PRI CAN-2002-1201 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-EXEC, SF-CODEBASE ABSTRACTION: while the attacks for AIX and SecureWay Firewall are the same, there is sufficient indication that the underlying cause of the issue is different. Therefore these items are SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1203 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1203 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021011 Category: SF Reference: BUGTRAQ:20021009 Flood ACK packets cause an IBM SecureWay FireWall DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103417988503398&w=2 Reference: XF:secureway-tcp-flood-dos(10249) Reference: URL:http://www.iss.net/security_center/static/10249.php IBM SecureWay Firewall before 4.2.2 performs extra processing before determining that a packet is invalid and dropping it, which allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed TCP packets without any flags set. Analysis ---------------- ED_PRI CAN-2002-1203 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-EXEC, SF-CODEBASE ABSTRACTION: while the attacks for AIX and SecureWay Firewall are the same, there is sufficient indication that the underlying cause of the issue is different. Therefore these items are SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1204 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1204 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021014 Category: SF Reference: VULNWATCH:20021119 iDEFENSE Security Advisory 11.19.02c: Netscape Predictable Directory Structure Allows Theft of Preferences File Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0081.html Reference: MISC:http://www.idefense.com/advisory/11.19.02c.txt Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name. Analysis ---------------- ED_PRI CAN-2002-1204 3 Vendor Acknowledgement: no Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1212 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1212 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021014 Category: SF Reference: MISC:http://www.idefense.com/advisory/10.15.02.txt Reference: BUGTRAQ:20021014 iDEFENSE Security Advisory 10.15.02: DoS and Directory Traversal Vulnerabilities in WebServer 4 Everyone Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103471544806141&w=2 Reference: XF:webserver-4everyone-filename-bo(10372) Reference: URL:http://www.iss.net/security_center/static/10372.php Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. Analysis ---------------- ED_PRI CAN-2002-1212 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1213 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1213 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021014 Category: SF Reference: MISC:http://www.idefense.com/advisory/10.15.02.txt Reference: BUGTRAQ:20021014 iDEFENSE Security Advisory 10.15.02: DoS and Directory Traversal Vulnerabilities in WebServer 4 Everyone Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103471544806141&w=2 Reference: XF:webserver-4everyone-encoded-traversal(10373) Reference: URL:http://www.iss.net/security_center/static/10373.php Directory traversal vulnerability in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to read arbitrary files via an HTTP request with ".." (dot-dot) sequences containing URL-encoded forward slash ("%2F") characters. Analysis ---------------- ED_PRI CAN-2002-1213 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1238 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1238 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: BUGTRAQ:20021108 iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103679016031857&w=2 Reference: VULNWATCH:20021108 iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0065.html Reference: MISC:http://www.idefense.com/advisory/11.08.02a.txt Reference: BID:6145 Reference: URL:http://www.securityfocus.com/bid/6145 Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/. Analysis ---------------- ED_PRI CAN-2002-1238 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1242 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1242 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/10.31.02c.txt Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616324103171&w=2 Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html Reference: XF:phpnuke-accountmanager-sql-injection(10516) Reference: URL:http://www.iss.net/security_center/static/10516.php Reference: BID:6088 Reference: URL:http://www.securityfocus.com/bid/6088 SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php. Analysis ---------------- ED_PRI CAN-2002-1242 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1250 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1250 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/11.01.02.txt Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html Reference: XF:abuse-net-command-bo(10519) Reference: URL:http://www.iss.net/security_center/static/10519.php Reference: BID:6094 Reference: URL:http://www.securityfocus.com/bid/6094 Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument. Analysis ---------------- ED_PRI CAN-2002-1250 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1253 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1253 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/11.01.02.txt Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html Reference: XF:abuse-lisp-gain-privileges(11300) Reference: URL:http://www.iss.net/security_center/static/11300.php Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files. Analysis ---------------- ED_PRI CAN-2002-1253 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1309 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1309 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021115 Category: SF Reference: BUGTRAQ:20021112 EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html Reference: VULNWATCH:20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html Reference: BUGTRAQ:20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&r=1&b=200211&w=2 Reference: EEYE:AD20021112 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD20021112.html Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name. Analysis ---------------- ED_PRI CAN-2002-1309 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-CODEBASE, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1310 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1310 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021115 Category: SF Reference: BUGTRAQ:20021112 EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html Reference: VULNWATCH:20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html Reference: BUGTRAQ:20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&r=1&b=200211&w=2 Reference: EEYE:AD20021112 Reference: URL:http://www.eeye.com/html/Research/Advisories/AD20021112.html Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name. Analysis ---------------- ED_PRI CAN-2002-1310 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-CODEBASE, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1471 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1471 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20021003 SSL certificate validation problems in Ximian Evolution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0045.html Reference: XF:evolution-camel-certificate-mitm(10292) Reference: URL:http://www.iss.net/security_center/static/10292.php Reference: BID:5875 Reference: URL:http://www.securityfocus.com/bid/5875 The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack. Analysis ---------------- ED_PRI CAN-2002-1471 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1478 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1478 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020903 Cacti security issues Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html Reference: MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt Reference: XF:cacti-console-mode-commands(10050) Reference: URL:http://www.iss.net/security_center/static/10050.php Reference: BID:5630 Reference: URL:http://www.securityfocus.com/bid/5630 Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode. Analysis ---------------- ED_PRI CAN-2002-1478 3 Vendor Acknowledgement: ACCURACY: it is not clear from the report whether the "console mode" is remote or not; if only accessible on the command line, this may not be a vulnerability unless Cacti is setuid. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1479 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1479 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020903 Cacti security issues Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html Reference: MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt Reference: XF:cacti-config-world-readable(10049) Reference: URL:http://www.iss.net/security_center/static/10049.php Reference: BID:5628 Reference: URL:http://www.securityfocus.com/bid/5628 Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users modify databases as the Cacti user and possibly gain privileges. Analysis ---------------- ED_PRI CAN-2002-1479 3 Vendor Acknowledgement: ACCURACY: it is not clear from the report whether the "console mode" is remote or not; if only accessible on the command line, this may not be a vulnerability unless Cacti is setuid. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1480 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1480 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020909 phpGB: cross site scripting bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0069.html Reference: BID:5676 Reference: URL:http://www.securityfocus.com/bid/5676 Reference: XF:phpgb-entry-deletion-xss(10060) Reference: URL:http://www.iss.net/security_center/static/10060.php Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry. Analysis ---------------- ED_PRI CAN-2002-1480 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1481 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1481 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020909 phpGB: DoS and executing_arbitrary_commands Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0076.html Reference: BID:5679 Reference: URL:http://www.securityfocus.com/bid/5679 Reference: XF:phpgb-savesettings-unauth-access(10065) Reference: URL:http://www.iss.net/security_center/static/10065.php savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php. Analysis ---------------- ED_PRI CAN-2002-1481 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1482 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1482 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020909 phpGB: DoS and executing_arbitrary_commands Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0076.html Reference: BID:5673 Reference: URL:http://www.securityfocus.com/bid/5673 Reference: XF:phpgb-login-sql-injection(10068) Reference: URL:http://www.iss.net/security_center/static/10068.php SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry. Analysis ---------------- ED_PRI CAN-2002-1482 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1484 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1484 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: CF Reference: BUGTRAQ:20020917 Advisory: TCP-Connection risk in DB4Web Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0201.html Reference: VULNWATCH:20020919 Advisory: TCP-Connection risk in DB4Web Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0125.html Reference: XF:db4web-tcp-portscan(10136) Reference: URL:http://www.iss.net/security_center/static/10136.php Reference: BID:5725 Reference: URL:http://www.securityfocus.com/bid/5725 DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message. Analysis ---------------- ED_PRI CAN-2002-1484 3 Vendor Acknowledgement: no disputed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1485 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1485 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020923 Trillian Remote DoS Attack - AIM Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0282.html The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C". Analysis ---------------- ED_PRI CAN-2002-1485 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1486 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1486 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020920 Yet Another. Trillian 'JOIN' Overflow. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0258.html Reference: BUGTRAQ:20020921 And Again. Trillian 'raw 221' Overflow. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0266.html Reference: BUGTRAQ:20020922 *sigh* Trillian multiple DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html Reference: NTBUGTRAQ:20020914 Trillian .74 and below, ident flaw. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0139.html Reference: NTBUGTRAQ:20020919 Trillian .73 & .74 "PRIVMSG" Overflow. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0140.html Reference: BID:5769 Reference: URL:http://www.securityfocus.com/bid/5769 Reference: BID:5777 Reference: URL:http://www.securityfocus.com/bid/5777 Reference: XF:trillian-raw221-bo(10151) Reference: URL:http://www.iss.net/security_center/static/10151.php Reference: BID:5765 Reference: URL:http://www.securityfocus.com/bid/5765 Reference: XF:trillian-irc-server-bo(10163) Reference: URL:http://www.iss.net/security_center/static/10163.php Reference: XF:trillian-irc-join-bo(10150) Reference: URL:http://www.iss.net/security_center/static/10150.php Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server. Analysis ---------------- ED_PRI CAN-2002-1486 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1487 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1487 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020922 *sigh* Trillian multiple DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html Reference: BID:5775 Reference: URL:http://www.securityfocus.com/bid/5775 Reference: XF:trillian-irc-raw-dos(10161) Reference: URL:http://www.iss.net/security_center/static/10161.php The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367. Analysis ---------------- ED_PRI CAN-2002-1487 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1488 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1488 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020922 *sigh* Trillian multiple DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0268.html Reference: BID:5776 Reference: URL:http://www.securityfocus.com/bid/5776 Reference: XF:trillian-part-message-dos(10162) Reference: URL:http://www.iss.net/security_center/static/10162.php The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in. Analysis ---------------- ED_PRI CAN-2002-1488 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1489 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1489 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20021017 New buffer overflow in plaetDNS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0236.html Reference: BUGTRAQ:20020914 Planet Web Software Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0166.html Reference: XF:planetweb-long-url-bo(10391) Reference: URL:http://www.iss.net/security_center/static/10391.php Reference: BID:5710 Reference: URL:http://www.securityfocus.com/bid/5710 Reference: XF:planetweb-long-url-bo(10124) Reference: URL:http://www.iss.net/security_center/static/10124.php Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name. Analysis ---------------- ED_PRI CAN-2002-1489 3 Vendor Acknowledgement: Content Decisions: SF-LOC ABSTRACTION: both overflows affect version 1.14 and therefore should be merged according to CD:SF-LOC. In addition, both attacks send a long string that may be different attack vectors that trigger the same vulnerable code. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1494 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1494 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020903 Cross-Site Scripting in Aestiva Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0026.html Reference: BID:5618 Reference: URL:http://www.securityfocus.com/bid/5618 Reference: XF:aestiva-htmlos-cgi-xss(10029) Reference: URL:http://www.iss.net/security_center/static/10029.php Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message. Analysis ---------------- ED_PRI CAN-2002-1494 3 Vendor Acknowledgement: no Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1495 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1495 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020922 JAWmail XSS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0270.html Reference: XF:jawmail-mail-message-xss(10152) Reference: URL:http://www.iss.net/security_center/static/10152.php Reference: BID:5771 Reference: URL:http://www.securityfocus.com/bid/5771 Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver. Analysis ---------------- ED_PRI CAN-2002-1495 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1501 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1501 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020913 Scan against Enterasys SSR8000 crash the system Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0141.html Reference: MISC:http://www.enterasys.com/support/techtips/tk0659-9.html Reference: BID:5703 Reference: URL:http://www.securityfocus.com/bid/5703 Reference: XF:smartswitch-portscan-dos(10096) Reference: URL:http://www.iss.net/security_center/static/10096.php The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078. Analysis ---------------- ED_PRI CAN-2002-1501 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1504 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1504 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020905 advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0045.html Reference: XF:webserver-4everyone-directory-traversal(10051) Reference: URL:http://www.iss.net/security_center/static/10051.php Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a URL. Analysis ---------------- ED_PRI CAN-2002-1504 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1505 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1505 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020908 sql injection vulnerability in WBB 2.0 RC1 and below Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0083.html Reference: BID:5675 Reference: URL:http://www.securityfocus.com/bid/5675 Reference: XF:wbb-board-sql-injection(10069) Reference: URL:http://www.iss.net/security_center/static/10069.php SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter. Analysis ---------------- ED_PRI CAN-2002-1505 3 Vendor Acknowledgement: unknown discloser-claimed fixed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1507 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1507 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: VULNWATCH:20020917 Fw: [ut2003bugs] remote denial of service in ut2003 demo Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0116.html Reference: XF:ut-console-dos(10128) Reference: URL:http://www.iss.net/security_center/static/10128.php Unreal Tournament 2003 (ut2003) clients and servers allow remote attackers to cause a denial of service via malformed messages containing a small number of characters to UDP ports 7778 or 10777. Analysis ---------------- ED_PRI CAN-2002-1507 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1512 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1512 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20020912 Race condition in BRU Workstation 17.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0154.html Reference: BID:5708 Reference: URL:http://www.securityfocus.com/bid/5708 Reference: XF:bru-xbru-race-condition(10101) Reference: URL:http://www.iss.net/security_center/static/10101.php xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the xbru_dscheck.dd temporary file. Analysis ---------------- ED_PRI CAN-2002-1512 3 Vendor Acknowledgement: Content Decisions: SF-LOC ABSTRACTION: this issue affects the same BRU version as CAN-2002-0210, but there is a period of several months between reports, so it is reasonable to have separate identifiers. ABSTRACTION/ACCURACY: the initial report is not clear, but it may be that the symlink issue enables the exploit of a shell metacharacter problem as well, as demonstrated in an exploit that creates an unusual filename in the logfiles/xferlog directory. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1514 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1514 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20020925 Borland Interbase local root exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0311.html Reference: BID:5805 Reference: URL:http://www.securityfocus.com/bid/5805 Reference: XF:interbase-gdslockmgr-bo(10196) Reference: URL:http://www.iss.net/security_center/static/10196.php gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file. Analysis ---------------- ED_PRI CAN-2002-1514 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1521 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1521 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: VULNWATCH:20020925 [SecurityOffice] Webserver 4D v3.6 Weak Password Preservation Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0128.html Reference: XF:webserver-4d-plaintext-passwords(10198) Reference: URL:http://www.iss.net/security_center/static/10198.php Reference: BID:5803 Reference: URL:http://www.securityfocus.com/bid/5803 Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges. Analysis ---------------- ED_PRI CAN-2002-1521 3 Vendor Acknowledgement: no Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1522 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1522 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: Reference: BUGTRAQ:20021005 Vulnerabilitie in PowerFTP server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0075.html Reference: BUGTRAQ:20021012 Coolsoft PowerFTP <= v2.24 Denial of Service (Linux Source) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0194.html Reference: BID:5899 Reference: URL:http://www.securityfocus.com/bid/5899 Reference: XF:powerftp-long-username-dos(10286) Reference: URL:http://www.iss.net/security_center/static/10286.php Buffer overflow in PowerFTP FTP server 2.24, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long USER argument. Analysis ---------------- ED_PRI CAN-2002-1522 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1524 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1524 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20020929 IIL Advisory: Winamp 3 (1.0.0.488) XML parser buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0346.html Reference: BID:5832 Reference: URL:http://www.securityfocus.com/bid/5832 Reference: XF:winamp-xml-parser-bo(10228) Reference: URL:http://www.iss.net/security_center/static/10228.php Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag. Analysis ---------------- ED_PRI CAN-2002-1524 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1525 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1525 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20020929 [LoWNOISE] "Get Knowledge" SunONE Starter Kit - Sun Microsystems/Astaware Reference: URL:http://online.securityfocus.com/archive/1/293545 Reference: BID:5828 Reference: URL:http://www.securityfocus.com/bid/5828 Reference: XF:sunone-starterkit-search-traversal(10225) Reference: URL:http://www.iss.net/security_center/static/10225.php Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or (3) an absolute pathname to port 6017. Analysis ---------------- ED_PRI CAN-2002-1525 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1526 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1526 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: VULNWATCH:20020926 [VulnWatch] EMU Webmail 5.0 XSS vuln, and webroot path disclosure Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0131.html Reference: BID:5824 Reference: URL:http://www.securityfocus.com/bid/5824 Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field. Analysis ---------------- ED_PRI CAN-2002-1526 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1527 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1527 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: VULNWATCH:20020926 [VulnWatch] EMU Webmail 5.0 XSS vuln, and webroot path disclosure Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0131.html Reference: BID:5823 Reference: URL:http://www.securityfocus.com/bid/5823 Reference: XF:emu-webmail-path-disclosure(10204) Reference: URL:http://www.iss.net/security_center/static/10204.php emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message. Analysis ---------------- ED_PRI CAN-2002-1527 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1528 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1528 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20021010 MondoSearch show the source of all files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0147.html Reference: XF:mondosearch-url-souce-disclosure(10350) Reference: URL:http://www.iss.net/security_center/static/10350.php Reference: BID:5941 Reference: URL:http://www.securityfocus.com/bid/5941 MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter. Analysis ---------------- ED_PRI CAN-2002-1528 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1529 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1529 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html Reference: XF:superscout-emailfilter-error-xss(10319) Reference: URL:http://www.iss.net/security_center/static/10319.php Reference: BID:5928 Reference: URL:http://www.securityfocus.com/bid/5928 Cross-site scripting (XSS) vulnerability in msgError.asp for the administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter. Analysis ---------------- ED_PRI CAN-2002-1529 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1530 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1530 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html Reference: BID:5929 Reference: URL:http://www.securityfocus.com/bid/5929 Reference: XF:superscout-emailfilter-plaintext-passwords(10320) Reference: URL:http://www.iss.net/security_center/static/10320.php The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form. Analysis ---------------- ED_PRI CAN-2002-1530 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1531 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1531 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html Reference: XF:superscout-emailfilter-content-dos(10321) Reference: URL:http://www.iss.net/security_center/static/10321.php Reference: BID:5930 Reference: URL:http://www.securityfocus.com/bid/5930 The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (crash) via an HTTP request without a Content-Length parameter. Analysis ---------------- ED_PRI CAN-2002-1531 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1532 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1532 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html Reference: BID:5931 Reference: URL:http://www.securityfocus.com/bid/5931 Reference: XF:superscout-emailfilter-get-dos(10322) Reference: URL:http://www.iss.net/security_center/static/10322.php The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (resource exhaustion) via a GET request without the terminating /r/n/r/n (CRLF) sequence, which causes the interface to wait for the sequence and blocks other users from accessing it. Analysis ---------------- ED_PRI CAN-2002-1532 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1533 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1533 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20020928 Jetty jsp/servlet engine xss / uname disclosure vuln Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0337.html Reference: BID:5821 Reference: URL:http://www.securityfocus.com/bid/5821 Reference: XF:jetty-http-xss(10219) Reference: URL:http://www.iss.net/security_center/static/10219.php Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a). Analysis ---------------- ED_PRI CAN-2002-1533 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1534 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1534 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20021006 Flash player can read local files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0083.html Reference: XF:flash-xml-read-files(10297) Reference: URL:http://www.iss.net/security_center/static/10297.php Reference: BID:5904 Reference: URL:http://www.securityfocus.com/bid/5904 Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share. Analysis ---------------- ED_PRI CAN-2002-1534 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1535 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1535 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20021014 Symantec Enterprise Firewall Secure Webserver info leak Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0190.html Reference: BID:5959 Reference: URL:http://www.securityfocus.com/bid/5959 Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present. Analysis ---------------- ED_PRI CAN-2002-1535 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1536 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1536 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030225 Category: SF Reference: VULNWATCH:20021018 SCAN Associates Advisory: Molly 0.5 - Remote Command Execution Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0028.html Reference: BUGTRAQ:20021018 SCAN Associates Advisory: Molly 0.5 - Remote Command Execution Reference: URL:http://online.securityfocus.com/archive/1/296163 Reference: BID:6007 Reference: URL:http://www.securityfocus.com/bid/6007 Reference: XF:molly-host-execute-commands(10397) Reference: URL:http://www.iss.net/security_center/static/10397.php Molly IRC bot 0.5 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $host variable for nslookup.pl, (2) the $to, $from, or $message variables in pop.pl, (3) the $words or $text variables in sms.pl, or (4) the $server or $printer variables in hpled.pl. Analysis ---------------- ED_PRI CAN-2002-1536 3 Vendor Acknowledgement: no Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1537 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1537 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030225 Category: SF Reference: BUGTRAQ:20021027 Privilege Escalation Vulnerability In phpBB 2.0.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html Reference: XF:phpbb-adminugauth-admin-privileges(10489) Reference: URL:http://www.iss.net/security_center/static/10489.php Reference: BID:6056 Reference: URL:http://www.securityfocus.com/bid/6056 admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u". Analysis ---------------- ED_PRI CAN-2002-1537 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1538 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1538 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030225 Category: SF Reference: BUGTRAQ:20021025 Sec-Tec advisory 24.10.02 Unauthorised file acces in Acuma Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0366.html Reference: XF:acusend-unauthorized-file-access(10473) Reference: URL:http://www.iss.net/security_center/static/10473.php Reference: BID:6048 Reference: URL:http://www.securityfocus.com/bid/6048 Acuma Acusend 4, and possibly earlier versions, allows remote authenticated users to read the reports of other users by inferring the full URL, whose name is easily predictable. Analysis ---------------- ED_PRI CAN-2002-1538 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1539 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1539 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030225 Category: SF Reference: BUGTRAQ:20021027 MDaemon SMTP/POP/IMAP server DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0382.html Reference: XF:mdaemon-dele-uidl-dos(10488) Reference: URL:http://www.iss.net/security_center/static/10488.php Reference: BID:6053 Reference: URL:http://www.securityfocus.com/bid/6053 Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service via long (1) DELE or (2) UIDL arguments. Analysis ---------------- ED_PRI CAN-2002-1539 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1541 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1541 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030225 Category: SF Reference: VULNWATCH:20021024 [SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0041.html Reference: BID:6044 Reference: URL:http://www.securityfocus.com/bid/6044 Reference: XF:badblue-protected-file-access(10466) Reference: URL:http://www.iss.net/security_center/static/10466.php BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra / (slash). Analysis ---------------- ED_PRI CAN-2002-1541 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1542 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1542 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030225 Category: SF Reference: VULNWATCH:20021024 TFTP Server DoS Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0040.html SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow. Analysis ---------------- ED_PRI CAN-2002-1542 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1544 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1544 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030225 Category: SF Reference: BUGTRAQ:20021010 more silly bugs in cooolsoft 'personal ftp server' Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0142.html Directory traversal vulnerability in CooolSoft Personal FTP Server 2.24 allows remote attackers to read or modify arbitrary files via .. (dot dot) sequences in the commands (1) LIST (ls), (2) mkdir, (3) put, or (4) get. Analysis ---------------- ED_PRI CAN-2002-1544 3 Vendor Acknowledgement: Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: there may be some overlap between this bug and CAN-2001-0931, which is for PowerFTP 2.03 instead of this package and version. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1545 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1545 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030225 Category: SF Reference: BUGTRAQ:20021010 more silly bugs in cooolsoft 'personal ftp server' Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0142.html CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response. Analysis ---------------- ED_PRI CAN-2002-1545 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1546 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1546 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030225 Category: SF Reference: VULNWATCH:20021024 [SecurityOffice] BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0043.html Reference: MISC:http://www.securityoffice.net/articles/webweaver/ Reference: BID:6041 Reference: URL:http://www.securityfocus.com/bid/6041 Reference: XF:brs-webweaver-file-access(10467) Reference: URL:http://www.iss.net/security_center/static/10467.php BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence. Analysis ---------------- ED_PRI CAN-2002-1546 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1549 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1549 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030304 Category: SF Reference: BUGTRAQ:20021112 Remote Buffer Overflow vulnerability in Light HTTPd Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-11/0138.html Reference: BID:6162 Reference: URL:http://www.securityfocus.com/bid/6162 Reference: XF:light-httpd-bo(10607) Reference: URL:http://www.iss.net/security_center/static/10607.php Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. Analysis ---------------- ED_PRI CAN-2002-1549 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1559 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1559 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030304 Category: SF Reference: BUGTRAQ:20021101 ion-p.exe allows Remote File Retrieving Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0447.html Reference: BUGTRAQ:20021101 Re: ion-p.exe allows Remote File Retrieving Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0448.html Reference: XF:ion-ionp-view-files(10518) Reference: URL:http://www.iss.net/security_center/static/10518.php Reference: BID:6091 Reference: URL:http://www.securityfocus.com/bid/6091 Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter. Analysis ---------------- ED_PRI CAN-2002-1559 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1560 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1560 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030304 Category: SF Reference: BUGTRAQ:20021022 gBook Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0328.html Reference: BID:6033 Reference: URL:http://www.securityfocus.com/bid/6033 Reference: XF:gbook-mysql-admin-access(10455) Reference: URL:http://www.iss.net/security_center/static/10455.php index.php in gBook 1.4 allows remote attackers to bypass authentication and gain administrative privileges by setting the login parameter to true. Analysis ---------------- ED_PRI CAN-2002-1560 3 Vendor Acknowledgement: no Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
