|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster UNIX-2002a - 52 candidates
I am proposing cluster UNIX-2002a for review and voting by the Editorial Board. Name: UNIX-2002a Description: CANs in Linux/Unix advisories from July 2002 to Sept 2002 Size: 52 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0384 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0384 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020522 Category: SF Reference: REDHAT:RHSA-2002:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-107.html Reference: REDHAT:RHSA-2002:098 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-098.html Reference: MANDRAKE:MDKSA-2002:054 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-054.php Reference: HP:HPSBTL0208-057 Reference: URL:http://online.securityfocus.com/advisories/4358 Reference: XF:gaim-jabber-module-bo(9766) Reference: URL:http://www.iss.net/security_center/static/9766.php Reference: BID:5406 Reference: URL:http://www.securityfocus.com/bid/5406 Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code. Analysis ---------------- ED_PRI CAN-2002-0384 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0662 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0662 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020702 Category: SF Reference: BUGTRAQ:20020902 The ScrollKeeper Root Trap Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103098575826031&w=2 Reference: DEBIAN:DSA-160 Reference: URL:http://www.debian.org/security/2002/dsa-160 Reference: REDHAT:RHSA-2002:186 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-186.html Reference: BUGTRAQ:20020904 GLSA: scrollkeeper Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103115387102294&w=2 scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files. Analysis ---------------- ED_PRI CAN-2002-0662 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0835 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0835 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020808 Category: SF Reference: REDHAT:RHSA-2002:162 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-162.html Reference: REDHAT:RHSA-2002:165 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-165.html Reference: CALDERA:CSSA-2002-044.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt Reference: HP:HPSBTL0209-066 Reference: URL:http://online.securityfocus.com/advisories/4449 Reference: BID:5596 Reference: URL:http://www.securityfocus.com/bid/5596 Reference: XF:pxe-dhcp-dos(10003) Reference: URL:http://www.iss.net/security_center/static/10003.php Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones. Analysis ---------------- ED_PRI CAN-2002-0835 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1091 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1091 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134051120770&w=2 Reference: MISC:http://crash.ihug.co.nz/~Sneuro/zerogif/ Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=157989 Reference: REDHAT:RHSA-2002:192 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html Reference: MANDRAKE:MDKSA-2002:075 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:075 Reference: XF:netscape-zero-gif-bo(10058) Reference: URL:http://www.iss.net/security_center/static/10058.php Reference: BID:5665 Reference: URL:http://www.securityfocus.com/bid/5665 Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width. Analysis ---------------- ED_PRI CAN-2002-1091 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1111 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020906 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978873620491&w=2 Reference: DEBIAN:DSA-153 Reference: URL:http://www.debian.org/security/2002/dsa-153 Reference: BID:5515 Reference: URL:http://www.securityfocus.com/bid/5515 print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted. Analysis ---------------- ED_PRI CAN-2002-1111 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1112 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1112 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978673018271&w=2 Reference: DEBIAN:DSA-153 Reference: URL:http://www.debian.org/security/2002/dsa-153 Reference: BID:5514 Reference: URL:http://www.securityfocus.com/bid/5514 Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page. Analysis ---------------- ED_PRI CAN-2002-1112 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1113 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1113 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020813 mantisbt security flaw Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102927873301965&w=2 Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-04] Arbitrary code execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978924821040&w=2 Reference: DEBIAN:DSA-153 Reference: URL:http://www.debian.org/security/2002/dsa-153 Reference: BID:5504 Reference: URL:http://www.securityfocus.com/bid/5504 summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code. Analysis ---------------- ED_PRI CAN-2002-1113 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1114 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1114 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978711618648&w=2 Reference: DEBIAN:DSA-153 Reference: URL:http://www.debian.org/security/2002/dsa-153 Reference: XF:mantis-configinc-var-include(9900) Reference: URL:http://www.iss.net/security_center/static/9900.php Reference: BID:5509 Reference: URL:http://www.securityfocus.com/bid/5509 config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie. Analysis ---------------- ED_PRI CAN-2002-1114 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1115 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1115 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020823 [Mantis Advisory/2002-06] Private bugs accessible in Mantis Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103013249211164&w=2 Reference: DEBIAN:DSA-161 Reference: URL:http://www.debian.org/security/2002/dsa-161 Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php. Analysis ---------------- ED_PRI CAN-2002-1115 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1116 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1116 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020906 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on 'View Bugs' Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103014152320112&w=2 Reference: DEBIAN:DSA-161 Reference: URL:http://www.debian.org/security/2002/dsa-161 The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects. Analysis ---------------- ED_PRI CAN-2002-1116 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1119 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1119 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020909 Category: SF Reference: MISC:http://mail.python.org/pipermail/python-dev/2002-August/027229.html Reference: DEBIAN:DSA-159 Reference: URL:http://www.debian.org/security/2002/dsa-159 Reference: CONECTIVA:CLA-2002:527 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000527 Reference: CALDERA:CSSA-2002-045.0 Reference: MANDRAKE:MDKSA-2002:082 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-082.php Reference: REDHAT:RHSA-2002:202 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-202.html Reference: BUGTRAQ:20030123 [OpenPKG-SA-2003.006] OpenPKG Security Advisory (python) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104333092200589&w=2 Reference: XF:python-execvpe-tmpfile-symlink(10009) Reference: URL:http://www.iss.net/security_center/static/10009.php Reference: BID:5581 Reference: URL:http://www.securityfocus.com/bid/5581 os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack. Analysis ---------------- ED_PRI CAN-2002-1119 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1126 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1126 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020917 Category: SF Reference: BUGTRAQ:20020911 Privacy leak in mozilla Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103176760004720&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=145579 Reference: REDHAT:RHSA-2002:192 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html Reference: MANDRAKE:MDKSA-2002:075 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:075 Reference: XF:mozilla-onunload-url-leak(10084) Reference: URL:http://www.iss.net/security_center/static/10084.php Reference: BID:5694 Reference: URL:http://www.securityfocus.com/bid/5694 Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler. Analysis ---------------- ED_PRI CAN-2002-1126 1 Vendor Acknowledgement: yes patch Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1131 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1131 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020920 Category: SF Reference: BUGTRAQ:20020919 Squirrel Mail 1.2.7 XSS Exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774 Reference: REDHAT:RHSA-2002:204 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-204.html Reference: DEBIAN:DSA-191 Reference: URL:http://www.debian.org/security/2002/dsa-191 Reference: XF:squirrelmail-php-xss(10145) Reference: URL:http://www.iss.net/security_center/static/10145.php Reference: BID:5763 Reference: URL:http://www.securityfocus.com/bid/5763 Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. Analysis ---------------- ED_PRI CAN-2002-1131 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the vendor's changelog for version 1.2.8, dated September 14, 2002, says: " Fixes for multiple XXS exploits on the addressbook, search, help, and options pages." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1132 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1132 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020920 Category: SF Reference: BUGTRAQ:20020919 Squirrel Mail 1.2.7 XSS Exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html Reference: REDHAT:RHSA-2002:204 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-204.html Reference: DEBIAN:DSA-191 Reference: URL:http://www.debian.org/security/2002/dsa-191 Reference: XF:squirrelmail-options-path-disclosure(10345) Reference: URL:http://www.iss.net/security_center/static/10345.php SquirrelMail 1.2.7 and earlier, and possibly later versions, allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. Analysis ---------------- ED_PRI CAN-2002-1132 1 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1147 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1147 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020924 Category: SF Reference: MISC:http://www.tech-serve.com/research/advisories/2002/a092302-1.txt Reference: BUGTRAQ:20020924 HP Procurve 4000M Stacked Switch HTTP Reset Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103287951910420&w=2 Reference: HP:HPSBUX0209-219 Reference: URL:http://online.securityfocus.com/advisories/4501 Reference: BID:5784 Reference: URL:http://www.securityfocus.com/bid/5784 Reference: XF:hp-procurve-http-reset-dos(10172) Reference: URL:http://www.iss.net/security_center/static/10172.php The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program. Analysis ---------------- ED_PRI CAN-2002-1147 1 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1148 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020924 JSP source code exposure in Tomcat 4.x Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103288242014253&w=2 Reference: DEBIAN:DSA-170 Reference: URL:http://www.debian.org/security/2002/dsa-170 Reference: HP:HPSBUX0212-229 Reference: URL:http://online.securityfocus.com/advisories/4758 Reference: BID:5786 Reference: URL:http://www.securityfocus.com/bid/5786 Reference: XF:tomcat-servlet-source-code(10175) Reference: URL:http://www.iss.net/security_center/static/10175.php The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. Analysis ---------------- ED_PRI CAN-2002-1148 1 Vendor Acknowledgement: unknown vague ACCURACY: The "DSA-169" number was inadvertently published for two separate issues. Debian confirmed via email that DSA-169 is intended for the htcheck issue (CAN-2002-1195), and DSA-170 is intended for the Tomcat issue (CAN-2002-1148). Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1151 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1151 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020910 KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103175850925395&w=2 Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020908-2.txt Reference: CONECTIVA:CLA-2002:525 Reference: DEBIAN:DSA-167 Reference: URL:http://www.debian.org/security/2002/dsa-167 Reference: MANDRAKE:MDKSA-2002:064 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-064.php Reference: CALDERA:CSSA-2002-047.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: BID:5689 Reference: URL:http://online.securityfocus.com/bid/5689 Reference: XF:ie-sameoriginpolicy-bypass(10039) Reference: URL:http://www.iss.net/security_center/static/10039.php The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains. Analysis ---------------- ED_PRI CAN-2002-1151 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1152 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1152 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020910 KDE Security Advisory: Secure Cookie Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103175827225044&w=2 Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020908-1.txt Reference: REDHAT:RHSA-2002:220 Reference: XF:kde-konqueror-cookie-hijacking(10083) Reference: URL:http://www.iss.net/security_center/static/10083.php Reference: BID:5691 Reference: URL:http://www.securityfocus.com/bid/5691 Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. Analysis ---------------- ED_PRI CAN-2002-1152 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1336 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1336 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021202 Category: SF Reference: BUGTRAQ:20020724 VNC authentication weakness Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102753170201524&w=2 Reference: BUGTRAQ:20020726 RE: VNC authentication weakness Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102769183913594&w=2 Reference: CONFIRM:http://www.tightvnc.com/WhatsNew.txt Reference: MANDRAKE:MDKSA-2003:022 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:022 Reference: BID:5296 Reference: URL:http://online.securityfocus.com/bid/5296 TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users. Analysis ---------------- ED_PRI CAN-2002-1336 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: The changelog for 1.2.6 says that it "Fixed a repeated challenge replay attack vulnerability, bugtraq id 5296." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1405 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1405 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030204 Category: SF Reference: BUGTRAQ:20020819 Lynx CRLF Injection Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978118411977&w=2 Reference: BUGTRAQ:20020822 Lynx CRLF Injection, part two Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103003793418021&w=2 Reference: DEBIAN:DSA-210 Reference: URL:http://www.debian.org/security/2002/dsa-210 Reference: CALDERA:CSSA-2002-049.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt Reference: REDHAT:RHSA-2003:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-029.html Reference: BUGTRAQ:20021219 TSLSA-2002-0085 - lynx-ssl Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104033235506549&w=2 Reference: MANDRAKE:MDKSA-2003:023 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:023 Reference: XF:lynx-crlf-injection(9887) Reference: URL:http://www.iss.net/security_center/static/9887.php CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters. Analysis ---------------- ED_PRI CAN-2002-1405 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1412 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1412 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020801 code injection in gallery Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0471.html Reference: CONFIRM:http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=50&mode=thread&order=0&thold=0 Reference: DEBIAN:DSA-138 Reference: URL:http://www.debian.org/security/2002/dsa-138 Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script. Analysis ---------------- ED_PRI CAN-2002-1412 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1419 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1419 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: SGI:20020805-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020805-01-I Reference: BID:5467 Reference: URL:http://www.securityfocus.com/bid/5467 Reference: XF:irix-origin-bypass-filtering(9868) Reference: URL:http://www.iss.net/security_center/static/9868.php The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC address. Analysis ---------------- ED_PRI CAN-2002-1419 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1424 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1424 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: DEBIAN:DSA-141 Reference: URL:http://www.debian.org/security/2002/dsa-141 Reference: BID:5385 Reference: URL:http://www.securityfocus.com/bid/5385 Reference: XF:munpack-mime-bo(9747) Reference: URL:http://www.iss.net/security_center/static/9747.php Buffer overflow in munpack in mpack 1.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. Analysis ---------------- ED_PRI CAN-2002-1424 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1425 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1425 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: DEBIAN:DSA-141 Reference: URL:http://www.debian.org/security/2002/dsa-141 Reference: BID:5386 Reference: URL:http://www.securityfocus.com/bid/5386 Reference: XF:munpack-dotdot-directory-traversal(9748) Reference: URL:http://www.iss.net/security_center/static/9748.php Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted. Analysis ---------------- ED_PRI CAN-2002-1425 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1472 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1472 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: CONECTIVA:CLA-2002:529 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529 Reference: SUSE:SuSE-SA:2002:032 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html Reference: BID:5735 Reference: URL:http://www.securityfocus.com/bid/5735 Reference: XF:xfree86-x11-program-execution(10137) Reference: URL:http://www.iss.net/security_center/static/10137.php libX11.so in xfree86 allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module. Analysis ---------------- ED_PRI CAN-2002-1472 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1476 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1476 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: NETBSD:NetBSD-SA2002-012 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc Reference: BID:5724 Reference: URL:http://www.securityfocus.com/bid/5724 Reference: XF:netbsd-libc-setlocale-bo(10159) Reference: URL:http://www.iss.net/security_center/static/10159.php Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh. Analysis ---------------- ED_PRI CAN-2002-1476 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1477 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1477 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: BUGTRAQ:20020903 Cacti security issues Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html Reference: DEBIAN:DSA-164 Reference: URL:http://www.debian.org/security/2002/dsa-164 Reference: MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt Reference: XF:cacti-graph-label-commands(10048) Reference: URL:http://www.iss.net/security_center/static/10048.php Reference: BID:5627 Reference: URL:http://www.securityfocus.com/bid/5627 graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode. Analysis ---------------- ED_PRI CAN-2002-1477 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1490 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1490 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: NETBSD:NetBSD-SA2002-007 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-007.txt.asc Reference: XF:netbsd-tiocsctty-ioctl-bo(10115) Reference: URL:http://www.iss.net/security_center/static/10115.php Reference: BID:5722 Reference: URL:http://www.securityfocus.com/bid/5722 NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes. Analysis ---------------- ED_PRI CAN-2002-1490 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1513 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1513 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20020927 OpenVMS POP server local vulnerability Reference: URL:http://online.securityfocus.com/archive/1/293070 Reference: BUGTRAQ:20021001 [security bulletin] SSRT2371 HP OpenVMS Potential POP server local vulnerability (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0010.html Reference: COMPAQ:SSRT2371 Reference: URL:http://archives.neohapsis.com/archives/compaq/2002-q4/0000.html Reference: BID:5790 Reference: URL:http://www.securityfocus.com/bid/5790 Reference: XF:openvms-pop-gain-privileges(10236) Reference: URL:http://www.iss.net/security_center/static/10236.php The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges. Analysis ---------------- ED_PRI CAN-2002-1513 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1468 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1468 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: AIXAPAR:IY31997 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0007.html Buffer overflow in errpt in AIX 4.3.3 with unknown attack vectors and unknown consequences. Analysis ---------------- ED_PRI CAN-2002-1468 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0399 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0399 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020602 Category: SF Reference: BUGTRAQ:20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103419290219680&w=2 Reference: REDHAT:RHSA-2002:096 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-096.html Reference: MANDRAKE:MDKSA-2002:066 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:066 Reference: CONECTIVA:CLA-2002:538 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 Reference: ENGARDE:ESA-20021003-022 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2400.html Reference: XF:archive-extraction-directory-traversal(10224) Reference: URL:http://www.iss.net/security_center/static/10224.php Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CAN-2001-1267. Analysis ---------------- ED_PRI CAN-2002-0399 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0837 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0837 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020808 Category: SF Reference: BUGTRAQ:20020908 Guardent Client Advisory: Multiple wordtrans-web Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103158607631137&w=2 Reference: MISC:http://www.guardent.com/comp_news_wordtrans-web.html# Reference: REDHAT:RHSA-2002:188 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-188.html Reference: XF:wordtrans-web-php-xss(10059) Reference: URL:http://www.iss.net/security_center/static/10059.php Reference: XF:wordtrans-web-code-execution(10063) Reference: URL:http://www.iss.net/security_center/static/10063.php Reference: BID:5674 Reference: URL:http://www.securityfocus.com/bid/5674 Reference: BID:5671 Reference: URL:http://www.securityfocus.com/bid/5671 wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute arbitrary code or (2) conduct cross-site scripting attacks via certain parameters (possibly "dict") to the wordtrans.php script. Analysis ---------------- ED_PRI CAN-2002-0837 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: the Guardent advisory is not clear enough to be certain whether there is one or two different vulnerability types here, although there is some implication that "multiple" vulnerabilities are involved. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1110 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1110 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020906 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978728718851&w=2 Reference: DEBIAN:DSA-153 Reference: URL:http://www.debian.org/security/2002/dsa-153 Reference: BID:5510 Reference: URL:http://www.securityfocus.com/bid/5510 Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php. Analysis ---------------- ED_PRI CAN-2002-1110 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1124 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1124 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020913 Category: SF Reference: DEBIAN:DSA-166 Reference: URL:http://www.debian.org/security/2002/dsa-166 Reference: XF:linux-purity-bo(10100) Reference: URL:http://www.iss.net/security_center/static/10100.php Reference: BID:5702 Reference: URL:http://www.securityfocus.com/bid/5702 Multiple buffer overflows in purity 1-16 allow local users to gain privileges and modify high scores tables. Analysis ---------------- ED_PRI CAN-2002-1124 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1125 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1125 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020916 Category: SF Reference: VULNWATCH:20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.html Reference: BUGTRAQ:20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103228135413310&w=2 Reference: FREEBSD:FreeBSD-SA-02:39 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc Reference: XF:bsd-libkvm-descriptor-leak(10109) Reference: URL:http://www.iss.net/security_center/static/10109.php Reference: BID:5714 Reference: URL:http://www.securityfocus.com/bid/5714 Reference: BID:5716 Reference: URL:http://www.securityfocus.com/bid/5716 Reference: BID:5718 Reference: URL:http://www.securityfocus.com/bid/5718 Reference: BID:5719 Reference: URL:http://www.securityfocus.com/bid/5719 Reference: BID:5720 Reference: URL:http://www.securityfocus.com/bid/5720 FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory. Analysis ---------------- ED_PRI CAN-2002-1125 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1134 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1134 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: COMPAQ:SSRT2362 Reference: URL:http://online.securityfocus.com/advisories/4497 Reference: BUGTRAQ:20020923 [security bulletin] SSRT2362 WEBES Service Tools (HP Tru64 UNIX, HP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103280973718587&w=2 Reference: XF:webes-unauth-file-access(10167) Reference: URL:http://www.iss.net/security_center/static/10167.php Reference: BID:5773 Reference: URL:http://www.securityfocus.com/bid/5773 Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged files. Analysis ---------------- ED_PRI CAN-2002-1134 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1174 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1174 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020930 Category: SF Reference: VULNWATCH:20020929 Advisory 03/2002: Fetchmail remote vulnerabilities Reference: BUGTRAQ:20020929 Advisory 03/2002: Fetchmail remote vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103340148625187&w=2 Reference: MANDRAKE:MDKSA-2002:063 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php Reference: DEBIAN:DSA-171 Reference: URL:http://www.debian.org/security/2002/dsa-171 Reference: CONECTIVA:CLA-2002:531 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531 Reference: REDHAT:RHSA-2002:215 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-215.html Reference: ENGARDE:ESA-20021003-023 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2402.html Reference: XF:fetchmail-multidrop-bo(10203) Reference: URL:http://www.iss.net/security_center/static/10203.php Reference: BID:5825 Reference: URL:http://www.securityfocus.com/bid/5825 Reference: BID:5827 Reference: URL:http://www.securityfocus.com/bid/5827 Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function. Analysis ---------------- ED_PRI CAN-2002-1174 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1175 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1175 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020930 Category: SF Reference: VULNWATCH:20020929 Advisory 03/2002: Fetchmail remote vulnerabilities Reference: BUGTRAQ:20020929 Advisory 03/2002: Fetchmail remote vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103340148625187&w=2 Reference: MANDRAKE:MDKSA-2002:063 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php Reference: DEBIAN:DSA-171 Reference: URL:http://www.debian.org/security/2002/dsa-171 Reference: CONECTIVA:CLA-2002:531 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531 Reference: REDHAT:RHSA-2002:215 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-215.html Reference: ENGARDE:ESA-20021003-023 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2402.html Reference: XF:fetchmail-multidrop-bo(10203) Reference: URL:http://www.iss.net/security_center/static/10203.php Reference: BID:5826 Reference: URL:http://www.securityfocus.com/bid/5826 The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary. Analysis ---------------- ED_PRI CAN-2002-1175 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1216 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1216 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021015 Category: SF Reference: BUGTRAQ:20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103419290219680&w=2 Reference: REDHAT:RHSA-2002:096 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-096.html Reference: XF:archive-extraction-directory-traversal(10224) Reference: URL:http://www.iss.net/security_center/static/10224.php GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check. Analysis ---------------- ED_PRI CAN-2002-1216 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC ABSTRACTION: This problem is a re-introduction of a vulnerability that affected earlier versions of software. It seems appropriate that, since different versions are affected for this re-introduction, that CD:SF-LOC should suggest keeping the issues SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1226 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1226 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: SUSE:SuSE-SA:2002:034 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103341355708817&w=2 Reference: BUGTRAQ:20021014 GLSA: heimdal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103462479621246&w=2 Reference: DEBIAN:DSA-178 Reference: URL:http://www.debian.org/security/2002/dsa-178 Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CAN-2002-1225). Analysis ---------------- ED_PRI CAN-2002-1226 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1397 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1397 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030107 Category: SF Reference: BUGTRAQ:20020819 @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102977465204357&w=2 Reference: MISC:http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52 Reference: CONECTIVA:CLA-2002:524 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524 Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow. Analysis ---------------- ED_PRI CAN-2002-1397 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: A large number of buffer overflows and other issues were discovered in PostgreSQL 7.2.x during August 2002. The process of sorting out these different issues was quite arduous. While CD:SF-LOC might suggest combining most of the overflows into a single item, some security advisories are vague enough that it seems appropriate to create separate candidates for the separate reports, so that vendors may clarify to their customers which problems they did (or did not) fix. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1398 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1398 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030107 Category: SF Reference: BUGTRAQ:20020819 Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978152712430&w=2 Reference: BUGTRAQ:20020821 Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102996089613404&w=2 Reference: BUGTRAQ:20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103021186622725&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=postgresql-announce&m=103062536330644 Reference: CONFIRM:http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php Reference: DEBIAN:DSA-165 Reference: URL:http://www.debian.org/security/2002/dsa-165 Reference: SUSE:SuSE-SA:2002:038 Reference: URL:http://www.suse.de/de/security/2002_038_postgresql.html Reference: BUGTRAQ:20020826 GLSA: PostgreSQL Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103036987114437&w=2 Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input." Analysis ---------------- ED_PRI CAN-2002-1398 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: A large number of buffer overflows and other issues were discovered in PostgreSQL 7.2.x during August 2002. The process of sorting out these different issues was quite arduous. While CD:SF-LOC might suggest combining most of the overflows into a single item, some security advisories are vague enough that it seems appropriate to create separate candidates for the separate reports, so that vendors may clarify to their customers which problems they did (or did not) fix. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1400 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1400 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030107 Category: SF Reference: BUGTRAQ:20020820 @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102987306029821&w=2 Reference: BUGTRAQ:20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103021186622725&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=postgresql-announce&m=103062536330644 Reference: CONFIRM:http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php Reference: CONECTIVA:CLA-2002:524 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524 Reference: SUSE:SuSE-SA:2002:038 Reference: URL:http://www.suse.de/de/security/2002_038_postgresql.html Reference: MANDRAKE:MDKSA-2002:062 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:062 Reference: BUGTRAQ:20020826 GLSA: PostgreSQL Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103036987114437&w=2 Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string. Analysis ---------------- ED_PRI CAN-2002-1400 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: A large number of buffer overflows and other issues were discovered in PostgreSQL 7.2.x during August 2002. The process of sorting out these different issues was quite arduous. While CD:SF-LOC might suggest combining most of the overflows into a single item, some security advisories are vague enough that it seems appropriate to create separate candidates for the separate reports, so that vendors may clarify to their customers which problems they did (or did not) fix. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1401 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1401 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030107 Category: SF Reference: MISC:http://archives.postgresql.org/pgsql-hackers/2002-08/msg02047.php Reference: MISC:http://archives.postgresql.org/pgsql-hackers/2002-08/msg02081.php Reference: DEBIAN:DSA-165 Reference: URL:http://www.debian.org/security/2002/dsa-165 Reference: CONECTIVA:CLA-2002:524 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524 Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow. Analysis ---------------- ED_PRI CAN-2002-1401 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: A large number of buffer overflows and other issues were discovered in PostgreSQL 7.2.x during August 2002. The process of sorting out these different issues was quite arduous. While CD:SF-LOC might suggest combining most of the overflows into a single item, some security advisories are vague enough that it seems appropriate to create separate candidates for the separate reports, so that vendors may clarify to their customers which problems they did (or did not) fix. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1406 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1406 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: HP:HPSBUX0208-210 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0049.html Reference: BID:5454 Reference: URL:http://www.securityfocus.com/bid/5454 Reference: XF:hp-vvos-passwd(9847) Reference: URL:http://www.iss.net/security_center/static/9847.php Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior." Analysis ---------------- ED_PRI CAN-2002-1406 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ABSTRACTION: this could be a duplicate of CAN-2002-0577, but the HP advisory is too vague to be certain. However, CAN-2002-0577 is covered by HP:HPSBUX0204-191, and that advisory recommends a different patch for VVOS 11.04. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1408 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1408 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: HP:HPSBUX0208-208 Reference: URL:http://online.securityfocus.com/advisories/4360 Reference: XF:hp-emanate-default-snmp(9814) Reference: URL:http://www.iss.net/security_center/static/9814.php Reference: BID:5428 Reference: URL:http://www.securityfocus.com/bid/5428 Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 snmpModules allow the SNMP read-write community name to be exposed, related to (1) "'read-only' community access," and/or (2) an easily guessable community name. Analysis ---------------- ED_PRI CAN-2002-1408 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, SF-LOC ABSTRACTION: the advisory is so vague that it is difficult to identify the vulnerability with more precision than covered in the CVE description. However, there may be two separate issues, since the advisory says that one issue is fixed by the patch, and another requires a configuration change. But the advisory does not provide sufficient information to know for sure. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1409 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1409 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: HP:HPSBUX0208-206 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0041.html Reference: BID:5425 Reference: URL:http://www.securityfocus.com/bid/5425 Reference: XF:hp-ptrace-dos(9818) Reference: URL:http://www.iss.net/security_center/static/9818.php ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state." Analysis ---------------- ED_PRI CAN-2002-1409 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ACCURACY: the advisory is too vague to understand the real nature of the vulnerability, so the description has to quote the words from the advisory. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1439 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1439 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: HP:HPSBUX0208-211 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0050.html Reference: XF:hp-vvos-tga-corruption(9846) Reference: URL:http://www.iss.net/security_center/static/9846.php Reference: BID:5459 Reference: URL:http://www.securityfocus.com/bid/5459 Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files. Analysis ---------------- ED_PRI CAN-2002-1439 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ACCURACY: the advisory is too vague to understand the nature of the vulnerability, which could be a classic buffer overflow, integer signedness error, out-of-bounds array index, etc. Neither does the advisory state whether the problem is remotely or locally exploitable. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1473 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1473 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: HP:HPSBUX0208-213 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0064.html Reference: XF:hp-lp-dos(9992) Reference: URL:http://www.iss.net/security_center/static/9992.php Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code. Analysis ---------------- ED_PRI CAN-2002-1473 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-EXEC, VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1474 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1474 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: COMPAQ:SSRT-547 Reference: URL:http://archives.neohapsis.com/archives/tru64/2002-q3/0017.html Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service. Analysis ---------------- ED_PRI CAN-2002-1474 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, SF-LOC ACCURACY: the advisory does not say whether there is one or two vulnerabilities, but there are two separate references (SSRT0756U and SSRT0776U) which could be an indicator of multiple issues. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1475 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1475 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: COMPAQ:SSRT-547 Reference: URL:http://archives.neohapsis.com/archives/tru64/2002-q3/0017.html Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to "take over packets destined for another host" and cause a denial of service. Analysis ---------------- ED_PRI CAN-2002-1475 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ACCURACY: the terminology as used in the advisory does not clarify the nature of the attack, so the text from the advisory is quoted in the description. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1500 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1500 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030205 Category: SF Reference: NETBSD:NetBSD-SA2002-014 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-014.txt.asc Reference: BID:5727 Reference: URL:http://www.securityfocus.com/bid/5727 Reference: XF:netbsd-fdset-bo(10114) Reference: URL:http://www.iss.net/security_center/static/10114.php Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET(). Analysis ---------------- ED_PRI CAN-2002-1500 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
