|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster UNIX-2003a - 35 candidates
I am proposing cluster UNIX-2003a for review and voting by the Editorial Board. Name: UNIX-2003a Description: CANs in Linux advisories from Jan 2003 to March 2003 Size: 35 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-1509 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1509 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030213 Category: SF Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418 Reference: REDHAT:RHSA-2003:057 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-057.html Reference: MANDRAKE:MDKSA-2003:026 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:026 A patch for shadow-utils 20000902-7 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email. Analysis ---------------- ED_PRI CAN-2002-1509 1 Vendor Acknowledgement: yes patch Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0012 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0012 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030106 Category: SF Reference: BUGTRAQ:20030102 [BUGZILLA] Security Advisory - remote database password disclosure Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104154319200399&w=2 Reference: DEBIAN:DSA-230 Reference: URL:http://www.debian.org/security/2003/dsa-230 Reference: BID:6502 Reference: URL:http://online.securityfocus.com/bid/6502 The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data. Analysis ---------------- ED_PRI CAN-2003-0012 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0013 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0013 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030106 Category: CF Reference: BUGTRAQ:20030102 [BUGZILLA] Security Advisory - remote database password disclosure Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104154319200399&w=2 Reference: DEBIAN:DSA-230 Reference: URL:http://www.debian.org/security/2003/dsa-230 Reference: BID:6501 Reference: URL:http://online.securityfocus.com/bid/6501 The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file. Analysis ---------------- ED_PRI CAN-2003-0013 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0018 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0018 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030107 Category: SF Reference: REDHAT:RHSA-2003:025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-025.html Reference: MANDRAKE:MDKSA-2003:014 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:014 Reference: XF:linux-odirect-information-leak(11249) Reference: URL:http://www.iss.net/security_center/static/11249.php Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. Analysis ---------------- ED_PRI CAN-2003-0018 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0019 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0019 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030107 Category: SF Reference: REDHAT:RHSA-2003:056 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-056.html Reference: XF:linux-umlnet-gain-privileges(11276) Reference: URL:http://www.iss.net/security_center/static/11276.php uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode. Analysis ---------------- ED_PRI CAN-2003-0019 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0032 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030112 Category: SF Reference: BUGTRAQ:20030103 Multiple libmcrypt vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104162752401212&w=2 Reference: BUGTRAQ:20030105 GLSA: libmcrypt Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104188513728573&w=2 Reference: DEBIAN:DSA-228 Reference: URL:http://www.debian.org/security/2003/dsa-228 Reference: CONECTIVA:CLA-2003:567 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567 Reference: SUSE:SuSE-SA:2003:0010 Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool. Analysis ---------------- ED_PRI CAN-2003-0032 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0033 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0033 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030115 Category: SF Reference: ISS:20030303 Snort RPC Preprocessing Vulnerability Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951 Reference: BUGTRAQ:20030303 Snort RPC Vulnerability (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104673386226064&w=2 Reference: MANDRAKE:MDKSA-2003:029 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:029 Reference: ENGARDE:ESA-20030307-007 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104705626227740&w=2 Reference: BUGTRAQ:20030307 GLSA: snort (200303-6.1) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104716001503409&w=2 Reference: XF:snort-rpc-fragment-bo(10956) Reference: URL:http://www.iss.net/security_center/static/10956.php Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets. Analysis ---------------- ED_PRI CAN-2003-0033 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0039 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0039 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030127 Category: SF Reference: BUGTRAQ:20030115 DoS against DHCP infrastructure with isc dhcrelay Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104310927813830&w=2 Reference: DEBIAN:DSA-245 Reference: URL:http://www.debian.org/security/2003/dsa-245 Reference: BUGTRAQ:20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd) Reference: URL:http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.html ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count. Analysis ---------------- ED_PRI CAN-2003-0039 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0040 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0040 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030127 Category: SF Reference: DEBIAN:DSA-247 Reference: URL:http://www.debian.org/security/2003/dsa-247 SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name. Analysis ---------------- ED_PRI CAN-2003-0040 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0042 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0042 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030127 Category: SF Reference: BUGTRAQ:20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104394568616290&w=2 Reference: VULNWATCH:20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/ Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt Reference: DEBIAN:DSA-246 Reference: URL:http://www.debian.org/security/2003/dsa-246 Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character. Analysis ---------------- ED_PRI CAN-2003-0042 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0043 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0043 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030127 Category: SF Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/ Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt Reference: DEBIAN:DSA-246 Reference: URL:http://www.debian.org/security/2003/dsa-246 Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. Analysis ---------------- ED_PRI CAN-2003-0043 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0044 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0044 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030127 Category: SF Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/ Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt Reference: DEBIAN:DSA-246 Reference: URL:http://www.debian.org/security/2003/dsa-246 Cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to execute arbitrary web script. Analysis ---------------- ED_PRI CAN-2003-0044 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0070 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0070 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030204 Category: SF Reference: VULNWATCH:20030224 Terminal Emulator Security Issues Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 Reference: REDHAT:RHSA-2003:053 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-053.html Reference: BUGTRAQ:20030303 GLSA: vte (200303-2) Reference: XF:terminal-emulator-window-title(11414) Reference: URL:http://www.iss.net/security_center/static/11414.php VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Analysis ---------------- ED_PRI CAN-2003-0070 1 Vendor Acknowledgement: yes advisory ACCURACY: Affected versions confirmed by Mark Cox of Red Hat via email. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0073 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0073 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030204 Category: SF Reference: CONFIRM:http://www.mysql.com/doc/en/News-3.23.55.html Reference: MANDRAKE:MDKSA-2003:013 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:013 Reference: BUGTRAQ:20030129 [OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104385719107879&w=2 Reference: ENGARDE:ESA-20030220-004 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html Reference: XF:mysql-mysqlchangeuser-doublefree-dos(11199) Reference: URL:http://www.iss.net/security_center/static/11199.php Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. Analysis ---------------- ED_PRI CAN-2003-0073 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0078 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030210 Category: SF Reference: CONFIRM:http://www.openssl.org/news/secadv_20030219.txt Reference: BUGTRAQ:20030219 OpenSSL 0.9.7a and 0.9.6i released Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104567627211904&w=2 Reference: BUGTRAQ:20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104568426824439&w=2 Reference: ENGARDE:ESA-20030220-005 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html Reference: BUGTRAQ:20030220 GLSA: openssl (200302-10) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104577183206905&w=2 Reference: BUGTRAQ:20030220 TSLSA-2003-0005 - openssl Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104586094920848&w=2 Reference: MANDRAKE:MDKSA-2003:020 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:020 Reference: DEBIAN:DSA-253 Reference: URL:http://www.debian.org/security/2003/dsa-253 Reference: FREEBSD:FreeBSD-SA-03:02 Reference: CONECTIVA:CLSA-2003:570 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570 Reference: SUSE:SuSE-SA:2003:011 Reference: NETBSD:NetBSD-SA2003-001 Reference: XF:ssl-cbc-information-leak(11369) Reference: URL:http://www.iss.net/security_center/static/11369.php ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." Analysis ---------------- ED_PRI CAN-2003-0078 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0081 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030210 Category: SF Reference: MISC:http://www.guninski.com/etherre.html Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00008.html Reference: BUGTRAQ:20030308 Ethereal format string bug, yet still ethereal much better than windows Reference: DEBIAN:DSA-258 Reference: URL:http://www.debian.org/security/2003/dsa-258 Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers. Analysis ---------------- ED_PRI CAN-2003-0081 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0093 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0093 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030212 Category: SF Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=81585 Reference: REDHAT:RHSA-2003:033 Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-033.html Reference: DEBIAN:DSA-261 Reference: URL:http://www.debian.org/security/2003/dsa-261 The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop. Analysis ---------------- ED_PRI CAN-2003-0093 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0094 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0094 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030214 Category: SF Reference: MANDRAKE:MDKSA-2003:016 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:016 A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. Analysis ---------------- ED_PRI CAN-2003-0094 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0102 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0102 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030225 Category: SF Reference: BUGTRAQ:20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104680706201721&w=2 Reference: MISC:http://www.idefense.com/advisory/03.04.03.txt Reference: REDHAT:RHSA-2003:086 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-086.html Reference: NETBSD:NetBSD-SA2003-003 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc Reference: DEBIAN:DSA-260 Reference: URL:http://www.debian.org/security/2003/dsa-260 Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize). Analysis ---------------- ED_PRI CAN-2003-0102 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0108 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0108 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030226 Category: SF Reference: BUGTRAQ:20030227 iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsin Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104637420104189&w=2 Reference: MISC:http://www.idefense.com/advisory/02.27.03.txt Reference: DEBIAN:DSA-255 Reference: URL:http://www.debian.org/security/2003/dsa-255 Reference: MANDRAKE:MDKSA-2003:027 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:027 Reference: SUSE:SuSE-SA:2003:0015 Reference: URL:http://www.suse.de/de/security/2003_015_tcpdump.html Reference: BUGTRAQ:20030304 [OpenPKG-SA-2003.014] OpenPKG Security Advisory (tcpdump) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678787109030&w=2 Reference: XF:tcpdump-isakmp-dos(11434) Reference: URL:http://www.iss.net/security_center/static/11434.php isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop. Analysis ---------------- ED_PRI CAN-2003-0108 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0120 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0120 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030228 Category: SF Reference: DEBIAN:DSA-256 Reference: URL:http://www.debian.org/security/2003/dsa-256 Reference: XF:mhc-adb2mhc-insecure-tmp(11439) Reference: URL:http://www.iss.net/security_center/static/11439.php adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary diectory with a predictable name. Analysis ---------------- ED_PRI CAN-2003-0120 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0143 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0143 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030313 Category: SF Reference: BUGTRAQ:20030310 QPopper 4.0.x buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104739841223916&w=2 Reference: BUGTRAQ:20030312 Re: QPopper 4.0.x buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104748775900481&w=2 Reference: DEBIAN:DSA-259 Reference: URL:http://www.debian.org/security/2003/dsa-259 Reference: BUGTRAQ:20030314 [OpenPKG-SA-2003.018] OpenPKG Security Advisory (qpopper) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104768137314397&w=2 Reference: BUGTRAQ:20030317 GLSA: qpopper (200303-12) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792541215354&w=2 The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name. Analysis ---------------- ED_PRI CAN-2003-0143 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0144 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0144 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030313 Category: SF Reference: BUGTRAQ:20030305 potential buffer overflow in lprm (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104690434504429&w=2 Reference: BUGTRAQ:20030308 OpenBSD lprm(1) exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104714441925019&w=2 Reference: CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch Reference: SUSE:SuSE-SA:2003:0014 Reference: URL:http://www.suse.de/de/security/2003_014_lprold.html Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name. Analysis ---------------- ED_PRI CAN-2003-0144 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0087 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0087 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030210 Category: SF Reference: BUGTRAQ:20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104508375107938&w=2 Reference: VULNWATCH:20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0066.html Reference: BUGTRAQ:20030212 libIM.a buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104508833214691&w=2 Reference: MISC:http://www.idefense.com/advisory/02.12.03.txt Reference: AIXAPAR:IY40307 Reference: AIXAPAR:IY40317 Reference: AIXAPAR:IY40320 Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm. Analysis ---------------- ED_PRI CAN-2003-0087 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0025 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0025 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030110 Category: SF Reference: BUGTRAQ:20030108 IMP 2.x SQL injection vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104204786206563&w=2 Reference: DEBIAN:DSA-229 Reference: URL:http://www.debian.org/security/2003/dsa-229 Reference: SUSE:SuSE-SA:2003:0008 Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3. Analysis ---------------- ED_PRI CAN-2003-0025 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0031 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0031 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030112 Category: SF Reference: BUGTRAQ:20030103 Multiple libmcrypt vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104162752401212&w=2 Reference: BUGTRAQ:20030105 GLSA: libmcrypt Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104188513728573&w=2 Reference: DEBIAN:DSA-228 Reference: URL:http://www.debian.org/security/2003/dsa-228 Reference: CONECTIVA:CLA-2003:567 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567 Reference: SUSE:SuSE-SA:2003:0010 Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash). Analysis ---------------- ED_PRI CAN-2003-0031 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0034 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0034 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030121 Category: SF Reference: MISC:http://www.idefense.com/advisory/01.21.03.txt Reference: VULNWATCH:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html Reference: MANDRAKE:MDKSA-2003:010 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:010 Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable. Analysis ---------------- ED_PRI CAN-2003-0034 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC, SF-CODEBASE ABSTRACTION: while both mtink and escputil suffer from overflows in the same version of the printer-drivers package, the iDEFENSE advisory makes it clear that there are separate maintainers for these utilities. Therefore they are different codebases, and the overflows are SPLIT according to CD:SF-CODEBASE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0035 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0035 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030121 Category: SF Reference: MISC:http://www.idefense.com/advisory/01.21.03.txt Reference: VULNWATCH:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html Reference: MANDRAKE:MDKSA-2003:010 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:010 Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument. Analysis ---------------- ED_PRI CAN-2003-0035 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC, SF-CODEBASE ABSTRACTION: while both mtink and escputil suffer from overflows in the same version of the printer-drivers package, the iDEFENSE advisory makes it clear that there are separate maintainers for these utilities. Therefore they are different codebases, and the overflows are SPLIT according to CD:SF-CODEBASE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0036 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0036 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030121 Category: SF Reference: MISC:http://www.idefense.com/advisory/01.21.03.txt Reference: VULNWATCH:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html Reference: MANDRAKE:MDKSA-2003:010 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:010 ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form "mlg85p%d". Analysis ---------------- ED_PRI CAN-2003-0036 3 Vendor Acknowledgement: unknown Content Decisions: ABSTRACTION ABSTRACTION: should this be merged with CVE-2001-1177? Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0037 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0037 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030123 Category: SF Reference: DEBIAN:DSA-244 Reference: URL:http://www.debian.org/security/2003/dsa-244 Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code. Analysis ---------------- ED_PRI CAN-2003-0037 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0041 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0041 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030127 Category: SF Reference: VULNWATCH:20030128 MIT Kerberos FTP client remote shell commands execution Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0047.html Reference: REDHAT:RHSA-2003:020 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-020.html Reference: MANDRAKE:MDKSA-2003:021 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:021 Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. Analysis ---------------- ED_PRI CAN-2003-0041 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE ABSTRACTION: this is very similar to CVE-1999-0097, although different codebases are affected. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0056 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0056 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030129 Category: SF Reference: BUGTRAQ:20030124 [USG- SA- 2003.001] USG Security Advisory (slocate) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104342864418213&w=2 Reference: BUGTRAQ:20030125 Re: [USG- SA- 2003.001] USG Security Advisory (slocate) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104348607205691&w=2 Reference: MISC:http://www.usg.org.uk/advisories/2003.001.txt Reference: MANDRAKE:MDKSA-2003:015 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:015 Reference: DEBIAN:DSA-252 Reference: URL:http://www.debian.org/security/2003/dsa-252 Reference: BUGTRAQ:20030202 GLSA: slocate Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104428624705363&w=2 Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument. Analysis ---------------- ED_PRI CAN-2003-0056 3 Vendor Acknowledgement: yes followup Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0098 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030221 Category: SF Reference: MISC:http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt Reference: MANDRAKE:MDKSA-2003:018 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:018 Reference: MISC:http://securitytracker.com/alerts/2003/Feb/1006108.html Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137900 Reference: CONFIRM:http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6 Reference: XF:apcupsd-logevent-format-string(11334) Reference: URL:http://www.iss.net/security_center/static/11334.php Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server. Analysis ---------------- ED_PRI CAN-2003-0098 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0099 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030221 Category: SF Reference: MANDRAKE:MDKSA-2003:018 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:018 Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137900 Reference: XF:apcupsd-vsprintf-multiple-bo(11491) Reference: URL:http://www.iss.net/security_center/static/11491.php Multiple buffer overflows in apcupsd before 3.10.5 may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function. Analysis ---------------- ED_PRI CAN-2003-0099 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0101 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0101 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030224 Category: SF Reference: BUGTRAQ:20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability "Episode 2" Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610300325629&w=2 Reference: BUGTRAQ:20030224 GLSA: usermin (200302-14) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610336226274&w=2 Reference: BUGTRAQ:20030224 Webmin 1.050 - 1.060 remote exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610245624895&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=webmin-announce&m=104587858408101&w=2 Reference: MANDRAKE:MDKSA-2003:025 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:025 Reference: XF:webmin-usermin-root-access(11390) Reference: URL:http://www.iss.net/security_center/static/11390.php miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges. Analysis ---------------- ED_PRI CAN-2003-0101 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC ACKNOWLEDGEMENT: The developer confirmed via e-mail on February 24, 2003, that the SNS advisory (which credits "Keigo Yamazaki") is the same issue as was described in the Webmin advisory (which credits "Cintia M. Imanishi"). Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
