|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 350 candidates (Final April 2)
I have made an Interim Decision to ACCEPT the following 350 candidates. I will make a Final Decision on April 2. The following Editorial Board members voted on these candidates: Ozancin ACCEPT(1) Green ACCEPT(90) MODIFY(2) NOOP(1) Magdych NOOP(1) LeBlanc NOOP(2) Cole ACCEPT(335) NOOP(14) Jones ACCEPT(4) MODIFY(9) NOOP(2) Balinsky ACCEPT(2) NOOP(2) Foat ACCEPT(82) MODIFY(3) NOOP(263) Cox ACCEPT(48) MODIFY(19) NOOP(239) Christey NOOP(136) Wall ACCEPT(118) NOOP(221) Ziese ACCEPT(8) NOOP(3) Levy ACCEPT(3) Frech ACCEPT(110) MODIFY(104) Alderson ACCEPT(31) Stracener ACCEPT(1) Baker ACCEPT(279) Prosser ACCEPT(3) Armstrong ACCEPT(159) NOOP(17) ====================================================== Candidate: CAN-1999-1337 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1337 Final-Decision: Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990801 midnight commander vulnerability(?) (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93370073207984&w=2 Reference: XF:midnight-commander-data-disclosure(9873) Reference: URL:http://www.iss.net/security_center/static/9873.php FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges. Modifications: ADDREF XF:midnight-commander-data-disclosure(9873) Analysis -------- Vendor Acknowledgement: yes followup INFERRED ACTION: CAN-1999-1337 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> (Task 1765) CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:midnight-commander-data-disclosure(9873) ====================================================== Candidate: CAN-1999-1468 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1468 Final-Decision: Interim-Decision: 20030326 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html Reference: CERT:CA-91.20 Reference: URL:http://www.cert.org/advisories/CA-91.20.rdist.vulnerability Reference: BID:31 Reference: URL:http://www.securityfocus.com/bid/31 Reference: XF:rdist-popen-gain-privileges(7160) Reference: URL:http://www.iss.net/security_center/static/7160.php rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable. Modifications: ADDREF XF:rdist-popen-gain-privileges(7160) CHANGEREF MISC [change url] Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-1999-1468 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Frech> XF:rdist-popen-gain-privileges(7160) MISC reference is dead. Alternative: http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html Christey> It is unclear whether this is addressed by SUN:00115, SUN:00110, both, or neither. ====================================================== Candidate: CAN-1999-1490 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1490 Final-Decision: Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980528 ALERT: Tiresome security hole in "xosview", RedHat5.1? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926021&w=2 Reference: BUGTRAQ:19980529 Re: Tiresome security hole in "xosview" (xosexp.c) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926034&w=2 Reference: BID:362 Reference: URL:http://www.securityfocus.com/bid/362 Reference: XF:linux-xosview-bo(8787) Reference: URL:http://www.iss.net/security_center/static/8787.php xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable. Modifications: ADDREF XF:linux-xosview-bo(8787) Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-1999-1490 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> (ACCEPT; Task 2354) CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:linux-xosview-bo(8787) ====================================================== Candidate: CAN-2000-0502 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0502 Final-Decision: Interim-Decision: 20030326 Modified: 20020222-01 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000607 Mcafee Alerting DOS vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html Reference: BID:1326 Reference: URL:http://www.securityfocus.com/bid/1326 Reference: XF:mcafee-alerting-dos(4641) Reference: URL:http://xforce.iss.net/static/4641.php Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion. Modifications: ADDREF XF:mcafee-alerting-dos(4641) Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2000-0502 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Ozancin, Levy, Wall MODIFY(1) Frech NOOP(1) LeBlanc Voter Comments: Frech> XF:mcafee-alerting-dos(4641) CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0590 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0590 Final-Decision: Interim-Decision: 20030326 Modified: 20010910-01 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000706 Vulnerability in Poll_It cgi v2.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0076.html Reference: BID:1431 Reference: URL:http://www.securityfocus.com/bid/1431 Reference: XF:http-cgi-pollit-variable-overwrite(4878) Reference: URL:http://xforce.iss.net/static/4878.php Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter. Modifications: ADDREF XF:http-cgi-pollit-variable-overwrite(4878) Analysis -------- Vendor Acknowledgement: yes via-email ACKNOWLEDGEMENT: Inquiry sent to http://www.cgi-world.com/cgi-bin/forms/forms.cgi on 2/22/2002. Confirmed by vendor on 2/22/2002. INFERRED ACTION: CAN-2000-0590 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(4) Magdych, LeBlanc, Wall, Christey Voter Comments: Frech> XF;http-cgi-pollit-variable-overwrite(4878) CHANGE> [Magdych changed vote from REVIEWING to NOOP] Christey> MISC:http://www.cgi-world.com/download/pollit.html An item on October 24, 2000 says "Updated to Version 2.05 from 2.0 to Fix Security Issues" but it's not clear whether it's related to *this* security issue; it's probably talking about CVE-2000-1068/1069/1070. Inquiry sent to http://www.cgi-world.com/cgi-bin/forms/forms.cgi on 2/22/2002. Confirmed by vendor on 2/22/2002. ====================================================== Candidate: CAN-2000-1210 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1210 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20000322 Security bug in Apache project: Jakarta Tomcat Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95371672300045&w=2 Reference: XF:apache-tomcat-file-contents(4205) Reference: URL:http://www.iss.net/security_center/static/4205.php Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2000-1210 ACCEPT (6 accept, 0 ack, 0 review) Current Votes: ACCEPT(6) Baker, Frech, Cox, Cole, Armstrong, Green NOOP(2) Wall, Foat Voter Comments: Green> APPEARS TO BE ACKNOWLEDGED IN APACHE'S BUGZILLA (#93 SEEMS CLOSE) ====================================================== Candidate: CAN-2000-1211 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1211 Final-Decision: Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20001222 Zope DTML Role Issue Reference: REDHAT:RHSA-2000:125 Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert Reference: MANDRAKE:MDKSA-2000:083 Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3 Reference: XF:zope-legacy-names(5824) Reference: URL:http://www.iss.net/security_center/static/5824.php Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities. Modifications: ADDREF XF:zope-legacy-names(5824) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2000-1211 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Baker, Cox, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Cox> ADDREF:REDHAT:RHSA-2000:125 Frech> XF:zope-legacy-names(5824) ====================================================== Candidate: CAN-2000-1212 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1212 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: MANDRAKE:MDKSA-2000:086 Reference: CONECTIVA:CLA-2000:365 Reference: DEBIAN:DSA-007 Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert Reference: REDHAT:RHSA-2000:135 Reference: XF:zope-image-file(5778) Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2000-1212 ACCEPT (6 accept, 3 ack, 0 review) Current Votes: ACCEPT(6) Baker, Frech, Cox, Cole, Armstrong, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0724 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0724 Final-Decision: Interim-Decision: 20030326 Modified: 20030318-02 Proposed: 20020131 Assigned: 20010927 Category: SF Reference: MS:MS01-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp Reference: XF:ie-incorrect-security-zone-variant(8471) Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664. Modifications: ADDREF XF:ie-incorrect-security-zone-variant(8471) DESC Change "CAN" to "CVE" in description. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-0724 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Wall, Foat, Cole, Armstrong, Baker MODIFY(1) Frech Voter Comments: Frech> (ACCEPT) CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:ie-incorrect-security-zone-variant(8471) ====================================================== Candidate: CAN-2001-0748 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0748 Final-Decision: Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010531 Acme.Server v1.7 of 13nov96 Directory Browsing Reference: URL:http://www.securityfocus.com/archive/1/188141 Reference: XF:acme-serve-directory-traversal(6634) Reference: URL:http://www.iss.net/security_center/static/6634.php Reference: CISCO:20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml Reference: BID:2809 Reference: URL:http://www.securityfocus.com/bid/2809 Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI. Modifications: ADDREF XF:acme-serve-directory-traversal(6634) ADDREF CISCO:20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability DESC replace "." with "/"; change spelling ADDREF BID:2809 Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2001-0748 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Armstrong MODIFY(1) Frech NOOP(4) Wall, Foat, Cole, Christey Voter Comments: Frech> XF:acme-serve-directory-traversal(6634) Christey> Change description to say "Acme.Serve". The original discloser spelled it 2 different ways. Christey> Description: Is it . or slash? Christey> Acknowledged by Cisco (!): CISCO:20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability URL:http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml This affects Cisco Secure ACS Unix installation, and Cisco reports that it's due to multiple / at the end. ====================================================== Candidate: CAN-2001-0763 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0763 Final-Decision: Interim-Decision: 20030326 Modified: 20020821-03 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0064.html Reference: CONECTIVA:CLA-2001:404 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000404 Reference: DEBIAN:DSA-063 Reference: URL:http://www.debian.org/security/2001/dsa-063 Reference: SUSE:SA:2001:022 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Jun/0002.html Reference: IMMUNIX:IMNX-2001-70-024-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-024-01 Reference: ENGARDE:ESA-20010621-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1469.html Reference: CIAC:L-104 Reference: URL:http://www.ciac.org/ciac/bulletins/l-104.shtml Reference: REDHAT:RHSA-2001:075 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-075.html Reference: FREEBSD:FreeBSD-SA-01:47 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:47.xinetd.asc Reference: XF:xinetd-identd-bo(6670) Reference: URL:http://xforce.iss.net/static/6670.php Reference: BID:2840 Reference: URL:http://www.securityfocus.com/bid/2840 Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function. Modifications: ADDREF XF:xinetd-identd-bo(6670) ADDREF BID:2840 ADDREF IMMUNIX:IMNX-2001-70-029-01 ADDREF ENGARDE:ESA-20010621-01 ADDREF CIAC:L-104 ADDREF REDHAT:RHSA-2001:075 ADDREF FREEBSD:FreeBSD-SA-01:47 ADDREF CONECTIVA:CLA-2001:404 DELREF CONECTIVA:CLA-2001:406 CHANGEREF IMMUNIX:IMNX-2001-70-024-01 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-0763 ACCEPT (5 accept, 5 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Baker MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:xinetd-identd-bo(6670) Christey> Need to sift through the references to make sure they're correct and appropriately distinguish from CAN-2001-0825. Christey> ADDREF CONECTIVA:CLA-2001:404 Christey> ADDREF FREEBSD:FreeBSD-SA-01:47 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:47.xinetd.asc DELREF CONECTIVA:CLA-2001:406 (that's for CAN-2001-0825) ADDREF CONECTIVA:CLA-2001:404 DELREF IMMUNIX:IMNX-2001-70-029-01 (that's for CAN-2001-0825) ADDREF IMMUNIX:IMNX-2001-70-024-01 ====================================================== Candidate: CAN-2001-0873 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0873 Final-Decision: Interim-Decision: 20030326 Modified: 20020818-01 Proposed: 20020131 Assigned: 20011206 Category: SF Reference: BUGTRAQ:20010908 Multiple vendor 'Taylor UUCP' problems. Reference: URL:http://www.securityfocus.com/archive/1/212892 Reference: BUGTRAQ:20011130 Redhat 7.0 local root (via uucp) (attempt 2) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715446131820 Reference: CALDERA:CSSA-2001-033.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-033.0.txt Reference: CONECTIVA:CLA-2001:425 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425 Reference: SUSE:SuSE-SA:2001:38 Reference: URL:http://www.suse.de/de/support/security/2001_038_uucp_txt.txt Reference: BID:3312 Reference: URL:http://www.securityfocus.com/bid/3312 Reference: XF:uucp-argument-gain-privileges(7099) Reference: URL:http://xforce.iss.net/static/7099.php Reference: REDHAT:RHSA-2001:165 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-165.html uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option. Modifications: ADDREF REDHAT:RHSA-2001:165 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-0873 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(3) Wall, Foat, Christey Voter Comments: Christey> ADDREF CONECTIVA:CLA-2002:463 Christey> No wait, scratch CONECTIVA:CLA-2002:463... It only mentions this older vulnerability. Christey> REDHAT:RHSA-2001:165 (per Mark Cox) ====================================================== Candidate: CAN-2001-0891 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0891 Final-Decision: Interim-Decision: 20030326 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020116 Category: SF Reference: BUGTRAQ:20011127 UNICOS LOCAL HOLE ALL VERSIONS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100695627423924&w=2 Reference: SGI:20020101-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020101-01-I Reference: XF:unicos-nqsd-format-string(7618) Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters. Modifications: ADDREF XF:unicos-nqsd-format-string(7618) DESC Add SGI IRIX versions Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-0891 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Baker MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Frech> XF:unicos-nqsd-format-string(7618) Christey> Change desc to include SGI versions ====================================================== Candidate: CAN-2001-0921 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0921 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 Mac Netscape password fields Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638816318705&w=2 Reference: XF:macos-netscape-print-passwords(7593) Reference: URL:http://xforce.iss.net/static/7593.php Reference: BID:3565 Reference: URL:http://www.securityfocus.com/bid/3565 Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext. Analysis -------- Vendor Acknowledgement: unknown INFERRED ACTION: CAN-2001-0921 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(2) Wall, Armstrong ====================================================== Candidate: CAN-2001-0959 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0959 Final-Decision: Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html Reference: BID:3342 Reference: URL:http://www.securityfocus.com/bid/3342 Reference: XF:arcserve-aremote-plaintext(7122) Reference: URL:http://www.iss.net/security_center/static/7122.php Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files. Modifications: ADDREF XF:arcserve-aremote-plaintext(7122) Analysis -------- Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: document QO00945, dated September 14, states that it "addresses a potential security vulnerability in ARCserve 2000 when performing full backups," which may be a vague acknowledgement of the problem. Followup posts to the original Bugtraq post do not say that the patch does NOT fix the problem, so the combination of these implicit or vague clues may be sufficient to determine that the vendor has fixed the problem and, by extension, acknowledged it. INFERRED ACTION: CAN-2001-0959 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(2) Green, Frech NOOP(2) Wall, Foat Voter Comments: Green> VENDOR ACKNOWLEDGEMENT VAGUE Frech> XF:arcserve-aremote-plaintext(7122) ====================================================== Candidate: CAN-2001-0960 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0960 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html Reference: XF:arcserve-aremote-plaintext(7122) Reference: URL:http://xforce.iss.net/static/7122.php Reference: BID:3343 Reference: URL:http://www.securityfocus.com/bid/3343 Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges. Analysis -------- Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: document QO00945, dated September 14, states that it "addresses a potential security vulnerability in ARCserve 2000 when performing full backups," which may be a vague acknowledgement of the problem. Followup posts to the original Bugtraq post do not say that the patch does NOT fix the problem, so the combination of these implicit or vague clues may be sufficient to determine that the vendor has fixed the problem and, by extension, acknowledged it. INFERRED ACTION: CAN-2001-0960 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Frech MODIFY(1) Green NOOP(2) Wall, Foat Voter Comments: Green> VENDOR ACKNOWLEDGEMENT MISSING ====================================================== Candidate: CAN-2001-0978 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0978 Final-Decision: Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: HPBUG:PHCO_17719 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0052.html Reference: HPBUG:PHCO_24454 Reference: BID:3289 Reference: URL:http://www.securityfocus.com/bid/3289 Reference: XF:hpux-login-btmp(8632) Reference: URL:http://www.iss.net/security_center/static/8632.php login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program. Modifications: ADDREF XF:hpux-login-btmp(8632) Analysis -------- Vendor Acknowledgement: yes patch INFERRED ACTION: CAN-2001-0978 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:hpux-login-btmp(8632) ====================================================== Candidate: CAN-2001-1008 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1008 Final-Decision: Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010824 Java Plugin 1.4 with JRE 1.3 -> Ignores certificates. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.html Reference: BID:3245 Reference: URL:http://www.securityfocus.com/bid/3245 Reference: XF:javaplugin-jre-expired-certificate(7048) Reference: URL:http://www.iss.net/security_center/static/7048.php Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate. Modifications: ADDREF XF:javaplugin-jre-expired-certificate(7048) Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-1008 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Armstrong Voter Comments: Frech> XF:javaplugin-jre-expired-certificate(7048) ====================================================== Candidate: CAN-2001-1028 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1028 Final-Decision: Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: REDHAT:RHSA-2001:072 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-072.html Reference: XF:man-ultimate-source-bo(8622) Reference: URL:http://www.iss.net/security_center/static/8622.php Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges. Modifications: ADDREF XF:man-ultimate-source-bo(8622) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1028 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Baker MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:man-ultimate-source-bo(8622) ====================================================== Candidate: CAN-2001-1036 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1036 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Reference: URL:http://www.securityfocus.com/archive/1/200991 Reference: XF:locate-command-execution(6932) Reference: URL:http://xforce.iss.net/static/6932.php Reference: BID:3127 Reference: URL:http://www.securityfocus.com/bid/3127 GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-1036 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(3) Wall, Foat, Armstrong ====================================================== Candidate: CAN-2001-1059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1059 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20010730 vmware bug? Reference: URL:http://www.securityfocus.com/archive/1/200455 Reference: BID:3119 Reference: URL:http://www.securityfocus.com/bid/3119 Reference: XF:vmware-obtain-license-info(6925) Reference: URL:http://xforce.iss.net/static/6925.php VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-1059 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Foat, Cole, Green, Frech NOOP(2) Wall, Armstrong ====================================================== Candidate: CAN-2001-1106 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1106 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010725 Sambar Server password decryption Reference: URL:http://www.securityfocus.com/archive/1/199418 Reference: BID:3095 Reference: URL:http://www.securityfocus.com/bid/3095 Reference: XF:sambar-insecure-passwords(6909) Reference: URL:http://xforce.iss.net/static/6909.php The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed INFERRED ACTION: CAN-2001-1106 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Green, Baker, Frech, Ziese NOOP(5) Wall, Foat, Cole, Armstrong, Christey Voter Comments: Green> There is vendor acknowledgement in http://www.security.nnov.ru/advisories/sambarpass.asp Christey> For CVE's purposes, I do not count a vendor quote or excerpt from a third party as acknowledgement. ====================================================== Candidate: CAN-2001-1145 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1145 Final-Decision: Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020315 Assigned: 20020315 Category: SF Reference: NETBSD:NetBSD-SA2001-016 Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html Reference: FREEBSD:FreeBSD-SA-01:40 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc Reference: OPENBSD:20010530 029: SECURITY FIX: May 30, 2001 Reference: URL:http://www.openbsd.org/errata28.html Reference: BID:3205 Reference: URL:http://online.securityfocus.com/bid/3205 Reference: XF:bsd-fts-race-condition(8715) Reference: URL:http://www.iss.net/security_center/static/8715.php fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories. Modifications: ADDREF XF:bsd-fts-race-condition(8715) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1145 ACCEPT (6 accept, 3 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Baker, Ziese MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:bsd-fts-race-condition(8715) ====================================================== Candidate: CAN-2001-1251 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1251 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP Reference: URL:http://online.securityfocus.com/archive/1/194418 Reference: BID:2980 Reference: URL:http://online.securityfocus.com/bid/2980 Reference: XF:vwebserver-long-url-dos(6771) Reference: URL:http://www.iss.net/security_center/static/6771.php SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests. Analysis -------- Vendor Acknowledgement: unknown discloser-claimed Discloser claims "all versions vulnerable" but only lists 2.x and 3.x, not 1.x. The lowest version listed (1.204) and the highest version up to the post date (3.00 beta 8) were chosen. INFERRED ACTION: CAN-2001-1251 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1291 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1291 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010712 3Com TelnetD Reference: URL:http://www.securityfocus.com/archive/1/196957 Reference: XF:3com-telnetd-brute-force(6855) Reference: URL:http://xforce.iss.net/static/6855.php Reference: BID:3034 Reference: URL:http://www.securityfocus.com/bid/3034 The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-1291 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1296 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1296 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://www.securityfocus.com/archive/1/218000 Reference: MISC:http://www.moregroupware.org/index.php?action=detail&news_id=24 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://www.iss.net/security_center/static/7215.php Reference: BID:3383 Reference: URL:http://www.securityfocus.com/bid/3383 More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. Analysis -------- Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: the release notes dated October 31, 2001 say that the new release includes "some neat security fixes," but it is unclear whether the vendor is fixing *this* issue. INFERRED ACTION: CAN-2001-1296 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1301 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1301 Final-Decision: Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010807 rcs2log Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0093.html Reference: CONFIRM:http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95 Reference: XF:rcs2log-tmp-symlink(11210) Reference: URL:http://www.iss.net/security_center/static/11210.php rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. Modifications: ADDREF CONFIRM:http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95 ADDREF XF:rcs2log-tmp-symlink(11210) DESC change versions Analysis -------- Vendor Acknowledgement: yes cve-vote INFERRED ACTION: CAN-2001-1301 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Green MODIFY(2) Frech, Cox NOOP(3) Wall, Foat, Cole Voter Comments: Frech> Task xxxx. CHANGE> [Cox changed vote from REVIEWING to MODIFY] Cox> Addref: http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95 This was public at least as far back as 28 September 1998, this is the date that the Red Hat emacs package was given a patch for this issue. Cox> Description currently says "xemacs 21.1.10" and it would be more correct to say "xemacs before version 21.4" CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:rcs2log-tmp-symlink(11210) ====================================================== Candidate: CAN-2001-1303 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1303 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20010718 Firewall-1 Information leak Reference: URL:http://www.securityfocus.com/archive/1/197566 Reference: BID:3058 Reference: URL:http://online.securityfocus.com/bid/3058 Reference: XF:fw1-securemote-gain-information(6857) Reference: URL:http://xforce.iss.net/static/6857.php The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication. Analysis -------- Vendor Acknowledgement: INFERRED ACTION: CAN-2001-1303 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1327 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1327 Final-Decision: Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: TURBO:TLSA2001024 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-May/000313.html Reference: XF:pmake-binary-gain-privileges(9988) Reference: URL:http://www.iss.net/security_center/static/9988.php pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake. Modifications: ADDREF XF:pmake-binary-gain-privileges(9988) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1327 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Cox Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:pmake-binary-gain-privileges(9988) ====================================================== Candidate: CAN-2001-1334 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1334 Final-Decision: Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010515 PHPSlash : potential vulnerability in URL blocks Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0126.html Reference: CONFIRM:http://marc.theaimsgroup.com/?l=phpslash&m=99029398904419&w=2 Reference: BID:2724 Reference: URL:http://online.securityfocus.com/bid/2724 Reference: XF:phpslash-block-read-files(9990) Reference: URL:http://www.iss.net/security_center/static/9990.php Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL. Modifications: ADDREF XF:phpslash-block-read-files(9990) Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2001-1334 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Cox Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:phpslash-block-read-files(9990) ====================================================== Candidate: CAN-2001-1349 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1349 Final-Decision: Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BINDVIEW:20010528 Unsafe Signal Handling in Sendmail Reference: URL:http://razor.bindview.com/publish/advisories/adv_sm8120.html Reference: BUGTRAQ:20010529 sendmail 8.11.4 and 8.12.0.Beta10 available (fwd) Reference: URL:http://www.securityfocus.com/archive/1/187127 Reference: REDHAT:RHSA-2001:106 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-106.html Reference: CONFIRM:http://archives.neohapsis.com/archives/sendmail/2001-q2/0001.html Reference: BID:2794 Reference: URL:http://www.securityfocus.com/bid/2794 Reference: XF:sendmail-signal-handling(6633) Reference: URL:http://www.iss.net/security_center/static/6633.php Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers. Modifications: ADDREF REDHAT:RHSA-2001:106 ADDREF XF:sendmail-signal-handling(6633) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1349 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Wall, Cole, Green, Cox MODIFY(1) Frech NOOP(1) Foat Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Cox> ADDREF: RHSA-2001:106 Frech> XF:sendmail-signal-handling(6633) ====================================================== Candidate: CAN-2001-1359 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1359 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: CF Reference: CALDERA:CSSA-2001-021.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-021.0.txt Reference: BID:2850 Reference: URL:http://www.securityfocus.com/bid/2850 Reference: XF:volution-authentication-failure-access(6672) Reference: URL:http://xforce.iss.net/static/6672.php Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1359 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Wall, Cole, Alderson, Green, Frech NOOP(2) Foat, Cox ====================================================== Candidate: CAN-2001-1369 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1369 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: FREEBSD:FreeBSD-SA-02:14 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:14.pam-pgsql.asc Reference: BID:3319 Reference: URL:http://online.securityfocus.com/bid/3319 Reference: XF:postgresql-pam-authentication-module(7110) Reference: URL:http://www.iss.net/security_center/static/7110.php Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1369 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Alderson, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1370 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1370 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20010722 [SEC] Hole in PHPLib 7.2 prepend.php3 Reference: URL:http://www.securityfocus.com/archive/1/198768 Reference: BUGTRAQ:20010726 TSLSA-2001-0014 - PHPLib Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99616122712122&w=2 Reference: BUGTRAQ:20010721 IMP 2.2.6 (SECURITY) released Reference: URL:http://online.securityfocus.com/archive/1/198495 Reference: CONECTIVA:CLA-2001:410 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410 Reference: CALDERA:CSSA-2001-027.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-027.0.txt Reference: DEBIAN:DSA-073 Reference: URL:http://www.debian.org/security/2001/dsa-073 Reference: BID:3079 Reference: URL:http://www.securityfocus.com/bid/3079 Reference: XF:phplib-script-execution(6892) Reference: URL:http://www.iss.net/security_center/static/6892.php prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1370 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Cole, Alderson, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1371 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1371 Final-Decision: Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020206 Hackproofing Oracle Application Server paper Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301813117562&w=2 Reference: MISC:http://www.nextgenss.com/papers/hpoas.pdf Reference: CERT-VN:VU#736923 Reference: URL:http://www.kb.cert.org/vuls/id/736923 Reference: CERT:CA-2002-08 Reference: URL:http://www.cert.org/advisories/CA-2002-08.html Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf Reference: BID:4289 Reference: URL:http://www.securityfocus.com/bid/4289 Reference: XF:oracle-appserver-soap-components(8449) Reference: URL:http://www.iss.net/security_center/static/8449.php The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. Modifications: ADDREF XF:oracle-appserver-soap-components(8449) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1371 ACCEPT (6 accept, 3 ack, 0 review) Current Votes: ACCEPT(5) Wall, Foat, Cole, Alderson, Green MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:oracle-appserver-soap-components(8449) ====================================================== Candidate: CAN-2001-1372 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1372 Final-Decision: Interim-Decision: 20030326 Modified: 20021116-01 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20010917 Yet another path disclosure vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100074087824021&w=2 Reference: BUGTRAQ:20010921 Response to "Path disclosure vulnerability in Oracle 9i and 8i Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100119633925473&w=2 Reference: MISC:http://www.nii.co.in/research.html Reference: CERT:CA-2002-08 Reference: URL:http://www.cert.org/advisories/CA-2002-08.html Reference: CERT-VN:VU#278971 Reference: URL:http://www.kb.cert.org/vuls/id/278971 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf Reference: BID:3341 Reference: URL:http://www.securityfocus.com/bid/3341 Reference: XF:oracle-jsp-reveal-path(7135) Reference: URL:http://xforce.iss.net/static/7135.php Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1372 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(5) Wall, Cole, Alderson, Green, Frech NOOP(3) Foat, Christey, Cox Voter Comments: Christey> ADDREF MISC:http://www.nii.co.in/research.html ====================================================== Candidate: CAN-2001-1373 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1373 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20010718 ZoneAlarm Pro Reference: URL:http://www.securityfocus.com/archive/1/197681 Reference: CONFIRM:http://www.zonelabs.com/products/zap/rel_history.html#2.6.362 Reference: XF:zonealarm-bypass-mailsafe(6877) Reference: URL:http://xforce.iss.net/static/6877.php Reference: BID:3055 Reference: URL:http://www.securityfocus.com/bid/3055 MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments. Analysis -------- Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the product's release history includes a heading titled "New and improved features in ZoneAlarm Pro version 2.6.231," which states: "MailSafe improvements to better handle attachments of long file names" INFERRED ACTION: CAN-2001-1373 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Wall, Cole, Alderson, Green, Frech NOOP(2) Foat, Cox ====================================================== Candidate: CAN-2001-1374 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1374 Final-Decision: Interim-Decision: 20030326 Modified: 20030318-02 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=22187 Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224 Reference: CONECTIVA:CLA-2001:409 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409 Reference: XF:expect-insecure-library-search(6870) Reference: URL:http://xforce.iss.net/static/6870.php Reference: BID:3074 Reference: URL:http://www.securityfocus.com/bid/3074 Reference: REDHAT:RHSA-2002:148 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-148.html Reference: MANDRAKE:MDKSA-2002:060 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:060 expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd. Modifications: ADDREF REDHAT:RHSA-2002:148 ADDREF MANDRAKE:MDKSA-2002:060 Analysis -------- Vendor Acknowledgement: yes changelog INFERRED ACTION: CAN-2001-1374 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(6) Wall, Cole, Alderson, Green, Frech, Cox NOOP(2) Foat, Christey Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Christey> REDHAT:RHSA-2002:148 Christey> MANDRAKE:MDKSA-2002:060 ====================================================== Candidate: CAN-2001-1375 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1375 Final-Decision: Interim-Decision: 20030326 Modified: 20030318-02 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28226 Reference: CONECTIVA:CLA-2001:409 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409 Reference: XF:tcltk-insecure-library-search(6869) Reference: URL:http://www.iss.net/security_center/static/6869.php Reference: BID:3073 Reference: URL:http://www.securityfocus.com/bid/3073 Reference: REDHAT:RHSA-2002:148 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-148.html Reference: MANDRAKE:MDKSA-2002:060 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:060 tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory. Modifications: ADDREF REDHAT:RHSA-2002:148 ADDREF MANDRAKE:MDKSA-2002:060 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1375 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(6) Foat, Cole, Alderson, Green, Frech, Cox NOOP(2) Wall, Christey Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Christey> REDHAT:RHSA-2002:148 Christey> MANDRAKE:MDKSA-2002:060 ====================================================== Candidate: CAN-2001-1378 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1378 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020715 Category: SF Reference: MISC:http://lists.ccil.org/pipermail/fetchmail-announce/2001-March/000015.html Reference: REDHAT:RHSA-2001:103 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-103.html fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1378 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1380 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20011018 Immunix OS update for OpenSSH Reference: BUGTRAQ:20011017 TSLSA-2001-0023 - OpenSSH Reference: BUGTRAQ:20010926 OpenSSH Security Advisory (adv.option) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100154541809940&w=2 Reference: BUGTRAQ:20011019 TSLSA-2001-0026 - OpenSSH Reference: REDHAT:RHSA-2001:114 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-114.html Reference: MANDRAKE:MDKSA-2001:081 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-081.php OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1380 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1382 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1382 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: CONFIRM:http://www.openwall.com/Owl/CHANGES-stable.shtml The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1382 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1383 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1383 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: REDHAT:RHSA-2001:110 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-110.html Reference: XF:linux-setserial-initscript-symlink(7177) Reference: URL:http://www.iss.net/security_center/static/7177.php Reference: BID:3367 Reference: URL:http://online.securityfocus.com/bid/3367 initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1383 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Wall, Cole, Armstrong, Baker, Cox NOOP(1) Foat ====================================================== Candidate: CAN-2001-1385 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1385 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97957961212852 Reference: REDHAT:RHSA-2000:136 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-136.html Reference: MANDRAKE:MDKSA-2001:013 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3 Reference: CONECTIVA:CLA-2001:373 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373 Reference: DEBIAN:DSA-020 Reference: URL:http://www.debian.org/security/2001/dsa-020 Reference: BID:2205 Reference: URL:http://online.securityfocus.com/bid/2205 Reference: XF:php-view-source-code(5939) Reference: URL:http://www.iss.net/security_center/static/5939.php The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1385 ACCEPT (7 accept, 2 ack, 0 review) Current Votes: ACCEPT(7) Wall, Cole, Armstrong, Green, Baker, Frech, Cox NOOP(1) Foat ====================================================== Candidate: CAN-2001-1406 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1406 Final-Decision: Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=66235 Reference: REDHAT:RHSA-2001:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html Reference: XF:bugzilla-processbug-old-restrictions(10478) Reference: URL:http://www.iss.net/security_center/static/10478.php process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent. Modifications: ADDREF XF:bugzilla-processbug-old-restrictions(10478) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1406 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Baker, Cox MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:bugzilla-processbug-old-restrictions(10478) ====================================================== Candidate: CAN-2001-1407 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1407 Final-Decision: Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=96085 Reference: REDHAT:RHSA-2001:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html Reference: XF:bugzilla-duplicate-view-restricted(10479) Reference: URL:http://www.iss.net/security_center/static/10479.php Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug. Modifications: ADDREF XF:bugzilla-duplicate-view-restricted(10479) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2001-1407 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Baker, Cox MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:bugzilla-duplicate-view-restricted(10479) ====================================================== Candidate: CAN-2002-0006 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0006 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020108 Category: SF Reference: BUGTRAQ:20020109 xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101060676210255&w=2 Reference: DEBIAN:DSA-099 Reference: URL:http://www.debian.org/security/2002/dsa-099 Reference: REDHAT:RHSA-2002:005 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-005.html Reference: HP:HPSBTL0201-016 Reference: URL:http://online.securityfocus.com/advisories/3806 Reference: CONECTIVA:CLA-2002:453 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000453 Reference: XF:xchat-ctcp-ping-command(7856) Reference: URL:http://xforce.iss.net/static/7856.php Reference: BID:3830 Reference: URL:http://www.securityfocus.com/bid/3830 XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0006 ACCEPT (6 accept, 3 ack, 0 review) Current Votes: ACCEPT(6) Baker, Frech, Cox, Wall, Cole, Alderson NOOP(2) Foat, Christey Voter Comments: Christey> Consider adding BID:3830 ====================================================== Candidate: CAN-2002-0009 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0009 Final-Decision: Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020131 Assigned: 20020109 Category: SF Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=102141 Reference: XF:bugzilla-showbug-reveal-bugs(7802) Reference: URL:http://www.iss.net/security_center/static/7802.php Reference: BID:3798 Reference: URL:http://www.securityfocus.com/bid/3798 show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. Modifications: ADDREF XF:bugzilla-showbug-reveal-bugs(7802) ADDREF BID:3798 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0009 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Cole, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:bugzilla-showbug-reveal-bugs(7802) ====================================================== Candidate: CAN-2002-0011 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0011 Final-Decision: Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020131 Assigned: 20020109 Category: SF Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=98146 Reference: XF:bugzilla-doeditvotes-login-information(7803) Reference: URL:http://www.iss.net/security_center/static/7803.php Reference: BID:3800 Reference: URL:http://www.securityfocus.com/bid/3800 Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login. Modifications: ADDREF XF:bugzilla-doeditvotes-login-information(7803) ADDREF BID:3800 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0011 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Cole, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:bugzilla-doeditvotes-login-information(7803) ====================================================== Candidate: CAN-2002-0014 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0014 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020110 Category: SF Reference: BUGTRAQ:20020105 Pine 4.33 (at least) URL handler allows embedded commands. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101027841605918&w=2 Reference: REDHAT:RHSA-2002:009 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-009.html Reference: ENGARDE:ESA-20020114-002 Reference: CONECTIVA:CLA-2002:460 Reference: FREEBSD:FreeBSD-SA-02:05 Reference: HP:HPSBTL0201-015 Reference: BID:3815 Reference: URL:http://online.securityfocus.com/bid/3815 URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&). Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0014 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong NOOP(2) Foat, Christey Voter Comments: Christey> Consider adding BID:3815 ====================================================== Candidate: CAN-2002-0017 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0017 Final-Decision: Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020502 Assigned: 20020111 Category: SF Reference: ISS:20020403 Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon Reference: URL:http://www.iss.net/security_center/alerts/advise113.php Reference: SGI:20020201-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-P Reference: BID:4421 Reference: URL:http://www.securityfocus.com/bid/4421 Reference: XF:irix-snmp-bo(7846) Reference: URL:http://www.iss.net/security_center/static/7846.php Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request. Modifications: ADDREF BID:4421 ADDREF XF:irix-snmp-bo(7846) Analysis -------- Vendor Acknowledgement: yes advisory ABSTRACTION: while this issue may appear to be the same as CAN-2002-0012 or CAN-2002-0013, it is addressed by a different patch, so CD:SF-LOC suggests keeping this SPLIT. INFERRED ACTION: CAN-2002-0017 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Levy, Cole, Armstrong, Green MODIFY(1) Frech NOOP(4) Cox, Wall, Foat, Christey Voter Comments: Christey> Consider adding BID:4421 Levy> BID 4421 Frech> XF:irix-snmp-bo(7846) ====================================================== Candidate: CAN-2002-0024 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0024 Final-Decision: Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020315 Assigned: 20020114 Category: SF Reference: MS:MS02-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp Reference: BID:4087 Reference: URL:http://www.securityfocus.com/bid/4087 File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. Modifications: ADDREF BID:4087 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0024 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Ziese, Wall, Foat, Cole, Green NOOP(1) Christey Voter Comments: Christey> Consider adding BID:4087 ====================================================== Candidate: CAN-2002-0032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0032 Final-Decision: Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020611 Assigned: 20020116 Category: SF Reference: BUGTRAQ:20020527 Yahoo Messenger - Multiple Vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/274223 Reference: CERT:CA-2002-16 Reference: URL:http://www.cert.org/advisories/CA-2002-16.html Reference: CERT-VN:VU#172315 Reference: URL:http://www.kb.cert.org/vuls/id/172315 Reference: BID:4838 Reference: URL:http://www.securityfocus.com/bid/4838 Reference: XF:yahoo-messenger-script-injection(9184) Reference: URL:http://www.iss.net/security_center/static/9184.php Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI. Modifications: ADDREF XF:yahoo-messenger-script-injection(9184) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0032 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong MODIFY(1) Frech NOOP(3) Cox, Foat, Christey Voter Comments: Christey> XF:yahoo-messenger-script-injection(9184) URL:http://www.iss.net/security_center/static/9184.php Frech> XF:yahoo-messenger-script-injection(9184) ====================================================== Candidate: CAN-2002-0033 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0033 Final-Decision: Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020611 Assigned: 20020116 Category: SF Reference: BUGTRAQ:20020505 [LSD] Solaris cachefsd remote buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0026.html Reference: CERT:CA-2002-11 Reference: URL:http://www.cert.org/advisories/CA-2002-11.html Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309 Reference: CERT-VN:VU#635811 Reference: URL:http://www.kb.cert.org/vuls/id/635811 Reference: BID:4674 Reference: URL:http://www.securityfocus.com/bid/4674 Reference: XF:solaris-cachefsd-name-bo(8999) Reference: URL:http://www.iss.net/security_center/static/8999.php Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name. Modifications: ADDREF XF:solaris-cachefsd-name-bo(8999) DESC change "heap overflow" to "heap-based buffer overflow" Analysis -------- Vendor Acknowledgement: yes INFERRED ACTION: CAN-2002-0033 ACCEPT (6 accept, 3 ack, 0 review) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(2) Cox, Christey Voter Comments: Christey> Note: this is a different vulnerability than CAN-2002-0084. However, if there are different patches for the 2 issues, then they may need to be merged per CD:SF-LOC. Frech> XF:solaris-cachefsd-name-bo(8999) ====================================================== Candidate: CAN-2002-0042 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0042 Final-Decision: Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020116 Category: SF Reference: SGI:20020402-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020402-01-P Reference: XF:irix-xfs-dos(8839) Reference: URL:http://www.iss.net/security_center/static/8839.php Reference: BID:4511 Reference: URL:http://www.securityfocus.com/bid/4511 Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS. Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0042 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0054 Final-Decision: Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020315 Assigned: 20020202 Category: SF Reference: MS:MS02-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-011.asp Reference: BID:4205 Reference: URL:http://www.securityfocus.com/bid/4205 Reference: BUGTRAQ:20020301 IIS SMTP component allows mail relaying via Null Session Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101501580409373&w=2 SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. Modifications: ADDREF BID:4205 ADDREF BUGTRAQ:20020301 IIS SMTP component allows mail relaying via Null Session DESC add "SMTP AUTH" and null session info to desc Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0054 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Ziese, Wall, Foat, Cole, Green NOOP(1) Christey Voter Comments: Christey> Consider adding BID:4205 Christey> BUGTRAQ:20020301 IIS SMTP component allows mail relaying via Null Session URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101501580409373&w=2 Add details to desc, specifically that the issue is related to null sessions and SMTP AUTH. ====================================================== Candidate: CAN-2002-0061 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0061 Final-Decision: Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020611 Assigned: 20020213 Category: SF Reference: BUGTRAQ:20020321 Vulnerability in Apache for Win32 batch file processing - Remote command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101674082427358&w=2 Reference: BUGTRAQ:20020325 Apache 1.3.24 Released! (fwd) Reference: URL:http://online.securityfocus.com/archive/1/263927 Reference: XF:apache-dos-batch-command-execution(8589) Reference: URL:http://www.iss.net/security_center/static/8589.php Reference: BID:4335 Reference: URL:http://www.securityfocus.com/bid/4335 Reference: CONFIRM:http://www.apacheweek.com/issues/02-03-29#apache1324 Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. Modifications: ADDREF CONFIRM:http://www.apacheweek.com/issues/02-03-29#apache1324 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0061 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Green MODIFY(1) Cox NOOP(1) Christey Voter Comments: Christey> Consider adding BID:4335 Christey> XF:apache-dos-batch-command-execution(8589) URL:http://www.iss.net/security_center/static/8589.php Cox> ADDREF: http://www.apacheweek.com/issues/02-03-29#apache1324 ====================================================== Candidate: CAN-2002-0062 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0062 Final-Decision: Interim-Decision: 20030326 Modified: 20030319-02 Proposed: 20020315 Assigned: 20020213 Category: SF Reference: REDHAT:RHSA-2002:020 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-020.html Reference: DEBIAN:DSA-113 Reference: URL:http://www.debian.org/security/2002/dsa-113 Reference: BID:2116 Reference: URL:http://online.securityfocus.com/bid/2116 Reference: XF:gnu-ncurses-window-bo(8222) Reference: URL:http://www.iss.net/security_center/static/8222.php Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." Modifications: ADDREF BID:2116 DESC clarify ncurses4 package ADDREF XF:gnu-ncurses-window-bo(8222) Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0062 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Wall, Cole, Green NOOP(3) Jones, Foat, Christey Voter Comments: Christey> BID:2116 URL:http://online.securityfocus.com/bid/2116 Also need to add other vendor advisories. Christey> Consider adding BID:2116 Christey> Specifically state that the ncurses4 compatibility package is Red Hat's. Also say that the problem is in the "routines for moving the physical cursor and scrolling" as stated by Daniel Jacobowitz. ====================================================== Candidate: CAN-2002-0067 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0067 Final-Decision: Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020315 Assigned: 20020219 Category: SF Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/ Reference: REDHAT:RHSA-2002:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Reference: MANDRAKE:MDKSA-2002:016 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php Reference: CALDERA:CSSA-2002-SCO.7 Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html Reference: CONECTIVA:CLA-2002:464 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 Reference: FREEBSD:FreeBSD-SA-02:12 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc Reference: XF:squid-htcp-enabled(8261) Reference: URL:http://www.iss.net/security_center/static/8261.php Reference: BID:4150 Reference: URL:http://www.securityfocus.com/bid/4150 Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions. Modifications: ADDREF BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 ADDREF BUGTRAQ:20020222 TSLSA-2002-0031 - squid ADDREF MANDRAKE:MDKSA-2002:016 CHANGEREF REDHAT [normalize] ADDREF CALDERA:CSSA-2002-SCO.7 ADDREF CONECTIVA:CLA-2002:464 ADDREF FREEBSD:FreeBSD-SA-02:12 ADDREF XF:squid-htcp-enabled(8261) ADDREF BID:4150 DESC change version from STABLE2 to STABLE3 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0067 ACCEPT (6 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Wall, Cole, Green MODIFY(2) Cox, Jones NOOP(2) Foat, Christey Voter Comments: Christey> BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Christey> BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Christey> MANDRAKE:MDKSA-2002:016 Christey> Fix ref: REDHAT:REDHAT:RHSA-2002:029 Jones> Change description to "Squid 2.4 STABLE3 and earlier" (vice STABLE2). Change description from "...which could allow remote attackers to bypass intended access restrictions" to "...which could allow remote attackers to access and/or modify cached data". Christey> CALDERA:CSSA-2002-SCO.7 URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html CONECTIVA:CLA-2002:464 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0257.html MANDRAKE:MDKSA-2002:016 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php3 FREEBSD:FreeBSD-SA-02:12 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc XF:squid-htcp-enabled(8261) URL:http://www.iss.net/security_center/static/8261.php BID:4150 URL:http://www.securityfocus.com/bid/4150 Cox> This references REDHAT:REDHAT:RHSA-2002:029 instead of REDHAT:RHSA-2002:029 ====================================================== Candidate: CAN-2002-0068 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0068 Final-Decision: Interim-Decision: 20030326 Modified: 20030319-02 Proposed: 20020315 Assigned: 20020219 Category: SF Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/ Reference: BUGTRAQ:20020222 Squid buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440163111826&w=2 Reference: REDHAT:RHSA-2002:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Reference: MANDRAKE:MDKSA-2002:016 Reference: CALDERA:CSSA-2002-010.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt Reference: CALDERA:CSSA-2002-SCO.7 Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html Reference: CONECTIVA:CLA-2002:464 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 Reference: SUSE:SuSE-SA:2002:008 Reference: URL:http://www.suse.com/de/support/security/2002_008_squid_txt.html Reference: FREEBSD:FreeBSD-SA-02:12 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc Reference: BID:4148 Reference: URL:http://www.securityfocus.com/bid/4148 Reference: XF:squid-ftpbuildtitleurl-bo(8258) Reference: URL:http://www.iss.net/security_center/static/8258.php Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters. Modifications: ADDREF BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 ADDREF BUGTRAQ:20020222 TSLSA-2002-0031 - squid ADDREF MANDRAKE:MDKSA-2002:016 CHANGEREF REDHAT [normalize] ADDREF CALDERA:CSSA-2002-010.0 ADDREF CALDERA:CSSA-2002-SCO.7 ADDREF CONECTIVA:CLA-2002:464 ADDREF SUSE:SuSE-SA:2002:008 ADDREF BUGTRAQ:20020222 Squid buffer overflow ADDREF FREEBSD:FreeBSD-SA-02:12 ADDREF BID:4148 ADDREF XF:squid-ftpbuildtitleurl-bo(8258) DESC add that the problem occurs during escape processing Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0068 ACCEPT (6 accept, 5 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Wall, Cole, Green MODIFY(2) Cox, Jones NOOP(2) Foat, Christey Voter Comments: Christey> BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Christey> BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Christey> MANDRAKE:MDKSA-2002:016 Christey> Fix ref: REDHAT:REDHAT:RHSA-2002:029 Jones> Drop "malformed" from description; legitimate FTP URL with reasonable userid and password may cause crash. Add enough detail to distinguish this vulnerability (i.e., the flaw is in authenticated FTP URL handling). Reference: BUGTRAQ:20020222 - Squid buffer overflow. Suggest: "Squid 2.4 STABLE3 and earlier contains a flaw in handling authenticated FTP URLs (FTP URLs with userID and passwords) which allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code via ftp:// URLs." Christey> fix typo: "possible" should be "possibly" CALDERA:CSSA-2002-010.0 URL:http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt CALDERA:CSSA-2002-SCO.7 URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html CONECTIVA:CLA-2002:464 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 SUSE:SuSE-SA:2002:008 URL:http://www.suse.com/de/support/security/2002_008_squid_txt.html BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0257.html MANDRAKE:MDKSA-2002:016 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php3 BUGTRAQ:20020222 Squid buffer overflow URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440163111826&w=2 FREEBSD:FreeBSD-SA-02:12 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc BID:4148 URL:http://www.securityfocus.com/bid/4148 XF:squid-ftpbuildtitleurl-bo(8258) URL:http://www.iss.net/security_center/static/8258.php Cox> This references REDHAT:REDHAT:RHSA-2002:029 instead of REDHAT:RHSA-2002:029 Christey> See Bugtraq post for more information... the problem isn't a malformed URL, it's that the string exceeds the buffer size when it is URL-escaped. ====================================================== Candidate: CAN-2002-0069 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0069 Final-Decision: Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020315 Assigned: 20020219 Category: SF Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/ Reference: REDHAT:RHSA-2002:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Reference: MANDRAKE:MDKSA-2002:016 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php Reference: CALDERA:CSSA-2002-SCO.7 Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html Reference: CONECTIVA:CLA-2002:464 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 Reference: FREEBSD:FreeBSD-SA-02:12 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc Reference: XF:squid-snmp-dos(8260) Reference: URL:http://www.iss.net/security_center/static/8260.php Reference: BID:4146 Reference: URL:http://www.securityfocus.com/bid/4146 Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service. Modifications: DESC change STABLE2 to STABLE3 ADDREF BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 ADDREF BUGTRAQ:20020222 TSLSA-2002-0031 - squid ADDREF MANDRAKE:MDKSA-2002:016 CHANGEREF REDHAT [normalize] ADDREF CALDERA:CSSA-2002-SCO.7 ADDREF CONECTIVA:CLA-2002:464 ADDREF FREEBSD:FreeBSD-SA-02:12 ADDREF XF:squid-snmp-dos(8260) ADDREF BID:4146 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0069 ACCEPT (6 accept, 4 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Wall, Cole, Green MODIFY(2) Cox, Jones NOOP(2) Foat, Christey Voter Comments: Christey> BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Need to add version number to description (2.4) Christey> BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Christey> MANDRAKE:MDKSA-2002:016 Christey> Fix ref: REDHAT:REDHAT:RHSA-2002:029 Jones> Add version info to description (like 2002-0068): Squid 2.4 STABLE3 and earlier. Christey> CALDERA:CSSA-2002-SCO.7 URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html CONECTIVA:CLA-2002:464 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0257.html MANDRAKE:MDKSA-2002:016 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php3 FREEBSD:FreeBSD-SA-02:12 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc XF:squid-snmp-dos(8260) URL:http://www.iss.net/security_center/static/8260.php BID:4146 URL:http://www.securityfocus.com/bid/4146 Cox> This references REDHAT:REDHAT:RHSA-2002:029 instead of REDHAT:RHSA-2002:029 ====================================================== Candidate: CAN-2002-0071 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0071 Final-Decision: Interim-Decision: 20030326 Modified: 20030319-03 Proposed: 20020502 Assigned: 20020221 Category: SF Reference: ATSTAKE:A041002-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a041002-1.txt Reference: BUGTRAQ:20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101854087828265&w=2 Reference: VULNWATCH:20020411 [VulnWatch] KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Reference: CERT-VN:VU#363715 Reference: URL:http://www.kb.cert.org/vuls/id/363715 Reference: XF:iis-htr-isapi-bo(8799) Reference: URL:http://www.iss.net/security_center/static/8799.php Reference: BID:4474 Reference: URL:http://www.securityfocus.com/bid/4474 Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. Modifications: ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 ADDREF XF:iis-htr-isapi-bo(8799) ADDREF BID:4474 ADDREF CERT-VN:VU#363715 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0071 ACCEPT (6 accept, 4 ack, 0 review) Current Votes: ACCEPT(5) Wall, Foat, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Cox, Christey Voter Comments: Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Frech> XF:iis-htr-isapi-bo(8799) ====================================================== Candidate: CAN-2002-0072 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0072 Final-Decision: Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020502 Assigned: 20020221 Category: SF Reference: BUGTRAQ:20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101853851025208&w=2 Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Reference: CERT-VN:VU#521059 Reference: URL:http://www.kb.cert.org/vuls/id/521059 Reference: XF:iis-isapi-filter-error-dos(8800) Reference: URL:http://www.iss.net/security_center/static/8800.php Reference: BID:4479 Reference: URL:http://www.securityfocus.com/bid/4479 The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer. Modifications: ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 ADDREF CERT-VN:VU#521059 ADDREF XF:iis-isapi-filter-error-dos(8800) ADDREF BID:4479 Analysis -------- Vendor Acknowledgement: yes advisory INFERRED ACTION: CAN-2002-0072 ACCEPT (6 accept, 4 ack, 0 review) Current Votes: ACCEPT(5) Wall, Foat, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Cox, Christey Voter Comments: Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Christey> CERT-VN:VU#521059 URL:http://www.kb.cert.org/vuls/id/521059 XF:iis-isapi-filter-error-dos(8800) URL:http://www.iss.net/security_center/static/8800.php BID:4479 URL:http://www.securityfocus.com/bid/4479 Frech> XF:iis-isapi-filter-error-dos(8800) ====================================================== Candidate: CAN-2002-0073 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0073 Final-Decision: Interim-Decision: 20030326 Modified: 20030319-02 Proposed: 20020502 Assigned: | ||||