|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 350 Candidates
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-1999-1337 CVE-1999-1337 CAN-1999-1468 CVE-1999-1468 CAN-1999-1490 CVE-1999-1490 CAN-2000-0502 CVE-2000-0502 CAN-2000-0590 CVE-2000-0590 CAN-2000-1210 CVE-2000-1210 CAN-2000-1211 CVE-2000-1211 CAN-2000-1212 CVE-2000-1212 CAN-2001-0724 CVE-2001-0724 CAN-2001-0748 CVE-2001-0748 CAN-2001-0763 CVE-2001-0763 CAN-2001-0873 CVE-2001-0873 CAN-2001-0891 CVE-2001-0891 CAN-2001-0921 CVE-2001-0921 CAN-2001-0959 CVE-2001-0959 CAN-2001-0960 CVE-2001-0960 CAN-2001-0978 CVE-2001-0978 CAN-2001-1008 CVE-2001-1008 CAN-2001-1028 CVE-2001-1028 CAN-2001-1036 CVE-2001-1036 CAN-2001-1059 CVE-2001-1059 CAN-2001-1106 CVE-2001-1106 CAN-2001-1145 CVE-2001-1145 CAN-2001-1251 CVE-2001-1251 CAN-2001-1291 CVE-2001-1291 CAN-2001-1296 CVE-2001-1296 CAN-2001-1301 CVE-2001-1301 CAN-2001-1303 CVE-2001-1303 CAN-2001-1327 CVE-2001-1327 CAN-2001-1334 CVE-2001-1334 CAN-2001-1349 CVE-2001-1349 CAN-2001-1359 CVE-2001-1359 CAN-2001-1369 CVE-2001-1369 CAN-2001-1370 CVE-2001-1370 CAN-2001-1371 CVE-2001-1371 CAN-2001-1372 CVE-2001-1372 CAN-2001-1373 CVE-2001-1373 CAN-2001-1374 CVE-2001-1374 CAN-2001-1375 CVE-2001-1375 CAN-2001-1378 CVE-2001-1378 CAN-2001-1380 CVE-2001-1380 CAN-2001-1382 CVE-2001-1382 CAN-2001-1383 CVE-2001-1383 CAN-2001-1385 CVE-2001-1385 CAN-2001-1406 CVE-2001-1406 CAN-2001-1407 CVE-2001-1407 CAN-2002-0006 CVE-2002-0006 CAN-2002-0009 CVE-2002-0009 CAN-2002-0011 CVE-2002-0011 CAN-2002-0014 CVE-2002-0014 CAN-2002-0017 CVE-2002-0017 CAN-2002-0024 CVE-2002-0024 CAN-2002-0032 CVE-2002-0032 CAN-2002-0033 CVE-2002-0033 CAN-2002-0042 CVE-2002-0042 CAN-2002-0054 CVE-2002-0054 CAN-2002-0061 CVE-2002-0061 CAN-2002-0062 CVE-2002-0062 CAN-2002-0067 CVE-2002-0067 CAN-2002-0068 CVE-2002-0068 CAN-2002-0069 CVE-2002-0069 CAN-2002-0071 CVE-2002-0071 CAN-2002-0072 CVE-2002-0072 CAN-2002-0073 CVE-2002-0073 CAN-2002-0074 CVE-2002-0074 CAN-2002-0075 CVE-2002-0075 CAN-2002-0076 CVE-2002-0076 CAN-2002-0079 CVE-2002-0079 CAN-2002-0094 CVE-2002-0094 CAN-2002-0095 CVE-2002-0095 CAN-2002-0120 CVE-2002-0120 CAN-2002-0123 CVE-2002-0123 CAN-2002-0146 CVE-2002-0146 CAN-2002-0147 CVE-2002-0147 CAN-2002-0148 CVE-2002-0148 CAN-2002-0149 CVE-2002-0149 CAN-2002-0150 CVE-2002-0150 CAN-2002-0155 CVE-2002-0155 CAN-2002-0157 CVE-2002-0157 CAN-2002-0163 CVE-2002-0163 CAN-2002-0169 CVE-2002-0169 CAN-2002-0170 CVE-2002-0170 CAN-2002-0171 CVE-2002-0171 CAN-2002-0172 CVE-2002-0172 CAN-2002-0173 CVE-2002-0173 CAN-2002-0174 CVE-2002-0174 CAN-2002-0178 CVE-2002-0178 CAN-2002-0181 CVE-2002-0181 CAN-2002-0184 CVE-2002-0184 CAN-2002-0185 CVE-2002-0185 CAN-2002-0186 CVE-2002-0186 CAN-2002-0187 CVE-2002-0187 CAN-2002-0190 CVE-2002-0190 CAN-2002-0191 CVE-2002-0191 CAN-2002-0213 CVE-2002-0213 CAN-2002-0241 CVE-2002-0241 CAN-2002-0246 CVE-2002-0246 CAN-2002-0250 CVE-2002-0250 CAN-2002-0267 CVE-2002-0267 CAN-2002-0274 CVE-2002-0274 CAN-2002-0276 CVE-2002-0276 CAN-2002-0287 CVE-2002-0287 CAN-2002-0290 CVE-2002-0290 CAN-2002-0292 CVE-2002-0292 CAN-2002-0299 CVE-2002-0299 CAN-2002-0300 CVE-2002-0300 CAN-2002-0302 CVE-2002-0302 CAN-2002-0309 CVE-2002-0309 CAN-2002-0318 CVE-2002-0318 CAN-2002-0329 CVE-2002-0329 CAN-2002-0330 CVE-2002-0330 CAN-2002-0339 CVE-2002-0339 CAN-2002-0355 CVE-2002-0355 CAN-2002-0356 CVE-2002-0356 CAN-2002-0358 CVE-2002-0358 CAN-2002-0359 CVE-2002-0359 CAN-2002-0363 CVE-2002-0363 CAN-2002-0364 CVE-2002-0364 CAN-2002-0366 CVE-2002-0366 CAN-2002-0367 CVE-2002-0367 CAN-2002-0368 CVE-2002-0368 CAN-2002-0369 CVE-2002-0369 CAN-2002-0372 CVE-2002-0372 CAN-2002-0373 CVE-2002-0373 CAN-2002-0374 CVE-2002-0374 CAN-2002-0377 CVE-2002-0377 CAN-2002-0379 CVE-2002-0379 CAN-2002-0381 CVE-2002-0381 CAN-2002-0382 CVE-2002-0382 CAN-2002-0389 CVE-2002-0389 CAN-2002-0391 CVE-2002-0391 CAN-2002-0392 CVE-2002-0392 CAN-2002-0394 CVE-2002-0394 CAN-2002-0401 CVE-2002-0401 CAN-2002-0402 CVE-2002-0402 CAN-2002-0403 CVE-2002-0403 CAN-2002-0404 CVE-2002-0404 CAN-2002-0406 CVE-2002-0406 CAN-2002-0412 CVE-2002-0412 CAN-2002-0414 CVE-2002-0414 CAN-2002-0423 CVE-2002-0423 CAN-2002-0424 CVE-2002-0424 CAN-2002-0425 CVE-2002-0425 CAN-2002-0429 CVE-2002-0429 CAN-2002-0431 CVE-2002-0431 CAN-2002-0435 CVE-2002-0435 CAN-2002-0437 CVE-2002-0437 CAN-2002-0441 CVE-2002-0441 CAN-2002-0442 CVE-2002-0442 CAN-2002-0451 CVE-2002-0451 CAN-2002-0454 CVE-2002-0454 CAN-2002-0462 CVE-2002-0462 CAN-2002-0463 CVE-2002-0463 CAN-2002-0464 CVE-2002-0464 CAN-2002-0473 CVE-2002-0473 CAN-2002-0484 CVE-2002-0484 CAN-2002-0488 CVE-2002-0488 CAN-2002-0490 CVE-2002-0490 CAN-2002-0493 CVE-2002-0493 CAN-2002-0494 CVE-2002-0494 CAN-2002-0495 CVE-2002-0495 CAN-2002-0497 CVE-2002-0497 CAN-2002-0501 CVE-2002-0501 CAN-2002-0505 CVE-2002-0505 CAN-2002-0506 CVE-2002-0506 CAN-2002-0511 CVE-2002-0511 CAN-2002-0512 CVE-2002-0512 CAN-2002-0513 CVE-2002-0513 CAN-2002-0516 CVE-2002-0516 CAN-2002-0531 CVE-2002-0531 CAN-2002-0532 CVE-2002-0532 CAN-2002-0536 CVE-2002-0536 CAN-2002-0538 CVE-2002-0538 CAN-2002-0539 CVE-2002-0539 CAN-2002-0542 CVE-2002-0542 CAN-2002-0543 CVE-2002-0543 CAN-2002-0545 CVE-2002-0545 CAN-2002-0553 CVE-2002-0553 CAN-2002-0567 CVE-2002-0567 CAN-2002-0569 CVE-2002-0569 CAN-2002-0571 CVE-2002-0571 CAN-2002-0573 CVE-2002-0573 CAN-2002-0574 CVE-2002-0574 CAN-2002-0575 CVE-2002-0575 CAN-2002-0576 CVE-2002-0576 CAN-2002-0594 CVE-2002-0594 CAN-2002-0597 CVE-2002-0597 CAN-2002-0598 CVE-2002-0598 CAN-2002-0599 CVE-2002-0599 CAN-2002-0601 CVE-2002-0601 CAN-2002-0605 CVE-2002-0605 CAN-2002-0613 CVE-2002-0613 CAN-2002-0616 CVE-2002-0616 CAN-2002-0617 CVE-2002-0617 CAN-2002-0618 CVE-2002-0618 CAN-2002-0619 CVE-2002-0619 CAN-2002-0621 CVE-2002-0621 CAN-2002-0622 CVE-2002-0622 CAN-2002-0623 CVE-2002-0623 CAN-2002-0631 CVE-2002-0631 CAN-2002-0638 CVE-2002-0638 CAN-2002-0639 CVE-2002-0639 CAN-2002-0640 CVE-2002-0640 CAN-2002-0642 CVE-2002-0642 CAN-2002-0647 CVE-2002-0647 CAN-2002-0648 CVE-2002-0648 CAN-2002-0650 CVE-2002-0650 CAN-2002-0653 CVE-2002-0653 CAN-2002-0658 CVE-2002-0658 CAN-2002-0663 CVE-2002-0663 CAN-2002-0665 CVE-2002-0665 CAN-2002-0671 CVE-2002-0671 CAN-2002-0676 CVE-2002-0676 CAN-2002-0678 CVE-2002-0678 CAN-2002-0679 CVE-2002-0679 CAN-2002-0685 CVE-2002-0685 CAN-2002-0687 CVE-2002-0687 CAN-2002-0688 CVE-2002-0688 CAN-2002-0691 CVE-2002-0691 CAN-2002-0695 CVE-2002-0695 CAN-2002-0697 CVE-2002-0697 CAN-2002-0698 CVE-2002-0698 CAN-2002-0700 CVE-2002-0700 CAN-2002-0701 CVE-2002-0701 CAN-2002-0703 CVE-2002-0703 CAN-2002-0704 CVE-2002-0704 CAN-2002-0710 CVE-2002-0710 CAN-2002-0714 CVE-2002-0714 CAN-2002-0716 CVE-2002-0716 CAN-2002-0718 CVE-2002-0718 CAN-2002-0719 CVE-2002-0719 CAN-2002-0720 CVE-2002-0720 CAN-2002-0722 CVE-2002-0722 CAN-2002-0726 CVE-2002-0726 CAN-2002-0727 CVE-2002-0727 CAN-2002-0733 CVE-2002-0733 CAN-2002-0734 CVE-2002-0734 CAN-2002-0736 CVE-2002-0736 CAN-2002-0737 CVE-2002-0737 CAN-2002-0738 CVE-2002-0738 CAN-2002-0741 CVE-2002-0741 CAN-2002-0748 CVE-2002-0748 CAN-2002-0754 CVE-2002-0754 CAN-2002-0755 CVE-2002-0755 CAN-2002-0758 CVE-2002-0758 CAN-2002-0759 CVE-2002-0759 CAN-2002-0760 CVE-2002-0760 CAN-2002-0761 CVE-2002-0761 CAN-2002-0762 CVE-2002-0762 CAN-2002-0765 CVE-2002-0765 CAN-2002-0766 CVE-2002-0766 CAN-2002-0768 CVE-2002-0768 CAN-2002-0776 CVE-2002-0776 CAN-2002-0777 CVE-2002-0777 CAN-2002-0778 CVE-2002-0778 CAN-2002-0785 CVE-2002-0785 CAN-2002-0788 CVE-2002-0788 CAN-2002-0789 CVE-2002-0789 CAN-2002-0790 CVE-2002-0790 CAN-2002-0794 CVE-2002-0794 CAN-2002-0795 CVE-2002-0795 CAN-2002-0801 CVE-2002-0801 CAN-2002-0802 CVE-2002-0802 CAN-2002-0804 CVE-2002-0804 CAN-2002-0805 CVE-2002-0805 CAN-2002-0806 CVE-2002-0806 CAN-2002-0808 CVE-2002-0808 CAN-2002-0809 CVE-2002-0809 CAN-2002-0810 CVE-2002-0810 CAN-2002-0813 CVE-2002-0813 CAN-2002-0814 CVE-2002-0814 CAN-2002-0816 CVE-2002-0816 CAN-2002-0817 CVE-2002-0817 CAN-2002-0818 CVE-2002-0818 CAN-2002-0823 CVE-2002-0823 CAN-2002-0824 CVE-2002-0824 CAN-2002-0826 CVE-2002-0826 CAN-2002-0829 CVE-2002-0829 CAN-2002-0830 CVE-2002-0830 CAN-2002-0831 CVE-2002-0831 CAN-2002-0845 CVE-2002-0845 CAN-2002-0846 CVE-2002-0846 CAN-2002-0847 CVE-2002-0847 CAN-2002-0848 CVE-2002-0848 CAN-2002-0851 CVE-2002-0851 CAN-2002-0853 CVE-2002-0853 CAN-2002-0856 CVE-2002-0856 CAN-2002-0859 CVE-2002-0859 CAN-2002-0860 CVE-2002-0860 CAN-2002-0871 CVE-2002-0871 CAN-2002-0872 CVE-2002-0872 CAN-2002-0873 CVE-2002-0873 CAN-2002-0875 CVE-2002-0875 CAN-2002-0887 CVE-2002-0887 CAN-2002-0889 CVE-2002-0889 CAN-2002-0891 CVE-2002-0891 CAN-2002-0892 CVE-2002-0892 CAN-2002-0897 CVE-2002-0897 CAN-2002-0898 CVE-2002-0898 CAN-2002-0900 CVE-2002-0900 CAN-2002-0904 CVE-2002-0904 CAN-2002-0906 CVE-2002-0906 CAN-2002-0911 CVE-2002-0911 CAN-2002-0914 CVE-2002-0914 CAN-2002-0916 CVE-2002-0916 CAN-2002-0935 CVE-2002-0935 CAN-2002-0938 CVE-2002-0938 CAN-2002-0941 CVE-2002-0941 CAN-2002-0945 CVE-2002-0945 CAN-2002-0946 CVE-2002-0946 CAN-2002-0947 CVE-2002-0947 CAN-2002-0952 CVE-2002-0952 CAN-2002-0953 CVE-2002-0953 CAN-2002-0958 CVE-2002-0958 CAN-2002-0964 CVE-2002-0964 CAN-2002-0965 CVE-2002-0965 CAN-2002-0967 CVE-2002-0967 CAN-2002-0968 CVE-2002-0968 CAN-2002-0981 CVE-2002-0981 CAN-2002-0984 CVE-2002-0984 CAN-2002-0987 CVE-2002-0987 CAN-2002-0988 CVE-2002-0988 CAN-2002-0989 CVE-2002-0989 CAN-2002-0995 CVE-2002-0995 CAN-2002-1000 CVE-2002-1000 CAN-2002-1002 CVE-2002-1002 CAN-2002-1004 CVE-2002-1004 CAN-2002-1006 CVE-2002-1006 CAN-2002-1013 CVE-2002-1013 CAN-2002-1014 CVE-2002-1014 CAN-2002-1015 CVE-2002-1015 CAN-2002-1024 CVE-2002-1024 CAN-2002-1025 CVE-2002-1025 CAN-2002-1030 CVE-2002-1030 CAN-2002-1031 CVE-2002-1031 CAN-2002-1035 CVE-2002-1035 CAN-2002-1039 CVE-2002-1039 CAN-2002-1046 CVE-2002-1046 CAN-2002-1049 CVE-2002-1049 CAN-2002-1050 CVE-2002-1050 CAN-2002-1051 CVE-2002-1051 CAN-2002-1053 CVE-2002-1053 CAN-2002-1054 CVE-2002-1054 CAN-2002-1057 CVE-2002-1057 CAN-2002-1059 CVE-2002-1059 CAN-2002-1060 CVE-2002-1060 CAN-2002-1076 CVE-2002-1076 CAN-2002-1079 CVE-2002-1079 CAN-2002-1081 CVE-2002-1081 CAN-2002-1088 CVE-2002-1088 ====================================================== Candidate: CAN-1999-1337 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1337 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990801 midnight commander vulnerability(?) (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93370073207984&w=2 Reference: XF:midnight-commander-data-disclosure(9873) Reference: URL:http://www.iss.net/security_center/static/9873.php FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges. Modifications: ADDREF XF:midnight-commander-data-disclosure(9873) INFERRED ACTION: CAN-1999-1337 FINAL (Final Decision 20030402) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> (Task 1765) CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:midnight-commander-data-disclosure(9873) ====================================================== Candidate: CAN-1999-1468 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1468 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html Reference: CERT:CA-91.20 Reference: URL:http://www.cert.org/advisories/CA-91.20.rdist.vulnerability Reference: BID:31 Reference: URL:http://www.securityfocus.com/bid/31 Reference: XF:rdist-popen-gain-privileges(7160) Reference: URL:http://www.iss.net/security_center/static/7160.php rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable. Modifications: ADDREF XF:rdist-popen-gain-privileges(7160) CHANGEREF MISC [change url] INFERRED ACTION: CAN-1999-1468 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Frech> XF:rdist-popen-gain-privileges(7160) MISC reference is dead. Alternative: http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html Christey> It is unclear whether this is addressed by SUN:00115, SUN:00110, both, or neither. ====================================================== Candidate: CAN-1999-1490 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1490 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980528 ALERT: Tiresome security hole in "xosview", RedHat5.1? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926021&w=2 Reference: BUGTRAQ:19980529 Re: Tiresome security hole in "xosview" (xosexp.c) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926034&w=2 Reference: BID:362 Reference: URL:http://www.securityfocus.com/bid/362 Reference: XF:linux-xosview-bo(8787) Reference: URL:http://www.iss.net/security_center/static/8787.php xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable. Modifications: ADDREF XF:linux-xosview-bo(8787) INFERRED ACTION: CAN-1999-1490 FINAL (Final Decision 20030402) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> (ACCEPT; Task 2354) CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:linux-xosview-bo(8787) ====================================================== Candidate: CAN-2000-0502 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0502 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020222-01 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000607 Mcafee Alerting DOS vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html Reference: BID:1326 Reference: URL:http://www.securityfocus.com/bid/1326 Reference: XF:mcafee-alerting-dos(4641) Reference: URL:http://xforce.iss.net/static/4641.php Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion. Modifications: ADDREF XF:mcafee-alerting-dos(4641) INFERRED ACTION: CAN-2000-0502 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Ozancin, Levy, Wall MODIFY(1) Frech NOOP(1) LeBlanc Voter Comments: Frech> XF:mcafee-alerting-dos(4641) CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0590 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0590 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20010910-01 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000706 Vulnerability in Poll_It cgi v2.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0076.html Reference: BID:1431 Reference: URL:http://www.securityfocus.com/bid/1431 Reference: XF:http-cgi-pollit-variable-overwrite(4878) Reference: URL:http://xforce.iss.net/static/4878.php Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter. Modifications: ADDREF XF:http-cgi-pollit-variable-overwrite(4878) INFERRED ACTION: CAN-2000-0590 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(4) Magdych, LeBlanc, Wall, Christey Voter Comments: Frech> XF;http-cgi-pollit-variable-overwrite(4878) CHANGE> [Magdych changed vote from REVIEWING to NOOP] Christey> MISC:http://www.cgi-world.com/download/pollit.html An item on October 24, 2000 says "Updated to Version 2.05 from 2.0 to Fix Security Issues" but it's not clear whether it's related to *this* security issue; it's probably talking about CVE-2000-1068/1069/1070. Inquiry sent to http://www.cgi-world.com/cgi-bin/forms/forms.cgi on 2/22/2002. Confirmed by vendor on 2/22/2002. ====================================================== Candidate: CAN-2000-1210 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1210 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20000322 Security bug in Apache project: Jakarta Tomcat Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95371672300045&w=2 Reference: XF:apache-tomcat-file-contents(4205) Reference: URL:http://www.iss.net/security_center/static/4205.php Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp. INFERRED ACTION: CAN-2000-1210 FINAL (Final Decision 20030402) Current Votes: ACCEPT(6) Baker, Frech, Cox, Cole, Armstrong, Green NOOP(2) Wall, Foat Voter Comments: Green> APPEARS TO BE ACKNOWLEDGED IN APACHE'S BUGZILLA (#93 SEEMS CLOSE) ====================================================== Candidate: CAN-2000-1211 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1211 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20001222 Zope DTML Role Issue Reference: REDHAT:RHSA-2000:125 Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert Reference: MANDRAKE:MDKSA-2000:083 Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3 Reference: XF:zope-legacy-names(5824) Reference: URL:http://www.iss.net/security_center/static/5824.php Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities. Modifications: ADDREF XF:zope-legacy-names(5824) INFERRED ACTION: CAN-2000-1211 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Cox, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Cox> ADDREF:REDHAT:RHSA-2000:125 Frech> XF:zope-legacy-names(5824) ====================================================== Candidate: CAN-2000-1212 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1212 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: MANDRAKE:MDKSA-2000:086 Reference: CONECTIVA:CLA-2000:365 Reference: DEBIAN:DSA-007 Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert Reference: REDHAT:RHSA-2000:135 Reference: XF:zope-image-file(5778) Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects. INFERRED ACTION: CAN-2000-1212 FINAL (Final Decision 20030402) Current Votes: ACCEPT(6) Baker, Frech, Cox, Cole, Armstrong, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0724 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0724 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-02 Proposed: 20020131 Assigned: 20010927 Category: SF Reference: MS:MS01-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp Reference: XF:ie-incorrect-security-zone-variant(8471) Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664. Modifications: ADDREF XF:ie-incorrect-security-zone-variant(8471) DESC Change "CAN" to "CVE" in description. INFERRED ACTION: CAN-2001-0724 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Foat, Cole, Armstrong, Baker MODIFY(1) Frech Voter Comments: Frech> (ACCEPT) CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:ie-incorrect-security-zone-variant(8471) ====================================================== Candidate: CAN-2001-0748 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0748 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010531 Acme.Server v1.7 of 13nov96 Directory Browsing Reference: URL:http://www.securityfocus.com/archive/1/188141 Reference: XF:acme-serve-directory-traversal(6634) Reference: URL:http://www.iss.net/security_center/static/6634.php Reference: CISCO:20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml Reference: BID:2809 Reference: URL:http://www.securityfocus.com/bid/2809 Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI. Modifications: ADDREF XF:acme-serve-directory-traversal(6634) ADDREF CISCO:20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability DESC replace "." with "/"; change spelling ADDREF BID:2809 INFERRED ACTION: CAN-2001-0748 FINAL (Final Decision 20030402) Current Votes: ACCEPT(1) Armstrong MODIFY(1) Frech NOOP(4) Wall, Foat, Cole, Christey Voter Comments: Frech> XF:acme-serve-directory-traversal(6634) Christey> Change description to say "Acme.Serve". The original discloser spelled it 2 different ways. Christey> Description: Is it . or slash? Christey> Acknowledged by Cisco (!): CISCO:20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability URL:http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml This affects Cisco Secure ACS Unix installation, and Cisco reports that it's due to multiple / at the end. ====================================================== Candidate: CAN-2001-0763 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0763 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020821-03 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0064.html Reference: CONECTIVA:CLA-2001:404 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000404 Reference: DEBIAN:DSA-063 Reference: URL:http://www.debian.org/security/2001/dsa-063 Reference: SUSE:SA:2001:022 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Jun/0002.html Reference: IMMUNIX:IMNX-2001-70-024-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-024-01 Reference: ENGARDE:ESA-20010621-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1469.html Reference: CIAC:L-104 Reference: URL:http://www.ciac.org/ciac/bulletins/l-104.shtml Reference: REDHAT:RHSA-2001:075 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-075.html Reference: FREEBSD:FreeBSD-SA-01:47 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:47.xinetd.asc Reference: XF:xinetd-identd-bo(6670) Reference: URL:http://xforce.iss.net/static/6670.php Reference: BID:2840 Reference: URL:http://www.securityfocus.com/bid/2840 Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function. Modifications: ADDREF XF:xinetd-identd-bo(6670) ADDREF BID:2840 ADDREF IMMUNIX:IMNX-2001-70-029-01 ADDREF ENGARDE:ESA-20010621-01 ADDREF CIAC:L-104 ADDREF REDHAT:RHSA-2001:075 ADDREF FREEBSD:FreeBSD-SA-01:47 ADDREF CONECTIVA:CLA-2001:404 DELREF CONECTIVA:CLA-2001:406 CHANGEREF IMMUNIX:IMNX-2001-70-024-01 INFERRED ACTION: CAN-2001-0763 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Baker MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:xinetd-identd-bo(6670) Christey> Need to sift through the references to make sure they're correct and appropriately distinguish from CAN-2001-0825. Christey> ADDREF CONECTIVA:CLA-2001:404 Christey> ADDREF FREEBSD:FreeBSD-SA-01:47 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:47.xinetd.asc DELREF CONECTIVA:CLA-2001:406 (that's for CAN-2001-0825) ADDREF CONECTIVA:CLA-2001:404 DELREF IMMUNIX:IMNX-2001-70-029-01 (that's for CAN-2001-0825) ADDREF IMMUNIX:IMNX-2001-70-024-01 ====================================================== Candidate: CAN-2001-0873 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0873 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020818-01 Proposed: 20020131 Assigned: 20011206 Category: SF Reference: BUGTRAQ:20010908 Multiple vendor 'Taylor UUCP' problems. Reference: URL:http://www.securityfocus.com/archive/1/212892 Reference: BUGTRAQ:20011130 Redhat 7.0 local root (via uucp) (attempt 2) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715446131820 Reference: CALDERA:CSSA-2001-033.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-033.0.txt Reference: CONECTIVA:CLA-2001:425 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425 Reference: SUSE:SuSE-SA:2001:38 Reference: URL:http://www.suse.de/de/support/security/2001_038_uucp_txt.txt Reference: BID:3312 Reference: URL:http://www.securityfocus.com/bid/3312 Reference: XF:uucp-argument-gain-privileges(7099) Reference: URL:http://xforce.iss.net/static/7099.php Reference: REDHAT:RHSA-2001:165 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-165.html uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option. Modifications: ADDREF REDHAT:RHSA-2001:165 INFERRED ACTION: CAN-2001-0873 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(3) Wall, Foat, Christey Voter Comments: Christey> ADDREF CONECTIVA:CLA-2002:463 Christey> No wait, scratch CONECTIVA:CLA-2002:463... It only mentions this older vulnerability. Christey> REDHAT:RHSA-2001:165 (per Mark Cox) ====================================================== Candidate: CAN-2001-0891 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0891 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020116 Category: SF Reference: BUGTRAQ:20011127 UNICOS LOCAL HOLE ALL VERSIONS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100695627423924&w=2 Reference: SGI:20020101-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020101-01-I Reference: XF:unicos-nqsd-format-string(7618) Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters. Modifications: ADDREF XF:unicos-nqsd-format-string(7618) DESC Add SGI IRIX versions INFERRED ACTION: CAN-2001-0891 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Baker MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Frech> XF:unicos-nqsd-format-string(7618) Christey> Change desc to include SGI versions ====================================================== Candidate: CAN-2001-0921 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0921 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 Mac Netscape password fields Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638816318705&w=2 Reference: XF:macos-netscape-print-passwords(7593) Reference: URL:http://xforce.iss.net/static/7593.php Reference: BID:3565 Reference: URL:http://www.securityfocus.com/bid/3565 Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext. INFERRED ACTION: CAN-2001-0921 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(2) Wall, Armstrong ====================================================== Candidate: CAN-2001-0959 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0959 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html Reference: BID:3342 Reference: URL:http://www.securityfocus.com/bid/3342 Reference: XF:arcserve-aremote-plaintext(7122) Reference: URL:http://www.iss.net/security_center/static/7122.php Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files. Modifications: ADDREF XF:arcserve-aremote-plaintext(7122) INFERRED ACTION: CAN-2001-0959 FINAL (Final Decision 20030402) Current Votes: ACCEPT(1) Cole MODIFY(2) Green, Frech NOOP(2) Wall, Foat Voter Comments: Green> VENDOR ACKNOWLEDGEMENT VAGUE Frech> XF:arcserve-aremote-plaintext(7122) ====================================================== Candidate: CAN-2001-0960 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0960 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html Reference: XF:arcserve-aremote-plaintext(7122) Reference: URL:http://xforce.iss.net/static/7122.php Reference: BID:3343 Reference: URL:http://www.securityfocus.com/bid/3343 Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges. INFERRED ACTION: CAN-2001-0960 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Cole, Frech MODIFY(1) Green NOOP(2) Wall, Foat Voter Comments: Green> VENDOR ACKNOWLEDGEMENT MISSING ====================================================== Candidate: CAN-2001-0978 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0978 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: HPBUG:PHCO_17719 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0052.html Reference: HPBUG:PHCO_24454 Reference: BID:3289 Reference: URL:http://www.securityfocus.com/bid/3289 Reference: XF:hpux-login-btmp(8632) Reference: URL:http://www.iss.net/security_center/static/8632.php login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program. Modifications: ADDREF XF:hpux-login-btmp(8632) INFERRED ACTION: CAN-2001-0978 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Baker MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:hpux-login-btmp(8632) ====================================================== Candidate: CAN-2001-1008 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1008 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010824 Java Plugin 1.4 with JRE 1.3 -> Ignores certificates. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.html Reference: BID:3245 Reference: URL:http://www.securityfocus.com/bid/3245 Reference: XF:javaplugin-jre-expired-certificate(7048) Reference: URL:http://www.iss.net/security_center/static/7048.php Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate. Modifications: ADDREF XF:javaplugin-jre-expired-certificate(7048) INFERRED ACTION: CAN-2001-1008 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Armstrong Voter Comments: Frech> XF:javaplugin-jre-expired-certificate(7048) ====================================================== Candidate: CAN-2001-1028 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1028 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: REDHAT:RHSA-2001:072 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-072.html Reference: XF:man-ultimate-source-bo(8622) Reference: URL:http://www.iss.net/security_center/static/8622.php Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges. Modifications: ADDREF XF:man-ultimate-source-bo(8622) INFERRED ACTION: CAN-2001-1028 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Baker MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:man-ultimate-source-bo(8622) ====================================================== Candidate: CAN-2001-1036 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1036 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Reference: URL:http://www.securityfocus.com/archive/1/200991 Reference: XF:locate-command-execution(6932) Reference: URL:http://xforce.iss.net/static/6932.php Reference: BID:3127 Reference: URL:http://www.securityfocus.com/bid/3127 GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory. INFERRED ACTION: CAN-2001-1036 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(3) Wall, Foat, Armstrong ====================================================== Candidate: CAN-2001-1059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1059 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20010730 vmware bug? Reference: URL:http://www.securityfocus.com/archive/1/200455 Reference: BID:3119 Reference: URL:http://www.securityfocus.com/bid/3119 Reference: XF:vmware-obtain-license-info(6925) Reference: URL:http://xforce.iss.net/static/6925.php VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information. INFERRED ACTION: CAN-2001-1059 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Foat, Cole, Green, Frech NOOP(2) Wall, Armstrong ====================================================== Candidate: CAN-2001-1106 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1106 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010725 Sambar Server password decryption Reference: URL:http://www.securityfocus.com/archive/1/199418 Reference: BID:3095 Reference: URL:http://www.securityfocus.com/bid/3095 Reference: XF:sambar-insecure-passwords(6909) Reference: URL:http://xforce.iss.net/static/6909.php The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure. INFERRED ACTION: CAN-2001-1106 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Green, Baker, Frech, Ziese NOOP(5) Wall, Foat, Cole, Armstrong, Christey Voter Comments: Green> There is vendor acknowledgement in http://www.security.nnov.ru/advisories/sambarpass.asp Christey> For CVE's purposes, I do not count a vendor quote or excerpt from a third party as acknowledgement. ====================================================== Candidate: CAN-2001-1145 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1145 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020315 Assigned: 20020315 Category: SF Reference: NETBSD:NetBSD-SA2001-016 Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html Reference: FREEBSD:FreeBSD-SA-01:40 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc Reference: OPENBSD:20010530 029: SECURITY FIX: May 30, 2001 Reference: URL:http://www.openbsd.org/errata28.html Reference: BID:3205 Reference: URL:http://online.securityfocus.com/bid/3205 Reference: XF:bsd-fts-race-condition(8715) Reference: URL:http://www.iss.net/security_center/static/8715.php fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories. Modifications: ADDREF XF:bsd-fts-race-condition(8715) INFERRED ACTION: CAN-2001-1145 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Baker, Ziese MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:bsd-fts-race-condition(8715) ====================================================== Candidate: CAN-2001-1251 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1251 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP Reference: URL:http://online.securityfocus.com/archive/1/194418 Reference: BID:2980 Reference: URL:http://online.securityfocus.com/bid/2980 Reference: XF:vwebserver-long-url-dos(6771) Reference: URL:http://www.iss.net/security_center/static/6771.php SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests. INFERRED ACTION: CAN-2001-1251 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1291 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1291 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010712 3Com TelnetD Reference: URL:http://www.securityfocus.com/archive/1/196957 Reference: XF:3com-telnetd-brute-force(6855) Reference: URL:http://xforce.iss.net/static/6855.php Reference: BID:3034 Reference: URL:http://www.securityfocus.com/bid/3034 The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing. INFERRED ACTION: CAN-2001-1291 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1296 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1296 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://www.securityfocus.com/archive/1/218000 Reference: MISC:http://www.moregroupware.org/index.php?action=detail&news_id=24 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://www.iss.net/security_center/static/7215.php Reference: BID:3383 Reference: URL:http://www.securityfocus.com/bid/3383 More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. INFERRED ACTION: CAN-2001-1296 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1301 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1301 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010807 rcs2log Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0093.html Reference: CONFIRM:http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95 Reference: XF:rcs2log-tmp-symlink(11210) Reference: URL:http://www.iss.net/security_center/static/11210.php rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. Modifications: ADDREF CONFIRM:http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95 ADDREF XF:rcs2log-tmp-symlink(11210) DESC change versions INFERRED ACTION: CAN-2001-1301 FINAL (Final Decision 20030402) Current Votes: ACCEPT(1) Green MODIFY(2) Frech, Cox NOOP(3) Wall, Foat, Cole Voter Comments: Frech> Task xxxx. CHANGE> [Cox changed vote from REVIEWING to MODIFY] Cox> Addref: http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95 This was public at least as far back as 28 September 1998, this is the date that the Red Hat emacs package was given a patch for this issue. Cox> Description currently says "xemacs 21.1.10" and it would be more correct to say "xemacs before version 21.4" CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:rcs2log-tmp-symlink(11210) ====================================================== Candidate: CAN-2001-1303 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1303 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20010718 Firewall-1 Information leak Reference: URL:http://www.securityfocus.com/archive/1/197566 Reference: BID:3058 Reference: URL:http://online.securityfocus.com/bid/3058 Reference: XF:fw1-securemote-gain-information(6857) Reference: URL:http://xforce.iss.net/static/6857.php The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication. INFERRED ACTION: CAN-2001-1303 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1327 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1327 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: TURBO:TLSA2001024 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-May/000313.html Reference: XF:pmake-binary-gain-privileges(9988) Reference: URL:http://www.iss.net/security_center/static/9988.php pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake. Modifications: ADDREF XF:pmake-binary-gain-privileges(9988) INFERRED ACTION: CAN-2001-1327 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Cox Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:pmake-binary-gain-privileges(9988) ====================================================== Candidate: CAN-2001-1334 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1334 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010515 PHPSlash : potential vulnerability in URL blocks Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0126.html Reference: CONFIRM:http://marc.theaimsgroup.com/?l=phpslash&m=99029398904419&w=2 Reference: BID:2724 Reference: URL:http://online.securityfocus.com/bid/2724 Reference: XF:phpslash-block-read-files(9990) Reference: URL:http://www.iss.net/security_center/static/9990.php Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL. Modifications: ADDREF XF:phpslash-block-read-files(9990) INFERRED ACTION: CAN-2001-1334 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Cox Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:phpslash-block-read-files(9990) ====================================================== Candidate: CAN-2001-1349 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1349 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BINDVIEW:20010528 Unsafe Signal Handling in Sendmail Reference: URL:http://razor.bindview.com/publish/advisories/adv_sm8120.html Reference: BUGTRAQ:20010529 sendmail 8.11.4 and 8.12.0.Beta10 available (fwd) Reference: URL:http://www.securityfocus.com/archive/1/187127 Reference: REDHAT:RHSA-2001:106 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-106.html Reference: CONFIRM:http://archives.neohapsis.com/archives/sendmail/2001-q2/0001.html Reference: BID:2794 Reference: URL:http://www.securityfocus.com/bid/2794 Reference: XF:sendmail-signal-handling(6633) Reference: URL:http://www.iss.net/security_center/static/6633.php Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers. Modifications: ADDREF REDHAT:RHSA-2001:106 ADDREF XF:sendmail-signal-handling(6633) INFERRED ACTION: CAN-2001-1349 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Wall, Cole, Green, Cox MODIFY(1) Frech NOOP(1) Foat Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Cox> ADDREF: RHSA-2001:106 Frech> XF:sendmail-signal-handling(6633) ====================================================== Candidate: CAN-2001-1359 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1359 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: CF Reference: CALDERA:CSSA-2001-021.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-021.0.txt Reference: BID:2850 Reference: URL:http://www.securityfocus.com/bid/2850 Reference: XF:volution-authentication-failure-access(6672) Reference: URL:http://xforce.iss.net/static/6672.php Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server. INFERRED ACTION: CAN-2001-1359 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Cole, Alderson, Green, Frech NOOP(2) Foat, Cox ====================================================== Candidate: CAN-2001-1369 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1369 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: FREEBSD:FreeBSD-SA-02:14 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:14.pam-pgsql.asc Reference: BID:3319 Reference: URL:http://online.securityfocus.com/bid/3319 Reference: XF:postgresql-pam-authentication-module(7110) Reference: URL:http://www.iss.net/security_center/static/7110.php Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields. INFERRED ACTION: CAN-2001-1369 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Alderson, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1370 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1370 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20010722 [SEC] Hole in PHPLib 7.2 prepend.php3 Reference: URL:http://www.securityfocus.com/archive/1/198768 Reference: BUGTRAQ:20010726 TSLSA-2001-0014 - PHPLib Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99616122712122&w=2 Reference: BUGTRAQ:20010721 IMP 2.2.6 (SECURITY) released Reference: URL:http://online.securityfocus.com/archive/1/198495 Reference: CONECTIVA:CLA-2001:410 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410 Reference: CALDERA:CSSA-2001-027.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-027.0.txt Reference: DEBIAN:DSA-073 Reference: URL:http://www.debian.org/security/2001/dsa-073 Reference: BID:3079 Reference: URL:http://www.securityfocus.com/bid/3079 Reference: XF:phplib-script-execution(6892) Reference: URL:http://www.iss.net/security_center/static/6892.php prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib. INFERRED ACTION: CAN-2001-1370 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Alderson, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1371 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1371 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020206 Hackproofing Oracle Application Server paper Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301813117562&w=2 Reference: MISC:http://www.nextgenss.com/papers/hpoas.pdf Reference: CERT-VN:VU#736923 Reference: URL:http://www.kb.cert.org/vuls/id/736923 Reference: CERT:CA-2002-08 Reference: URL:http://www.cert.org/advisories/CA-2002-08.html Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf Reference: BID:4289 Reference: URL:http://www.securityfocus.com/bid/4289 Reference: XF:oracle-appserver-soap-components(8449) Reference: URL:http://www.iss.net/security_center/static/8449.php The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. Modifications: ADDREF XF:oracle-appserver-soap-components(8449) INFERRED ACTION: CAN-2001-1371 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Foat, Cole, Alderson, Green MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:oracle-appserver-soap-components(8449) ====================================================== Candidate: CAN-2001-1372 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1372 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20021116-01 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20010917 Yet another path disclosure vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100074087824021&w=2 Reference: BUGTRAQ:20010921 Response to "Path disclosure vulnerability in Oracle 9i and 8i Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100119633925473&w=2 Reference: MISC:http://www.nii.co.in/research.html Reference: CERT:CA-2002-08 Reference: URL:http://www.cert.org/advisories/CA-2002-08.html Reference: CERT-VN:VU#278971 Reference: URL:http://www.kb.cert.org/vuls/id/278971 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf Reference: BID:3341 Reference: URL:http://www.securityfocus.com/bid/3341 Reference: XF:oracle-jsp-reveal-path(7135) Reference: URL:http://xforce.iss.net/static/7135.php Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. INFERRED ACTION: CAN-2001-1372 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Cole, Alderson, Green, Frech NOOP(3) Foat, Christey, Cox Voter Comments: Christey> ADDREF MISC:http://www.nii.co.in/research.html ====================================================== Candidate: CAN-2001-1373 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1373 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20010718 ZoneAlarm Pro Reference: URL:http://www.securityfocus.com/archive/1/197681 Reference: CONFIRM:http://www.zonelabs.com/products/zap/rel_history.html#2.6.362 Reference: XF:zonealarm-bypass-mailsafe(6877) Reference: URL:http://xforce.iss.net/static/6877.php Reference: BID:3055 Reference: URL:http://www.securityfocus.com/bid/3055 MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments. INFERRED ACTION: CAN-2001-1373 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Cole, Alderson, Green, Frech NOOP(2) Foat, Cox ====================================================== Candidate: CAN-2001-1374 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1374 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-02 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=22187 Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224 Reference: CONECTIVA:CLA-2001:409 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409 Reference: XF:expect-insecure-library-search(6870) Reference: URL:http://xforce.iss.net/static/6870.php Reference: BID:3074 Reference: URL:http://www.securityfocus.com/bid/3074 Reference: REDHAT:RHSA-2002:148 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-148.html Reference: MANDRAKE:MDKSA-2002:060 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:060 expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd. Modifications: ADDREF REDHAT:RHSA-2002:148 ADDREF MANDRAKE:MDKSA-2002:060 INFERRED ACTION: CAN-2001-1374 FINAL (Final Decision 20030402) Current Votes: ACCEPT(6) Wall, Cole, Alderson, Green, Frech, Cox NOOP(2) Foat, Christey Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Christey> REDHAT:RHSA-2002:148 Christey> MANDRAKE:MDKSA-2002:060 ====================================================== Candidate: CAN-2001-1375 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1375 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-02 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28226 Reference: CONECTIVA:CLA-2001:409 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409 Reference: XF:tcltk-insecure-library-search(6869) Reference: URL:http://www.iss.net/security_center/static/6869.php Reference: BID:3073 Reference: URL:http://www.securityfocus.com/bid/3073 Reference: REDHAT:RHSA-2002:148 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-148.html Reference: MANDRAKE:MDKSA-2002:060 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:060 tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory. Modifications: ADDREF REDHAT:RHSA-2002:148 ADDREF MANDRAKE:MDKSA-2002:060 INFERRED ACTION: CAN-2001-1375 FINAL (Final Decision 20030402) Current Votes: ACCEPT(6) Foat, Cole, Alderson, Green, Frech, Cox NOOP(2) Wall, Christey Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Christey> REDHAT:RHSA-2002:148 Christey> MANDRAKE:MDKSA-2002:060 ====================================================== Candidate: CAN-2001-1378 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1378 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020715 Category: SF Reference: MISC:http://lists.ccil.org/pipermail/fetchmail-announce/2001-March/000015.html Reference: REDHAT:RHSA-2001:103 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-103.html fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files. INFERRED ACTION: CAN-2001-1378 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1380 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20011018 Immunix OS update for OpenSSH Reference: BUGTRAQ:20011017 TSLSA-2001-0023 - OpenSSH Reference: BUGTRAQ:20010926 OpenSSH Security Advisory (adv.option) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100154541809940&w=2 Reference: BUGTRAQ:20011019 TSLSA-2001-0026 - OpenSSH Reference: REDHAT:RHSA-2001:114 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-114.html Reference: MANDRAKE:MDKSA-2001:081 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-081.php OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses. INFERRED ACTION: CAN-2001-1380 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1382 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1382 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: CONFIRM:http://www.openwall.com/Owl/CHANGES-stable.shtml The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used. INFERRED ACTION: CAN-2001-1382 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1383 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1383 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: REDHAT:RHSA-2001:110 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-110.html Reference: XF:linux-setserial-initscript-symlink(7177) Reference: URL:http://www.iss.net/security_center/static/7177.php Reference: BID:3367 Reference: URL:http://online.securityfocus.com/bid/3367 initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files. INFERRED ACTION: CAN-2001-1383 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Cole, Armstrong, Baker, Cox NOOP(1) Foat ====================================================== Candidate: CAN-2001-1385 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1385 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97957961212852 Reference: REDHAT:RHSA-2000:136 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-136.html Reference: MANDRAKE:MDKSA-2001:013 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3 Reference: CONECTIVA:CLA-2001:373 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373 Reference: DEBIAN:DSA-020 Reference: URL:http://www.debian.org/security/2001/dsa-020 Reference: BID:2205 Reference: URL:http://online.securityfocus.com/bid/2205 Reference: XF:php-view-source-code(5939) Reference: URL:http://www.iss.net/security_center/static/5939.php The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. INFERRED ACTION: CAN-2001-1385 FINAL (Final Decision 20030402) Current Votes: ACCEPT(7) Wall, Cole, Armstrong, Green, Baker, Frech, Cox NOOP(1) Foat ====================================================== Candidate: CAN-2001-1406 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1406 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=66235 Reference: REDHAT:RHSA-2001:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html Reference: XF:bugzilla-processbug-old-restrictions(10478) Reference: URL:http://www.iss.net/security_center/static/10478.php process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent. Modifications: ADDREF XF:bugzilla-processbug-old-restrictions(10478) INFERRED ACTION: CAN-2001-1406 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Baker, Cox MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:bugzilla-processbug-old-restrictions(10478) ====================================================== Candidate: CAN-2001-1407 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1407 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=96085 Reference: REDHAT:RHSA-2001:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html Reference: XF:bugzilla-duplicate-view-restricted(10479) Reference: URL:http://www.iss.net/security_center/static/10479.php Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug. Modifications: ADDREF XF:bugzilla-duplicate-view-restricted(10479) INFERRED ACTION: CAN-2001-1407 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Baker, Cox MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:bugzilla-duplicate-view-restricted(10479) ====================================================== Candidate: CAN-2002-0006 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0006 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020108 Category: SF Reference: BUGTRAQ:20020109 xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101060676210255&w=2 Reference: DEBIAN:DSA-099 Reference: URL:http://www.debian.org/security/2002/dsa-099 Reference: REDHAT:RHSA-2002:005 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-005.html Reference: HP:HPSBTL0201-016 Reference: URL:http://online.securityfocus.com/advisories/3806 Reference: CONECTIVA:CLA-2002:453 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000453 Reference: XF:xchat-ctcp-ping-command(7856) Reference: URL:http://xforce.iss.net/static/7856.php Reference: BID:3830 Reference: URL:http://www.securityfocus.com/bid/3830 XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set. INFERRED ACTION: CAN-2002-0006 FINAL (Final Decision 20030402) Current Votes: ACCEPT(6) Baker, Frech, Cox, Wall, Cole, Alderson NOOP(2) Foat, Christey Voter Comments: Christey> Consider adding BID:3830 ====================================================== Candidate: CAN-2002-0009 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0009 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020131 Assigned: 20020109 Category: SF Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=102141 Reference: XF:bugzilla-showbug-reveal-bugs(7802) Reference: URL:http://www.iss.net/security_center/static/7802.php Reference: BID:3798 Reference: URL:http://www.securityfocus.com/bid/3798 show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. Modifications: ADDREF XF:bugzilla-showbug-reveal-bugs(7802) ADDREF BID:3798 INFERRED ACTION: CAN-2002-0009 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:bugzilla-showbug-reveal-bugs(7802) ====================================================== Candidate: CAN-2002-0011 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0011 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020131 Assigned: 20020109 Category: SF Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=98146 Reference: XF:bugzilla-doeditvotes-login-information(7803) Reference: URL:http://www.iss.net/security_center/static/7803.php Reference: BID:3800 Reference: URL:http://www.securityfocus.com/bid/3800 Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login. Modifications: ADDREF XF:bugzilla-doeditvotes-login-information(7803) ADDREF BID:3800 INFERRED ACTION: CAN-2002-0011 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:bugzilla-doeditvotes-login-information(7803) ====================================================== Candidate: CAN-2002-0014 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0014 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020110 Category: SF Reference: BUGTRAQ:20020105 Pine 4.33 (at least) URL handler allows embedded commands. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101027841605918&w=2 Reference: REDHAT:RHSA-2002:009 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-009.html Reference: ENGARDE:ESA-20020114-002 Reference: CONECTIVA:CLA-2002:460 Reference: FREEBSD:FreeBSD-SA-02:05 Reference: HP:HPSBTL0201-015 Reference: BID:3815 Reference: URL:http://online.securityfocus.com/bid/3815 URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&). INFERRED ACTION: CAN-2002-0014 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong NOOP(2) Foat, Christey Voter Comments: Christey> Consider adding BID:3815 ====================================================== Candidate: CAN-2002-0017 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0017 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020502 Assigned: 20020111 Category: SF Reference: ISS:20020403 Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon Reference: URL:http://www.iss.net/security_center/alerts/advise113.php Reference: SGI:20020201-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-P Reference: BID:4421 Reference: URL:http://www.securityfocus.com/bid/4421 Reference: XF:irix-snmp-bo(7846) Reference: URL:http://www.iss.net/security_center/static/7846.php Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request. Modifications: ADDREF BID:4421 ADDREF XF:irix-snmp-bo(7846) INFERRED ACTION: CAN-2002-0017 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Levy, Cole, Armstrong, Green MODIFY(1) Frech NOOP(4) Cox, Wall, Foat, Christey Voter Comments: Christey> Consider adding BID:4421 Levy> BID 4421 Frech> XF:irix-snmp-bo(7846) ====================================================== Candidate: CAN-2002-0024 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0024 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020315 Assigned: 20020114 Category: SF Reference: MS:MS02-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp Reference: BID:4087 Reference: URL:http://www.securityfocus.com/bid/4087 File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. Modifications: ADDREF BID:4087 INFERRED ACTION: CAN-2002-0024 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Ziese, Wall, Foat, Cole, Green NOOP(1) Christey Voter Comments: Christey> Consider adding BID:4087 ====================================================== Candidate: CAN-2002-0032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0032 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020611 Assigned: 20020116 Category: SF Reference: BUGTRAQ:20020527 Yahoo Messenger - Multiple Vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/274223 Reference: CERT:CA-2002-16 Reference: URL:http://www.cert.org/advisories/CA-2002-16.html Reference: CERT-VN:VU#172315 Reference: URL:http://www.kb.cert.org/vuls/id/172315 Reference: BID:4838 Reference: URL:http://www.securityfocus.com/bid/4838 Reference: XF:yahoo-messenger-script-injection(9184) Reference: URL:http://www.iss.net/security_center/static/9184.php Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI. Modifications: ADDREF XF:yahoo-messenger-script-injection(9184) INFERRED ACTION: CAN-2002-0032 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong MODIFY(1) Frech NOOP(3) Cox, Foat, Christey Voter Comments: Christey> XF:yahoo-messenger-script-injection(9184) URL:http://www.iss.net/security_center/static/9184.php Frech> XF:yahoo-messenger-script-injection(9184) ====================================================== Candidate: CAN-2002-0033 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0033 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020611 Assigned: 20020116 Category: SF Reference: BUGTRAQ:20020505 [LSD] Solaris cachefsd remote buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0026.html Reference: CERT:CA-2002-11 Reference: URL:http://www.cert.org/advisories/CA-2002-11.html Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309 Reference: CERT-VN:VU#635811 Reference: URL:http://www.kb.cert.org/vuls/id/635811 Reference: BID:4674 Reference: URL:http://www.securityfocus.com/bid/4674 Reference: XF:solaris-cachefsd-name-bo(8999) Reference: URL:http://www.iss.net/security_center/static/8999.php Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name. Modifications: ADDREF XF:solaris-cachefsd-name-bo(8999) DESC change "heap overflow" to "heap-based buffer overflow" INFERRED ACTION: CAN-2002-0033 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(2) Cox, Christey Voter Comments: Christey> Note: this is a different vulnerability than CAN-2002-0084. However, if there are different patches for the 2 issues, then they may need to be merged per CD:SF-LOC. Frech> XF:solaris-cachefsd-name-bo(8999) ====================================================== Candidate: CAN-2002-0042 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0042 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020116 Category: SF Reference: SGI:20020402-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020402-01-P Reference: XF:irix-xfs-dos(8839) Reference: URL:http://www.iss.net/security_center/static/8839.php Reference: BID:4511 Reference: URL:http://www.securityfocus.com/bid/4511 Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS. INFERRED ACTION: CAN-2002-0042 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0054 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020315 Assigned: 20020202 Category: SF Reference: MS:MS02-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-011.asp Reference: BID:4205 Reference: URL:http://www.securityfocus.com/bid/4205 Reference: BUGTRAQ:20020301 IIS SMTP component allows mail relaying via Null Session Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101501580409373&w=2 SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. Modifications: ADDREF BID:4205 ADDREF BUGTRAQ:20020301 IIS SMTP component allows mail relaying via Null Session DESC add "SMTP AUTH" and null session info to desc INFERRED ACTION: CAN-2002-0054 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Ziese, Wall, Foat, Cole, Green NOOP(1) Christey Voter Comments: Christey> Consider adding BID:4205 Christey> BUGTRAQ:20020301 IIS SMTP component allows mail relaying via Null Session URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101501580409373&w=2 Add details to desc, specifically that the issue is related to null sessions and SMTP AUTH. ====================================================== Candidate: CAN-2002-0061 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0061 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020611 Assigned: 20020213 Category: SF Reference: BUGTRAQ:20020321 Vulnerability in Apache for Win32 batch file processing - Remote command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101674082427358&w=2 Reference: BUGTRAQ:20020325 Apache 1.3.24 Released! (fwd) Reference: URL:http://online.securityfocus.com/archive/1/263927 Reference: XF:apache-dos-batch-command-execution(8589) Reference: URL:http://www.iss.net/security_center/static/8589.php Reference: BID:4335 Reference: URL:http://www.securityfocus.com/bid/4335 Reference: CONFIRM:http://www.apacheweek.com/issues/02-03-29#apache1324 Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. Modifications: ADDREF CONFIRM:http://www.apacheweek.com/issues/02-03-29#apache1324 INFERRED ACTION: CAN-2002-0061 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Green MODIFY(1) Cox NOOP(1) Christey Voter Comments: Christey> Consider adding BID:4335 Christey> XF:apache-dos-batch-command-execution(8589) URL:http://www.iss.net/security_center/static/8589.php Cox> ADDREF: http://www.apacheweek.com/issues/02-03-29#apache1324 ====================================================== Candidate: CAN-2002-0062 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0062 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-02 Proposed: 20020315 Assigned: 20020213 Category: SF Reference: REDHAT:RHSA-2002:020 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-020.html Reference: DEBIAN:DSA-113 Reference: URL:http://www.debian.org/security/2002/dsa-113 Reference: BID:2116 Reference: URL:http://online.securityfocus.com/bid/2116 Reference: XF:gnu-ncurses-window-bo(8222) Reference: URL:http://www.iss.net/security_center/static/8222.php Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." Modifications: ADDREF BID:2116 DESC clarify ncurses4 package ADDREF XF:gnu-ncurses-window-bo(8222) INFERRED ACTION: CAN-2002-0062 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Ziese, Wall, Cole, Green NOOP(3) Jones, Foat, Christey Voter Comments: Christey> BID:2116 URL:http://online.securityfocus.com/bid/2116 Also need to add other vendor advisories. Christey> Consider adding BID:2116 Christey> Specifically state that the ncurses4 compatibility package is Red Hat's. Also say that the problem is in the "routines for moving the physical cursor and scrolling" as stated by Daniel Jacobowitz. ====================================================== Candidate: CAN-2002-0067 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0067 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020315 Assigned: 20020219 Category: SF Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/ Reference: REDHAT:RHSA-2002:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Reference: MANDRAKE:MDKSA-2002:016 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php Reference: CALDERA:CSSA-2002-SCO.7 Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html Reference: CONECTIVA:CLA-2002:464 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 Reference: FREEBSD:FreeBSD-SA-02:12 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc Reference: XF:squid-htcp-enabled(8261) Reference: URL:http://www.iss.net/security_center/static/8261.php Reference: BID:4150 Reference: URL:http://www.securityfocus.com/bid/4150 Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions. Modifications: ADDREF BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 ADDREF BUGTRAQ:20020222 TSLSA-2002-0031 - squid ADDREF MANDRAKE:MDKSA-2002:016 CHANGEREF REDHAT [normalize] ADDREF CALDERA:CSSA-2002-SCO.7 ADDREF CONECTIVA:CLA-2002:464 ADDREF FREEBSD:FreeBSD-SA-02:12 ADDREF XF:squid-htcp-enabled(8261) ADDREF BID:4150 DESC change version from STABLE2 to STABLE3 INFERRED ACTION: CAN-2002-0067 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Ziese, Wall, Cole, Green MODIFY(2) Cox, Jones NOOP(2) Foat, Christey Voter Comments: Christey> BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Christey> BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Christey> MANDRAKE:MDKSA-2002:016 Christey> Fix ref: REDHAT:REDHAT:RHSA-2002:029 Jones> Change description to "Squid 2.4 STABLE3 and earlier" (vice STABLE2). Change description from "...which could allow remote attackers to bypass intended access restrictions" to "...which could allow remote attackers to access and/or modify cached data". Christey> CALDERA:CSSA-2002-SCO.7 URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html CONECTIVA:CLA-2002:464 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0257.html MANDRAKE:MDKSA-2002:016 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php3 FREEBSD:FreeBSD-SA-02:12 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc XF:squid-htcp-enabled(8261) URL:http://www.iss.net/security_center/static/8261.php BID:4150 URL:http://www.securityfocus.com/bid/4150 Cox> This references REDHAT:REDHAT:RHSA-2002:029 instead of REDHAT:RHSA-2002:029 ====================================================== Candidate: CAN-2002-0068 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0068 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-02 Proposed: 20020315 Assigned: 20020219 Category: SF Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/ Reference: BUGTRAQ:20020222 Squid buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440163111826&w=2 Reference: REDHAT:RHSA-2002:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Reference: MANDRAKE:MDKSA-2002:016 Reference: CALDERA:CSSA-2002-010.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt Reference: CALDERA:CSSA-2002-SCO.7 Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html Reference: CONECTIVA:CLA-2002:464 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 Reference: SUSE:SuSE-SA:2002:008 Reference: URL:http://www.suse.com/de/support/security/2002_008_squid_txt.html Reference: FREEBSD:FreeBSD-SA-02:12 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc Reference: BID:4148 Reference: URL:http://www.securityfocus.com/bid/4148 Reference: XF:squid-ftpbuildtitleurl-bo(8258) Reference: URL:http://www.iss.net/security_center/static/8258.php Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters. Modifications: ADDREF BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 ADDREF BUGTRAQ:20020222 TSLSA-2002-0031 - squid ADDREF MANDRAKE:MDKSA-2002:016 CHANGEREF REDHAT [normalize] ADDREF CALDERA:CSSA-2002-010.0 ADDREF CALDERA:CSSA-2002-SCO.7 ADDREF CONECTIVA:CLA-2002:464 ADDREF SUSE:SuSE-SA:2002:008 ADDREF BUGTRAQ:20020222 Squid buffer overflow ADDREF FREEBSD:FreeBSD-SA-02:12 ADDREF BID:4148 ADDREF XF:squid-ftpbuildtitleurl-bo(8258) DESC add that the problem occurs during escape processing INFERRED ACTION: CAN-2002-0068 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Ziese, Wall, Cole, Green MODIFY(2) Cox, Jones NOOP(2) Foat, Christey Voter Comments: Christey> BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Christey> BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Christey> MANDRAKE:MDKSA-2002:016 Christey> Fix ref: REDHAT:REDHAT:RHSA-2002:029 Jones> Drop "malformed" from description; legitimate FTP URL with reasonable userid and password may cause crash. Add enough detail to distinguish this vulnerability (i.e., the flaw is in authenticated FTP URL handling). Reference: BUGTRAQ:20020222 - Squid buffer overflow. Suggest: "Squid 2.4 STABLE3 and earlier contains a flaw in handling authenticated FTP URLs (FTP URLs with userID and passwords) which allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code via ftp:// URLs." Christey> fix typo: "possible" should be "possibly" CALDERA:CSSA-2002-010.0 URL:http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt CALDERA:CSSA-2002-SCO.7 URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html CONECTIVA:CLA-2002:464 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 SUSE:SuSE-SA:2002:008 URL:http://www.suse.com/de/support/security/2002_008_squid_txt.html BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0257.html MANDRAKE:MDKSA-2002:016 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php3 BUGTRAQ:20020222 Squid buffer overflow URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440163111826&w=2 FREEBSD:FreeBSD-SA-02:12 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc BID:4148 URL:http://www.securityfocus.com/bid/4148 XF:squid-ftpbuildtitleurl-bo(8258) URL:http://www.iss.net/security_center/static/8258.php Cox> This references REDHAT:REDHAT:RHSA-2002:029 instead of REDHAT:RHSA-2002:029 Christey> See Bugtraq post for more information... the problem isn't a malformed URL, it's that the string exceeds the buffer size when it is URL-escaped. ====================================================== Candidate: CAN-2002-0069 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0069 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020315 Assigned: 20020219 Category: SF Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/ Reference: REDHAT:RHSA-2002:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Reference: MANDRAKE:MDKSA-2002:016 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php Reference: CALDERA:CSSA-2002-SCO.7 Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html Reference: CONECTIVA:CLA-2002:464 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 Reference: FREEBSD:FreeBSD-SA-02:12 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc Reference: XF:squid-snmp-dos(8260) Reference: URL:http://www.iss.net/security_center/static/8260.php Reference: BID:4146 Reference: URL:http://www.securityfocus.com/bid/4146 Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service. Modifications: DESC change STABLE2 to STABLE3 ADDREF BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 ADDREF BUGTRAQ:20020222 TSLSA-2002-0031 - squid ADDREF MANDRAKE:MDKSA-2002:016 CHANGEREF REDHAT [normalize] ADDREF CALDERA:CSSA-2002-SCO.7 ADDREF CONECTIVA:CLA-2002:464 ADDREF FREEBSD:FreeBSD-SA-02:12 ADDREF XF:squid-snmp-dos(8260) ADDREF BID:4146 INFERRED ACTION: CAN-2002-0069 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Ziese, Wall, Cole, Green MODIFY(2) Cox, Jones NOOP(2) Foat, Christey Voter Comments: Christey> BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Need to add version number to description (2.4) Christey> BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Christey> MANDRAKE:MDKSA-2002:016 Christey> Fix ref: REDHAT:REDHAT:RHSA-2002:029 Jones> Add version info to description (like 2002-0068): Squid 2.4 STABLE3 and earlier. Christey> CALDERA:CSSA-2002-SCO.7 URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html CONECTIVA:CLA-2002:464 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0257.html MANDRAKE:MDKSA-2002:016 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php3 FREEBSD:FreeBSD-SA-02:12 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc XF:squid-snmp-dos(8260) URL:http://www.iss.net/security_center/static/8260.php BID:4146 URL:http://www.securityfocus.com/bid/4146 Cox> This references REDHAT:REDHAT:RHSA-2002:029 instead of REDHAT:RHSA-2002:029 ====================================================== Candidate: CAN-2002-0071 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0071 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-03 Proposed: 20020502 Assigned: 20020221 Category: SF Reference: ATSTAKE:A041002-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a041002-1.txt Reference: BUGTRAQ:20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101854087828265&w=2 Reference: VULNWATCH:20020411 [VulnWatch] KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Reference: CERT-VN:VU#363715 Reference: URL:http://www.kb.cert.org/vuls/id/363715 Reference: XF:iis-htr-isapi-bo(8799) Reference: URL:http://www.iss.net/security_center/static/8799.php Reference: BID:4474 Reference: URL:http://www.securityfocus.com/bid/4474 Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. Modifications: ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 ADDREF XF:iis-htr-isapi-bo(8799) ADDREF BID:4474 ADDREF CERT-VN:VU#363715 INFERRED ACTION: CAN-2002-0071 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Foat, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Cox, Christey Voter Comments: Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Frech> XF:iis-htr-isapi-bo(8799) ====================================================== Candidate: CAN-2002-0072 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0072 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020502 Assigned: 20020221 Category: SF Reference: BUGTRAQ:20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101853851025208&w=2 Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Reference: CERT-VN:VU#521059 Reference: URL:http://www.kb.cert.org/vuls/id/521059 Reference: XF:iis-isapi-filter-error-dos(8800) Reference: URL:http://www.iss.net/security_center/static/8800.php Reference: BID:4479 Reference: URL:http://www.securityfocus.com/bid/4479 The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer. Modifications: ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 ADDREF CERT-VN:VU#521059 ADDREF XF:iis-isapi-filter-error-dos(8800) ADDREF BID:4479 INFERRED ACTION: CAN-2002-0072 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Foat, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Cox, Christey Voter Comments: Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Christey> CERT-VN:VU#521059 URL:http://www.kb.cert.org/vuls/id/521059 XF:iis-isapi-filter-error-dos(8800) URL:http://www.iss.net/security_center/static/8800.php BID:4479 URL:http://www.securityfocus.com/bid/4479 Frech> XF:iis-isapi-filter-error-dos(8800) ====================================================== Candidate: CAN-2002-0073 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0073 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-02 Proposed: 20020502 Assigned: 20020221 Category: SF Reference: VULNWATCH:20020416 [VulnWatch] Microsoft FTP Service STAT Globbing DoS Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html Reference: BUGTRAQ:20020417 Microsoft FTP Service STAT Globbing DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101901273810598&w=2 Reference: MISC:http://www.digitaloffense.net/msftpd/advisory.txt Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Reference: XF:iis-ftp-session-status-dos(8801) Reference: URL:http://www.iss.net/security_center/static/8801.php The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. Modifications: ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 ADDREF VULNWATCH:20020416 [VulnWatch] Microsoft FTP Service STAT Globbing DoS ADDREF XF:iis-ftp-session-status-dos(8801) DESC add details as given in Vulnwatch post ADDREF BUGTRAQ:20020417 Microsoft FTP Service STAT Globbing DoS ADDREF MISC:http://www.digitaloffense.net/msftpd/advisory.txt INFERRED ACTION: CAN-2002-0073 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Foat, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Cox, Christey Voter Comments: Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Christey> Looks like this might be related to: VULNWATCH:20020416 [VulnWatch] Microsoft FTP Service STAT Globbing DoS URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html Christey> Yep, confirmed by MS. Frech> XF:iis-ftp-session-status-dos(8801) ====================================================== Candidate: CAN-2002-0074 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0074 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-02 Proposed: 20020502 Assigned: 20020221 Category: SF Reference: BUGTRAQ:20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues Reference: URL:http://online.securityfocus.com/archive/1/266888 Reference: MISC:http://www.cgisecurity.com/advisory/9.txt Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Reference: CERT-VN:VU#883091 Reference: URL:http://www.kb.cert.org/vuls/id/883091 Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Reference: XF:iis-help-file-css(8802) Reference: URL:http://www.iss.net/security_center/static/8802.php Reference: BID:4483 Reference: URL:http://www.securityfocus.com/bid/4483 Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. Modifications: ADDREF MISC:http://www.cgisecurity.com/advisory/9.txt ADDREF BUGTRAQ:20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues ADDREF CERT-VN:VU#883091 ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 ADDREF XF:iis-help-file-css(8802) ADDREF BID:4483 INFERRED ACTION: CAN-2002-0074 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Foat, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Cox, Christey Voter Comments: Christey> MISC:http://www.cgisecurity.com/advisory/9.txt BUGTRAQ:20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues URL:http://online.securityfocus.com/archive/1/266888 CERT-VN:VU#883091 URL:http://www.kb.cert.org/vuls/id/883091 Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Frech> XF:iis-help-file-css(8802) ====================================================== Candidate: CAN-2002-0075 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0075 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-02 Proposed: 20020502 Assigned: 20020221 Category: SF Reference: BUGTRAQ:20020411 [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101854677802990&w=2 Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Reference: CERT-VN:VU#520707 Reference: URL:http://www.kb.cert.org/vuls/id/520707 Reference: XF:iis-redirected-url-error-css(8804) Reference: URL:http://www.iss.net/security_center/static/8804.php Reference: BID:4487 Reference: URL:http://www.securityfocus.com/bid/4487 Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. Modifications: ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 ADDREF XF:iis-redirected-url-error-css(8804) ADDREF CERT-VN:VU#520707 ADDREF BID:4487 INFERRED ACTION: CAN-2002-0075 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Foat, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Cox, Christey Voter Comments: Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Frech> XF:iis-redirected-url-error-css(8804) ====================================================== Candidate: CAN-2002-0076 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0076 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-02 Proposed: 20020502 Assigned: 20020221 Category: SF Reference: MS:MS02-013 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-013.asp Reference: SUN:00218 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218 Reference: COMPAQ:SSRT0822 Reference: BID:4313 Reference: XF:java-vm-verifier-variant(8480) Reference: URL:http://www.iss.net/security_center/static/8480.php Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability. Modifications: ADDREF BID:4313 ADDREF COMPAQ:SSRT0822 ADDREF XF:java-vm-verifier-variant(8480) INFERRED ACTION: CAN-2002-0076 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Wall, Cole, Armstrong, Green MODIFY(1) Frech NOOP(3) Cox, Foat, Christey Voter Comments: Christey> Consider adding BID:4313 Christey> ADDREF COMPAQ:SSRT0822 Christey> COMPAQ:SSRT0822 Frech> XF:java-vm-verifier-variant(8480) ====================================================== Candidate: CAN-2002-0079 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0079 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-02 Proposed: 20020502 Assigned: 20020221 Category: SF Reference: BUGTRAQ:20020410 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101846993304518&w=2 Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Reference: CERT-VN:VU#610291 Reference: URL:http://www.kb.cert.org/vuls/id/610291 Reference: XF:iis-asp-chunked-encoding-bo(8795) Reference: URL:http://www.iss.net/security_center/static/8795.php Reference: BID:4485 Reference: URL:http://www.securityfocus.com/bid/4485 Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. Modifications: ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 ADDREF CERT-VN:VU#610291 ADDREF BID:4485 ADDREF XF:iis-asp-chunked-encoding-bo(8795) INFERRED ACTION: CAN-2002-0079 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Foat, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Cox, Christey Voter Comments: Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Christey> XF:iis-asp-chunked-encoding-bo(8795) URL:http://www.iss.net/security_center/static/8795.php BID:4485 URL:http://www.securityfocus.com/bid/4485 CERT-VN:VU#610291 URL:http://www.kb.cert.org/vuls/id/610291 Frech> XF:iis-asp-chunked-encoding-bo(8795) ====================================================== Candidate: CAN-2002-0094 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0094 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020102 BSCW: Vulnerabilities and Problems Reference: URL:http://www.securityfocus.com/archive/1/248000 Reference: MISC:http://bscw.gmd.de/WhatsNew.html Reference: BID:3776 Reference: URL:http://www.securityfocus.com/bid/3776 Reference: XF:bscw-remote-shell-execution(7774) Reference: URL:http://www.iss.net/security_center/static/7774.php config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion. INFERRED ACTION: CAN-2002-0094 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Frech, Cole, Green NOOP(3) Ziese, Wall, Foat ====================================================== Candidate: CAN-2002-0095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0095 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020102 BSCW: Vulnerabilities and Problems Reference: URL:http://www.securityfocus.com/archive/1/248000 Reference: BID:3777 Reference: URL:http://www.securityfocus.com/bid/3777 Reference: XF:bscw-default-installation-registration(7775) Reference: URL:http://www.iss.net/security_center/static/7775.php The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed. INFERRED ACTION: CAN-2002-0095 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Frech, Cole, Green NOOP(3) Ziese, Wall, Foat ====================================================== Candidate: CAN-2002-0120 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0120 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020112 Palm Desktop 4.0b76-77 for Mac OS X Reference: URL:http://online.securityfocus.com/archive/1/250093 Reference: BID:3863 Reference: URL:http://online.securityfocus.com/bid/3863 Reference: XF:palm-macos-backup-permissions(7937) Reference: URL:http://www.iss.net/security_center/static/7937.php Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information. INFERRED ACTION: CAN-2002-0120 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Frech, Foat, Green NOOP(2) Wall, Cole ====================================================== Candidate: CAN-2002-0123 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0123 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020114 Web Server 4D/eCommerce 3.5.3 DoS Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/250242 Reference: BID:3874 Reference: URL:http://online.securityfocus.com/bid/3874 Reference: XF:ws4d-long-url-dos(7879) Reference: URL:http://www.iss.net/security_center/static/7879.php MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. INFERRED ACTION: CAN-2002-0123 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Frech, Cole, Green NOOP(4) Ziese, Balinsky, Wall, Foat Voter Comments: Green> website is very vague regarding vulnerabilities, but the upgrade message is clear enough. ====================================================== Candidate: CAN-2002-0146 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0146 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020611 Assigned: 20020318 Category: SF Reference: REDHAT:RHSA-2002:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-047.html Reference: CALDERA:CSSA-2002-027.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-027.0.txt Reference: HP:HPSBTL0205-042 Reference: URL:http://online.securityfocus.com/advisories/4145 Reference: MANDRAKE:MDKSA-2002:036 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-036.php Reference: BID:4788 Reference: URL:http://www.securityfocus.com/bid/4788 Reference: XF:fetchmail-imap-msgnum-bo(9133) Reference: URL:http://www.iss.net/security_center/static/9133.php fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array. Modifications: ADDREF CALDERA:CSSA-2002-027.0 ADDREF HP:HPSBTL0205-042 ADDREF MANDRAKE:MDKSA-2002:036 ADDREF BID:4788 ADDREF XF:fetchmail-imap-msgnum-bo(9133) INFERRED ACTION: CAN-2002-0146 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong MODIFY(1) Frech NOOP(2) Christey, Foat Voter Comments: Christey> CALDERA:CSSA-2002-027.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-027.0.txt HP:HPSBTL0205-042 URL:http://online.securityfocus.com/advisories/4145 MANDRAKE:MDKSA-2002:036 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-036.php BID:4788 URL:http://www.securityfocus.com/bid/4788 XF:fetchmail-imap-msgnum-bo(9133) URL:http://www.iss.net/security_center/static/9133.php Frech> XF:fetchmail-imap-msgnum-bo(9133) ====================================================== Candidate: CAN-2002-0147 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0147 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-02 Proposed: 20020502 Assigned: 20020319 Category: SF Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Reference: CERT-VN:VU#669779 Reference: URL:http://www.kb.cert.org/vuls/id/669779 Reference: BID:4490 Reference: URL:http://www.securityfocus.com/bid/4490 Reference: XF:iis-asp-data-transfer-bo(8796) Reference: URL:http://www.iss.net/security_center/static/8796.php Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." Modifications: ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 ADDREF CERT-VN:VU#669779 ADDREF BID:4490 ADDREF XF:iis-asp-data-transfer-bo(8796) INFERRED ACTION: CAN-2002-0147 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Foat, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Christey, Cox Voter Comments: Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Christey> CERT-VN:VU#669779 URL:http://www.kb.cert.org/vuls/id/669779 BID:4490 URL:http://www.securityfocus.com/bid/4490 Frech> XF:iis-asp-data-transfer-bo(8796) ====================================================== Candidate: CAN-2002-0148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0148 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-02 Proposed: 20020502 Assigned: 20020319 Category: SF Reference: BUGTRAQ:20020410 IIS allows universal CrossSiteScripting Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Reference: XF:iis-http-error-page-css(8803) Reference: URL:http://www.iss.net/security_center/static/8803.php Reference: CERT-VN:VU#886699 Reference: URL:http://www.kb.cert.org/vuls/id/886699 Reference: BID:4486 Reference: URL:http://www.securityfocus.com/bid/4486 Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. Modifications: ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 ADDREF XF:iis-http-error-page-css(8803) ADDREF CERT-VN:VU#886699 ADDREF BID:4486 INFERRED ACTION: CAN-2002-0148 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Foat, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Christey, Cox Voter Comments: Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Frech> XF:iis-http-error-page-css(8803) ====================================================== Candidate: CAN-2002-0149 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0149 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-02 Proposed: 20020502 Assigned: 20020319 Category: SF Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Reference: CERT-VN:VU#721963 Reference: URL:http://www.kb.cert.org/vuls/id/721963 Reference: XF:iis-ssi-safety-check-bo(8798) Reference: URL:http://www.iss.net/security_center/static/8798.php Reference: BID:4478 Reference: URL:http://www.securityfocus.com/bid/4478 Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. Modifications: ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 ADDREF XF:iis-ssi-safety-check-bo(8798) ADDREF CERT-VN:VU#721963 ADDREF BID:4478 INFERRED ACTION: CAN-2002-0149 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Foat, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Christey, Cox Voter Comments: Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Frech> XF:iis-ssi-safety-check-bo(8798) ====================================================== Candidate: CAN-2002-0150 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0150 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-02 Proposed: 20020502 Assigned: 20020319 Category: SF Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Reference: CERT-VN:VU#454091 Reference: URL:http://www.kb.cert.org/vuls/id/454091 Reference: XF:iis-asp-http-header-bo(8797) Reference: URL:http://www.iss.net/security_center/static/8797.php Reference: BID:4476 Reference: URL:http://www.securityfocus.com/bid/4476 Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. Modifications: ADDREF CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 ADDREF XF:iis-asp-http-header-bo(8797) ADDREF CERT-VN:VU#454091 INFERRED ACTION: CAN-2002-0150 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Foat, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Christey, Cox Voter Comments: Christey> CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Frech> XF:iis-asp-http-header-bo(8797) ====================================================== Candidate: CAN-2002-0155 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0155 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020611 Assigned: 20020319 Category: SF Reference: BUGTRAQ:20020508 ADVISORY: MSN Messenger OCX Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102089960531919&w=2 Reference: VULNWATCH:20020508 [VulnWatch] ADVISORY: MSN Messenger OCX Buffer Overflow Reference: MS:MS02-022 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-022.asp Reference: CERT:CA-2002-13 Reference: URL:http://www.cert.org/advisories/CA-2002-13.html Reference: XF:msn-chatcontrol-resdll-bo(9041) Reference: URL:http://www.iss.net/security_center/static/9041.php Reference: BID:4707 Reference: URL:http://www.securityfocus.com/bid/4707 Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX. Modifications: ADDREF XF:msn-chatcontrol-resdll-bo(9041) ADDREF BID:4707 INFERRED ACTION: CAN-2002-0155 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(2) Christey, Cox Voter Comments: Christey> XF:msn-chatcontrol-resdll-bo(9041) URL:http://www.iss.net/security_center/static/9041.php BID:4707 URL:http://www.securityfocus.com/bid/4707 Frech> XF:msn-chatcontrol-resdll-bo(9041) ====================================================== Candidate: CAN-2002-0157 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0157 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020325 Category: SF Reference: BUGTRAQ:20020502 R7-0003: Nautilus Symlink Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/270691/2002-04-29/2002-05-05/0 Reference: REDHAT:RHSA-2002:064 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-064.html Reference: XF:nautilus-metafile-xml-symlink(8995) Reference: URL:http://www.iss.net/security_center/static/8995.php Reference: BID:4373 Reference: URL:http://www.securityfocus.com/bid/4373 Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file. Modifications: ADDREF XF:nautilus-metafile-xml-symlink(8995) INFERRED ACTION: CAN-2002-0157 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:nautilus-metafile-xml-symlink(8995) ====================================================== Candidate: CAN-2002-0163 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0163 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-02 Proposed: 20020502 Assigned: 20020328 Category: SF Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_2.txt Reference: FREEBSD:FreeBSD-SA-02:19 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc Reference: MANDRAKE:MDKSA-2002:027 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php Reference: BUGTRAQ:20020326 updated squid advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101716495023226&w=2 Reference: CALDERA:CSSA-2002-017.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt Reference: CALDERA:CSSA-2002-SCO.26 Reference: REDHAT:RHSA-2002:051 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-051.html Reference: BID:4363 Reference: URL:http://www.securityfocus.com/bid/4363 Reference: XF:squid-dns-reply-dos(8628) Reference: URL:http://www.iss.net/security_center/static/8628.php Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses. Modifications: ADDREF BID:4363 ADDREF XF:squid-dns-reply-dos(8628) ADDREF BUGTRAQ:20020326 updated squid advisory ADDREF CALDERA:CSSA-2002-017.0 ADDREF FREEBSD:FreeBSD-SA-02:19 ADDREF CALDERA:CSSA-2002-SCO.26 ADDREF REDHAT:RHSA-2002:051 DESC change "heap overflow" to "heap-based buffer overflow" INFERRED ACTION: CAN-2002-0163 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cox, Cole, Armstrong, Green MODIFY(1) Frech NOOP(3) Christey, Wall, Foat Voter Comments: Christey> BID:4363 URL:http://www.securityfocus.com/bid/4363 XF:squid-dns-reply-dos(8628) URL:http://www.iss.net/security_center/static/8628.php BUGTRAQ:20020326 updated squid advisory URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101716495023226&w=2 CALDERA:CSSA-2002-017.0 MANDRAKE:MDKSA-2002:027 FREEBSD:FreeBSD-SA-02:19 Christey> CALDERA:CSSA-2002-017.1 URL:http://www.caldera.com/support/security/advisories/CSSA-2002-017.1.txt BID:4363 URL:http://www.securityfocus.com/bid/4363 Christey> CALDERA:CSSA-2002-SCO.26 Christey> REDHAT:RHSA-2002:051 (per Mark Cox) Frech> XF:squid-dns-reply-dos(8628) ====================================================== Candidate: CAN-2002-0169 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0169 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020611 Assigned: 20020411 Category: CF Reference: REDHAT:RHSA-2002:062 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-062.html Reference: HP:HPSBTL0205-038 Reference: URL:http://online.securityfocus.com/advisories/4095 Reference: XF:linux-docbook-stylesheet-insecure(8983) Reference: URL:http://www.iss.net/security_center/static/8983.php Reference: BID:4654 Reference: URL:http://online.securityfocus.com/bid/4654 The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier. Modifications: ADDREF HP:HPSBTL0205-038 ADDREF XF:linux-docbook-stylesheet-insecure(8983) ADDREF BID:4654 INFERRED ACTION: CAN-2002-0169 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:linux-docbook-stylesheet-insecure(8983) ====================================================== Candidate: CAN-2002-0170 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0170 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020411 Category: SF Reference: BUGTRAQ:20020301 [matt@zope.com: [Zope-Annce] Zope Hotfix 2002-03-01 (Ownership Roles Enforcement)] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101503023511996&w=2 Reference: CONFIRM:http://www.zope.org/Products/Zope/hotfixes/ Reference: REDHAT:RHSA-2002:060 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-060.html Reference: XF:zope-proxy-role-privileges(8334) Reference: URL:http://www.iss.net/security_center/static/8334.php Reference: BID:4229 Reference: URL:http://www.securityfocus.com/bid/4229 Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration. Modifications: ADDREF REDHAT:RHSA-2002:060 ADDREF XF:zope-proxy-role-privileges(8334) ADDREF BID:4229 INFERRED ACTION: CAN-2002-0170 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cox, Cole, Armstrong, Green MODIFY(1) Frech NOOP(3) Christey, Wall, Foat Voter Comments: Frech> XF:zope-proxy-role-privileges(8334) Christey> REDHAT:RHSA-2002:060 URL:http://www.redhat.com/support/errata/RHSA-2002-060.html ====================================================== Candidate: CAN-2002-0171 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0171 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020411 Category: SF Reference: SGI:20020406-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020406-01-P Reference: XF:irix-irisconsole-icadmin-access(8933) Reference: URL:http://www.iss.net/security_center/static/8933.php Reference: BID:4588 Reference: URL:http://www.securityfocus.com/bid/4588 IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges. Modifications: ADDREF XF:irix-irisconsole-icadmin-access(8933) ADDREF BID:4588 INFERRED ACTION: CAN-2002-0171 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Green MODIFY(1) Frech NOOP(3) Cox, Wall, Foat Voter Comments: Frech> XF:irix-irisconsole-icadmin-access(8933) ====================================================== Candidate: CAN-2002-0172 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0172 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020411 Category: CF Reference: SGI:20020408-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020408-01-I Reference: XF:irix-ipfilter-dos(8960) Reference: URL:http://www.iss.net/security_center/static/8960.php Reference: BID:4648 Reference: URL:http://online.securityfocus.com/bid/4648 /dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption). Modifications: ADDREF XF:irix-ipfilter-dos(8960) ADDREF BID:4648 INFERRED ACTION: CAN-2002-0172 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Green MODIFY(1) Frech NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> BID:4648 URL:http://online.securityfocus.com/bid/4648 Frech> XF:irix-ipfilter-dos(8960) ====================================================== Candidate: CAN-2002-0173 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0173 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020411 Category: SF Reference: SGI:20020409-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020409-01-I Reference: BID:4644 Reference: URL:http://www.securityfocus.com/bid/4644 Reference: XF:irix-cpr-bo(8959) Reference: URL:http://www.iss.net/security_center/static/8959.php Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges. Modifications: ADDREF BID:4644 ADDREF XF:irix-cpr-bo(8959) INFERRED ACTION: CAN-2002-0173 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Green MODIFY(1) Frech NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> BID:4644 URL:http://www.securityfocus.com/bid/4644 Frech> XF:irix-cpr-bo(8959) ====================================================== Candidate: CAN-2002-0174 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0174 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020611 Assigned: 20020411 Category: SF Reference: SGI:20020501-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020501-01-I Reference: XF:irix-nsd-symlink(8981) Reference: URL:http://www.iss.net/security_center/static/8981.php Reference: BID:4655 Reference: URL:http://www.securityfocus.com/bid/4655 nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file. Modifications: ADDREF XF:irix-nsd-symlink(8981) ADDREF BID:4655 INFERRED ACTION: CAN-2002-0174 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(3) Cox, Wall, Foat Voter Comments: Frech> XF:irix-nsd-symlink(8981) ====================================================== Candidate: CAN-2002-0178 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0178 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-02 Proposed: 20020611 Assigned: 20020417 Category: SF Reference: MISC:http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en Reference: REDHAT:RHSA-2002:065 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-065.html Reference: HP:HPSBTL0205-040 Reference: URL:http://online.securityfocus.com/advisories/4132 Reference: MANDRAKE:MDKSA-2002:052 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php Reference: XF:sharutils-uudecode-symlink(9075) Reference: URL:http://www.iss.net/security_center/static/9075.php Reference: BID:4742 Reference: URL:http://www.securityfocus.com/bid/4742 Reference: BUGTRAQ:20021030 GLSA: sharutils Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103599320902432&w=2 Reference: CERT-VN:VU#336083 Reference: URL:http://www.kb.cert.org/vuls/id/336083 Reference: CALDERA:CSSA-2002-040.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt Reference: COMPAQ:SSRT2301 uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands. Modifications: ADDREF HP:HPSBTL0205-040 ADDREF MANDRAKE:MDKSA-2002:052 ADDREF XF:sharutils-uudecode-symlink(9075) ADDREF BID:4742 ADDREF MISC:http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en ADDREF BUGTRAQ:20021030 GLSA: sharutils ADDREF CERT-VN:VU#336083 ADDREF CALDERA:CSSA-2002-040.0 ADDREF COMPAQ:SSRT2301 INFERRED ACTION: CAN-2002-0178 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Green MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> ADDREF: http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en Christey> HP:HPSBTL0205-040 URL:http://online.securityfocus.com/advisories/4132 XF:sharutils-uudecode-symlink(9075) URL:http://www.iss.net/security_center/static/9075.php BID:4742 URL:http://www.securityfocus.com/bid/4742 Christey> MANDRAKE:MDKSA-2002:052 Christey> BUGTRAQ:20021030 GLSA: sharutils URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103599320902432&w=2 CERT-VN:VU#336083 URL:http://www.kb.cert.org/vuls/id/336083 Christey> CALDERA:CSSA-2002-040.0 Christey> COMPAQ:SSRT2301 CERT-VN:VU#336083 URL:http://www.kb.cert.org/vuls/id/336083 ====================================================== Candidate: CAN-2002-0181 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0181 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020502 Assigned: 20020417 Category: SF Reference: BUGTRAQ:20020406 IMP 2.2.8 (SECURITY) released Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101828033830744&w=2 Reference: DEBIAN:DSA-126 Reference: URL:http://www.debian.org/security/2002/dsa-126 Reference: CALDERA:CSSA-2002-016.1 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-016.1.txt Reference: CONECTIVA:CLA-2001:473 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000473 Reference: MISC:http://bugs.horde.org/show_bug.cgi?id=916 Reference: XF:imp-status-php3-css(8769) Reference: URL:http://www.iss.net/security_center/static/8769.php Reference: BID:4444 Reference: URL:http://www.securityfocus.com/bid/4444 Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. Modifications: DESC rephrase CHANGEREF CALDERA [new version number] ADDREF CONECTIVA:CLA-2001:473 ADDREF MISC:http://bugs.horde.org/show_bug.cgi?id=916 ADDREF XF:imp-status-php3-css(8769) ADDREF BID:4444 INFERRED ACTION: CAN-2002-0181 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Green MODIFY(2) Frech, Cox NOOP(3) Christey, Wall, Foat Voter Comments: Cox> "execute script" sounds like local execution - it's just cross site scripting Christey> Try this desc: "Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary script and steal cookies of other IMP/HORDE users via the script parameter." CONECTIVA:CLA-2001:473 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000473 MISC:http://bugs.horde.org/show_bug.cgi?id=916 XF:imp-status-php3-css(8769) URL:http://www.iss.net/security_center/static/8769.php BID:4444 URL:http://www.securityfocus.com/bid/4444 CHANGEREF CALDERA:CSSA-2002-016.1 (new version #) Frech> XF:imp-status-php3-css(8769) ====================================================== Candidate: CAN-2002-0184 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0184 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-02 Proposed: 20020502 Assigned: 20020419 Category: SF Reference: BUGTRAQ:20020425 [Global InterSec 2002041701] Sudo Password Prompt Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101974610509912&w=2 Reference: BUGTRAQ:20020425 Sudo version 1.6.6 now available (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101975443619600&w=2 Reference: MANDRAKE:MDKSA-2002:028 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-028.php3 Reference: DEBIAN:DSA-128 Reference: URL:http://www.debian.org/security/2002/dsa-128 Reference: REDHAT:RHSA-2002:071 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-071.html Reference: REDHAT:RHSA-2002:072 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-072.html Reference: ENGARDE:ESA-20020429-010 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2040.html Reference: BUGTRAQ:20020425 [slackware-security] sudo upgrade fixes a potential vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101979472822196&w=2 Reference: CONECTIVA:CLA-2002:475 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000475 Reference: TRUSTIX:TSLSA-2002-0046 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102010164413135&w=2 Reference: BUGTRAQ:20020429 TSLSA-2002-0046 - sudo Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102010164413135&w=2 Reference: SUSE:SuSE-SA:2002:014 Reference: URL:http://www.suse.de/de/security/2002_014_sudo_txt.html Reference: CERT-VN:VU#820083 Reference: URL:http://www.kb.cert.org/vuls/id/820083 Reference: XF:sudo-password-expansion-overflow(8936) Reference: URL:http://www.iss.net/security_center/static/8936.php Reference: BID:4593 Reference: URL:http://www.securityfocus.com/bid/4593 Heap-based buffer overflow in sudo before 1.6.6 may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. Modifications: ADDREF BUGTRAQ:20020429 TSLSA-2002-0046 - sudo ADDREF SUSE:SuSE-SA:2002:014 ADDREF XF:sudo-password-expansion-overflow(8936) DESC change terms to "heap-based buffer overflow" ADDREF BID:4593 ADDREF CERT-VN:VU#820083 INFERRED ACTION: CAN-2002-0184 FINAL (Final Decision 20030402) Current Votes: ACCEPT(6) Cox, Wall, Foat, Cole, Armstrong, Green MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> BUGTRAQ:20020429 TSLSA-2002-0046 - sudo URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102010164413135&w=2 SUSE:SuSE-SA:2002:014 Frech> XF:sudo-password-expansion-overflow(8936) ====================================================== Candidate: CAN-2002-0185 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0185 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020419 Category: SF Reference: MISC:http://www.modpython.org/pipermail/mod_python/2002-April/001991.html Reference: MISC:http://www.modpython.org/pipermail/mod_python/2002-April/002003.html Reference: REDHAT:RHSA-2002:070 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-070.html Reference: CONECTIVA:CLA-2002:477 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000477 Reference: XF:modpython-imported-module-access(8997) Reference: URL:http://www.iss.net/security_center/static/8997.php Reference: BID:4656 Reference: URL:http://www.securityfocus.com/bid/4656 mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module. Modifications: ADDREF REDHAT:RHSA-2002:070 ADDREF CONECTIVA:CLA-2002:477 ADDREF XF:modpython-imported-module-access(8997) ADDREF BID:4656 INFERRED ACTION: CAN-2002-0185 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cox MODIFY(1) Frech NOOP(6) Christey, Wall, Foat, Cole, Armstrong, Green Voter Comments: Cox> ADDREF: RHSA-2002:070 Christey> ADDREF REDHAT:RHSA-2002:070 Christey> CONECTIVA:CLA-2002:477 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000477 Frech> XF:modpython-imported-module-access(8997) ====================================================== Candidate: CAN-2002-0186 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0186 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020726 Assigned: 20020420 Category: SF Reference: BUGTRAQ:20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102397345410856&w=2 Reference: VULNWATCH:20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html Reference: MS:MS02-030 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-030.asp Reference: CERT-VN:VU#811371 Reference: URL:http://www.kb.cert.org/vuls/id/811371 Reference: BID:5004 Reference: URL:http://www.securityfocus.com/bid/5004 Reference: XF:mssql-sqlxml-isapi-bo(9328) Reference: URL:http://www.iss.net/security_center/static/9328.php Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension." Modifications: ADDREF CERT-VN:VU#811371 ADDREF BID:5004 ADDREF XF:mssql-sqlxml-isapi-bo(9328) INFERRED ACTION: CAN-2002-0186 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole NOOP(2) Christey, Cox Voter Comments: Christey> CERT-VN:VU#811371 URL:http://www.kb.cert.org/vuls/id/811371 BID:5004 URL:http://www.securityfocus.com/bid/5004 XF:mssql-sqlxml-isapi-bo(9328) URL:http://www.iss.net/security_center/static/9328.php ====================================================== Candidate: CAN-2002-0187 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0187 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020420 Category: SF Reference: BUGTRAQ:20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102397345410856&w=2 Reference: VULNWATCH:20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html Reference: MS:MS02-030 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-030.asp Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag." INFERRED ACTION: CAN-2002-0187 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole NOOP(2) Christey, Cox Voter Comments: Christey> CERT-VN:VU#139931 URL:http://www.kb.cert.org/vuls/id/139931 XF:mssql-sqlxml-script-injection(9329) URL:http://www.iss.net/security_center/static/9329.php BID:5005 URL:http://www.securityfocus.com/bid/5005 ====================================================== Candidate: CAN-2002-0190 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0190 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020611 Assigned: 20020420 Category: SF Reference: MS:MS02-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp Reference: CERT-VN:VU#242891 Reference: URL:http://www.kb.cert.org/vuls/id/242891 Reference: XF:ie-netbios-incorrect-security-zone(9084) Reference: URL:http://www.iss.net/security_center/static/9084.php Reference: BID:4753 Reference: URL:http://www.securityfocus.com/bid/4753 Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability. Modifications: ADDREF XF:ie-netbios-incorrect-security-zone(9084) ADDREF BID:4753 ADDREF CERT-VN:VU#242891 INFERRED ACTION: CAN-2002-0190 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:ie-netbios-incorrect-security-zone(9084) ====================================================== Candidate: CAN-2002-0191 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0191 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020420 Category: SF Reference: BUGTRAQ:20020402 Reading portions of local files in IE, depending on structure (GM#004-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101778302030981&w=2 Reference: MS:MS02-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp Reference: XF:ie-css-read-files (8740) Reference: URL:http://www.iss.net/security_center/static/8740.php Reference: BID:4411 Reference: URL:http://online.securityfocus.com/bid/4411 Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability. INFERRED ACTION: CAN-2002-0191 FINAL (Final Decision 20030402) Current Votes: ACCEPT(6) Baker, Frech, Wall, Foat, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-0213 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0213 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20020128 [ Hackerslab bug_paper ] Xkas application vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101223525118717&w=2 Reference: SGI:20020604-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020604-01-I Reference: BID:3969 Reference: URL:http://online.securityfocus.com/bid/3969 Reference: XF:kashare-xkas-icon-symlink(8002) Reference: URL:http://www.iss.net/security_center/static/8002.php xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink attack on the VOLICON file, which copied to the .HSicon file in a shared directory. Modifications: ADDREF SGI:20020604-01-I INFERRED ACTION: CAN-2002-0213 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Green NOOP(4) Christey, Wall, Foat, Cole Voter Comments: Christey> SGI:20020604-01-I ====================================================== Candidate: CAN-2002-0241 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0241 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CISCO:20020207 Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml Reference: XF:ciscosecure-nds-authentication(8106) Reference: URL:http://www.iss.net/security_center/static/8106.php Reference: BID:4048 Reference: URL:http://www.securityfocus.com/bid/4048 NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server. INFERRED ACTION: CAN-2002-0241 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Frech, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0246 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0246 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020210 Unixware Message catalog exploit code Reference: URL:http://online.securityfocus.com/archive/1/255414 Reference: CALDERA:CSSA-2002-SCO.3 Reference: URL:ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.3/CSSA-2002-SCO.3.txt Reference: BID:4060 Reference: URL:http://online.securityfocus.com/bid/4060 Reference: XF:unixware-msg-catalog-format-string(8113) Reference: URL:http://www.iss.net/security_center/static/8113.php Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint. INFERRED ACTION: CAN-2002-0246 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Frech, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0250 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0250 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101318469216213&w=2 Reference: HP:HPSBUX0202-185 Reference: URL:http://online.securityfocus.com/advisories/3870 Reference: BID:4062 Reference: URL:http://www.securityfocus.com/bid/4062 Reference: XF:hp-advancestack-bypass-auth(8124) Reference: URL:http://www.iss.net/security_center/static/8124.php Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password. INFERRED ACTION: CAN-2002-0250 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Frech, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0267 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0267 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020212 SIPS - vulnerable to anyone gaining admin access. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363233905645&w=2 Reference: CONFIRM:http://sips.sourceforge.net/adminvul.html Reference: BID:4097 Reference: URL:http://online.securityfocus.com/bid/4097 Reference: XF:sips-theme-admin-access(8193) Reference: URL:http://www.iss.net/security_center/static/8193.php preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file. Modifications: ADDREF XF:sips-theme-admin-access(8193) INFERRED ACTION: CAN-2002-0267 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Cole, Armstrong MODIFY(1) Frech NOOP(3) Cox, Wall, Foat Voter Comments: Frech> XF:sips-theme-admin-access(8193) ====================================================== Candidate: CAN-2002-0274 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0274 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020213 Exim 3.34 and lower (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101362618118598&w=2 Reference: CONFIRM:http://www.exim.org/pipermail/exim-announce/2002q1/000053.html Reference: XF:exim-config-arg-bo(8194) Reference: URL:http://www.iss.net/security_center/static/8194.php Reference: BID:4096 Reference: URL:http://www.securityfocus.com/bid/4096 Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments. Modifications: ADDREF XF:exim-config-arg-bo(8194) INFERRED ACTION: CAN-2002-0274 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Cox, Cole MODIFY(1) Frech NOOP(3) Wall, Foat, Armstrong Voter Comments: Frech> XF:exim-config-arg-bo(8194) CHANGE> [Cox changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2002-0276 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0276 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020213 [NGSEC-2002-1] Ettercap, remote root compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101370874219511&w=2 Reference: CONFIRM:http://ettercap.sourceforge.net/index.php?s=history Reference: BID:4104 Reference: URL:http://online.securityfocus.com/bid/4104 Reference: XF:ettercap-memcpy-bo(8200) Reference: URL:http://www.iss.net/security_center/static/8200.php Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, when running on networks with an MTU greater than 2000, allows remote attackers to execute arbitrary code via large packets. Modifications: ADDREF XF:ettercap-memcpy-bo(8200) INFERRED ACTION: CAN-2002-0276 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Cole, Armstrong MODIFY(1) Frech NOOP(3) Cox, Wall, Foat Voter Comments: Frech> XF:ettercap-memcpy-bo(8200) ====================================================== Candidate: CAN-2002-0287 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0287 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20020216 pforum: mysql-injection-bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101389284625019&w=2 Reference: CONFIRM:http://www.powie.de/news/index.php Reference: BID:4114 Reference: URL:http://online.securityfocus.com/bid/4114 Reference: XF:pforum-quotes-sql-injection(8203) Reference: URL:http://www.iss.net/security_center/static/8203.php pforum 1.14 and earlier does no explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default. Modifications: ADDREF XF:pforum-quotes-sql-injection(8203) INFERRED ACTION: CAN-2002-0287 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Cole, Armstrong MODIFY(1) Frech NOOP(3) Cox, Wall, Foat Voter Comments: Frech> XF:pforum-quotes-sql-injection(8203) ====================================================== Candidate: CAN-2002-0290 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0290 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020218 Netwin Webnews Buffer Overflow Vulnerability (#NISR18022002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101413521417638&w=2 Reference: CONFIRM:ftp://netwinsite.com/pub/webnews/beta/webnews11m_solaris.tar.Z Reference: BID:4124 Reference: URL:http://online.securityfocus.com/bid/4124 Reference: XF:webnews-cgi-group-bo(8220) Reference: URL:http://www.iss.net/security_center/static/8220.php Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument. Modifications: ADDREF XF:webnews-cgi-group-bo(8220) INFERRED ACTION: CAN-2002-0290 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Cole, Armstrong MODIFY(1) Frech NOOP(3) Cox, Wall, Foat Voter Comments: Frech> XF:webnews-cgi-group-bo(8220) ====================================================== Candidate: CAN-2002-0292 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0292 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020219 [SA-2002:01] Slashcode login vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101414005501708&w=2 Reference: BID:4116 Reference: URL:http://online.securityfocus.com/bid/4116 Reference: XF:slashcode-site-xss(8221) Reference: URL:http://www.iss.net/security_center/static/8221.php Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field. Modifications: ADDREF XF:slashcode-site-xss(8221) INFERRED ACTION: CAN-2002-0292 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(3) Cox, Wall, Foat Voter Comments: Frech> XF:slashcode-site-xss(8221) ====================================================== Candidate: CAN-2002-0299 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0299 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020220 CNet CatchUp arbitrary code execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101438631921749&w=2 Reference: BID:3975 Reference: URL:http://online.securityfocus.com/bid/3975 Reference: XF:cnet-catchup-gain-privileges(8035) Reference: URL:http://www.iss.net/security_center/static/8035.php CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan. Modifications: ADDREF XF:cnet-catchup-gain-privileges(8035) INFERRED ACTION: CAN-2002-0299 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(3) Cox, Wall, Foat Voter Comments: Frech> XF:cnet-catchup-gain-privileges(8035) ====================================================== Candidate: CAN-2002-0300 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0300 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020219 gnujsp: dir- and script-disclosure Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101415804625292&w=2 Reference: BUGTRAQ:20020220 Re: gnujsp: dir- and script-disclosure Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101422432123898&w=2 Reference: DEBIAN:DSA-114 Reference: URL:http://www.debian.org/security/2002/dsa-114 Reference: BID:4125 Reference: URL:http://online.securityfocus.com/bid/4125 Reference: XF:gnujsp-jserv-information-disclosure(8240) Reference: URL:http://www.iss.net/security_center/static/8240.php gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file. Modifications: ADDREF XF:gnujsp-jserv-information-disclosure(8240) INFERRED ACTION: CAN-2002-0300 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(3) Cox, Wall, Foat Voter Comments: Frech> XF:gnujsp-jserv-information-disclosure(8240) ====================================================== Candidate: CAN-2002-0302 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0302 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020220 Symantec Enterprise Firewall (SEF) Notify Daemon data loss via SN MP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424225814604&w=2 Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20a.html Reference: BID:4139 Reference: URL:http://online.securityfocus.com/bid/4139 Reference: XF:sef-smtp-proxy-information(8251) Reference: URL:http://www.iss.net/security_center/static/8251.php The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack. Modifications: ADDREF XF:sef-smtp-proxy-information(8251) INFERRED ACTION: CAN-2002-0302 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Prosser, Baker, Cole MODIFY(1) Frech NOOP(3) Cox, Wall, Foat Voter Comments: Frech> XF:sef-smtp-proxy-information(8251) Prosser> http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20a.html ====================================================== Candidate: CAN-2002-0309 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0309 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020221 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101430810813853&w=2 Reference: BUGTRAQ:20020220 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424307617060&w=2 Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20.html Reference: BID:4141 Reference: URL:http://online.securityfocus.com/bid/4141 Reference: XF:sef-smtp-proxy-information(8251) Reference: URL:http://www.iss.net/security_center/static/8251.php SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information. Modifications: ADDREF CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20.html ADDREF XF:sef-smtp-proxy-information(8251) INFERRED ACTION: CAN-2002-0309 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Prosser, Baker, Cole MODIFY(1) Frech NOOP(3) Cox, Wall, Foat Voter Comments: Frech> XF:sef-smtp-proxy-information(8251) Prosser> http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20.html ====================================================== Candidate: CAN-2002-0318 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0318 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020221 DoS Attack against many RADIUS servers Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440113410083&w=2 Reference: XF:freeradius-access-request-dos(9968) Reference: URL:http://www.iss.net/security_center/static/9968.php FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets. Modifications: ADDREF XF:freeradius-access-request-dos(9968) INFERRED ACTION: CAN-2002-0318 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(3) Cox, Wall, Foat Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:freeradius-access-request-dos(9968) http://www.freeradius.org/radiusd/doc/ChangeLog Possibly: Fix a bug which would hang the server when many SQL connections were open. ====================================================== Candidate: CAN-2002-0329 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0329 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020227 RE: Open Bulletin Board javascript bug. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101485184605149&w=2 Reference: BUGTRAQ:20020227 Snitz 2000 Code Patch (was RE: Open Bulletin Board javascript bug.) Reference: URL:http://online.securityfocus.com/archive/1/258981 Reference: CONFIRM:http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660 Reference: BID:4192 Reference: URL:http://www.securityfocus.com/bid/4192 Reference: XF:snitz-img-css(8309) Reference: URL:http://www.iss.net/security_center/static/8309.php Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag. INFERRED ACTION: CAN-2002-0329 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> DELREF one BID:4192 (mentioned twice) ====================================================== Candidate: CAN-2002-0330 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0330 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020225 Open Bulletin Board javascript bug. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101466092601554&w=2 Reference: CONFIRM:http://community.iansoft.net/read.php?TID=5159 Reference: BID:4171 Reference: URL:http://online.securityfocus.com/bid/4171 Reference: XF:openbb-img-css(8278) Reference: URL:http://www.iss.net/security_center/static/8278.php Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag. INFERRED ACTION: CAN-2002-0330 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0339 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0339 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CISCO:20020227 Cisco Security Advisory: Data Leak with Cisco Express Forwarding Reference: URL:http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml Reference: XF:ios-cef-information-leak(8296) Reference: URL:http://www.iss.net/security_center/static/8296.php Reference: BID:4191 Reference: URL:http://www.securityfocus.com/bid/4191 Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length. INFERRED ACTION: CAN-2002-0339 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0355 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0355 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020502 Category: SF Reference: SGI:20020503-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020503-01-I Reference: BID:4682 Reference: URL:http://www.securityfocus.com/bid/4682 Reference: XF:irix-netstat-file-existence(9023) Reference: URL:http://www.iss.net/security_center/static/9023.php netstat in SGI IRIX before 6.5.12 allows local users to determine the existence of files on the system, even if the users do not have the appropriate permissions. INFERRED ACTION: CAN-2002-0355 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0356 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0356 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020611 Assigned: 20020502 Category: SF Reference: SGI:20020504-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020504-01-I Reference: XF:irix-fsrxfs-gain-privileges(9042) Reference: URL:http://www.iss.net/security_center/static/9042.php Reference: BID:4706 Reference: URL:http://www.securityfocus.com/bid/4706 Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local users to gain root privileges by overwriting critical system files. Modifications: ADDREF XF:irix-fsrxfs-gain-privileges(9042) ADDREF BID:4706 INFERRED ACTION: CAN-2002-0356 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> NOTE: CAN-2002-0356 was mistakenly referenced in a report for the sgdynamo product. The correct identifier for the sgdynamo vulnerability is CAN-2002-0375. Christey> XF:irix-fsrxfs-gain-privileges(9042) URL:http://www.iss.net/security_center/static/9042.php BID:4706 URL:http://www.securityfocus.com/bid/4706 Frech> XF:irix-fsrxfs-gain-privileges(9042) ====================================================== Candidate: CAN-2002-0358 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0358 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020611 Assigned: 20020502 Category: SF Reference: SGI:20020602-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020602-01-I Reference: XF:irix-mediamail-core-dump(9292) Reference: URL:http://www.iss.net/security_center/static/9292.php Reference: BID:4959 Reference: URL:http://www.securityfocus.com/bid/4959 MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows local users to force the program to dump core via certain arguments, which could allow the users to read sensitive data or gain privileges. Modifications: DESC Fix typo: "Medial" Mail ADDREF BID:4959 ADDREF XF:irix-mediamail-core-dump(9292) INFERRED ACTION: CAN-2002-0358 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> Fix typo: "Medial" Mail XF:irix-mediamail-core-dump(9292) URL:http://www.iss.net/security_center/static/9292.php BID:4959 URL:http://www.securityfocus.com/bid/4959 Frech> XF:irix-mediamail-core-dump(9292) ====================================================== Candidate: CAN-2002-0359 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0359 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020726 Assigned: 20020502 Category: SF Reference: BUGTRAQ:20020620 [LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102459162909825&w=2 Reference: SGI:20020606-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I Reference: CERT-VN:VU#521147 Reference: URL:http://www.kb.cert.org/vuls/id/521147 Reference: XF:irix-xfsmd-bypass-authentication(9401) Reference: URL:http://www.iss.net/security_center/static/9401.php Reference: BID:5072 Reference: URL:http://www.securityfocus.com/bid/5072 xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allows remote attackers to call dangerous RPC functions, including those that can mount or unmount xfs file systems, to gain root privileges. Modifications: ADDREF XF:irix-xfsmd-bypass-authentication(9401) ADDREF BID:5072 ADDREF CERT-VN:VU#521147 DELREF SGI:20020605-01-I INFERRED ACTION: CAN-2002-0359 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> XF:irix-xfsmd-bypass-authentication(9401) URL:http://www.iss.net/security_center/static/9401.php BID:5072 URL:http://www.securityfocus.com/bid/5072 Christey> DELREF SGI:20020605-01-I (that one is for CAN-2003-0392) ====================================================== Candidate: CAN-2002-0363 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0363 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020611 Assigned: 20020507 Category: SF Reference: MISC:http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html Reference: MISC:http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html Reference: REDHAT:RHSA-2002:083 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-083.html Reference: CALDERA:CSSA-2002-026.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt Reference: XF:ghostscript-postscript-command-execution(9254) Reference: URL:http://www.iss.net/security_center/static/9254.php Reference: BID:4937 Reference: URL:http://www.securityfocus.com/bid/4937 ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice. Modifications: ADDREF CALDERA:CSSA-2002-026.0 ADDREF XF:ghostscript-postscript-command-execution(9254) ADDREF BID:4937 INFERRED ACTION: CAN-2002-0363 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Cox, Cole, Alderson MODIFY(1) Frech NOOP(3) Christey, Wall, Foat Voter Comments: Christey> CALDERA:CSSA-2002-026.0 Christey> XF:ghostscript-postscript-command-execution(9254) URL:http://www.iss.net/security_center/static/9254.php BID:4937 URL:http://www.securityfocus.com/bid/4937 Frech> XF:ghostscript-postscript-command-execution(9254) ====================================================== Candidate: CAN-2002-0364 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0364 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020726 Assigned: 20020508 Category: SF Reference: BUGTRAQ:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102392069305962&w=2 Reference: NTBUGTRAQ:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102392308608100&w=2 Reference: VULNWATCH:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612] Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html Reference: BUGTRAQ:20020613 VNA - .HTR HEAP OVERFLOW Reference: URL:http://online.securityfocus.com/archive/1/276767 Reference: CERT-VN:VU#313819 Reference: URL:http://www.kb.cert.org/vuls/id/313819 Reference: MS:MS02-028 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-028.asp Reference: BID:4855 Reference: URL:http://www.securityfocus.com/bid/4855 Reference: XF:iis-htr-chunked-encoding-bo(9327) Reference: URL:http://www.iss.net/security_center/static/9327.php Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." Modifications: ADDREF BID:4855 ADDREF BUGTRAQ:20020613 VNA - .HTR HEAP OVERFLOW ADDREF CERT-VN:VU#313819 ADDREF XF:iis-htr-chunked-encoding-bo(9327) INFERRED ACTION: CAN-2002-0364 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole NOOP(2) Christey, Cox Voter Comments: Christey> BID:4855 URL:http://www.securityfocus.com/bid/4855 BUGTRAQ:20020613 VNA - .HTR HEAP OVERFLOW URL:http://online.securityfocus.com/archive/1/276767 CERT-VN:VU#313819 URL:http://www.kb.cert.org/vuls/id/313819 XF:iis-htr-chunked-encoding-bo(9327) URL:http://www.iss.net/security_center/static/9327.php ====================================================== Candidate: CAN-2002-0366 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0366 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020726 Assigned: 20020508 Category: SF Reference: BUGTRAQ:20020613 Microsoft RASAPI32.DLL Reference: URL:http://online.securityfocus.com/archive/1/276776 Reference: BUGTRAQ:20020620 VPN and Q318138 Reference: URL:http://online.securityfocus.com/archive/1/278145 Reference: MISC:http://www.nextgenss.com/vna/ms-ras.txt Reference: MS:MS02-029 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-029.asp Reference: BID:4852 Reference: URL:http://www.securityfocus.com/bid/4852 Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry. Modifications: ADDREF BUGTRAQ:20020613 Microsoft RASAPI32.DLL ADDREF BUGTRAQ:20020620 VPN and Q318138 INFERRED ACTION: CAN-2002-0366 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole NOOP(2) Christey, Cox Voter Comments: Christey> Add: a long script name is the issue. BUGTRAQ:20020613 Microsoft RASAPI32.DLL URL:http://online.securityfocus.com/archive/1/276776 BUGTRAQ:20020620 VPN and Q318138 URL:http://online.securityfocus.com/archive/1/278145 ====================================================== Candidate: CAN-2002-0367 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0367 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020508 Category: SF Reference: BUGTRAQ:20020314 Fwd: DebPloit (exploit) Reference: URL:http://www.securityfocus.com/archive/1/262074 Reference: BUGTRAQ:20020326 Re: DebPloit (exploit) Reference: URL:http://www.securityfocus.com/archive/1/264441 Reference: BUGTRAQ:20020327 Local Security Vulnerability in Windows NT and Windows 2000 Reference: URL:http://www.securityfocus.com/archive/1/264927 Reference: NTBUGTRAQ:20020314 DebPloit (exploit) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101614320402695&w=2 Reference: BID:4287 Reference: URL:http://www.securityfocus.com/bid/4287 Reference: XF:win-debug-duplicate-handles(8462) Reference: URL:http://www.iss.net/security_center/static/8462.php Reference: MS:MS02-024 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-024.asp smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. INFERRED ACTION: CAN-2002-0367 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Green NOOP(1) Cox ====================================================== Candidate: CAN-2002-0368 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0368 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020611 Assigned: 20020508 Category: SF Reference: MS:MS02-025 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-025.asp Reference: XF:exchange-msg-attribute-dos(9195) Reference: URL:http://www.iss.net/security_center/static/9195.php Reference: BID:4881 Reference: URL:http://www.securityfocus.com/bid/4881 The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." Modifications: ADDREF XF:exchange-msg-attribute-dos(9195) ADDREF BID:4881 INFERRED ACTION: CAN-2002-0368 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong MODIFY(1) Frech NOOP(3) Christey, Cox, Foat Voter Comments: Christey> XF:exchange-msg-attribute-dos(9195) URL:http://www.iss.net/security_center/static/9195.php BID:4881 URL:http://www.securityfocus.com/bid/4881 Frech> XF:exchange-msg-attribute-dos(9195) ====================================================== Candidate: CAN-2002-0369 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0369 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020611 Assigned: 20020508 Category: SF Reference: MS:MS02-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-026.asp Reference: XF:ms-aspdotnet-stateserver-bo(9276) Reference: URL:http://www.iss.net/security_center/static/9276.php Reference: BID:4958 Reference: URL:http://www.securityfocus.com/bid/4958 Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode. Modifications: ADDREF XF:ms-aspdotnet-stateserver-bo(9276) ADDREF BID:4958 INFERRED ACTION: CAN-2002-0369 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong MODIFY(1) Frech NOOP(3) Christey, Cox, Foat Voter Comments: Christey> XF:ms-aspdotnet-stateserver-bo(9276) http://www.iss.net/security_center/static/9276.php BID:4958 URL:http://www.securityfocus.com/bid/4958 Frech> XF:ms-aspdotnet-stateserver-bo(9276) ====================================================== Candidate: CAN-2002-0372 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0372 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020726 Assigned: 20020508 Category: SF Reference: MS:MS02-032 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp Reference: XF:mediaplayer-cache-code-execution(9420) Reference: URL:http://www.iss.net/security_center/static/9420.php Reference: BID:5107 Reference: URL:http://www.securityfocus.com/bid/5107 Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". Modifications: ADDREF XF:mediaplayer-cache-code-execution(9420) ADDREF BID:5107 INFERRED ACTION: CAN-2002-0372 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole NOOP(2) Christey, Cox Voter Comments: Christey> XF:mediaplayer-cache-code-execution(9420) URL:http://www.iss.net/security_center/static/9420.php BID:5107 URL:http://www.securityfocus.com/bid/5107 ====================================================== Candidate: CAN-2002-0373 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0373 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020726 Assigned: 20020508 Category: SF Reference: MS:MS02-032 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp Reference: XF:mediaplayer-wmdm-privilege-elevation(9421) Reference: URL:http://www.iss.net/security_center/static/9421.php Reference: BID:5109 Reference: URL:http://www.securityfocus.com/bid/5109 The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service". Modifications: ADDREF XF:mediaplayer-wmdm-privilege-elevation(9421) ADDREF BID:5109 INFERRED ACTION: CAN-2002-0373 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Wall, Cole NOOP(3) Christey, Cox, Foat Voter Comments: Christey> XF:mediaplayer-wmdm-privilege-elevation(9421) URL:http://www.iss.net/security_center/static/9421.php BID:5109 URL:http://www.securityfocus.com/bid/5109 ====================================================== Candidate: CAN-2002-0374 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0374 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020611 Assigned: 20020508 Category: SF Reference: BUGTRAQ:20020506 ldap vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102070762606525&w=2 Reference: VULNWATCH:20020506 ldap vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html Reference: CALDERA:CSSA-2002-041.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-041.0.txt Reference: MANDRAKE:MDKSA-2002:075 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:075 Reference: REDHAT:RHSA-2002:084 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-084.html Reference: REDHAT:RHSA-2002:175 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-175.html Reference: BUGTRAQ:20021030 GLSA: pam_ldap Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103601912505261&w=2 Reference: XF:pamldap-config-format-string(9018) Reference: URL:http://www.iss.net/security_center/static/9018.php Reference: BID:4679 Reference: URL:http://online.securityfocus.com/bid/4679 Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name. Modifications: ADDREF XF:pamldap-config-format-string(9018) ADDREF BID:4679 ADDREF BUGTRAQ:20021030 GLSA: pam_ldap ADDREF CALDERA:CSSA-2002-041.0 ADDREF MANDRAKE:MDKSA-2002:075 ADDREF REDHAT:RHSA-2002:175 INFERRED ACTION: CAN-2002-0374 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong MODIFY(1) Frech NOOP(2) Christey, Foat Voter Comments: Christey> XF:pamldap-config-format-string(9018) URL:http://www.iss.net/security_center/static/9018.php BID:4679 URL:http://online.securityfocus.com/bid/4679 Frech> XF:pamldap-config-format-string(9018) Christey> REDHAT:RHSA-2002:084 Christey> BUGTRAQ:20021030 GLSA: pam_ldap URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103601912505261&w=2 CALDERA:CSSA-2002-041.0 Christey> MANDRAKE:MDKSA-2002:075 Christey> REDHAT:RHSA-2002:175 URL:http://www.redhat.com/support/errata/RHSA-2002-175.html CALDERA:CSSA-2002-041.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-041.0.txt ====================================================== Candidate: CAN-2002-0377 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0377 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020611 Assigned: 20020514 Category: SF Reference: BUGTRAQ:20020512 Gaim abritary Email Reading Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102130733815285&w=2 Reference: VULN-DEV:20020511 Gaim abritary Email Reading Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0584.html Reference: CONFIRM:http://gaim.sourceforge.net/ChangeLog Reference: XF:gaim-email-access(9061) Reference: URL:http://www.iss.net/security_center/static/9061.php Reference: BID:4730 Reference: URL:http://www.securityfocus.com/bid/4730 Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files. Modifications: ADDREF VULN-DEV:20020511 Gaim abritary Email Reading ADDREF XF:gaim-email-access(9061) ADDREF BID:4730 INFERRED ACTION: CAN-2002-0377 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Cox, Cole, Armstrong MODIFY(1) Frech NOOP(3) Christey, Wall, Foat Voter Comments: Christey> VULN-DEV:20020511 Gaim abritary Email Reading URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0584.html Frech> XF:gaim-email-access(9061) Christey> XF:gaim-email-access(9061) URL:http://www.iss.net/security_center/static/9061.php BID:4730 URL:http://www.securityfocus.com/bid/4730 ====================================================== Candidate: CAN-2002-0379 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0379 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020611 Assigned: 20020517 Category: SF Reference: BUGTRAQ:20020510 wu-imap buffer overflow condition Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102107222100529&w=2 Reference: REDHAT:RHSA-2002:092 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-092.html Reference: CONECTIVA:CLA-2002:487 Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000487 Reference: HP:HPSBTL0205-043 Reference: URL:http://online.securityfocus.com/advisories/4167 Reference: CALDERA:CSSA-2002-021.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-021.0.txt Reference: MANDRAKE:MDKSA-2002:034 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-034.php Reference: ENGARDE:ESA-20020607-013 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2120.html Reference: BID:4713 Reference: URL:http://www.securityfocus.com/bid/4713 Reference: XF:wuimapd-partial-mailbox-bo(9055) Reference: URL:http://www.iss.net/security_center/static/9055.php Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request. Modifications: ADDREF CONECTIVA:CLA-2002:487 ADDREF HP:HPSBTL0205-043 ADDREF CALDERA:CSSA-2002-021.0 ADDREF MANDRAKE:MDKSA-2002:034 ADDREF ENGARDE:ESA-20020607-013 ADDREF BID:4713 ADDREF XF:wuimapd-partial-mailbox-bo(9055) INFERRED ACTION: CAN-2002-0379 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong MODIFY(1) Frech NOOP(2) Christey, Foat Voter Comments: Christey> Add "long BODY request" to desc. CONECTIVA:CLA-2002:487 URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000487 HP:HPSBTL0205-043 URL:http://online.securityfocus.com/advisories/4167 CALDERA:CSSA-2002-021.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-021.0.txt MANDRAKE:MDKSA-2002:034 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-034.php ENGARDE:ESA-20020607-013 URL:http://www.linuxsecurity.com/advisories/other_advisory-2120.html BID:4713 URL:http://www.securityfocus.com/bid/4713 XF:wuimapd-partial-mailbox-bo(9055) URL:http://www.iss.net/security_center/static/9055.php Frech> XF:wuimapd-partial-mailbox-bo(9055) ====================================================== Candidate: CAN-2002-0381 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0381 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020517 Category: SF Reference: MISC:http://www.FreeBSD.org/cgi/query-pr.cgi?pr=35022 Reference: BUGTRAQ:20020317 TCP Connections to a Broadcast Address on BSD-Based Systems Reference: URL:http://online.securityfocus.com/archive/1/262733 Reference: CONFIRM:http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110 Reference: CONFIRM:http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137 Reference: BID:4309 Reference: URL:http://online.securityfocus.com/bid/4309 Reference: XF:bsd-broadcast-address(8485) Reference: URL:http://www.iss.net/security_center/static/8485.php The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address. INFERRED ACTION: CAN-2002-0381 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Green NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0382 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0382 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-02 Proposed: 20020611 Assigned: 20020521 Category: SF Reference: BUGTRAQ:20020327 Xchat /dns command execution vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101725430425490&w=2 Reference: REDHAT:RHSA-2002:097 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-097.html Reference: MANDRAKE:MDKSA-2002:051 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-051.php Reference: CONECTIVA:CLA-2002:526 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000526 Reference: XF:xchat-dns-execute-commands(8704) Reference: URL:http://www.iss.net/security_center/static/8704.php Reference: BID:4376 Reference: URL:http://www.securityfocus.com/bid/4376 XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters. Modifications: DESC capitalize XChat properly ADDREF MANDRAKE:MDKSA-2002:051 ADDREF CONECTIVA:CLA-2002:526 INFERRED ACTION: CAN-2002-0382 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Armstrong MODIFY(2) Cox, Foat NOOP(3) Christey, Wall, Cole Voter Comments: Cox> Xchat should be XChat Foat> Agree with Cox modification Christey> MANDRAKE:MDKSA-2002:051 Christey> CONECTIVA:CLA-2002:526 ====================================================== Candidate: CAN-2002-0389 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0389 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020611 Assigned: 20020523 Category: SF Reference: BUGTRAQ:20020417 Mailman/Pipermail private mailing list/local user vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101902003314968&w=2 Reference: MISC:http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103 Reference: XF:pipermail-view-archives(8874) Reference: URL:http://www.iss.net/security_center/static/8874.php Reference: BID:4538 Reference: URL:http://www.securityfocus.com/bid/4538 Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives. Modifications: DESC fix typo ADDREF XF:pipermail-view-archives(8874) ADDREF BID:4538 INFERRED ACTION: CAN-2002-0389 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cox MODIFY(1) Frech NOOP(4) Christey, Wall, Foat, Cole Voter Comments: Frech> XF: pipermail-view-archives(8874) Christey> Add period to the end of the description. ====================================================== Candidate: CAN-2002-0391 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0391 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030320-01 Proposed: 20020830 Assigned: 20020528 Category: SF Reference: ISS:20020731 Remote Buffer Overflow Vulnerability in Sun RPC Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823 Reference: BUGTRAQ:20020731 Remote Buffer Overflow Vulnerability in Sun RPC Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102813809232532&w=2 Reference: BUGTRAQ:20020801 RPC analysis Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102821785316087&w=2 Reference: BUGTRAQ:20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102831443208382&w=2 Reference: CERT:CA-2002-25 Reference: URL:http://www.cert.org/advisories/CA-2002-25.html Reference: CERT-VN:VU#192995 Reference: URL:http://www.kb.cert.org/vuls/id/192995 Reference: AIXAPAR:IY34194 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html Reference: CALDERA:CSSA-2002-055.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt Reference: CONECTIVA:CLA-2002:515 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515 Reference: CONECTIVA:CLA-2002:535 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535 Reference: DEBIAN:DSA-142 Reference: URL:http://www.debian.org/security/2002/dsa-142 Reference: DEBIAN:DSA-143 Reference: URL:http://www.debian.org/security/2002/dsa-143 Reference: DEBIAN:DSA-146 Reference: URL:http://www.debian.org/security/2002/dsa-146 Reference: DEBIAN:DSA-149 Reference: URL:http://www.debian.org/security/2002/dsa-149 Reference: ENGARDE:ESA-20021003-021 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2399.html Reference: FREEBSD:FreeBSD-SA-02:34.rpc Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102821928418261&w=2 Reference: HP:HPSBTL0208-061 Reference: URL:http://online.securityfocus.com/advisories/4402 Reference: HP:HPSBUX0209-215 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0077.html Reference: MANDRAKE:MDKSA-2002:057 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:057 Reference: MS:MS02-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-057.asp Reference: NETBSD:NetBSD-SA2002-011 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc Reference: REDHAT:RHSA-2002:166 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-166.html Reference: REDHAT:RHSA-2002:172 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-172.html Reference: REDHAT:RHSA-2002:167 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-167.html Reference: SGI:20020801-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A Reference: SGI:20020801-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A Reference: SUSE:SuSE-SA:2002:031 Reference: BUGTRAQ:20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html Reference: BUGTRAQ:20020802 kerberos rpc xdr_array Reference: URL:http://online.securityfocus.com/archive/1/285740 Reference: BUGTRAQ:20020909 GLSA: glibc Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103158632831416&w=2 Reference: XF:sunrpc-xdr-array-bo(9170) Reference: URL:http://www.iss.net/security_center/static/9170.php Reference: BID:5356 Reference: URL:http://www.securityfocus.com/bid/5356 Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. Modifications: ADDREF REDHAT:RHSA-2002:167 ADDREF XF:sunrpc-xdr-array-bo(9170) ADDREF BID:5356 ADDREF BUGTRAQ:20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers ADDREF CONECTIVA:CLA-2002:515 ADDREF HP:HPSBTL0208-061 ADDREF BUGTRAQ:20020802 kerberos rpc xdr_array ADDREF BUGTRAQ:20020909 GLSA: glibc ADDREF SUSE:SuSE-SA:2002:031 ADDREF MS:MS02-057 ADDREF HP:HPSBUX0209-215 ADDREF MANDRAKE:MDKSA-2002:057 ADDREF ENGARDE:ESA-20021003-021 ADDREF CALDERA:CSSA-2002-055.0 ADDREF AIXAPAR:IY34194 ADDREF CONECTIVA:CLA-2002:535 INFERRED ACTION: CAN-2002-0391 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Wall, Cole MODIFY(1) Cox NOOP(2) Christey, Foat Voter Comments: Cox> ADDREF: RHSA-2002:167 Christey> XF:sunrpc-xdr-array-bo(9170) URL:http://www.iss.net/security_center/static/9170.php BID:5356 URL:http://www.securityfocus.com/bid/5356 BUGTRAQ:20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html CONECTIVA:CLA-2002:515 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515 HP:HPSBTL0208-061 URL:http://online.securityfocus.com/advisories/4402 BUGTRAQ:20020802 kerberos rpc xdr_array URL:http://online.securityfocus.com/archive/1/285740 Christey> BUGTRAQ:20020909 GLSA: glibc URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103158632831416&w=2 Christey> SUSE:SuSE-SA:2002:031 Christey> MS:MS02-057 Christey> HP:HPSBUX0209-215 URL:http://archives.neohapsis.com/archives/hp/2002-q3/0077.html MANDRAKE:MDKSA-2002:057 ENGARDE:ESA-20021003-021 Christey> CALDERA:CSSA-2002-055.0 Christey> AIXAPAR:IY34194 URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html CONECTIVA:CLA-2002:535 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535 ====================================================== Candidate: CAN-2002-0392 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0392 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020726 Assigned: 20020530 Category: SF Reference: CONFIRM:http://httpd.apache.org/info/security_bulletin_20020617.txt Reference: VULNWATCH:20020617 [VulnWatch] Apache httpd: vulnerability with chunked encoding Reference: ISS:20020617 Remote Compromise Vulnerability in Apache HTTP Server Reference: BUGTRAQ:20020617 Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server Reference: BUGTRAQ:20020617 Re: Remote Compromise Vulnerability in Apache HTTP Server Reference: BUGTRAQ:20020618 Fixed version of Apache 1.3 available Reference: BUGTRAQ:20020619 Implications of Apache vuln for Oracle Reference: BUGTRAQ:20020619 Remote Apache 1.3.x Exploit Reference: BUGTRAQ:20020620 Apache Exploit Reference: BUGTRAQ:20020620 TSLSA-2002-0056 - apache Reference: BUGTRAQ:20020621 [SECURITY] Remote exploit for 32-bit Apache HTTP Server known Reference: URL:http://online.securityfocus.com/archive/1/278149 Reference: BUGTRAQ:20020622 Ending a few arguments with one simple attachment. Reference: BUGTRAQ:20020622 blowchunks - protecting existing apache servers until upgrades arrive Reference: CERT:CA-2002-17 Reference: URL:http://www.cert.org/advisories/CA-2002-17.html Reference: SGI:20020605-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A Reference: SGI:20020605-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I Reference: REDHAT:RHSA-2002:103 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-103.html Reference: MANDRAKE:MDKSA-2002:039 Reference: CALDERA:CSSA-2002-029.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt Reference: CALDERA:CSSA-2002-SCO.31 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31 Reference: CALDERA:CSSA-2002-SCO.32 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32 Reference: COMPAQ:SSRT2253 Reference: CONECTIVA:CLSA-2002:498 Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498 Reference: DEBIAN:DSA-131 Reference: URL:http://www.debian.org/security/2002/dsa-131 Reference: DEBIAN:DSA-132 Reference: URL:http://www.debian.org/security/2002/dsa-132 Reference: DEBIAN:DSA-133 Reference: URL:http://www.debian.org/security/2002/dsa-133 Reference: ENGARDE:ESA-20020619-014 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2137.html Reference: REDHAT:RHSA-2002:118 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-118.html Reference: REDHAT:RHSA-2002:117 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-117.html Reference: BUGTRAQ:20020619 [OpenPKG-SA-2002.004] OpenPKG Security Advisory (apache) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0235.html Reference: BUGTRAQ:20020621 [slackware-security] new apache/mod_ssl packages available Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0266.html Reference: SUSE:SuSE-SA:2002:022 Reference: URL:http://www.suse.com/de/security/2002_22_apache.html Reference: CERT-VN:VU#944335 Reference: URL:http://www.kb.cert.org/vuls/id/944335 Reference: HP:HPSBTL0206-049 Reference: URL:http://online.securityfocus.com/advisories/4240 Reference: HP:HPSBUX0207-197 Reference: URL:http://online.securityfocus.com/advisories/4257 Reference: BID:5033 Reference: URL:http://online.securityfocus.com/bid/5033 Reference: XF:apache-chunked-encoding-bo(9249) Reference: URL:http://www.iss.net/security_center/static/9249.php Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. Modifications: ADDREF CALDERA:CSSA-2002-029.0 ADDREF CALDERA:CSSA-2002-SCO.31 ADDREF CALDERA:CSSA-2002-SCO.32 ADDREF COMPAQ:SSRT2253 ADDREF CONECTIVA:CLSA-2002:498 ADDREF DEBIAN:DSA-131 ADDREF DEBIAN:DSA-132 ADDREF DEBIAN:DSA-133 ADDREF ENGARDE:ESA-20020619-014 ADDREF REDHAT:RHSA-2002:118 ADDREF REDHAT:RHSA-2002:117 ADDREF BUGTRAQ:20020619 [OpenPKG-SA-2002.004] OpenPKG Security Advisory (apache) ADDREF BUGTRAQ:20020621 [slackware-security] new apache/mod_ssl packages available ADDREF SUSE:SuSE-SA:2002:022 ADDREF CERT-VN:VU#944335 ADDREF HP:HPSBTL0206-049 ADDREF HP:HPSBUX0207-197 ADDREF BID:5033 ADDREF XF:apache-chunked-encoding-bo(9249) INFERRED ACTION: CAN-2002-0392 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Cox, Wall, Foat, Cole NOOP(1) Christey Voter Comments: Christey> CALDERA:CSSA-2002-029.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt CALDERA:CSSA-2002-SCO.31 URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31 CALDERA:CSSA-2002-SCO.32 URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32 COMPAQ:SSRT2253 CONECTIVA:CLSA-2002:498 URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498 DEBIAN:DSA-131 URL:http://www.debian.org/security/2002/dsa-131 DEBIAN:DSA-132 URL:http://www.debian.org/security/2002/dsa-132 DEBIAN:DSA-133 URL:http://www.debian.org/security/2002/dsa-133 ENGARDE:ESA-20020619-014 URL:http://www.linuxsecurity.com/advisories/other_advisory-2137.html REDHAT:RHSA-2002:118 URL:http://rhn.redhat.com/errata/RHSA-2002-118.html REDHAT:RHSA-2002:117 URL:http://rhn.redhat.com/errata/RHSA-2002-117.html BUGTRAQ:20020619 [OpenPKG-SA-2002.004] OpenPKG Security Advisory (apache) URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0235.html BUGTRAQ:20020621 [slackware-security] new apache/mod_ssl packages available URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0266.html SUSE:SuSE-SA:2002:022 URL:http://www.suse.com/de/security/2002_22_apache.html CERT-VN:VU#944335 URL:http://www.kb.cert.org/vuls/id/944335 BID:5033 URL:http://online.securityfocus.com/bid/5033 XF:apache-chunked-encoding-bo(9249) URL:http://www.iss.net/security_center/static/9249.php HP:HPSBTL0206-049 URL:http://online.securityfocus.com/advisories/4240 HP:HPSBUX0207-197 URL:http://online.securityfocus.com/advisories/4257 ====================================================== Candidate: CAN-2002-0394 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0394 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Reference: XF:redm-1050ap-insecure-passwords(9263) Reference: URL:http://www.iss.net/security_center/static/9263.php Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, which makes it easier for attackers to conduct a brute force guessing attack due to the smaller space of possible passwords. Modifications: ADDREF XF:redm-1050ap-insecure-passwords(9263) INFERRED ACTION: CAN-2002-0394 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Foat MODIFY(1) Frech NOOP(4) Cox, Wall, Cole, Armstrong Voter Comments: Frech> XF:redm-1050ap-insecure-passwords(9263) Baker> The vendor response does not dispute any of the issues, stating the remaining issues will be resolved in a future firmware update. Sounds like confirmation to me. ====================================================== Candidate: CAN-2002-0401 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0401 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-02 Proposed: 20020611 Assigned: 20020603 Category: SF Reference: BUGTRAQ:20020529 Potential security issues in Ethereal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2 Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html Reference: DEBIAN:DSA-130 Reference: URL:http://www.debian.org/security/2002/dsa-130 Reference: REDHAT:RHSA-2002:088 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html Reference: CONECTIVA:CLSA-2002:505 Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505 Reference: CALDERA:CSSA-2002-037.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt Reference: BID:4806 Reference: URL:http://online.securityfocus.com/bid/4806 Reference: XF:ethereal-smb-dissector-dos(9204) Reference: URL:http://www.iss.net/security_center/static/9204.php SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer. Modifications: ADDREF REDHAT:RHSA-2002:088 ADDREF XF:ethereal-smb-dissector-dos(9204) ADDREF CONECTIVA:CLSA-2002:505 ADDREF CALDERA:CSSA-2002-037.0 INFERRED ACTION: CAN-2002-0401 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Foat, Cole, Armstrong MODIFY(2) Frech, Cox NOOP(2) Christey, Wall Voter Comments: Cox> ADDREF: RHSA-2002:088 Christey> Fix version: 0.9.3 is also affected (thanks to Mark Cox for noticing this) Christey> XF:ethereal-smb-dissector-dos(9204) URL:http://www.iss.net/security_center/static/9204.php CONECTIVA:CLSA-2002:505 URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505 Frech> XF:ethereal-smb-dissector-dos(9204) Christey> CALDERA:CSSA-2002-037.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt ====================================================== Candidate: CAN-2002-0402 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0402 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-02 Proposed: 20020611 Assigned: 20020603 Category: SF Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html Reference: DEBIAN:DSA-130 Reference: URL:http://www.debian.org/security/2002/dsa-130 Reference: BUGTRAQ:20020529 Potential security issues in Ethereal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2 Reference: REDHAT:RHSA-2002:088 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html Reference: CONECTIVA:CLSA-2002:505 Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505 Reference: CALDERA:CSSA-2002-037.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt Reference: XF:ethereal-x11-dissector-bo(9203) Reference: URL:http://www.iss.net/security_center/static/9203.php Reference: BID:4805 Reference: URL:http://online.securityfocus.com/bid/4805 Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms. Modifications: ADDREF REDHAT:RHSA-2002:088 ADDREF CONECTIVA:CLSA-2002:505 ADDREF XF:ethereal-x11-dissector-bo(9203) ADDREF CALDERA:CSSA-2002-037.0 INFERRED ACTION: CAN-2002-0402 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Foat, Cole, Armstrong MODIFY(2) Frech, Cox NOOP(2) Christey, Wall Voter Comments: Cox> ADDREF: RHSA-2002:088 Christey> Fix version: 0.9.3 is also affected (thanks to Mark Cox for noticing this) Christey> XF:ethereal-x11-dissector-bo(9203) URL:http://www.iss.net/security_center/static/9203.php CONECTIVA:CLSA-2002:505 URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505 Frech> XF:ethereal-x11-dissector-bo(9203) Christey> CALDERA:CSSA-2002-037.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt ====================================================== Candidate: CAN-2002-0403 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0403 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-02 Proposed: 20020611 Assigned: 20020603 Category: SF Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html Reference: DEBIAN:DSA-130 Reference: URL:http://www.debian.org/security/2002/dsa-130 Reference: BUGTRAQ:20020529 Potential security issues in Ethereal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2 Reference: REDHAT:RHSA-2002:088 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html Reference: CONECTIVA:CLSA-2002:505 Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505 Reference: CALDERA:CSSA-2002-037.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt Reference: BID:4807 Reference: URL:http://online.securityfocus.com/bid/4807 Reference: XF:ethereal-dns-dissector-dos(9205) Reference: URL:http://www.iss.net/security_center/static/9205.php DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. Modifications: ADDREF REDHAT:RHSA-2002:088 ADDREF CONECTIVA:CLSA-2002:505 ADDREF XF:ethereal-dns-dissector-dos(9205) ADDREF CALDERA:CSSA-2002-037.0 INFERRED ACTION: CAN-2002-0403 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Foat, Cole, Armstrong MODIFY(2) Frech, Cox NOOP(2) Christey, Wall Voter Comments: Cox> ADDREF: RHSA-2002:088 Christey> Fix version: 0.9.3 is also affected (thanks to Mark Cox for noticing this) Christey> XF:ethereal-dns-dissector-dos(9205) URL:http://www.iss.net/security_center/static/9205.php CONECTIVA:CLSA-2002:505 URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505 Frech> XF:ethereal-dns-dissector-dos(9205) Christey> CALDERA:CSSA-2002-037.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt ====================================================== Candidate: CAN-2002-0404 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0404 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-02 Proposed: 20020611 Assigned: 20020603 Category: SF Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html Reference: DEBIAN:DSA-130 Reference: URL:http://www.debian.org/security/2002/dsa-130 Reference: BUGTRAQ:20020529 Potential security issues in Ethereal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2 Reference: REDHAT:RHSA-2002:088 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html Reference: CONECTIVA:CLSA-2002:505 Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505 Reference: CALDERA:CSSA-2002-037.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt Reference: BID:4808 Reference: URL:http://online.securityfocus.com/bid/4808 Reference: XF:ethereal-giop-dissector-dos(9206) Reference: URL:http://www.iss.net/security_center/static/9206.php Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption). Modifications: ADDREF REDHAT:RHSA-2002:088 ADDREF CONECTIVA:CLSA-2002:505 ADDREF XF:ethereal-giop-dissector-dos(9206) ADDREF CALDERA:CSSA-2002-037.0 INFERRED ACTION: CAN-2002-0404 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Foat, Cole, Armstrong MODIFY(2) Frech, Cox NOOP(2) Christey, Wall Voter Comments: Cox> ADDREF: RHSA-2002:088 Christey> Fix version: 0.9.3 is also affected (thanks to Mark Cox for noticing this) Christey> XF:ethereal-giop-dissector-dos(9206) URL:http://www.iss.net/security_center/static/9206.php Frech> XF:ethereal-giop-dissector-dos(9206) Christey> CALDERA:CSSA-2002-037.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt ====================================================== Candidate: CAN-2002-0406 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0406 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020302 Denial of Service in Sphereserver Reference: URL:http://online.securityfocus.com/archive/1/259334 Reference: XF:sphereserver-connections-dos(8338) Reference: URL:http://www.iss.net/security_center/static/8338.php Reference: BID:4258 Reference: URL:http://www.securityfocus.com/bid/4258 Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in. INFERRED ACTION: CAN-2002-0406 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Frech, Cole, Alderson NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0412 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0412 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020304 [H20020304]: Remotely exploitable format string vulnerability in ntop Reference: URL:http://online.securityfocus.com/archive/1/259642 Reference: BUGTRAQ:20020411 ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101854261030453&w=2 Reference: BUGTRAQ:20020411 re: gobbles ntop alert Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101856541322245&w=2 Reference: BUGTRAQ:20020417 segfault in ntop Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101908224609740&w=2 Reference: VULNWATCH:20020304 [VulnWatch] [H20020304]: Remotely exploitable format string vulnerability in ntop Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0056.html Reference: CONFIRM:http://snapshot.ntop.org/ Reference: MISC:http://listmanager.unipi.it/pipermail/ntop-dev/2002-February/000489.html Reference: XF:ntop-traceevent-format-string(8347) Reference: URL:http://www.iss.net/security_center/static/8347.php Reference: BID:4225 Reference: URL:http://www.securityfocus.com/bid/4225 Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication. INFERRED ACTION: CAN-2002-0412 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Frech, Wall, Cole, Alderson MODIFY(1) Cox NOOP(1) Foat Voter Comments: Cox> I believe this only apples to ntop version 2 not version 1 ====================================================== Candidate: CAN-2002-0414 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0414 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020304 BSD: IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec Reference: URL:http://www.securityfocus.com/archive/1/259598 Reference: CONFIRM:http://orange.kame.net/dev/cvsweb.cgi/kame/CHANGELOG Reference: BID:4224 Reference: URL:http://www.securityfocus.com/bid/4224 Reference: XF:kame-forged-packet-forwarding(8416) Reference: URL:http://www.iss.net/security_center/static/8416.php Reference: VULNWATCH:20020304 [VulnWatch] BSD: IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0057.html KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. INFERRED ACTION: CAN-2002-0414 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Cole, Alderson NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0423 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0423 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020306 efingerd remote buffer overflow and a dangerous feature Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html Reference: CONFIRM:http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.5.tar.gz Reference: BID:4239 Reference: URL:http://www.securityfocus.com/bid/4239 Reference: XF:efingerd-reverse-lookup-bo(8380) Reference: URL:http://www.iss.net/security_center/static/8380.php Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup. INFERRED ACTION: CAN-2002-0423 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Cole, Alderson NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0424 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0424 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020306 efingerd remote buffer overflow and a dangerous feature Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html Reference: CONFIRM:http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz Reference: BID:4240 Reference: URL:http://www.securityfocus.com/bid/4240 Reference: XF:efingerd-file-execution(8381) Reference: URL:http://www.iss.net/security_center/static/8381.php efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger. INFERRED ACTION: CAN-2002-0424 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Cole, Alderson NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0425 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0425 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020306 mIRC DCC Server Security Flaw Reference: URL:http://online.securityfocus.com/archive/1/260244 Reference: XF:mirc-dcc-reveal-info(8393) Reference: URL:http://www.iss.net/security_center/static/8393.php Reference: BID:4247 Reference: URL:http://www.securityfocus.com/bid/4247 mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message. INFERRED ACTION: CAN-2002-0425 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Frech, Cole, Alderson NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0429 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0429 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020308 linux <=2.4.18 x86 traps.c problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101561298818888&w=2 Reference: CONFIRM:http://www.openwall.com/linux/ Reference: REDHAT:RHSA-2002:158 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-158.html Reference: BID:4259 Reference: URL:http://online.securityfocus.com/bid/4259 Reference: XF:linux-ibcs-lcall-process(8420) Reference: URL:http://www.iss.net/security_center/static/8420.php The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall). Modifications: ADDREF REDHAT:RHSA-2002:158 ADDREF XF:linux-ibcs-lcall-process(8420) INFERRED ACTION: CAN-2002-0429 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Cox, Cole, Alderson MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:linux-ibcs-lcall-process(8420) CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Cox> Addref: RHSA-2002:158 ====================================================== Candidate: CAN-2002-0431 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0431 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020309 xtux server DoS. Reference: URL:http://online.securityfocus.com/archive/1/260912 Reference: MISC:https://sourceforge.net/tracker/index.php?func=detail&aid=529046&group_id=206&atid=100206 Reference: BID:4260 Reference: URL:http://www.securityfocus.com/bid/4260 Reference: XF:xtux-server-dos(8422) Reference: URL:http://www.iss.net/security_center/static/8422.php XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection. INFERRED ACTION: CAN-2002-0431 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Frech, Cole, Alderson NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0435 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0435 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-02 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020310 GNU fileutils - recursive directory removal race condition Reference: URL:http://www.securityfocus.com/archive/1/260936 Reference: CONFIRM:http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html Reference: CALDERA:CSSA-2002-018.1 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt Reference: XF:gnu-fileutils-race-condition(8432) Reference: URL:http://www.iss.net/security_center/static/8432.php Reference: BID:4266 Reference: URL:http://www.securityfocus.com/bid/4266 Reference: MANDRAKE:MDKSA-2002:031 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system. Modifications: ADDREF MANDRAKE:MDKSA-2002:032 CHANGEREF CONFIRM [URL changed] CHANGEREF MANDRAKE [wrong number] INFERRED ACTION: CAN-2002-0435 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Green, Baker, Cox, Foat, Cole NOOP(2) Christey, Wall Voter Comments: Christey> MANDRAKE:MDKSA-2002:032 CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Cox> CONFIRM:http://mail.gnu.org/pipermail/bug-fileutils/2002-March/002440.html is a dead link, I traced the message to the new live link here http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html Christey> Mandrake reference should be MANDRAKE:MDKSA-2002:031 (032 is for tcpdump) ====================================================== Candidate: CAN-2002-0437 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0437 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020311 SMStools vulnerabilities in release before 1.4.8 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0103.html Reference: CONFIRM:http://www.isis.de/members/~s.frings/smstools/history.html Reference: BID:4268 Reference: URL:http://www.securityfocus.com/bid/4268 Reference: XF:sms-tools-format-string(8433) Reference: URL:http://www.iss.net/security_center/static/8433.php Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format vulnerability" by some sources. INFERRED ACTION: CAN-2002-0437 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0441 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0441 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020311 Directory traversal vulnerability in phpimglist Reference: URL:http://www.securityfocus.com/archive/1/261221 Reference: CONFIRM:http://www.liquidpulse.net/get.lp?id=17 Reference: XF:phpimglist-dot-directory-traversal(8441) Reference: URL:http://www.iss.net/security_center/static/8441.php Reference: BID:4276 Reference: URL:http://www.securityfocus.com/bid/4276 Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter. INFERRED ACTION: CAN-2002-0441 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0442 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0442 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: Reference: CALDERA:CSSA-2002-SCO.8 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.8/CSSA-2002-SCO.8.txt Reference: XF:openserver-dlvraudit-bo(8442) Reference: URL:http://www.iss.net/security_center/static/8442.php Reference: BID:4273 Reference: URL:http://www.securityfocus.com/bid/4273 Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges. INFERRED ACTION: CAN-2002-0442 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0451 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0451 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020313 Command execution in phprojekt. Reference: URL:http://www.securityfocus.com/archive/1/261676 Reference: CONFIRM:http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=19&mode=&order= Reference: BID:4284 Reference: URL:http://www.securityfocus.com/bid/4284 Reference: XF:phpprojekt-filemanager-include-files(8448) Reference: URL:http://www.iss.net/security_center/static/8448.php filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter. INFERRED ACTION: CAN-2002-0451 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0454 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0454 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020315 Bug in QPopper (All Versions?) Reference: URL:http://www.securityfocus.com/archive/1/262213 Reference: CONFIRM:ftp://ftp.qualcomm.com/eudora/servers/unix/popper/qpopper4.0.4.tar.gz Reference: XF:qpopper-qpopper-dos(8458) Reference: URL:http://www.iss.net/security_center/static/8458.php Reference: BID:4295 Reference: URL:http://www.securityfocus.com/bid/4295 Reference: CALDERA:CSSA-2002-SCO.20 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.20 Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop. Modifications: ADDREF CALDERA:CSSA-2002-SCO.20 INFERRED ACTION: CAN-2002-0454 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Green, Baker, Wall, Cole NOOP(3) Christey, Cox, Foat Voter Comments: Christey> CALDERA:CSSA-2002-SCO.20 ====================================================== Candidate: CAN-2002-0462 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0462 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020318 [ARL02-A11] Big Sam (Built-In Guestbook Stand-Alone Module) Multiple Vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/262735 Reference: CONFIRM:http://www.gezzed.net/bigsam/bigsam.1_1_12.php.txt Reference: XF:bigsam-displaybegin-dos(8478) Reference: URL:http://www.iss.net/security_center/static/8478.php Reference: XF:bigsam-safemode-path-disclosure(8479) Reference: URL:http://www.iss.net/security_center/static/8479.php Reference: BID:4312 Reference: URL:http://www.securityfocus.com/bid/4312 bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled. Modifications: DESC rephrase to clarify INFERRED ACTION: CAN-2002-0462 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Green, Baker, Foat, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0463 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0463 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020319 Re: [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/262802 Reference: BUGTRAQ:20020316 [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/262652 Reference: BID:4307 Reference: URL:http://www.securityfocus.com/bid/4307 Reference: XF:arsc-language-path-disclosure(8472) Reference: URL:http://www.iss.net/security_center/static/8472.php home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message. INFERRED ACTION: CAN-2002-0463 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0464 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0464 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020318 Hosting Directory Traversal madness... Reference: URL:http://www.securityfocus.com/archive/1/262734 Reference: CONFIRM:http://www.hostingcontroller.com/english/patches/ForAll/download/dot-slash.zip Reference: BID:4311 Reference: URL:http://www.securityfocus.com/bid/4311 Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp. INFERRED ACTION: CAN-2002-0464 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0473 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0473 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: VULN-DEV:20020318 phpBB2 remote execution command Reference: URL:http://online.securityfocus.com/archive/82/262600 Reference: BUGTRAQ:20020318 Re: phpBB2 remote execution command (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html Reference: BUGTRAQ:20020318 phpBB2 remote execution command Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0229.html Reference: CONFIRM:http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip Reference: MISC:http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483 Reference: BID:4380 Reference: URL:http://www.securityfocus.com/bid/4380 Reference: XF:phpbb-db-command-execution(8476) Reference: URL:http://www.iss.net/security_center/static/8476.php db.php in phBB 2.0 (aka phBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter. INFERRED ACTION: CAN-2002-0473 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0484 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0484 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020321 Re: move_uploaded_file breaks safe_mode restrictions in PHP Reference: URL:http://online.securityfocus.com/archive/1/263259 Reference: BUGTRAQ:20020317 move_uploaded_file breaks safe_mode restrictions in PHP Reference: URL:http://online.securityfocus.com/archive/1/262999 Reference: BUGTRAQ:20020322 Re: move_uploaded_file breaks safe_mode restrictions in PHP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101683938806677&w=2 Reference: CONFIRM:http://bugs.php.net/bug.php?id=16128 Reference: XF:php-moveuploadedfile-create-files(8591) Reference: URL:http://www.iss.net/security_center/static/8591.php Reference: BID:4325 Reference: URL:http://www.securityfocus.com/bid/4325 move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. INFERRED ACTION: CAN-2002-0484 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Green, Baker, Cox, Cole NOOP(2) Wall, Foat Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2002-0488 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0488 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020321 PHP script: Penguin Traceroute, Remote Command Execution Reference: URL:http://www.securityfocus.com/archive/1/263285 Reference: CONFIRM:http://www.linux-directory.com/scripts/traceroute.pl Reference: XF:penguin-traceroute-command-execution(8600) Reference: URL:http://www.iss.net/security_center/static/8600.php Reference: BID:4332 Reference: URL:http://www.securityfocus.com/bid/4332 Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter. INFERRED ACTION: CAN-2002-0488 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Green, Baker, Wall, Foat, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-0490 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0490 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020323 Instant Web Mail additional POP3 commands and mail headers Reference: URL:http://www.securityfocus.com/archive/1/264041 Reference: CONFIRM:http://instantwebmail.sourceforge.net/#changeLog Reference: XF:instant-webmail-pop-commands(8650) Reference: URL:http://www.iss.net/security_center/static/8650.php Reference: BID:4361 Reference: URL:http://www.securityfocus.com/bid/4361 Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php. INFERRED ACTION: CAN-2002-0490 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0493 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0493 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020325 re: Tomcat Security Exposure Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101709002410365&w=2 Reference: MISC:http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail@icarus.apache.org%3E Reference: XF:tomcat-xml-bypass-restrictions(9863) Reference: URL:http://www.iss.net/security_center/static/9863.php Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions. Modifications: ADDREF XF:tomcat-xml-bypass-restrictions(9863) INFERRED ACTION: CAN-2002-0493 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(3) Cox, Wall, Foat Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:tomcat-xml-bypass-restrictions(9863) ====================================================== Candidate: CAN-2002-0494 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0494 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020325 WebSight Directory System: cross-site-scripting bug Reference: URL:http://www.securityfocus.com/archive/1/263914 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=163389 Reference: BID:4357 Reference: URL:http://www.securityfocus.com/bid/4357 Reference: XF:websight-directory-system-css(8624) Reference: URL:http://www.iss.net/security_center/static/8624.php Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name. INFERRED ACTION: CAN-2002-0494 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0495 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0495 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020325 CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable) Reference: URL:http://www.securityfocus.com/archive/1/264169 Reference: MISC:http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7 Reference: BID:4368 Reference: URL:http://www.securityfocus.com/bid/4368 Reference: XF:cssearch-url-execute-commands(8636) Reference: URL:http://www.iss.net/security_center/static/8636.php csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi. INFERRED ACTION: CAN-2002-0495 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Foat, Cole NOOP(3) Cox, Wall, Armstrong Voter Comments: Frech> http://online.securityfocus.com/archive/1/266432 ====================================================== Candidate: CAN-2002-0497 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0497 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020306 mtr 0.45, 0.46 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0048.html Reference: DEBIAN:DSA-124 Reference: URL:http://www.debian.org/security/2002/dsa-124 Reference: BID:4217 Reference: URL:http://www.securityfocus.com/bid/4217 Reference: XF:mtr-options-bo(8367) Reference: URL:http://www.iss.net/security_center/static/8367.php Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable. INFERRED ACTION: CAN-2002-0497 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Cox, Cole NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2002-0501 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0501 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020327 Format String Bug in Posadis DNS Server Reference: URL:http://online.securityfocus.com/archive/1/264450 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=165094 Reference: XF:posadis-logging-format-string(8653) Reference: URL:http://www.iss.net/security_center/static/8653.php Reference: BID:4378 Reference: URL:http://www.securityfocus.com/bid/4378 Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages. Modifications: DESC fix typo INFERRED ACTION: CAN-2002-0501 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Frech, Foat, Cole, Armstrong NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0505 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0505 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CISCO:20020327 LDAP Connection Leak in CTI when User Authentication Fails Reference: URL:http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml Reference: XF:cisco-cti-memory-leak(8655) Reference: URL:http://www.iss.net/security_center/static/8655.php Reference: BID:4370 Reference: URL:http://www.securityfocus.com/bid/4370 Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords. INFERRED ACTION: CAN-2002-0505 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0506 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0506 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020328 A possible buffer overflow in libnewt Reference: URL:http://online.securityfocus.com/archive/1/264699 Reference: XF:libnewt-bo(8700) Reference: URL:http://www.iss.net/security_center/static/8700.php Reference: BID:4393 Reference: URL:http://www.securityfocus.com/bid/4393 Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt. Modifications: DESC emphasize setuid programs only INFERRED ACTION: CAN-2002-0506 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Frech, Cox, Cole NOOP(3) Wall, Foat, Armstrong Voter Comments: Cox> (although only really a problem if you have setuid programs that use libnewt) ====================================================== Candidate: CAN-2002-0511 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0511 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CALDERA:CSSA-2002-013.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-013.0.txt Reference: XF:nscd-dns-ptr-validation(8745) Reference: URL:http://www.iss.net/security_center/static/8745.php Reference: BID:4399 Reference: URL:http://www.securityfocus.com/bid/4399 The default configuration of Name Service Cache Daemon (nscd) in Caldera OpenLinux 3.1 and 3.1.1 uses cached PTR records instead of consulting the authoritative DNS server for the A record, which could make it easier for remote attackers to bypass applications that restrict access based on host names. INFERRED ACTION: CAN-2002-0511 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Frech, Foat, Cole, Armstrong NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0512 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0512 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CALDERA:CSSA-2002-005.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt Reference: BID:4400 Reference: URL:http://www.securityfocus.com/bid/4400 Reference: XF:kde-startkde-search-directory(8737) Reference: URL:http://www.iss.net/security_center/static/8737.php startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries. Modifications: ADDREF XF:kde-startkde-search-directory(8737) INFERRED ACTION: CAN-2002-0512 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Frech> XF:kde-startkde-search-directory(8737) Christey> There's a long history of overflows via long -xrm arguments. Need to make sure there's no overlap with other separate vulnerability reports. ====================================================== Candidate: CAN-2002-0513 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0513 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020330 popper_mod 1.2.1 and previous accounts compromise Reference: URL:http://online.securityfocus.com/archive/1/265438 Reference: CONFIRM:http://www.symatec-computer.com/forums/viewtopic.php?t=14 Reference: XF:symatec-popper-admin-access(8746) Reference: URL:http://www.iss.net/security_center/static/8746.php Reference: BID:4412 Reference: URL:http://www.securityfocus.com/bid/4412 The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator. INFERRED ACTION: CAN-2002-0513 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0516 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0516 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020327 squirrelmail 1.2.5 email user can execute command Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html Reference: BUGTRAQ:20020331 Re: squirrelmail 1.2.5 email user can execute command Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html Reference: BID:4385 Reference: URL:http://www.securityfocus.com/bid/4385 Reference: XF:squirrelmail-theme-command-execution(8671) Reference: URL:http://www.iss.net/security_center/static/8671.php SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie. INFERRED ACTION: CAN-2002-0516 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0531 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0531 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020403 emumail.cgi Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0066.html Reference: CONFIRM:http://www.emumail.com/downloads/download_unix.html/ Reference: XF:emumail-cgi-view-files(8766) Reference: URL:http://www.iss.net/security_center/static/8766.php Reference: BID:4435 Reference: URL:http://www.securityfocus.com/bid/4435 Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter. INFERRED ACTION: CAN-2002-0531 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0532 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0532 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020410 Re: emumail.cgi, one more local vulnerability (not verified) Reference: URL:http://online.securityfocus.com/archive/1/266930 Reference: XF:emumail-http-host-execute(8836) Reference: URL:http://www.iss.net/security_center/static/8836.php Reference: BID:4488 Reference: URL:http://www.securityfocus.com/bid/4488 EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters. INFERRED ACTION: CAN-2002-0532 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0536 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0536 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020403 SQL injection in PHPGroupware Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0036.html Reference: BUGTRAQ:20020411 Re: SQL injection in PHPGroupware Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0143.html Reference: XF:phpgroupware-sql-injection(8755) Reference: URL:http://www.iss.net/security_center/static/8755.php Reference: BID:4424 Reference: URL:http://www.securityfocus.com/bid/4424 PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack. INFERRED ACTION: CAN-2002-0536 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(4) Cox, Wall, Foat, Armstrong ====================================================== Candidate: CAN-2002-0538 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0538 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020415 Raptor Firewall FTP Bounce vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0166.html Reference: BUGTRAQ:20020417 Re: Raptor Firewall FTP Bounce vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0224.html Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.04.17.html Reference: XF:raptor-firewall-ftp-bounce(8847) Reference: URL:http://www.iss.net/security_center/static/8847.php Reference: BID:4522 Reference: URL:h ttp://www.securityfocus.com/bid/4522 FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability. INFERRED ACTION: CAN-2002-0538 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0539 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0539 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020415 Demarc PureSecure 1.05 may be other (user can bypass login) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0168.html Reference: BUGTRAQ:20020417 Demarc Security Update Advisory Reference: URL:http://online.securityfocus.com/archive/1/267941 Reference: XF:puresecure-sql-injection(8854) Reference: URL:http://www.iss.net/security_center/static/8854.php Reference: BID:4520 Reference: URL:http://www.securityfocus.com/bid/4520 Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie. INFERRED ACTION: CAN-2002-0539 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0542 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0542 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020411 local root compromise in openbsd 3.0 and below Reference: URL:http://online.securityfocus.com/archive/1/267089 Reference: BUGTRAQ:20020411 OpenBSD Local Root Compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101855467811695&w=2 Reference: CONFIRM:http://www.openbsd.org/errata30.html#mail Reference: XF:openbsd-mail-root-privileges(8818) Reference: URL:http://www.iss.net/security_center/static/8818.php Reference: BID:4495 Reference: URL:http://www.securityfocus.com/bid/4495 mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron. INFERRED ACTION: CAN-2002-0542 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0543 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0543 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020409 Abyss Webserver 1.0 Administration password file retrieval exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0110.html Reference: CONFIRM:http://www.aprelium.com/forum/viewtopic.php?t=24 Reference: BID:4466 Reference: URL:http://www.securityfocus.com/bid/4466 Reference: XF:abyss-unicode-directory-traversal(8805) Reference: URL:http://www.iss.net/security_center/static/8805.php Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request. INFERRED ACTION: CAN-2002-0543 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0545 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0545 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CISCO:20020409 Aironet Telnet Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/Aironet-Telnet.shtml Reference: BID:4461 Reference: URL:http://www.securityfocus.com/bid/4461 Reference: XF:cisco-aironet-telnet-dos(8788) Reference: URL:http://www.iss.net/security_center/static/8788.php Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords. INFERRED ACTION: CAN-2002-0545 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0553 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0553 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020413 SunSop: cross-site-scripting bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0154.html Reference: XF:sunshop-new-cust-css(8840) Reference: URL:http://www.iss.net/security_center/static/8840.php Reference: BID:4506 Reference: URL:http://www.securityfocus.com/bid/4506 Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration. INFERRED ACTION: CAN-2002-0553 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0567 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0567 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020206 Remote Compromise in Oracle 9i Database Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301332402079&w=2 Reference: CERT-VN:VU#180147 Reference: URL:http://www.kb.cert.org/vuls/id/180147 Reference: CERT:CA-2002-08 Reference: URL:http://www.cert.org/advisories/CA-2002-08.html Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf Reference: BID:4033 Reference: URL:http://www.securityfocus.com/bid/4033 Reference: XF:oracle-plsql-remote-access(8089) Reference: URL:http://xforce.iss.net/static/8089.php Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. INFERRED ACTION: CAN-2002-0567 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Frech, Wall, Cole, Alderson NOOP(2) Cox, Foat ====================================================== Candidate: CAN-2002-0569 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0569 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020206 Hackproofing Oracle Application Server paper Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301813117562&w=2 Reference: CERT-VN:VU#977251 Reference: URL:http://www.kb.cert.org/vuls/id/977251 Reference: CERT:CA-2002-08 Reference: URL:http://www.cert.org/advisories/CA-2002-08.html Reference: MISC:http://www.nextgenss.com/papers/hpoas.pdf Reference: BID:4298 Reference: URL:http://www.securityfocus.com/bid/4298 Reference: XF:oracle-appserver-config-file-access(8453) Reference: URL:http://www.iss.net/security_center/static/8453.php Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet). Modifications: ADDREF XF:oracle-appserver-config-file-access(8453) INFERRED ACTION: CAN-2002-0569 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Cole, Alderson MODIFY(1) Frech NOOP(2) Cox, Foat Voter Comments: Frech> XF:oracle-appserver-config-file-access(8453) ====================================================== Candidate: CAN-2002-0571 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0571 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020416 ansi outer join syntax in Oracle allows access to any data Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0175.html Reference: CIAC:M-071 Reference: URL:http://www.ciac.org/ciac/bulletins/m-071.shtml Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf Reference: XF:oracle-ansi-sql-bypass-acl(8855) Reference: URL:http://www.iss.net/security_center/static/8855.php Reference: BID:4523 Reference: URL:http://www.securityfocus.com/bid/4523 Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. INFERRED ACTION: CAN-2002-0571 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole NOOP(2) Cox, Foat ====================================================== Candidate: CAN-2002-0573 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0573 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020430 Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System Reference: URL:http://online.securityfocus.com/archive/1/270268 Reference: VULNWATCH:20020430 [VulnWatch] Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0049.html Reference: CERT:CA-2002-10 Reference: URL:http://www.cert.org/advisories/CA-2002-10.html Reference: CERT-VN:VU#638099 Reference: URL:http://www.kb.cert.org/vuls/id/638099 Reference: XF:solaris-rwall-format-string(8971) Reference: URL:http://www.iss.net/security_center/static/8971.php Reference: BID:4639 Reference: URL:http://www.securityfocus.com/bid/4639 Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed. INFERRED ACTION: CAN-2002-0573 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Foat, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0574 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0574 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020611 Assigned: 20020611 Category: SF Reference: FREEBSD:FreeBSD-SA-02:21 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc Reference: BID:4539 Reference: URL:http://www.securityfocus.com/bid/4539 Reference: XF:freebsd-icmp-echo-reply-dos(8893) Reference: URL:http://www.iss.net/security_center/static/8893.php Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed. Modifications: ADDREF XF:freebsd-icmp-echo-reply-dos(8893) INFERRED ACTION: CAN-2002-0574 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(3) Cox, Wall, Foat Voter Comments: Frech> XF:freebsd-icmp-echo-reply-dos(8893) ====================================================== Candidate: CAN-2002-0575 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0575 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020426 Revised OpenSSH Security Advisory (adv.token) Reference: URL:http://online.securityfocus.com/archive/1/269701 Reference: BUGTRAQ:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow Reference: URL:http://online.securityfocus.com/archive/1/268718 Reference: VULN-DEV:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101924296115863&w=2 Reference: BUGTRAQ:20020517 OpenSSH 3.2.2 released (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102167972421837&w=2 Reference: BUGTRAQ:20020429 TSLSA-2002-0047 - openssh Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0394.html Reference: BUGTRAQ:20020420 OpenSSH Security Advisory (adv.token) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0298.html Reference: CALDERA:CSSA-2002-022.2 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-022.2.txt Reference: BID:4560 Reference: URL:http://www.securityfocus.com/bid/4560 Reference: XF:openssh-sshd-kerberos-bo(8896) Reference: URL:http://www.iss.net/security_center/static/8896.php Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges. Modifications: ADDREF BUGTRAQ:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow ADDREF VULN-DEV:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow ADDREF BUGTRAQ:20020517 OpenSSH 3.2.2 released (fwd) INFERRED ACTION: CAN-2002-0575 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Cox, Cole NOOP(3) Christey, Wall, Foat Voter Comments: Christey> BUGTRAQ:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow URL:http://online.securityfocus.com/archive/1/268718 VULN-DEV:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101924296115863&w=2 BUGTRAQ:20020517 OpenSSH 3.2.2 released (fwd) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102167972421837&w=2 ====================================================== Candidate: CAN-2002-0576 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0576 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020418 KPMG-2002013: Coldfusion Path Disclosure Reference: URL:http://online.securityfocus.com/archive/1/268263 Reference: VULNWATCH:20020418 [VulnWatch] KPMG-2002013: Coldfusion Path Disclosure Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22906 Reference: BID:4542 Reference: URL:http://www.securityfocus.com/bid/4542 Reference: XF:coldfusion-dos-device-path-disclosure(8866) Reference: URL:http://www.iss.net/security_center/static/8866.php ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. INFERRED ACTION: CAN-2002-0576 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole NOOP(2) Cox, Foat ====================================================== Candidate: CAN-2002-0594 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0594 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS) Reference: URL:http://online.securityfocus.com/archive/1/270249 Reference: CONECTIVA:CLA-2002:490 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490 Reference: BID:4640 Reference: URL:http://www.securityfocus.com/bid/4640 Reference: XF:mozilla-css-files-exist(8977) Reference: URL:http://www.iss.net/security_center/static/8977.php Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect. Modifications: ADDREF XF:mozilla-css-files-exist(8977) INFERRED ACTION: CAN-2002-0594 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cox, Cole MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:mozilla-css-files-exist(8977) CHANGE> [Cox changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2002-0597 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0597 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020417 KPMG-2002011: Windows 2000 microsoft-ds Denial of Service Reference: URL:http://online.securityfocus.com/archive/1/268066 Reference: VULNWATCH:20020417 [VulnWatch] KPMG-2002011: Windows 2000 microsoft-ds Denial of Service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0025.html Reference: MSKB:Q320751 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q320751 Reference: XF:win2k-lanman-dos(8867) Reference: URL:http://www.iss.net/security_center/static/8867.php Reference: BID:4532 Reference: URL:http://www.securityfocus.com/bid/4532 LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445. Modifications: ADDREF MSKB:Q320751 INFERRED ACTION: CAN-2002-0597 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Foat, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0598 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0598 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020419 KPMG-2002014: Foundstone Fscan Format String Bug Reference: URL:http://online.securityfocus.com/archive/1/268581 Reference: VULNWATCH:20020419 [VulnWatch] KPMG-2002014: Foundstone Fscan Format String Bug Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0030.html Reference: CONFIRM:http://www.foundstone.com/knowledge/fscan112_advisory.html Reference: XF:fscan-banner-format-string(8895) Reference: URL:http://www.iss.net/security_center/static/8895.php Reference: BID:4549 Reference: URL:http://www.securityfocus.com/bid/4549 Format string vulnerability in Foundstone FScan 1.12 with banner grabbing enabled allows remote attackers to execute arbitrary code on the scanning system via format string specifiers in the server banner. INFERRED ACTION: CAN-2002-0598 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Foat, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0599 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0599 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020428 Blahz-DNS: Authentication bypass vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0395.html Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=87004 Reference: BID:4618 Reference: URL:http://www.securityfocus.com/bid/4618 Reference: XF:blahzdns-auth-bypass(8951) Reference: URL:http://www.iss.net/security_center/static/8951.php Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen. INFERRED ACTION: CAN-2002-0599 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Foat, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0601 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0601 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020611 Assigned: 20020611 Category: SF Reference: ISS:20020430 Remote Denial of Service Vulnerability in RealSecure Network Sensor Reference: URL:http://www.iss.net/security_center/alerts/advise116.php Reference: BUGTRAQ:20020430 ISS Advisory: Remote Denial of Service Vulnerability in RealSecure Network Sensor Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0420.html Reference: XF:rs-ns-dhcp-dos(8961) Reference: URL:http://www.iss.net/security_center/static/8961.php Reference: BID:4649 Reference: URL:http://www.securityfocus.com/bid/4649 ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers to cause a denial of service (crash) via malformed DHCP packets that cause RealSecure to dereference a null pointer. Modifications: ADDREF XF:rs-ns-dhcp-dos(8961) INFERRED ACTION: CAN-2002-0601 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Wall, Cole MODIFY(1) Frech NOOP(2) Cox, Foat Voter Comments: Frech> XF:rs-ns-dhcp-dos(8961) ====================================================== Candidate: CAN-2002-0605 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0605 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020503 Macromedia Flash Activex Buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102039374017185&w=2 Reference: VULN-DEV:20020503 Macromedia Flash Activex Buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102038919414726&w=2 Reference: VULNWATCH:20020502 [VulnWatch] Macromedia Flash Activex Buffer overflow Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0051.html Reference: NTBUGTRAQ:20020503 Macromedia Flash Activex Buffer overflow Reference: CONFIRM:http://www.macromedia.com/support/flash/ts/documents/buf_ovflow_623.htm Reference: XF:flash-activex-movie-bo(8993) Reference: URL:http://www.iss.net/security_center/static/8993.php Reference: BID:4664 Reference: URL:http://online.securityfocus.com/bid/4664 Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter. INFERRED ACTION: CAN-2002-0605 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Frech, Wall, Cole, Armstrong NOOP(2) Cox, Foat ====================================================== Candidate: CAN-2002-0613 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0613 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020428 dnstools: authentication bypass vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0390.html Reference: CONFIRM:http://www.dnstools.com/dnstools_2.0.1.tar.gz Reference: BID:4617 Reference: URL:http://www.securityfocus.com/bid/4617 Reference: XF:dnstools-auth-bypass(8948) Reference: URL:http://www.iss.net/security_center/static/8948.php dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters. INFERRED ACTION: CAN-2002-0613 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Foat, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0616 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0616 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020726 Assigned: 20020612 Category: SF Reference: MS:MS02-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp Reference: XF:excel-inline-macro-execution(9397) Reference: URL:http://www.iss.net/security_center/static/9397.php Reference: BID:5063 Reference: URL:http://www.securityfocus.com/bid/5063 The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." Modifications: ADDREF XF:excel-inline-macro-execution(9397) INFERRED ACTION: CAN-2002-0616 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-0617 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0617 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020612 Category: SF Reference: MS:MS02-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." INFERRED ACTION: CAN-2002-0617 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-0618 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0618 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020726 Assigned: 20020612 Category: SF Reference: NTBUGTRAQ:20020524 Excel XP xml stylesheet problems Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102256054320377&w=2 Reference: MISC:http://www.guninski.com/ex$el2.html Reference: MS:MS02-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp Reference: BID:4821 Reference: URL:http://online.securityfocus.com/bid/4821 Reference: XF:excel-xsl-script-execution(9399) Reference: URL:http://www.iss.net/security_center/static/9399.php The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution". Modifications: ADDREF XF:excel-xsl-script-execution(9399) INFERRED ACTION: CAN-2002-0618 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-0619 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0619 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020726 Assigned: 20020612 Category: SF Reference: BUGTRAQ:20020514 dH team & SECURITY.NNOV: A variant of "Word Mail Merge" vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102139136019862&w=2 Reference: MS:MS02-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp Reference: XF:word-mail-merge-variant(9077) Reference: URL:http://www.iss.net/security_center/static/9077.php Reference: BID:5066 Reference: URL:http://www.securityfocus.com/bid/5066 The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). Modifications: DESC rephrase ADDREF XF:word-mail-merge-variant(9077) ADDREF BID:5066 INFERRED ACTION: CAN-2002-0619 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Wall, Cole MODIFY(1) Foat NOOP(2) Christey, Cox Voter Comments: Foat> The candidate is technically correct, but the wording is not grammatically correct. Suggest the following: An attacker's macro code can be run automatically if the user has Microsoft Access present on the system and choses to open a mail merge document that had been saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerabilty" (CVE-2000-0788). Christey> desc: missing "*WHEN* access is present..." ====================================================== Candidate: CAN-2002-0621 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0621 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020726 Assigned: 20020612 Category: SF Reference: BUGTRAQ:20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002) Reference: MS:MS02-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp Reference: XF:mscs-owc-installer-bo(9424) Reference: URL:http://www.iss.net/security_center/static/9424.php Reference: BID:5108 Reference: URL:http://www.securityfocus.com/bid/5108 Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer. Modifications: DESC fix typos ADDREF XF:mscs-owc-installer-bo(9424) ADDREF BID:5108 INFERRED ACTION: CAN-2002-0621 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole NOOP(2) Christey, Cox Voter Comments: Christey> XF:mscs-owc-installer-bo(9424) URL:http://www.iss.net/security_center/static/9424.php BID:5108 URL:http://www.securityfocus.com/bid/5108 Christey> "arbitray"? "by via"? ====================================================== Candidate: CAN-2002-0622 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0622 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020726 Assigned: 20020612 Category: SF Reference: BUGTRAQ:20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002) Reference: MS:MS02-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp Reference: XF:mscs-owc-installer-permissions(9425) Reference: URL:http://www.iss.net/security_center/static/9425.php Reference: BID:5111 Reference: URL:http://www.securityfocus.com/bid/5111 The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution". Modifications: ADDREF XF:mscs-owc-installer-permissions(9425) ADDREF BID:5111 INFERRED ACTION: CAN-2002-0622 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole NOOP(2) Christey, Cox Voter Comments: Christey> XF:mscs-owc-installer-permissions(9425) URL:http://www.iss.net/security_center/static/9425.php BID:5111 URL:http://www.securityfocus.com/bid/5111 ====================================================== Candidate: CAN-2002-0623 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0623 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020726 Assigned: 20020612 Category: SF Reference: MS:MS02-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp Reference: BID:5112 Reference: URL:http://www.securityfocus.com/bid/5112 Reference: XF:mscs-authfilter-isapi-bo-variant(9426) Reference: URL:http://www.iss.net/security_center/static/9426.php Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun". Modifications: ADDREF BID:5112 ADDREF XF:mscs-authfilter-isapi-bo-variant(9426) INFERRED ACTION: CAN-2002-0623 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole NOOP(2) Christey, Cox Voter Comments: Christey> BID:5112 URL:http://www.securityfocus.com/bid/5112 XF:mscs-authfilter-isapi-bo-variant(9426) URL:http://www.iss.net/security_center/static/9426.php ====================================================== Candidate: CAN-2002-0631 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0631 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020726 Assigned: 20020621 Category: SF Reference: SGI:20020607-02-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020607-02-I Reference: BID:5092 Reference: URL:http://www.securityfocus.com/bid/5092 Reference: XF:irix-nveventd-file-write(9418) Reference: URL:http://www.iss.net/security_center/static/9418.php Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges. Modifications: DESC fix typo ADDREF BID:5092 ADDREF XF:irix-nveventd-file-write(9418) INFERRED ACTION: CAN-2002-0631 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> fix typo: "root root" BID:5092 URL:http://www.securityfocus.com/bid/5092 XF:irix-nveventd-file-write(9418) URL:http://www.iss.net/security_center/static/9418.php ====================================================== Candidate: CAN-2002-0638 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0638 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020830 Assigned: 20020627 Category: SF Reference: VULNWATCH:20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html Reference: BUGTRAQ:20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102795787713996&w=2 Reference: CERT-VN:VU#405955 Reference: URL:http://www.kb.cert.org/vuls/id/405955 Reference: REDHAT:RHSA-2002:132 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-132.html Reference: REDHAT:RHSA-2002:137 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-137.html Reference: CONECTIVA:CLA-2002:523 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523 Reference: CALDERA:CSSA-2002-043.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt Reference: MANDRAKE:MDKSA-2002:047 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php Reference: BUGTRAQ:20020730 TSLSA-2002-0064 - util-linux Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html Reference: HP:HPSBTL0207-054 Reference: URL:http://online.securityfocus.com/advisories/4320 Reference: XF:utillinux-chfn-race-condition(9709) Reference: URL:http://www.iss.net/security_center/static/9709.php Reference: BID:5344 Reference: URL:http://www.securityfocus.com/bid/5344 setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. Modifications: ADDREF REDHAT:RHSA-2002:137 ADDREF CONECTIVA:CLA-2002:523 ADDREF CALDERA:CSSA-2002-043.0 INFERRED ACTION: CAN-2002-0638 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> ADDREF:RHSA-2002:137 Christey> CONECTIVA:CLA-2002:523 Christey> CALDERA:CSSA-2002-043.0 ====================================================== Candidate: CAN-2002-0639 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0639 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-02 Proposed: 20020726 Assigned: 20020628 Category: SF Reference: ISS:20020626 OpenSSH Remote Challenge Vulnerability Reference: BUGTRAQ:20020626 OpenSSH Security Advisory (adv.iss) Reference: BUGTRAQ:20020626 Revised OpenSSH Security Advisory (adv.iss) Reference: BUGTRAQ:20020627 How to reproduce OpenSSH Overflow. Reference: NETBSD:2002-005 Reference: CERT-VN:VU#369347 Reference: CERT:CA-2002-18 Reference: HP:HPSBUX0206-195 Reference: CALDERA:CSSA-2002-030.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt Reference: BUGTRAQ:20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html Reference: CONECTIVA:CLA-2002:502 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502 Reference: ENGARDE:ESA-20020702-016 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2177.html Reference: MANDRAKE:MDKSA-2002:040 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:040 Reference: BID:5093 Reference: XF:openssh-challenge-response-bo(9169) Reference: URL:http://www.iss.net/security_center/static/9169.php Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication. Modifications: ADDREF CALDERA:CSSA-2002-030.0 ADDREF BUGTRAQ:20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh) ADDREF CONECTIVA:CLA-2002:502 ADDREF ENGARDE:ESA-20020702-016 ADDREF MANDRAKE:MDKSA-2002:040 ADDREF XF:openssh-challenge-response-bo(9169) INFERRED ACTION: CAN-2002-0639 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Cox, Foat, Cole NOOP(2) Christey, Wall Voter Comments: Christey> CALDERA:CSSA-2002-030.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt BUGTRAQ:20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh) URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html CONECTIVA:CLA-2002:502 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502 ENGARDE:ESA-20020702-016 URL:http://www.linuxsecurity.com/advisories/other_advisory-2177.html Christey> MANDRAKE:MDKSA-2002:040 ====================================================== Candidate: CAN-2002-0640 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0640 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-02 Proposed: 20020726 Assigned: 20020628 Category: SF Reference: BUGTRAQ:20020626 Revised OpenSSH Security Advisory (adv.iss) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102514631524575&w=2 Reference: BUGTRAQ:20020626 OpenSSH Security Advisory (adv.iss) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102514371522793&w=2 Reference: BUGTRAQ:20020627 How to reproduce OpenSSH Overflow. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102521542826833&w=2 Reference: BUGTRAQ:20020628 Sun statement on the OpenSSH Remote Challenge Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102532054613894&w=2 Reference: CERT-VN:VU#369347 Reference: URL:http://www.kb.cert.org/vuls/id/369347 Reference: CERT:CA-2002-18 Reference: URL:http://www.cert.org/advisories/CA-2002-18.html Reference: DEBIAN:DSA-134 Reference: URL:http://www.debian.org/security/2002/dsa-134 Reference: HP:HPSBUX0206-195 Reference: BID:5093 Reference: URL:http://www.securityfocus.com/bid/5093 Reference: REDHAT:RHSA-2002:131 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-131.html Reference: CALDERA:CSSA-2002-030.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt Reference: CONECTIVA:CLA-2002:502 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502 Reference: ENGARDE:ESA-20020702-016 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2177.html Reference: MANDRAKE:MDKSA-2002:040 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:040 Reference: SUSE:SuSE-SA:2002:024 Reference: URL:http://www.suse.de/de/security/2002_024_openssh_txt.html Reference: REDHAT:RHSA-2002:127 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-127.html Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt). Modifications: ADDREF REDHAT:RHSA-2002:131 ADDREF CALDERA:CSSA-2002-030.0 ADDREF CONECTIVA:CLA-2002:502 ADDREF ENGARDE:ESA-20020702-016 ADDREF SUSE:SuSE-SA:2002:024 ADDREF REDHAT:RHSA-2002:127 ADDREF MANDRAKE:MDKSA-2002:040 INFERRED ACTION: CAN-2002-0640 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Foat, Cole MODIFY(1) Cox NOOP(2) Christey, Wall Voter Comments: Cox> ADDREF:RHSA-2002:131 Christey> CALDERA:CSSA-2002-030.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt CONECTIVA:CLA-2002:502 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502 ENGARDE:ESA-20020702-016 URL:http://www.linuxsecurity.com/advisories/other_advisory-2177.html SUSE:SuSE-SA:2002:024 URL:http://www.suse.de/de/security/2002_024_openssh_txt.html REDHAT:RHSA-2002:127 URL:http://www.redhat.com/support/errata/RHSA-2002-127.html Christey> MANDRAKE:MDKSA-2002:040 ====================================================== Candidate: CAN-2002-0642 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0642 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020726 Assigned: 20020628 Category: CF Reference: MS:MS02-034 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-034.asp Reference: CERT:CA-2002-22 Reference: URL:http://www.cert.org/advisories/CA-2002-22.html Reference: CERT-VN:VU#796313 Reference: URL:http://www.kb.cert.org/vuls/id/796313 Reference: XF:mssql-registry-insecure-permissions(9523) Reference: URL:http://www.iss.net/security_center/static/9523.php Reference: BID:5205 Reference: URL:http://www.securityfocus.com/bid/5205 The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key." Modifications: ADDREF XF:mssql-registry-insecure-permissions(9523) ADDREF BID:5205 ADDREF CERT:CA-2002-22 ADDREF CERT-VN:VU#796313 INFERRED ACTION: CAN-2002-0642 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(2) Christey, Cox Voter Comments: Christey> XF:mssql-registry-insecure-permissions(9523) URL:http://www.iss.net/security_center/static/9523.php BID:5205 URL:http://www.securityfocus.com/bid/5205 CERT:CA-2002-22 CERT-VN:VU#796313 Frech> XF:mssql-registry-insecure-permissions(9523) ====================================================== Candidate: CAN-2002-0647 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0647 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020830 Assigned: 20020628 Category: SF Reference: MS:MS02-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp Reference: XF:ms-legacytext-activex-bo(9935) Reference: URL:http://www.iss.net/security_center/static/9935.php Reference: BID:5558 Reference: URL:http://www.securityfocus.com/bid/5558 Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control". Modifications: ADDREF XF:ms-legacytext-activex-bo(9935) ADDREF BID:5558 INFERRED ACTION: CAN-2002-0647 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-0648 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0648 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020830 Assigned: 20020628 Category: SF Reference: BUGTRAQ:20020823 Accessing remote/local content in IE (GM#009-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011639524314&w=2 Reference: MS:MS02-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp Reference: XF:ie-xml-redirect-read-files(9936) Reference: URL:http://www.iss.net/security_center/static/9936.php Reference: BID:5560 Reference: URL:http://www.securityfocus.com/bid/5560 The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file. Modifications: ADDREF XF:ie-xml-redirect-read-files(9936) ADDREF BID:5560 INFERRED ACTION: CAN-2002-0648 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong MODIFY(1) Foat NOOP(1) Cox Voter Comments: Foat> The description varies somewhat from the detailed references provided. The description indicates that this could lead to compromise of local files, while the other references (including Microsoft) indicate the problem is broader in scope. Suggest modifying the description to replace "redirects to a local file" to "redirects to another domain". ====================================================== Candidate: CAN-2002-0650 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0650 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020726 Assigned: 20020628 Category: SF Reference: BUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102760196931518&w=2 Reference: NTBUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102760479902411&w=2 Reference: MS:MS02-039 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-039.asp Reference: XF:mssql-resolution-keepalive-dos(9662) Reference: URL:http://www.iss.net/security_center/static/9662.php Reference: BID:5312 Reference: URL:http://www.securityfocus.com/bid/5312 The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop. Modifications: ADDREF XF:mssql-resolution-keepalive-dos(9662) ADDREF BID:5312 INFERRED ACTION: CAN-2002-0650 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(2) Christey, Cox Voter Comments: Christey> XF:mssql-resolution-keepalive-dos(9662) URL:http://www.iss.net/security_center/static/9662.php BID:5312 URL:http://www.securityfocus.com/bid/5312 Frech> XF:mssql-resolution-keepalive-dos(9662) ====================================================== Candidate: CAN-2002-0653 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020726 Assigned: 20020702 Category: SF Reference: VULN-DEV:20020622 Another flaw in Apache? Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102477330617604&w=2 Reference: BUGTRAQ:20020624 Apache mod_ssl off-by-one vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102513970919836&w=2 Reference: REDHAT:RHSA-2002:134 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-134.html Reference: CALDERA:CSSA-2002-031.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-031.0.txt Reference: MANDRAKE:MDKSA-2002:048 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-048.php Reference: DEBIAN:DSA-135 Reference: URL:http://www.debian.org/security/2002/dsa-135 Reference: ENGARDE:ESA-20020702-017 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102563469326072&w=2 Reference: SUSE:SuSE-SA:2002:028 Reference: URL:http://www.suse.de/de/security/2002_028_mod_ssl.html Reference: CONECTIVA:CLA-2002:504 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000504 Reference: BUGTRAQ:20020628 TSL-2002-0058 - apache/mod_ssl Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0350.html Reference: HP:HPSBTL0207-052 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0018.html Reference: BID:5084 Reference: URL:http://online.securityfocus.com/bid/5084 Reference: XF:apache-modssl-htaccess-bo(9415) Reference: URL:http://www.iss.net/security_center/static/9415.php Off-by-one buffer overflow in rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries. Modifications: ADDREF MANDRAKE:MDKSA-2002:048 ADDREF DEBIAN:DSA-135 ADDREF ENGARDE:ESA-20020702-017 ADDREF SUSE:SuSE-SA:2002:028 ADDREF CONECTIVA:CLA-2002:504 ADDREF BID:5084 ADDREF VULN-DEV:20020622 Another flaw in Apache? ADDREF BUGTRAQ:20020628 TSL-2002-0058 - apache/mod_ssl ADDREF XF:apache-modssl-htaccess-bo(9415) ADDREF HP:HPSBTL0207-052 INFERRED ACTION: CAN-2002-0653 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Wall, Cole NOOP(3) Christey, Cox, Foat Voter Comments: Christey> MANDRAKE:MDKSA-2002:048 Christey> ADDREF DEBIAN:DSA-135 ADDREF ENGARDE:ESA-20020702-017 ADDREF SUSE:SuSE-SA:2002:028 Add details to desc. ADDREF CONECTIVA:CLA-2002:504 ADDREF BID:5084 ADDREF VULN-DEV:20020622 Another flaw in Apache? BUGTRAQ:20020628 TSL-2002-0058 - apache/mod_ssl HP:HPSBTL0207-052 ====================================================== Candidate: CAN-2002-0658 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020830 Assigned: 20020702 Category: SF Reference: MANDRAKE:MDKSA-2002:045 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-045.php Reference: REDHAT:RHSA-2002:153 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-153.html Reference: REDHAT:RHSA-2002:154 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-154.html Reference: REDHAT:RHSA-2002:156 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-156.html Reference: REDHAT:RHSA-2002:164 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-164.html Reference: CALDERA:CSSA-2002-032.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-032.0.txt Reference: DEBIAN:DSA-137 Reference: URL:http://www.debian.org/security/2002/dsa-137 Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.007] OpenPKG Security Advisory (mm) Reference: HP:HPSBTL0208-056 Reference: URL:http://online.securityfocus.com/advisories/4392 Reference: FREEBSD:FreeBSD-SN-02:05 Reference: URL:http://online.securityfocus.com/advisories/4431 Reference: SUSE:SuSE-SA:2002:028 Reference: URL:http://www.suse.com/de/security/2002_028_mod_ssl.html Reference: XF:mm-tmpfile-symlink(9719) Reference: URL:http://www.iss.net/security_center/static/9719.php Reference: BID:5352 Reference: URL:http://online.securityfocus.com/bid/5352 OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack. Modifications: ADDREF REDHAT:RHSA-2002:156 INFERRED ACTION: CAN-2002-0658 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Wall, Cole MODIFY(1) Cox NOOP(1) Foat Voter Comments: Cox> ADDREF:RHSA-2002:163 RHSA-2002:156 RHSA-2002:154 ====================================================== Candidate: CAN-2002-0663 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0663 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020726 Assigned: 20020702 Category: SF Reference: ATSTAKE:A071502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a071502-1.txt Reference: VULNWATCH:20020715 Re: [VulnWatch] Advisory Name: Norton Personal Internet Firewall HTTP Proxy Vulnerability Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html Reference: XF:norton-fw-http-bo(9579) Reference: URL:http://www.iss.net/security_center/static/9579.php Reference: BID:5237 Reference: URL:http://www.securityfocus.com/bid/5237 Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request. Modifications: ADDREF XF:norton-fw-http-bo(9579) ADDREF BID:5237 ADDREF CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html INFERRED ACTION: CAN-2002-0663 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Prosser, Baker, Cole, Armstrong MODIFY(1) Frech NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> XF:norton-fw-http-bo(9579) URL:http://www.iss.net/security_center/static/9579.php BID:5237 URL:http://www.securityfocus.com/bid/5237 Baker> http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html Prosser> Validated with discovered and fixed by Symantec http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html Frech> XF:norton-fw-http-bo(9579) ====================================================== Candidate: CAN-2002-0665 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0665 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020726 Assigned: 20020704 Category: SF Reference: BUGTRAQ:20020628 wp-02-0009: Macromedia JRun Admin Server Authentication Bypass Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102529402127195&w=2 Reference: VULNWATCH:20020628 [VulnWatch] wp-02-0009: Macromedia JRun Admin Server Authentication Bypass Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.html Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23164 Reference: XF:jrun-forwardslash-auth-bypass(9450) Reference: URL:http://www.iss.net/security_center/static/9450.php Reference: BID:5118 Reference: URL:http://www.securityfocus.com/bid/5118 Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL. Modifications: ADDREF XF:jrun-forwardslash-auth-bypass(9450) ADDREF BID:5118 INFERRED ACTION: CAN-2002-0665 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Wall, Cole NOOP(3) Christey, Cox, Foat Voter Comments: Christey> XF:jrun-forwardslash-auth-bypass(9450) URL:http://www.iss.net/security_center/static/9450.php BID:5118 URL:http://www.securityfocus.com/bid/5118 ====================================================== Candidate: CAN-2002-0671 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0671 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020726 Assigned: 20020709 Category: SF Reference: ATSTAKE:A071202-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp Reference: XF:pingtel-xpressa-dns-spoofing(9566) Reference: URL:http://www.iss.net/security_center/static/9566.php Reference: BID:5224 Reference: URL:http://www.securityfocus.com/bid/5224 Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing. Modifications: ADDREF XF:pingtel-xpressa-dns-spoofing(9566) ADDREF BID:5224 INFERRED ACTION: CAN-2002-0671 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(5) Cox, Balinsky, Wall, Foat, Armstrong Voter Comments: Frech> XF:pingtel-xpressa-dns-spoofing(9566) ====================================================== Candidate: CAN-2002-0676 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0676 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020726 Assigned: 20020709 Category: SF Reference: BUGTRAQ:20020706 MacOS X SoftwareUpdate Vulnerability Reference: MISC:http://www.cunap.com/~hardingr/projects/osx/exploit.html Reference: XF:macos-softwareupdate-no-auth(9502) Reference: URL:http://www.iss.net/security_center/static/9502.php Reference: BID:5176 Reference: URL:http://www.securityfocus.com/bid/5176 SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates. Modifications: ADDREF XF:macos-softwareupdate-no-auth(9502) ADDREF BID:5176 INFERRED ACTION: CAN-2002-0676 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Balinsky, Cole, Armstrong MODIFY(1) Frech NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> XF:macos-softwareupdate-no-auth(9502) URL:http://www.iss.net/security_center/static/9502.php BID:5176 URL:http://www.securityfocus.com/bid/5176 Balinsky> Vendor addressed the vulnerable application. It isn't clear that this is the same problem, but it is likely. http://docs.info.apple.com/article.html?artnum=75304 Frech> XF:macos-softwareupdate-no-auth(9502) Christey> Since this CAN was reserved by Apple, I think we can safely say that they've acknowledged the bug ;-) ====================================================== Candidate: CAN-2002-0678 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0678 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030321-01 Proposed: 20020726 Assigned: 20020709 Category: SF Reference: BUGTRAQ:20020710 [CORE-20020528] Multiple vulnerabilities in ToolTalk Database server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102635906423617&w=2 Reference: CERT:CA-2002-20 Reference: URL:http://www.cert.org/advisories/CA-2002-20.html Reference: CERT-VN:VU#299816 Reference: URL:http://www.kb.cert.org/vuls/id/299816 Reference: HP:HPSBUX0207-199 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0011.html Reference: AIXAPAR:IY32368 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0002.html Reference: AIXAPAR:IY32370 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0002.html Reference: CALDERA:CSSA-2002-SCO.28 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.28/CSSA-2002-SCO.28.txt Reference: SGI:20021101-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021101-01-P Reference: XF:tooltalk-ttdbserverd-tttransaction-symlink(9527) Reference: URL:http://www.iss.net/security_center/static/9527.php Reference: BID:5083 Reference: URL:http://www.securityfocus.com/bid/5083 CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure. Modifications: ADDREF XF:tooltalk-ttdbserverd-tttransaction-symlink(9527) ADDREF BID:5083 ADDREF AIXAPAR:IY32368 ADDREF AIXAPAR:IY32370 ADDREF HP:HPSBUX0207-199 ADDREF SGI:20021101-01-P INFERRED ACTION: CAN-2002-0678 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong MODIFY(1) Frech NOOP(3) Christey, Cox, Foat Voter Comments: Christey> XF:tooltalk-ttdbserverd-tttransaction-symlink(9527) URL:http://www.iss.net/security_center/static/9527.php BID:5083 URL:http://www.securityfocus.com/bid/5083 HP:HPSBUX0207-199 URL:http://archives.neohapsis.com/archives/hp/2002-q3/0011.html Note: while the HP advisory discusses "buffer overflows," it specifically mentions CA-2002-20, and the text of the advisory is included in vendor statements for the CERT-VU's for both ToolTalk issues covered by CA-2002-20. AIXAPAR:IY32368 URL:http://archives.neohapsis.com/archives/aix/2002-q3/0002.html AIXAPAR:IY32370 URL:http://archives.neohapsis.com/archives/aix/2002-q3/0002.html Christey> HP:HPSBUX0207-199 URL:http://online.securityfocus.com/advisories/4290 Christey> SGI:20021101-01-P Frech> XF:tooltalk-ttdbserverd-tttransaction-symlink(9527) ====================================================== Candidate: CAN-2002-0679 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0679 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020709 Category: SF Reference: BUGTRAQ:20020812 ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Database Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102917002523536&w=2 Reference: CERT:CA-2002-26 Reference: URL:http://www.cert.org/advisories/CA-2002-26.html Reference: CERT-VN:VU#387387 Reference: URL:http://www.kb.cert.org/vuls/id/387387 Reference: CALDERA:CSSA-2002-SCO.28.1 Reference: COMPAQ:SSRT2274 Reference: AIXAPAR:IY32792 Reference: AIXAPAR:IY32793 Reference: HP:HPSBUX0207-199 Reference: URL:http://online.securityfocus.com/advisories/4290 Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity Reference: XF:tooltalk-ttdbserverd-ttcreatefile-bo(9822) Reference: URL:http://www.iss.net/security_center/static/9822.php Reference: BID:5444 Reference: URL:http://www.securityfocus.com/bid/5444 Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure. Modifications: ADDREF XF:tooltalk-ttdbserverd-ttcreatefile-bo(9822) ADDREF BID:5444 ADDREF HP:HPSBUX0207-199 ADDREF CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity INFERRED ACTION: CAN-2002-0679 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> XF:tooltalk-ttdbserverd-ttcreatefile-bo(9822) URL:http://www.iss.net/security_center/static/9822.php BID:5444 URL:http://www.securityfocus.com/bid/5444 HP:HPSBUX0207-199 URL:http://online.securityfocus.com/advisories/4290 CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity ====================================================== Candidate: CAN-2002-0685 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0685 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020726 Assigned: 20020711 Category: SF Reference: BUGTRAQ:20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102634756815773&w=2 Reference: NTBUGTRAQ:20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102639521518942&w=2 Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.04/hotfix/ReadMe.txt Reference: XF:pgp-outlook-heap-overflow(9525) Reference: URL:http://www.iss.net/security_center/static/9525.php Reference: BID:5202 Reference: URL:http://www.securityfocus.com/bid/5202 Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privileges via a large, malformed mail message. Modifications: ADDREF XF:pgp-outlook-heap-overflow(9525) ADDREF BID:5202 DESC Add "heap-based" to overflow term INFERRED ACTION: CAN-2002-0685 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong MODIFY(1) Frech NOOP(3) Christey, Cox, Foat Voter Comments: Christey> XF:pgp-outlook-heap-overflow(9525) URL:http://www.iss.net/security_center/static/9525.php BID:5202 URL:http://www.securityfocus.com/bid/5202 Frech> XF:pgp-outlook-heap-overflow(9525) ====================================================== Candidate: CAN-2002-0687 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0687 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020726 Assigned: 20020712 Category: SF Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert Reference: REDHAT:RHSA-2002:060 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-060.html Reference: BID:5813 Reference: URL:http://www.securityfocus.com/bid/5813 Reference: XF:zope-inject-headers-dos(9621) Reference: URL:http://www.iss.net/security_center/static/9621.php The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers. Modifications: ADDREF REDHAT:RHSA-2002:060 ADDREF BID:5813 ADDREF XF:zope-inject-headers-dos(9621) INFERRED ACTION: CAN-2002-0687 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Cox, Cole, Armstrong NOOP(3) Christey, Wall, Foat Voter Comments: Christey> REDHAT:RHSA-2002:060 URL:http://www.redhat.com/support/errata/RHSA-2002-060.html BID:5813 URL:http://www.securityfocus.com/bid/5813 ====================================================== Candidate: CAN-2002-0688 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0688 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020726 Assigned: 20020712 Category: SF Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert Reference: REDHAT:RHSA-2002:060 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-060.html Reference: BID:5812 Reference: URL:http://www.securityfocus.com/bid/5812 Reference: XF:zope-zcatalog-index-bypass(9610) Reference: URL:http://www.iss.net/security_center/static/9610.php ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes. Modifications: ADDREF REDHAT:RHSA-2002:060 ADDREF BID:5812 ADDREF XF:zope-zcatalog-index-bypass(9610) INFERRED ACTION: CAN-2002-0688 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> REDHAT:RHSA-2002:060 URL:http://www.redhat.com/support/errata/RHSA-2002-060.html BID:5812 URL:http://www.securityfocus.com/bid/5812 ====================================================== Candidate: CAN-2002-0691 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0691 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020712 Category: SF Reference: MS:MS02-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp Reference: XF:ie-local-resource-xss(9938) Reference: URL:http://www.iss.net/security_center/static/9938.php Reference: BID:5561 Reference: URL:http://www.securityfocus.com/bid/5561 Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource"as identified by CAN-2002-0189. Modifications: ADDREF XF:ie-local-resource-xss(9938) ADDREF BID:5561 INFERRED ACTION: CAN-2002-0691 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> XF:ie-local-resource-xss(9938) URL:http://www.iss.net/security_center/static/9938.php BID:5561 URL:http://www.securityfocus.com/bid/5561 ====================================================== Candidate: CAN-2002-0695 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0695 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020712 Category: SF Reference: MS:MS02-040 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-040.asp Reference: MISC:http://www.nextgenss.com/advisories/mssql-ors.txt Reference: XF:mssql-mdac-openrowset-bo(9734) Reference: URL:http://www.iss.net/security_center/static/9734.php Reference: BID:5372 Reference: URL:http://online.securityfocus.com/bid/5372 Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command. Modifications: ADDREF XF:mssql-mdac-openrowset-bo(9734) ADDREF MISC:http://www.nextgenss.com/advisories/mssql-ors.txt ADDREF BID:5372 INFERRED ACTION: CAN-2002-0695 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole NOOP(2) Christey, Cox Voter Comments: Christey> XF:mssql-mdac-openrowset-bo(9734) URL:http://www.iss.net/security_center/static/9734.php MISC:http://www.nextgenss.com/advisories/mssql-ors.txt BID:5372 URL:http://online.securityfocus.com/bid/5372 ====================================================== Candidate: CAN-2002-0697 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0697 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020726 Assigned: 20020712 Category: SF Reference: MS:MS02-036 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-036.asp Reference: XF:mms-data-repository-access(9657) Reference: URL:http://www.iss.net/security_center/static/9657.php Reference: BID:5308 Reference: URL:http://www.securityfocus.com/bid/5308 Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials. Modifications: ADDREF XF:mms-data-repository-access(9657) ADDREF BID:5308 INFERRED ACTION: CAN-2002-0697 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong MODIFY(1) Frech NOOP(3) Christey, Cox, Foat Voter Comments: Christey> XF:mms-data-repository-access(9657) URL:http://www.iss.net/security_center/static/9657.php BID:5308 URL:http://www.securityfocus.com/bid/5308 CHANGE> [Armstrong changed vote from NOOP to ACCEPT] Frech> XF:mms-data-repository-access(9657) ====================================================== Candidate: CAN-2002-0698 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0698 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020726 Assigned: 20020712 Category: SF Reference: ISS:20020724 Remote Buffer Overflow Vulnerability in Microsoft Exchange Server Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20759 Reference: MSKB:Q326322 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q326322 Reference: MS:MS02-037 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-037.asp Reference: XF:exchange-imc-ehlo-bo(9658) Reference: URL:http://www.iss.net/security_center/static/9658.php Reference: BID:5306 Reference: URL:http://www.securityfocus.com/bid/5306 Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response. Modifications: ADDREF XF:exchange-imc-ehlo-bo(9658) ADDREF BID:5306 INFERRED ACTION: CAN-2002-0698 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(2) Christey, Cox Voter Comments: Christey> XF:exchange-imc-ehlo-bo(9658) URL:http://www.iss.net/security_center/static/9658.php BID:5306 URL:http://www.securityfocus.com/bid/5306 Frech> XF:exchange-imc-ehlo-bo(9658) ====================================================== Candidate: CAN-2002-0700 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0700 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020712 Category: SF Reference: MS:MS02-041 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-041.asp Reference: XF:mcms-authentication-bo(9783) Reference: URL:http://www.iss.net/security_center/static/9783.php Reference: BID:5420 Reference: URL:http://www.securityfocus.com/bid/5420 Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise." Modifications: ADDREF XF:mcms-authentication-bo(9783) ADDREF BID:5420 INFERRED ACTION: CAN-2002-0700 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> XF:mcms-authentication-bo(9783) URL:http://www.iss.net/security_center/static/9783.php BID:5420 URL:http://www.securityfocus.com/bid/5420 ====================================================== Candidate: CAN-2002-0701 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0701 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020726 Assigned: 20020712 Category: SF Reference: FREEBSD:FreeBSD-SA-02:30 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102650797504351&w=2 Reference: OPENBSD:20020627 009: SECURITY FIX: June 27, 2002 Reference: URL:http://www.openbsd.org/errata.html#ktrace Reference: XF:openbsd-ktrace-gain-privileges(9474) Reference: URL:http://www.iss.net/security_center/static/9474.php Reference: BID:5133 Reference: URL:http://www.securityfocus.com/bid/5133 ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges. Modifications: ADDREF XF:openbsd-ktrace-gain-privileges(9474) ADDREF BID:5133 INFERRED ACTION: CAN-2002-0701 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> XF:openbsd-ktrace-gain-privileges(9474) URL:http://www.iss.net/security_center/static/9474.php BID:5133 URL:http://www.securityfocus.com/bid/5133 ====================================================== Candidate: CAN-2002-0703 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0703 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020716 Category: SF Reference: REDHAT:RHSA-2002:081 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-081.html Reference: MANDRAKE:MDKSA-2002:035 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-035.php Reference: XF:linux-utf8-incorrect-md5(9051) Reference: URL:http://www.iss.net/security_center/static/9051.php Reference: BID:4716 Reference: URL:http://www.securityfocus.com/bid/4716 An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data. INFERRED ACTION: CAN-2002-0703 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong NOOP(1) Foat ====================================================== Candidate: CAN-2002-0704 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0704 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020716 Category: SF Reference: BUGTRAQ:20020508 [CARTSA-20020402] Linux Netfilter NAT/ICMP code information leak Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102088521517722&w=2 Reference: REDHAT:RHSA-2002:086 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-086.html Reference: MANDRAKE:MDKSA-2002:030 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-030.php Reference: HP:HPSBTL0205-039 Reference: URL:http://online.securityfocus.com/advisories/4116 Reference: XF:linux-netfilter-information-leak(9043) Reference: URL:http://www.iss.net/security_center/static/9043.php Reference: BID:4699 Reference: URL:http://www.securityfocus.com/bid/4699 The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages. INFERRED ACTION: CAN-2002-0704 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong NOOP(1) Foat ====================================================== Candidate: CAN-2002-0710 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0710 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020718 Category: SF Reference: BUGTRAQ:20020730 Directory traversal vulnerability in sendform.cgi Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102809084218422&w=2 Reference: VULNWATCH:20020731 [VulnWatch] Directory traversal vulnerability in sendform.cgi Reference: CONFIRM:http://www.scn.org/~bb615/scripts/sendform.html Reference: XF:sendform-blurbfile-directory-traversal(9725) Reference: URL:http://www.iss.net/security_center/static/9725.php Reference: BID:5286 Reference: URL:http://www.securityfocus.com/bid/5286 Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter. Modifications: ADDREF XF:sendform-blurbfile-directory-traversal(9725) ADDREF BID:5286 INFERRED ACTION: CAN-2002-0710 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> XF:sendform-blurbfile-directory-traversal(9725) URL:http://www.iss.net/security_center/static/9725.php ====================================================== Candidate: CAN-2002-0714 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0714 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020726 Assigned: 20020720 Category: SF Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_3.txt Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/ Reference: REDHAT:RHSA-2002:051 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-051.html Reference: REDHAT:RHSA-2002:130 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-130.html Reference: SUSE:SuSE-SA:2002:025 Reference: CALDERA:CSSA-2002-046.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt Reference: CONECTIVA:CLA-2002:506 Reference: MANDRAKE:MDKSA-2002:044 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php Reference: BUGTRAQ:20020715 TSLSA-2002-0062 - squid Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102674543407606&w=2 Reference: XF:squid-ftp-data-injection(9479) Reference: URL:http://www.iss.net/security_center/static/9479.php Reference: BID:5158 Reference: URL:http://www.securityfocus.com/bid/5158 FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses. Modifications: ADDREF XF:squid-ftp-data-injection(9479) ADDREF CALDERA:CSSA-2002-046.0 ADDREF REDHAT:RHSA-2002:051 INFERRED ACTION: CAN-2002-0714 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong MODIFY(1) Frech NOOP(2) Christey, Foat Voter Comments: Frech> XF:squid-ftp-data-injection(9479) Christey> REDHAT:RHSA-2002:051 URL:http://rhn.redhat.com/errata/RHSA-2002-051.html ====================================================== Candidate: CAN-2002-0716 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0716 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020726 Assigned: 20020722 Category: SF Reference: BUGTRAQ:20020604 SRT Security Advisory (SRT2002-06-04-1711): SCO crontab Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102323070305101&w=2 Reference: VULN-DEV:20020604 SRT Security Advisory (SRT2002-06-04-1711): SCO crontab Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102323386107641&w=2 Reference: CALDERA:CSSA-2002-SCO.35 Reference: BID:4938 Reference: URL:http://www.securityfocus.com/bid/4938 Reference: XF:openserver-crontab-format-string(9271) Reference: URL:http://www.iss.net/security_center/static/9271.php Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument. Modifications: ADDREF BID:4938 ADDREF XF:openserver-crontab-format-string(9271) INFERRED ACTION: CAN-2002-0716 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> BID:4938 URL:http://www.securityfocus.com/bid/4938 XF:openserver-crontab-format-string(9271) URL:http://www.iss.net/security_center/static/9271.php ====================================================== Candidate: CAN-2002-0718 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0718 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020722 Category: SF Reference: MS:MS02-041 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-041.asp Reference: BID:5421 Reference: URL:http://www.securityfocus.com/bid/5421 Reference: XF:mcms-authoring-file-execution(9784) Reference: URL:http://www.iss.net/security_center/static/9784.php Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function." Modifications: ADDREF BID:5421 ADDREF XF:mcms-authoring-file-execution(9784) INFERRED ACTION: CAN-2002-0718 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> BID:5421 URL:http://www.securityfocus.com/bid/5421 XF:mcms-authoring-file-execution(9784) URL:http://www.iss.net/security_center/static/9784.php ====================================================== Candidate: CAN-2002-0719 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0719 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020722 Category: SF Reference: MS:MS02-041 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-041.asp Reference: BID:5422 Reference: URL:http://www.securityfocus.com/bid/5422 Reference: XF:mcms-resource-sql-injection(9785) Reference: URL:http://www.iss.net/security_center/static/9785.php SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files. Modifications: ADDREF BID:5422 ADDREF XF:mcms-resource-sql-injection(9785) INFERRED ACTION: CAN-2002-0719 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> BID:5422 URL:http://www.securityfocus.com/bid/5422 XF:mcms-resource-sql-injection(9785) URL:http://www.iss.net/security_center/static/9785.php ====================================================== Candidate: CAN-2002-0720 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0720 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020722 Category: SF Reference: MS:MS02-042 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-042.asp Reference: XF:win2k-ncm-gain-privileges(9856) Reference: URL:http://www.iss.net/security_center/static/9856.php Reference: BID:5480 Reference: URL:http://www.securityfocus.com/bid/5480 A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code. Modifications: ADDREF XF:win2k-ncm-gain-privileges(9856) ADDREF BID:5480 DESC add OS INFERRED ACTION: CAN-2002-0720 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> XF:win2k-ncm-gain-privileges(9856) URL:http://www.iss.net/security_center/static/9856.php BID:5480 URL:http://www.securityfocus.com/bid/5480 ====================================================== Candidate: CAN-2002-0722 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0722 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020722 Category: SF Reference: BUGTRAQ:20020828 Origin of downloaded files can be spoofed in MSIE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103054692223380&w=2 Reference: MS:MS02-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp Reference: XF:ie-file-origin-spoofing(9937) Reference: URL:http://www.iss.net/security_center/static/9937.php Reference: BID:5559 Reference: URL:http://www.securityfocus.com/bid/5559 Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing." Modifications: ADDREF XF:ie-file-origin-spoofing(9937) ADDREF BID:5559 INFERRED ACTION: CAN-2002-0722 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> XF:ie-file-origin-spoofing(9937) URL:http://www.iss.net/security_center/static/9937.php BID:5559 URL:http://www.securityfocus.com/bid/5559 ====================================================== Candidate: CAN-2002-0726 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0726 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020722 Category: SF Reference: ATSTAKE:A082802-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a082802-1.txt Reference: MS:MS02-046 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-046.asp Reference: XF:ms-tsac-activex-bo(9934) Reference: URL:http://www.iss.net/security_center/static/9934.php Reference: BID:5554 Reference: URL:http://www.securityfocus.com/bid/5554 Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field. Modifications: ADDREF XF:ms-tsac-activex-bo(9934) ADDREF BID:5554 INFERRED ACTION: CAN-2002-0726 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> XF:ms-tsac-activex-bo(9934) URL:http://www.iss.net/security_center/static/9934.php BID:5554 URL:http://www.securityfocus.com/bid/5554 ====================================================== Candidate: CAN-2002-0727 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0727 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020722 Category: SF Reference: MS:MS02-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-044.asp Reference: BUGTRAQ:20020408 Scripting for the scriptless with OWC in IE (GM#005-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101829645415486&w=2 Reference: XF:owc-spreadsheet-host-script-execution (8777) Reference: URL:http://www.iss.net/security_center/static/8777.php Reference: BID:4449 Reference: URL:http://online.securityfocus.com/bid/4449 The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method. INFERRED ACTION: CAN-2002-0727 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong NOOP(2) Cox, Foat ====================================================== Candidate: CAN-2002-0733 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0733 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: VULNWATCH:20020417 Smalls holes on 5 products #1 Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html Reference: CONFIRM:http://www.acme.com/software/thttpd/#releasenotes Reference: MISC:http://www.ifrance.com/kitetoua/tuto/5holes1.txt Reference: XF:thttpd-error-page-css(9029) Reference: URL:http://www.iss.net/security_center/static/9029.php Reference: BID:4601 Reference: URL:http://www.securityfocus.com/bid/4601 Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message. INFERRED ACTION: CAN-2002-0733 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0734 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0734 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020506 b2 php remote command execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0027.html Reference: CONFIRM:http://cafelog.com/ Reference: BID:4673 Reference: URL:http://www.securityfocus.com/bid/4673 Reference: XF:b2-b2inc-command-execution(9013) Reference: URL:http://www.iss.net/security_center/static/9013.php b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server. Modifications: DESC remove "Trojan horse" terminology INFERRED ACTION: CAN-2002-0734 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0736 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0736 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020416 Back Office Web Administrator Authentication Bypass (#NISR17042002A) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html Reference: MSKB:Q316838 Reference: URL:http://support.microsoft.com/support/kb/articles/q316/8/38.asp Reference: BID:4528 Reference: URL:http://www.securityfocus.com/bid/4528 Reference: XF:backoffice-bypass-authentication(8862) Reference: URL:http://www.iss.net/security_center/static/8862.php Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank. INFERRED ACTION: CAN-2002-0736 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-0737 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0737 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020417 KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass Reference: URL:http://online.securityfocus.com/archive/1/268121 Reference: VULNWATCH:20020417 [VulnWatch] KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0026.html Reference: CONFIRM:http://www.sambar.com/security.htm Reference: XF:sambar-script-source-disclosure(8876) Reference: URL:http://www.iss.net/security_center/static/8876.php Reference: BID:4533 Reference: URL:http://www.securityfocus.com/bid/4533 Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character. INFERRED ACTION: CAN-2002-0737 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0738 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0738 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0260.html Reference: CONFIRM:http://www.mhonarc.org/MHonArc/CHANGES Reference: DEBIAN:DSA-163 Reference: URL:http://www.debian.org/security/2002/dsa-163 Reference: XF:mhonarc-script-filtering-bypass(8894) Reference: URL:http://www.iss.net/security_center/static/8894.php Reference: BID:4546 Reference: URL:http://www.securityfocus.com/bid/4546 MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax. Modifications: ADDREF DEBIAN:DSA-163 INFERRED ACTION: CAN-2002-0738 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> DEBIAN:DSA-163 ====================================================== Candidate: CAN-2002-0741 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0741 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020423 PsyBNC Remote Dos POC Reference: URL:http://online.securityfocus.com/archive/1/269131 Reference: BUGTRAQ:20020422 Re: psyBNC 2.3 DoS / Bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0322.html Reference: BID:4570 Reference: URL:http://www.securityfocus.com/bid/4570 Reference: XF:psybnc-long-password-dos(8912) Reference: URL:http://www.iss.net/security_center/static/8912.php psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC. INFERRED ACTION: CAN-2002-0741 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole NOOP(4) Cox, Wall, Foat, Armstrong ====================================================== Candidate: CAN-2002-0748 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0748 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020423 LabVIEW Web Server DoS Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0323.html Reference: CONFIRM:http://digital.ni.com/public.nsf/websearch/4C3F86E655E5389886256BA00064B22F?OpenDocument Reference: XF:labview-http-get-dos(8919) Reference: URL:http://www.iss.net/security_center/static/8919.php Reference: BID:4577 Reference: URL:http://www.securityfocus.com/bid/4577 LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations. INFERRED ACTION: CAN-2002-0748 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0754 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0754 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020726 Assigned: 20020725 Category: SF Reference: FREEBSD:FreeBSD-SA-02:07 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc Reference: BID:3919 Reference: URL:http://www.securityfocus.com/bid/3919 Reference: XF:kerberos5-k5su-elevate-privileges(7956) Reference: URL:http://www.iss.net/security_center/static/7956.php Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them. Modifications: DESC clarify INFERRED ACTION: CAN-2002-0754 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> need to rewrite desc to make a little more clear. ====================================================== Candidate: CAN-2002-0755 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0755 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: FREEBSD:FreeBSD-SA-02:24 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc Reference: BID:4777 Reference: URL:http://www.securityfocus.com/bid/4777 Reference: XF:freebsd-k5su-gain-privileges(9125) Reference: URL:http://www.iss.net/security_center/static/9125.php Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root. INFERRED ACTION: CAN-2002-0755 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0758 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0758 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: SUSE:SuSE-SA:2002:016 Reference: URL:http://www.suse.de/de/support/security/2002_016_sysconfig_txt.html Reference: BID:4695 Reference: URL:http://www.securityfocus.com/bid/4695 Reference: XF:suse-sysconfig-command-execution(9040) Reference: URL:http://www.iss.net/security_center/static/9040.php ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file. INFERRED ACTION: CAN-2002-0758 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0759 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0759 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020726 Assigned: 20020725 Category: SF Reference: FREEBSD:FreeBSD-SA-02:25 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc Reference: CALDERA:CSSA-2002-039.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt Reference: XF:bzip2-decompression-file-overwrite(9126) Reference: URL:http://www.iss.net/security_center/static/9126.php Reference: BID:4774 Reference: URL:http://www.securityfocus.com/bid/4774 bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive. Modifications: ADDREF CALDERA:CSSA-2002-039.0 DESC add OpenLinux to desc INFERRED ACTION: CAN-2002-0759 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Cox, Cole, Armstrong NOOP(3) Christey, Wall, Foat Voter Comments: Christey> CALDERA:CSSA-2002-039.0 ====================================================== Candidate: CAN-2002-0760 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0760 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020726 Assigned: 20020725 Category: SF Reference: FREEBSD:FreeBSD-SA-02:25 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc Reference: CALDERA:CSSA-2002-039.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt Reference: BID:4775 Reference: URL:http://www.securityfocus.com/bid/4775 Reference: XF:bzip2-decompression-race-condition(9127) Reference: URL:http://www.iss.net/security_center/static/9127.php Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed. Modifications: DESC add OpenLinux ADDREF CALDERA:CSSA-2002-039.0 INFERRED ACTION: CAN-2002-0760 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Cox, Cole, Armstrong NOOP(3) Christey, Wall, Foat Voter Comments: Christey> CALDERA:CSSA-2002-039.0 ====================================================== Candidate: CAN-2002-0761 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0761 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020726 Assigned: 20020725 Category: SF Reference: FREEBSD:FreeBSD-SA-02:25 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc Reference: CALDERA:CSSA-2002-039.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt Reference: XF:bzip2-compression-symlink(9128) Reference: URL:http://www.iss.net/security_center/static/9128.php Reference: BID:4776 Reference: URL:http://www.securityfocus.com/bid/4776 bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended. Modifications: DESC add OpenLinux ADDREF CALDERA:CSSA-2002-039.0 INFERRED ACTION: CAN-2002-0761 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Cox, Cole, Armstrong NOOP(3) Christey, Wall, Foat Voter Comments: Christey> CALDERA:CSSA-2002-039.0 ====================================================== Candidate: CAN-2002-0762 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0762 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: SUSE:SuSE-SA:2002:017 Reference: URL:http://www.suse.de/de/support/security/2002_17_shadow.html Reference: XF:suse-shadow-filesize-limits(9102) Reference: URL:http://www.iss.net/security_center/static/9102.php Reference: BID:4757 Reference: URL:http://www.securityfocus.com/bid/4757 shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files. INFERRED ACTION: CAN-2002-0762 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0765 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0765 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020527 OpenSSH 3.2.3 released (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html Reference: OPENBSD:20020522 004: SECURITY FIX: May 22, 2002 Reference: URL:http://www.openbsd.org/errata.html#sshbsdauth Reference: BID:4803 Reference: URL:http://www.securityfocus.com/bid/4803 Reference: XF:bsd-sshd-authentication-error(9215) Reference: URL:http://www.iss.net/security_center/static/9215.php sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password. INFERRED ACTION: CAN-2002-0765 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Foat, Cole, Armstrong NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0766 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0766 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: VULNWATCH:20020509 [VulnWatch] OpenBSD local DoS and root exploit Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0066.html Reference: BUGTRAQ:20020509 OpenBSD local DoS and root exploit Reference: URL:http://online.securityfocus.com/archive/1/271702 Reference: OPENBSD:20020508 003: SECURITY FIX: May 8, 2002 Reference: URL:http://www.openbsd.org/errata.html#fdalloc2 Reference: XF:openbsd-file-descriptor-dos(9048) Reference: URL:http://www.iss.net/security_center/static/9048.php OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor. INFERRED ACTION: CAN-2002-0766 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0768 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0768 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: Reference: SUSE:SuSE-SA:2002:018 Reference: URL:http://www.suse.com/de/support/security/2002_18_lukemftp.html Reference: XF:lukemftp-pasv-bo(9130) Reference: URL:http://www.iss.net/security_center/static/9130.php Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command. INFERRED ACTION: CAN-2002-0768 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0776 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0776 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020713 Hosting Controller Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/282129 Reference: CONFIRM:http://hostingcontroller.com/english/logs/sp2log.html Reference: XF:hosting-controller-password-modification(9554) Reference: URL:http://www.iss.net/security_center/static/9554.php Reference: BID:5229 Reference: URL:http://www.securityfocus.com/bid/5229 getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix. Modifications: ADDREF XF:hosting-controller-password-modification(9554) ADDREF BID:5229 INFERRED ACTION: CAN-2002-0776 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Balinsky, Cole MODIFY(1) Frech NOOP(4) Cox, Wall, Foat, Armstrong Voter Comments: Frech> XF:hosting-controller-password-modification(9554) ====================================================== Candidate: CAN-2002-0777 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0777 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020520 Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html Reference: XF:imail-ldap-bo(9116) Reference: URL:http://www.iss.net/security_center/static/9116.php Reference: BID:4780 Reference: URL:http://www.securityfocus.com/bid/4780 Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter. INFERRED ACTION: CAN-2002-0777 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0778 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0778 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: CF Reference: CISCO:20020528 Transparent Cache Engine and Content Engine TCP Relay Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/transparentcache-tcp-relay-vuln-pub.shtml Reference: XF:cisco-cache-content-tcp-forward(9082) Reference: URL:http://www.iss.net/security_center/static/9082.php Reference: BID:4751 Reference: URL:http://www.securityfocus.com/bid/4751 The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP. INFERRED ACTION: CAN-2002-0778 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Foat, Cole, Armstrong NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0785 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0785 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020508 Hole in AOL Instant Messenger Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0086.html Reference: XF:aim-addbuddy-bo(9058) Reference: URL:http://www.iss.net/security_center/static/9058.php Reference: BID:4709 Reference: URL:http://www.securityfocus.com/bid/4709 AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow. INFERRED ACTION: CAN-2002-0785 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong NOOP(2) Cox, Foat ====================================================== Candidate: CAN-2002-0788 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0788 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020508 NTFS and PGP interact to expose EFS encrypted data Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0052.html Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt Reference: XF:pgp-ntfs-reveal-data(9044) Reference: URL:http://www.iss.net/security_center/static/9044.php Reference: BID:4702 Reference: URL:http://www.securityfocus.com/bid/4702 An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information. INFERRED ACTION: CAN-2002-0788 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0789 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0789 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020511 Bug in mnogosearch-3.1.19 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0092.html Reference: CONFIRM:http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz Reference: MISC:http://www.mnogosearch.org/history.html#log31 Reference: BID:4724 Reference: URL:http://www.securityfocus.com/bid/4724 Reference: XF:mnogosearch-search-cgi-bo(9060) Reference: URL:http://www.iss.net/security_center/static/9060.php Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter. INFERRED ACTION: CAN-2002-0789 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0790 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0790 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: AIXAPAR:IY24556 Reference: URL:http://techsupport.services.ibm.com/server/aix.uhuic_getrec?args=DVsteamboat.boulder.ibm.com+DBAIX2+DA6854+STIY24556+USbin clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges. INFERRED ACTION: CAN-2002-0790 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole NOOP(4) Cox, Wall, Foat, Armstrong ====================================================== Candidate: CAN-2002-0794 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0794 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: FREEBSD:FreeBSD-SA-02:26 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2002-05/0349.html Reference: BID:4879 Reference: URL:http://www.securityfocus.com/bid/4879 Reference: XF:freebsd-accept-filter-dos(9209) Reference: URL:http://www.iss.net/security_center/static/9209.php The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue. INFERRED ACTION: CAN-2002-0794 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0795 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0795 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: FREEBSD:FreeBSD-SA-02:27 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc Reference: XF:freebsd-rc-delete-directories(9217) Reference: URL:http://www.iss.net/security_center/static/9217.php Reference: BID:4880 Reference: URL:http://www.securityfocus.com/bid/4880 The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files. INFERRED ACTION: CAN-2002-0795 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0801 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0801 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: VULNWATCH:20020529 [VulnWatch] FW: Macromedia JRUN Buffer overflow vulnerability (#NISR29052002) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0085.html Reference: BUGTRAQ:20020529 Addendum to advisory #NISR29052002 (JRun buffer overflow) Reference: URL:http://online.securityfocus.com/archive/1/274601 Reference: BUGTRAQ:20020529 Macromedia JRUN Buffer overflow vulnerability (#NISR29052002) Reference: URL:http://online.securityfocus.com/archive/1/274528 Reference: CERT-VN:VU#703835 Reference: URL:http://www.kb.cert.org/vuls/id/703835 Reference: CERT:CA-2002-14 Reference: URL:http://www.cert.org/advisories/CA-2002-14.html Reference: XF:jrun-isapi-host-bo(9194) Reference: URL:http://www.iss.net/security_center/static/9194.php Reference: BID:4873 Reference: URL:http://www.securityfocus.com/bid/4873 Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file. INFERRED ACTION: CAN-2002-0801 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Wall NOOP(2) Cox, Foat ====================================================== Candidate: CAN-2002-0802 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0802 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020729 Category: SF Reference: MISC:http://marc.theaimsgroup.com/?l=postgresql-general&m=102032794322362 Reference: REDHAT:RHSA-2002:149 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-149.html Reference: XF:postgresql-sqlascii-sql-injection(10328) Reference: URL:http://www.iss.net/security_center/static/10328.php The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks. Modifications: ADDREF REDHAT:RHSA-2002:149 ADDREF XF:postgresql-sqlascii-sql-injection(10328) INFERRED ACTION: CAN-2002-0802 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Alderson, Baker, Jones MODIFY(2) Frech, Cox NOOP(1) Foat Voter Comments: Cox> ADDREF:REDHAT:RHSA-2002:149 Frech> XF:postgresql-sqlascii-sql-injection(10328) ====================================================== Candidate: CAN-2002-0804 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0804 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 Prior To 2.14.2, 2.16 Prior To 2.16rc2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=129466 Reference: REDHAT:RHSA-2002:109 Reference: BID:4964 Reference: URL:http://online.securityfocus.com/bid/4964 Reference: XF:bugzilla-reversedns-hostname-spoof(9301) Reference: URL:http://www.iss.net/security_center/static/9301.php Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname. Modifications: ADDREF XF:bugzilla-reversedns-hostname-spoof(9301) INFERRED ACTION: CAN-2002-0804 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Wall MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:bugzilla-reversedns-hostname-spoof(9301) ====================================================== Candidate: CAN-2002-0805 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0805 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=134575 Reference: REDHAT:RHSA-2002:109 Reference: BID:4964 Reference: URL:http://online.securityfocus.com/bid/4964 Reference: XF:bugzilla-world-writable-dir(9302) Reference: URL:http://www.iss.net/security_center/static/9302.php Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. Modifications: ADDREF XF:bugzilla-world-writable-dir(9302) INFERRED ACTION: CAN-2002-0805 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Wall MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:bugzilla-world-writable-dir(9302) ====================================================== Candidate: CAN-2002-0806 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0806 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=141557 Reference: REDHAT:RHSA-2002:109 Reference: BID:4964 Reference: URL:http://online.securityfocus.com/bid/4964 Reference: XF:bugzilla-edituser-user-delete(9303) Reference: URL:http://www.iss.net/security_center/static/9303.php Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option. Modifications: ADDREF XF:bugzilla-edituser-user-delete(9303) INFERRED ACTION: CAN-2002-0806 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Wall MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:bugzilla-edituser-user-delete(9303) ====================================================== Candidate: CAN-2002-0808 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0808 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=107718 Reference: REDHAT:RHSA-2002:109 Reference: BID:4964 Reference: URL:http://online.securityfocus.com/bid/4964 Reference: XF:bugzilla-masschange-change-groupset(9305) Reference: URL:http://www.iss.net/security_center/static/9305.php Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs. Modifications: ADDREF XF:bugzilla-masschange-change-groupset(9305) INFERRED ACTION: CAN-2002-0808 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Wall MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:bugzilla-masschange-change-groupset(9305) ====================================================== Candidate: CAN-2002-0809 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0809 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=148674 Reference: REDHAT:RHSA-2002:109 Reference: BID:4964 Reference: URL:http://online.securityfocus.com/bid/4964 Reference: XF:bugzilla-group-permissions-removal(10141) Reference: URL:http://www.iss.net/security_center/static/10141.php Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. Modifications: ADDREF XF:bugzilla-group-permissions-removal(10141) INFERRED ACTION: CAN-2002-0809 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Wall MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF: bugzilla-group-permissions-removal(10141) ====================================================== Candidate: CAN-2002-0810 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0810 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=92263 Reference: REDHAT:RHSA-2002:109 Reference: BID:4964 Reference: URL:http://online.securityfocus.com/bid/4964 Reference: XF:bugzilla-shadow-database-information(9306) Reference: URL:http://www.iss.net/security_center/static/9306.php Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. Modifications: ADDREF XF:bugzilla-shadow-database-information(9306) INFERRED ACTION: CAN-2002-0810 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Wall MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:bugzilla-shadow-database-information(9306) ====================================================== Candidate: CAN-2002-0813 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0813 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020730 Category: SF Reference: BUGTRAQ:20020727 Phenoelit Advisory, 0815 ++ * - Cisco_tftp Reference: URL:http://online.securityfocus.com/archive/1/284634 Reference: CISCO:20020730 TFTP Long Filename Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml Reference: BUGTRAQ:20020822 Cisco IOS exploit PoC Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103002169829669&w=2 Reference: XF:cisco-tftp-filename-bo(9700) Reference: URL:http://www.iss.net/security_center/static/9700.php Reference: BID:5328 Reference: URL:http://www.securityfocus.com/bid/5328 Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename. INFERRED ACTION: CAN-2002-0813 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Wall NOOP(2) Cox, Foat ====================================================== Candidate: CAN-2002-0814 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0814 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020730 Category: SF Reference: BUGTRAQ:20020724 VMware GSX Server Remote Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102752511030425&w=2 Reference: BUGTRAQ:20020726 Re: VMware GSX Server Remote Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102765223418716&w=2 Reference: NTBUGTRAQ:20020805 VMware GSX Server 2.0.1 Release and Security Alert Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0057.html Reference: CONFIRM:http://www.vmware.com/download/gsx_security.html Reference: XF:vmware-gsx-auth-bo(9663) Reference: URL:http://www.iss.net/security_center/static/9663.php Reference: BID:5294 Reference: URL:http://www.securityfocus.com/bid/5294 Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument. INFERRED ACTION: CAN-2002-0814 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Foat NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0816 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0816 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020731 Category: SF Reference: BUGTRAQ:20020719 tru64 proof of concept /bin/su non-exec bypass Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102709593117171&w=2 Reference: COMPAQ:SSRT2257 Reference: URL:http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html Reference: BID:5272 Reference: URL:http://online.securityfocus.com/bid/5272 Reference: XF:tru64-su-bo(9640) Reference: URL:http://www.iss.net/security_center/static/9640.php Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument. INFERRED ACTION: CAN-2002-0816 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Cole, Baker NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0817 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0817 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020801 Category: SF Reference: BUGTRAQ:20020731 The SUPER Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102812622416695&w=2 Reference: VULNWATCH:20020730 The SUPER Bug Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0045.html Reference: DEBIAN:DSA-139 Reference: URL:http://www.debian.org/security/2002/dsa-139 Reference: XF:super-syslog-format-string(9741) Reference: URL:http://www.iss.net/security_center/static/9741.php Reference: BID:5367 Reference: URL:http://www.securityfocus.com/bid/5367 Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument. Modifications: ADDREF VULNWATCH:20020730 [VulnWatch] The SUPER Bug ADDREF XF:super-syslog-format-string(9741) ADDREF BID:5367 INFERRED ACTION: CAN-2002-0817 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Wall NOOP(3) Christey, Cox, Foat Voter Comments: Christey> XF:super-syslog-format-string(9741) URL:http://www.iss.net/security_center/static/9741.php VULNWATCH:20020730 [VulnWatch] The SUPER Bug URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0045.html BID:5367 URL:http://www.securityfocus.com/bid/5367 ====================================================== Candidate: CAN-2002-0818 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0818 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020801 Category: SF Reference: BUGTRAQ:20020718 wwwoffle-2.7b and prior segfaults with negative Content-Length value Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0194.html Reference: SUSE:SuSE-SA:2002:029 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102821890317683&w=2 Reference: DEBIAN:DSA-144 Reference: URL:http://www.debian.org/security/2002/dsa-144 Reference: CALDERA:CSSA-2002-048.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-048.0.txt Reference: XF:wwwoffle-neg-length-bo(9619) Reference: URL:http://www.iss.net/security_center/static/9619.php Reference: BID:5260 Reference: URL:http://www.securityfocus.com/bid/5260 wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value. Modifications: ADDREF CALDERA:CSSA-2002-048.0 INFERRED ACTION: CAN-2002-0818 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> CALDERA:CSSA-2002-048.0 ====================================================== Candidate: CAN-2002-0823 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0823 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020802 Category: SF Reference: BUGTRAQ:20020801 Winhelp32 Remote Buffer Overrun Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102822806329440&w=2 Reference: NTBUGTRAQ:20020801 Winhlp32.exe Remote BufferOverrun Reference: MSKB:Q293338 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;en-us;q293338 Reference: XF:htmlhelp-item-bo(9746) Reference: URL:http://www.iss.net/security_center/static/9746.php Reference: BID:4857 Reference: URL:http://www.securityfocus.com/bid/4857 Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter. Modifications: ADDREF XF:htmlhelp-item-bo(9746) ADDREF BID:4857 INFERRED ACTION: CAN-2002-0823 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Wall NOOP(3) Christey, Cox, Foat Voter Comments: Christey> XF:htmlhelp-item-bo(9746) URL:http://www.iss.net/security_center/static/9746.php BID:4857 URL:http://www.securityfocus.com/bid/4857 MSKB:Q293338 URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q293338 ====================================================== Candidate: CAN-2002-0824 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0824 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020803 Category: SF Reference: FREEBSD:FreeBSD-SA-02:32.pppd Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102812546815606&w=2 Reference: NETBSD:NetBSD-SA2002-010 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-010.txt.asc Reference: OPENBSD:20020729 011: SECURITY FIX: July 29, 2002 Reference: URL:http://www.openbsd.org/errata31.html Reference: XF:pppd-race-condition(9738) Reference: URL:http://www.iss.net/security_center/static/9738.php Reference: BID:5355 Reference: URL:http://www.securityfocus.com/bid/5355 BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device. Modifications: DESC Add "BSD" ADDREF XF:pppd-race-condition(9738) ADDREF BID:5355 ADDREF OPENBSD:20020729 011: SECURITY FIX: July 29, 2002 INFERRED ACTION: CAN-2002-0824 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Cole, Baker MODIFY(1) Cox NOOP(3) Christey, Wall, Foat Voter Comments: Cox> change to "BSD pppd" Christey> XF:pppd-race-condition(9738) URL:http://www.iss.net/security_center/static/9738.php BID:5355 URL:http://www.securityfocus.com/bid/5355 ====================================================== Candidate: CAN-2002-0826 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0826 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020806 Category: SF Reference: ATSTAKE:A080802-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a080802-1.txt Reference: CONFIRM:http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html Reference: XF:wsftp-site-cpwd-bo(9794) Reference: URL:http://www.iss.net/security_center/static/9794.php Reference: BID:5427 Reference: URL:http://www.securityfocus.com/bid/5427 Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command. Modifications: ADDREF XF:wsftp-site-cpwd-bo(9794) ADDREF BID:5427 INFERRED ACTION: CAN-2002-0826 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Wall NOOP(3) Christey, Cox, Foat Voter Comments: Christey> XF:wsftp-site-cpwd-bo(9794) URL:http://www.iss.net/security_center/static/9794.php BID:5427 URL:http://www.securityfocus.com/bid/5427 ====================================================== Candidate: CAN-2002-0829 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0829 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030324-01 Proposed: 20020830 Assigned: 20020806 Category: SF Reference: FREEBSD:FreeBSD-SA-02:35.ffs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865404413458&w=2 Reference: XF:freebsd-ffs-integer-overflow(9771) Reference: URL:http://www.iss.net/security_center/static/9771.php Reference: BID:5399 Reference: URL:http://www.securityfocus.com/bid/5399 Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system. Modifications: ADDREF XF:freebsd-ffs-integer-overflow(9771) ADDREF BID:5399 INFERRED ACTION: CAN-2002-0829 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> XF:freebsd-ffs-integer-overflow(9771) URL:http://www.iss.net/security_center/static/9771.php BID:5399 URL:http://www.securityfocus.com/bid/5399 ====================================================== Candidate: CAN-2002-0830 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0830 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020806 Category: SF Reference: FREEBSD:FreeBSD-SA-02:36.nfs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865517214722&w=2 Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: NETBSD:NetBSD-SA2002-013 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-013.txt.asc Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop. Modifications: ADDREF CONFIRM:http://www.info.apple.com/usen/security/security_updates.html ADDREF NETBSD:NetBSD-SA2002-013 DESC include other OSes INFERRED ACTION: CAN-2002-0830 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> CONFIRM:http://www.info.apple.com/usen/security/security_updates.html (Apple says "This is FreeBSD-SA-02:36.nfs") Christey> NETBSD:NetBSD-SA2002-013 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-013.txt.asc ====================================================== Candidate: CAN-2002-0831 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0831 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020806 Category: SF Reference: FREEBSD:FreeBSD-SA-02:37.kqueue Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865142610126&w=2 Reference: XF:freebsd-kqueue-dos(9774) Reference: URL:http://www.iss.net/security_center/static/9774.php Reference: BID:5405 Reference: URL:http://www.securityfocus.com/bid/5405 The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end. Modifications: ADDREF XF:freebsd-kqueue-dos(9774) ADDREF BID:5405 INFERRED ACTION: CAN-2002-0831 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> XF:freebsd-kqueue-dos(9774) URL:http://www.iss.net/security_center/static/9774.php BID:5405 URL:http://www.securityfocus.com/bid/5405 ====================================================== Candidate: CAN-2002-0845 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0845 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020809 Category: SF Reference: BUGTRAQ:20020808 EEYE: Sun(TM) ONE / iPlanet Web Server 4.1 and 6.0 Remote Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102890933623192&w=2 Reference: CONFIRM:http://www.sun.com/service/support/software/iplanet/alerts/transferencodingalert-23july2002.html Reference: XF:iplanet-chunked-encoding-bo(9799) Reference: URL:http://www.iss.net/security_center/static/9799.php Reference: BID:5433 Reference: URL:http://www.securityfocus.com/bid/5433 Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding. INFERRED ACTION: CAN-2002-0845 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Wall, Foat NOOP(1) Cox ====================================================== Candidate: CAN-2002-0846 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0846 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020809 Category: SF Reference: BUGTRAQ:20020808 EEYE: Macromedia Shockwave Flash Malformed Header Overflow Reference: BUGTRAQ:20020830 RE: Macromedia Shockwave Flash Malformed Header Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103072708329280&w=2 Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23293 Reference: XF:flash-swf-header-bo(9798) Reference: URL:http://www.iss.net/security_center/static/9798.php Reference: BID:5430 Reference: URL:http://www.securityfocus.com/bid/5430 The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length. Modifications: ADDREF BUGTRAQ:20020830 RE: Macromedia Shockwave Flash Malformed Header Overflow ADDREF XF:flash-swf-header-bo(9798) ADDREF BID:5430 INFERRED ACTION: CAN-2002-0846 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Cox, Wall NOOP(2) Christey, Foat Voter Comments: Christey> BUGTRAQ:20020830 RE: Macromedia Shockwave Flash Malformed Header Overflow URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103072708329280&w=2 Christey> XF:flash-swf-header-bo(9798) URL:http://www.iss.net/security_center/static/9798.php BID:5430 URL:http://www.securityfocus.com/bid/5430 ====================================================== Candidate: CAN-2002-0847 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0847 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020809 Category: SF Reference: DEBIAN:DSA-145 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102874450402924&w=2 Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=88790 Reference: XF:tinyproxy-memory-corruption(9079) Reference: URL:http://www.iss.net/security_center/static/9079.php Reference: BID:4731 Reference: URL:http://www.securityfocus.com/bid/4731 tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free). INFERRED ACTION: CAN-2002-0847 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0848 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0848 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020809 Category: SF Reference: CISCO:20020807 Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml Reference: XF:cisco-vpn5000-plaintext-password(9781) Reference: URL:http://www.iss.net/security_center/static/9781.php Reference: BID:5417 Reference: URL:http://www.securityfocus.com/bid/5417 Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing. Modifications: ADDREF XF:cisco-vpn5000-plaintext-password(9781) ADDREF BID:5417 INFERRED ACTION: CAN-2002-0848 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Wall, Foat NOOP(2) Christey, Cox Voter Comments: Christey> XF:cisco-vpn5000-plaintext-password(9781) URL:http://www.iss.net/security_center/static/9781.php BID:5417 URL:http://www.securityfocus.com/bid/5417 ====================================================== Candidate: CAN-2002-0851 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0851 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020810 Category: SF Reference: VULNWATCH:20020809 Local Root Exploit Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0068.html Reference: SUSE:SuSE-SA:2002:030 Reference: XF:isdn4linux-ipppd-format-string(9811) Reference: URL:http://www.iss.net/security_center/static/9811.php Reference: BID:5437 Reference: URL:http://www.securityfocus.com/bid/5437 Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog. INFERRED ACTION: CAN-2002-0851 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Wall NOOP(2) Cox, Foat ====================================================== Candidate: CAN-2002-0853 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0853 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020812 Category: SF Reference: CISCO:20020812 Cisco VPN Client Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml Reference: CERT-VN:VU#287771 Reference: URL:http://www.kb.cert.org/vuls/id/287771 Reference: XF:cisco-vpn-zerolength-dos(9821) Reference: URL:http://www.iss.net/security_center/static/9821.php Reference: BID:5440 Reference: URL:http://www.securityfocus.com/bid/5440 Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. Modifications: ADDREF CERT-VN:VU#287771 ADDREF XF:cisco-vpn-zerolength-dos(9821) ADDREF BID:5440 INFERRED ACTION: CAN-2002-0853 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Wall, Foat NOOP(2) Christey, Cox Voter Comments: Christey> CERT-VN:VU#287771 URL:http://www.kb.cert.org/vuls/id/287771 XF:cisco-vpn-zerolength-dos(9821) URL:http://www.iss.net/security_center/static/9821.php BID:5440 URL:http://www.securityfocus.com/bid/5440 ====================================================== Candidate: CAN-2002-0856 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0856 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020813 Category: SF Reference: ISS:20020813 Remote Denial of Service Vulnerability in Oracle9i SQL*NET Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941 Reference: VULNWATCH:20020813 ISS Security Brief: Remote Denial of Service Vulnerability in Oracle9i SQL*NET Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf Reference: XF:oracle-listener-debug-dos(9237) Reference: URL:http://www.iss.net/security_center/static/9237.php Reference: BID:5457 Reference: URL:http://www.securityfocus.com/bid/5457 SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. Modifications: ADDREF BID:5457 ADDREF VULNWATCH:20020813 ISS Security Brief: Remote Denial of Service Vulnerability in Oracle9i SQL*NET INFERRED ACTION: CAN-2002-0856 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Armstrong, Baker NOOP(5) Cole, Christey, Cox, Wall, Foat Voter Comments: Christey> BID:5457 URL:http://www.securityfocus.com/bid/5457 VULNWATCH:20020813 ISS Security Brief: Remote Denial of Service Vulnerability in Oracle9i SQL*NET URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html ====================================================== Candidate: CAN-2002-0859 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0859 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020815 Category: SF Reference: BUGTRAQ:20020619 Microsoft SQL Server 2000 OpenDataSource Buffer Overflow (#NISR19062002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102450188620081&w=2 Reference: MISC:http://www.nextgenss.com/advisories/mssql-ods.txt Reference: XF:mssql-jet-ods-bo(9375) Reference: URL:http://www.iss.net/security_center/static/9375.php Reference: BID:5057 Reference: URL:http://www.securityfocus.com/bid/5057 Reference: MSKB:Q282010 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q282010 Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. Modifications: ADDREF XF:mssql-jet-ods-bo(9375) ADDREF MSKB:Q282010 ADDREF BID:5057 ADDREF MISC:http://www.nextgenss.com/advisories/mssql-ods.txt INFERRED ACTION: CAN-2002-0859 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Green, Baker, Wall MODIFY(1) Frech NOOP(2) Cox, Foat Voter Comments: Frech> XF:mssql-jet-ods-bo(9375) ====================================================== Candidate: CAN-2002-0860 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0860 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020815 Category: SF Reference: MS:MS02-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-044.asp Reference: BUGTRAQ:20020408 Reading local files with OWC in IE (GM#006-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101829911018463&w=2 Reference: XF:owc-spreadsheet-loadtext-read-files (8778) Reference: URL:http://www.iss.net/security_center/static/8778.php Reference: BID:4453 Reference: URL:http://online.securityfocus.com/bid/4453 The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file. INFERRED ACTION: CAN-2002-0860 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Wall NOOP(2) Cox, Foat ====================================================== Candidate: CAN-2002-0871 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0871 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020816 Category: SF Reference: DEBIAN:DSA-151 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102927065426172&w=2 Reference: MANDRAKE:MDKSA-2002:053 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-053.php Reference: REDHAT:RHSA-2002:196 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-196.html Reference: BUGTRAQ:20020814 GLSA: xinetd Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102935383506155&w=2 Reference: XF:xinetd-signal-leak-dos(9844) Reference: URL:http://www.iss.net/security_center/static/9844.php Reference: BID:5458 Reference: URL:http://www.securityfocus.com/bid/5458 xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe. Modifications: DESC fix typo ADDREF MANDRAKE:MDKSA-2002:053 ADDREF XF:xinetd-signal-leak-dos(9844) ADDREF BID:5458 ADDREF REDHAT:RHSA-2002:196 INFERRED ACTION: CAN-2002-0871 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Baker, Cox, Foat NOOP(2) Christey, Wall Voter Comments: Christey> MANDRAKE:MDKSA-2002:053 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-053.php XF:xinetd-signal-leak-dos(9844) URL:http://www.iss.net/security_center/static/9844.php BID:5458 URL:http://www.securityfocus.com/bid/5458 Christey> typo: "allow those services cause" Christey> REDHAT:RHSA-2002:196 fix typo: say "to cause" ====================================================== Candidate: CAN-2002-0872 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0872 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020813 New l2tpd release 0.68 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0102.html Reference: DEBIAN:DSA-152 Reference: URL:http://www.debian.org/security/2002/dsa-152 Reference: BID:5451 Reference: URL:http://www.securityfocus.com/bid/5451 Reference: XF:l2tpd-rand-number-predictable(9845) Reference: URL:http://www.iss.net/security_center/static/9845.php l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions. Modifications: ADDREF BUGTRAQ:20020813 New l2tpd release 0.68 ADDREF BID:5451 ADDREF XF:l2tpd-rand-number-predictable(9845) INFERRED ACTION: CAN-2002-0872 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> BUGTRAQ:20020813 New l2tpd release 0.68 URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0102.html BID:5451 URL:http://www.securityfocus.com/bid/5451 XF:l2tpd-rand-number-predictable(9845) URL:http://www.iss.net/security_center/static/9845.php ====================================================== Candidate: CAN-2002-0873 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0873 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020813 New l2tpd release 0.68 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102925612907148&w=2 Reference: DEBIAN:DSA-152 Reference: URL:http://www.debian.org/security/2002/dsa-152 Reference: XF:l2tpd-vendor-field-bo(10460) Reference: URL:http://www.iss.net/security_center/static/10460.php Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow. Modifications: ADDREF XF:l2tpd-vendor-field-bo(10460) INFERRED ACTION: CAN-2002-0873 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> Consider deleting the Bugtraq reference, as it doesn't seem to mention this issue, unless it's the one with the title "Fix some off by 6 errors in avp handling" ====================================================== Candidate: CAN-2002-0875 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0875 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020816 Category: SF Reference: DEBIAN:DSA-154 Reference: URL:http://www.debian.org/security/2002/dsa-154 Reference: SGI:20000301-03-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000301-03-I Reference: FREEBSD:FreeBSD-SN-02:05 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc Reference: BID:5487 Reference: URL:http://online.securityfocus.com/bid/5487 Reference: XF:sgi-fam-insecure-permissions(9880) Reference: URL:http://www.iss.net/security_center/static/9880.php Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group. Modifications: ADDREF SGI:20000301-03-I ADDREF FREEBSD:FreeBSD-SN-02:05 ADDREF BID:5487 ADDREF XF:sgi-fam-insecure-permissions(9880) INFERRED ACTION: CAN-2002-0875 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> SGI:20000301-03-I FREEBSD:FreeBSD-SN-02:05 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc BID:5487 URL:http://online.securityfocus.com/bid/5487 XF:sgi-fam-insecure-permissions(9880) URL:http://www.iss.net/security_center/static/9880.php ====================================================== Candidate: CAN-2002-0887 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0887 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20010522 [SRT2001-10] - scoadmin /tmp issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99057164129869&w=2 Reference: CALDERA:CSSA-2002-SCO.22 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.22/CSSA-2002-SCO.22.txt Reference: BID:4875 Reference: URL:http://www.securityfocus.com/bid/4875 Reference: XF:openserver-scoadmin-symlink(9210) Reference: URL:http://www.iss.net/security_center/static/9210.php scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files. Modifications: DESC clarify role of log files INFERRED ACTION: CAN-2002-0887 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Alderson, Baker, Frech MODIFY(1) Jones NOOP(2) Cox, Foat Voter Comments: Jones> Suggest removing "log" from CVE description (i.e., "... on temporary files."). Caldera indicates "temporary files", which could be other than log files; log file was used by discoverer as a proof-of-concept, but problem is application's creation and use of temporary files in general. ====================================================== Candidate: CAN-2002-0889 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0889 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULN-DEV:20020428 QPopper 4.0.4 buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102003707432457&w=2 Reference: BUGTRAQ:20020428 QPopper 4.0.4 buffer overflow Reference: URL:http://online.securityfocus.com/archive/1/269969 Reference: CALDERA:CSSA-2002-SCO.20 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.20/CSSA-2002-SCO.20.txt Reference: XF:qpopper-bulldir-bo(8949) Reference: URL:http://www.iss.net/security_center/static/8949.php Reference: BID:4614 Reference: URL:http://www.securityfocus.com/bid/4614 Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a long bulldir argument in the user's .qpopper-options configuration file. INFERRED ACTION: CAN-2002-0889 FINAL (Final Decision 20030402) Current Votes: ACCEPT(6) Cole, Armstrong, Alderson, Baker, Frech, Jones NOOP(2) Cox, Foat ====================================================== Candidate: CAN-2002-0891 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0891 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020527 Netscreen 25 unauthorised reboot issue Reference: URL:http://online.securityfocus.com/archive/1/274240 Reference: CONFIRM:http://www.netscreen.com/support/ns25_reboot.html Reference: XF:netscreen-screenos-username-dos(9186) Reference: URL:http://www.iss.net/security_center/static/9186.php Reference: BID:4842 Reference: URL:http://www.securityfocus.com/bid/4842 The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name. INFERRED ACTION: CAN-2002-0891 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Alderson, Baker, Frech MODIFY(1) Jones NOOP(3) Christey, Cox, Foat Voter Comments: Jones> Per NetScreen Alert, vulnerable versions should be: "versions prior to 2.6.1r8, 2.8.0r2, 2.8.1r1, 3.0.1r2, 3.0.2r3, and 3.0.3r1." Christey> The NetScreen alert referenced in the CONFIRM URL, dated June 3, 2002, says that the problem was "addressed in all versions of ScreenOS released after April 23, 2002. This list includes versions 2.6.1r8 and later, 2.8.0r2 and later, 2.8.1r1 and later, 3.0.1r2 and later, 3.0.2r3 and later, 3.0.3r1 and later" I've modified the description to reflect these ranges, though not to the level of detail covered by the advisory. ====================================================== Candidate: CAN-2002-0892 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0892 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: CF Reference: BUGTRAQ:20020522 Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1 Reference: URL:http://online.securityfocus.com/archive/1/273615 Reference: VULNWATCH:20020522 [VulnWatch] Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1 Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0077.html Reference: CONFIRM:http://www.newatlanta.com/do/findFaq?faq_id=151 Reference: BID:4793 Reference: URL:http://www.securityfocus.com/bid/4793 Reference: XF:servletexec-jsp10servlet-path-disclosure(9139) Reference: URL:http://www.iss.net/security_center/static/9139.php The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message. INFERRED ACTION: CAN-2002-0892 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Alderson, Baker, Frech MODIFY(1) Jones NOOP(2) Cox, Foat Voter Comments: Jones> CVE description should read "... via a direct request to /servlet/com.newatlanta.servletexec.JSP10Servlet/ without ..." ====================================================== Candidate: CAN-2002-0897 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0897 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULNWATCH:20020524 [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0079.html Reference: BUGTRAQ:20020524 [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/274020 Reference: BID:4820 Reference: URL:http://www.securityfocus.com/bid/4820 Reference: XF:localweb2k-protection-bypass(9165) Reference: URL:http://www.iss.net/security_center/static/9165.php LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory. Modifications: CHANGEREF VULNWATCH [normalize] INFERRED ACTION: CAN-2002-0897 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Alderson, Frech, Jones NOOP(4) Cole, Armstrong, Cox, Foat ====================================================== Candidate: CAN-2002-0898 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0898 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020816 Category: SF Reference: NTBUGTRAQ:20020527 Reading ANY local file in Opera (GM#001-OP) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102256058220402&w=2 Reference: BUGTRAQ:20020527 Reading ANY local file in Opera (GM#001-OP) Reference: URL:http://online.securityfocus.com/archive/1/274202 Reference: CONFIRM:http://www.opera.com/windows/changelog/log603.html Reference: BID:4834 Reference: URL:http://www.securityfocus.com/bid/4834 Reference: XF:opera-browser-file-retrieval(9188) Reference: URL:http://www.iss.net/security_center/static/9188.php Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline. Modifications: DESC fix typo INFERRED ACTION: CAN-2002-0898 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Alderson, Baker, Frech MODIFY(1) Jones NOOP(2) Cox, Foat Voter Comments: Jones> "arbiotrary" should be "arbitrary". ====================================================== Candidate: CAN-2002-0900 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0900 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020524 pks public key server DOS and remote execution Reference: URL:http://online.securityfocus.com/archive/1/274107 Reference: CONFIRM:http://www.rubin.ch/pgp/src/patch_buffoverflow20020525 Reference: BID:4828 Reference: URL:http://www.securityfocus.com/bid/4828 Reference: XF:pgp-pks-search-bo(9171) Reference: URL:http://www.iss.net/security_center/static/9171.php Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability. Modifications: ADDREF CONFIRM:http://www.rubin.ch/pgp/src/patch_buffoverflow20020525 INFERRED ACTION: CAN-2002-0900 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Alderson, Frech NOOP(6) Foat, Cole, Armstrong, Christey, Cox, Jones Voter Comments: Jones> Unclear which versions are vulnerable. Christey> The PKS developer, Richard Laager, sent an email February 25, 2003, saying that a patch was available. CONFIRM:http://www.rubin.ch/pgp/src/patch_buffoverflow20020525 He also says that 0.9.5 and later versions were fixed. ====================================================== Candidate: CAN-2002-0904 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0904 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULN-DEV:20020529 New Kismet Packages available - SayText() and suid kismet_server issues Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102269718506080&w=2 Reference: BUGTRAQ:20020528 New Kismet Packages available - SayText() and suid kismet_server issues Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0259.html Reference: CONFIRM:http://www.kismetwireless.net/CHANGELOG Reference: BID:4883 Reference: URL:http://www.securityfocus.com/bid/4883 Reference: XF:kismet-saytext-command-execution(9213) Reference: URL:http://www.iss.net/security_center/static/9213.php SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument. INFERRED ACTION: CAN-2002-0904 FINAL (Final Decision 20030402) Current Votes: ACCEPT(6) Cole, Armstrong, Alderson, Baker, Frech, Jones NOOP(2) Foat, Cox ====================================================== Candidate: CAN-2002-0906 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0906 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: CERT-VN:VU#814627 Reference: URL:http://www.kb.cert.org/vuls/id/814627 Reference: CONFIRM:http://www.sendmail.org/8.12.5.html Reference: BID:5122 Reference: URL:http://www.securityfocus.com/bid/5122 Reference: XF:sendmail-dns-txt-bo(9443) Reference: URL:http://www.iss.net/security_center/static/9443.php Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server. INFERRED ACTION: CAN-2002-0906 FINAL (Final Decision 20030402) Current Votes: ACCEPT(7) Foat, Cole, Green, Baker, Frech, Cox, Wall ====================================================== Candidate: CAN-2002-0911 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0911 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: CALDERA:CSSA-2002-024.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-024.0.txt Reference: BID:4923 Reference: URL:http://www.securityfocus.com/bid/4923 Reference: XF:volution-manager-plaintext-password(9240) Reference: URL:http://www.iss.net/security_center/static/9240.php Caldera Volution Manager 1.1 stores the Directory Administrator password in cleartext in the slapd.conf file, which could allow local users to gain privileges. INFERRED ACTION: CAN-2002-0911 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Frech NOOP(2) Foat, Wall ====================================================== Candidate: CAN-2002-0914 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0914 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020601 SECURITY.NNOV: Courier CPU exhaustion + bonus on imap-uw Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0295.html Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=93065 Reference: BID:4908 Reference: URL:http://www.securityfocus.com/bid/4908 Reference: XF:courier-mta-year-dos(9228) Reference: URL:http://www.iss.net/security_center/static/9228.php Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop. INFERRED ACTION: CAN-2002-0914 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Frech NOOP(2) Foat, Wall ====================================================== Candidate: CAN-2002-0916 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0916 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULNWATCH:20020603 [VulnWatch] [DER #11] - Remotey exploitable fmt string bug in squid Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0087.html Reference: BUGTRAQ:20020604 [DER #11] - Remotey exploitable fmt string bug in squid Reference: URL:http://online.securityfocus.com/archive/1/275347 Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/diff-2.4.STABLE6-2.4.STABLE7.gz Reference: BID:4929 Reference: URL:http://www.securityfocus.com/bid/4929 Reference: XF:msntauth-squid-format-string(9248) Reference: URL:http://www.iss.net/security_center/static/9248.php Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call. INFERRED ACTION: CAN-2002-0916 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Frech NOOP(2) Foat, Wall ====================================================== Candidate: CAN-2002-0935 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0935 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: VULNWATCH:20020620 [VulnWatch] KPMG-2002025: Apache Tomcat Denial of Service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0120.html Reference: BUGTRAQ:20020620 KPMG-2002025: Apache Tomcat Denial of Service Reference: URL:http://online.securityfocus.com/archive/1/277940 Reference: XF:tomcat-null-thread-dos(9396) Reference: URL:http://www.iss.net/security_center/static/9396.php Reference: BID:5067 Reference: URL:http://www.securityfocus.com/bid/5067 Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang. INFERRED ACTION: CAN-2002-0935 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Green, Baker, Frech NOOP(3) Foat, Cox, Wall Voter Comments: Green> - SECURITYTRACKER REPORTS THAT THE ISSUE HAS BEEN ACKNOWLEDGED BY APACHE ====================================================== Candidate: CAN-2002-0938 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0938 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020614 XSS in CiscoSecure ACS v3.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html Reference: BUGTRAQ:20020621 Re: XSS in CiscoSecure ACS v3.0 Reference: URL:http://online.securityfocus.com/archive/1/278222 Reference: BID:5026 Reference: URL:http://www.securityfocus.com/bid/5026 Reference: XF:ciscosecure-web-css(9353) Reference: URL:http://www.iss.net/security_center/static/9353.php Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. INFERRED ACTION: CAN-2002-0938 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Green, Baker, Frech, Wall NOOP(2) Foat, Cox ====================================================== Candidate: CAN-2002-0941 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0941 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020617 nCipher Advisory #4: Console Java apps can leak passphrases on Windows Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0172.html Reference: BID:5024 Reference: URL:http://www.securityfocus.com/bid/5024 Reference: XF:ncipher-consolecallback-passphrase-leak(9354) Reference: URL:http://www.iss.net/security_center/static/9354.php The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application that is prompting for the passphrase, which could allow attackers to gain privileges. INFERRED ACTION: CAN-2002-0941 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Green, Baker, Frech NOOP(3) Foat, Cox, Wall ====================================================== Candidate: CAN-2002-0945 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0945 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020608 SeaNox Devwex - Denial of Service and Directory traversal Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html Reference: CONFIRM:http://www.seanox.de/projects.devwex.php Reference: XF:devwex-get-bo(9298) Reference: URL:http://www.iss.net/security_center/static/9298.php Reference: BID:4979 Reference: URL:http://www.securityfocus.com/bid/4979 Buffer overflow in SeaNox Devwex allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. INFERRED ACTION: CAN-2002-0945 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Frech NOOP(2) Foat, Wall ====================================================== Candidate: CAN-2002-0946 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0946 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020608 SeaNox Devwex - Denial of Service and Directory traversal Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html Reference: CONFIRM:http://www.seanox.de/projects.devwex.php Reference: BID:4978 Reference: URL:http://www.securityfocus.com/bid/4978 Reference: XF:devwex-dotdot-directory-traversal(9299) Reference: URL:http://www.iss.net/security_center/static/9299.php Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 allows remote attackers to read arbitrary files via ..\ (dot dot) sequences in an HTTP request. INFERRED ACTION: CAN-2002-0946 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Frech NOOP(2) Foat, Wall ====================================================== Candidate: CAN-2002-0947 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0947 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020612 Oracle Reports Server Buffer Overflow (#NISR12062002B) Reference: URL:http://online.securityfocus.com/archive/1/276524 Reference: VULNWATCH:20020612 [VulnWatch] Oracle Reports Server Buffer Overflow (#NISR12062002B) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html Reference: CERT-VN:VU#997403 Reference: URL:http://www.kb.cert.org/vuls/id/997403 Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf Reference: MISC:http://www.nextgenss.com/vna/ora-reports.txt Reference: BID:4848 Reference: URL:http://www.securityfocus.com/bid/4848 Reference: XF:oracle-reports-server-bo(9289) Reference: URL:http://www.iss.net/security_center/static/9289.php Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter. Modifications: DESC clarify role of Oracle9iAS INFERRED ACTION: CAN-2002-0947 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Alderson, Baker, Frech MODIFY(1) Jones NOOP(2) Foat, Cox Voter Comments: Jones> Suggest description read "...for Oracle Reports Server 6i Release 6.0.8.18.0 and earlier...", removing "9iAS" since Oracle advisory states "any Oracle product" containing vulnerable version of the reports server. ====================================================== Candidate: CAN-2002-0952 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0952 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: CISCO:20020619 Cisco ONS15454 IP TOS Bit Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ons-tos-vuln-pub.shtml Reference: XF:cisco-ons-tcc-dos(9377) Reference: URL:http://www.iss.net/security_center/static/9377.php Reference: BID:5058 Reference: URL:http://www.securityfocus.com/bid/5058 Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service (reset) by sending IP packets with non-zero Type of Service (TOS) bits to the Timing Control Card (TCC) LAN interface. INFERRED ACTION: CAN-2002-0952 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Green, Baker, Frech, Wall NOOP(2) Foat, Cox ====================================================== Candidate: CAN-2002-0953 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0953 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020617 PHP source injection in PHPAddress Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0182.html Reference: BUGTRAQ:20020619 Source Injection into PHPAddress Reference: URL:http://online.securityfocus.com/archive/1/277987 Reference: XF:phpaddress-include-remote-files(9379) Reference: URL:http://www.iss.net/security_center/static/9379.php Reference: BID:5039 Reference: URL:http://www.securityfocus.com/bid/5039 globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen and register_globals variables enabled, allows remote attackers to execute arbitrary PHP code via a URL to the code in the LangCookie parameter. INFERRED ACTION: CAN-2002-0953 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Green, Baker, Frech NOOP(3) Foat, Cox, Wall ====================================================== Candidate: CAN-2002-0958 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0958 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020606 [ARL02-A12] PHP(Reactor) Cross Site Scripting Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0034.html Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=91877 Reference: XF:phpreactor-browse-xss(9280) Reference: URL:http://www.iss.net/security_center/static/9280.php Reference: BID:4952 Reference: URL:http://www.securityfocus.com/bid/4952 Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section. INFERRED ACTION: CAN-2002-0958 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Frech NOOP(2) Foat, Wall ====================================================== Candidate: CAN-2002-0964 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0964 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020620 Half-life fake players bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0248.html Reference: XF:halflife-mulitple-player-dos(9412) Reference: URL:http://www.iss.net/security_center/static/9412.php Reference: BID:5076 Reference: URL:http://www.securityfocus.com/bid/5076 Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the player limit and prevents other players from connecting until the original responses have timed out. INFERRED ACTION: CAN-2002-0964 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Green, Baker, Frech NOOP(4) Foat, Cole, Cox, Wall ====================================================== Candidate: CAN-2002-0965 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0965 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020612 Oracle TNS Listener Buffer Overflow (#NISR12062002A) Reference: URL:http://online.securityfocus.com/archive/1/276526 Reference: VULNWATCH:20020612 [VulnWatch] Oracle TNS Listener Buffer Overflow (#NISR12062002A) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0096.html Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf Reference: BID:4845 Reference: URL:http://www.securityfocus.com/bid/4845 Reference: XF:oracle-listener-servicename-bo(9288) Reference: URL:http://www.iss.net/security_center/static/9288.php Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file. Modifications: DESC fix affected versions ADDREF XF:oracle-listener-servicename-bo(9288) INFERRED ACTION: CAN-2002-0965 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Armstrong, Alderson, Baker MODIFY(2) Frech, Jones NOOP(2) Foat, Cox Voter Comments: Jones> Oracle 9i Database Server on Windows systems and Oracle 8 on VM allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when forming an error message prior to writing to a log file." Frech> XF:oracle-listener-servicename-bo(9288) ====================================================== Candidate: CAN-2002-0967 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0967 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020606 eDonkey 2000 ed2k: URL Buffer Overflow Reference: URL:http://online.securityfocus.com/archive/1/275708 Reference: CONFIRM:http://www.edonkey2000.com/ Reference: XF:edonkey2000-ed2k-filename-bo(9278) Reference: URL:http://www.iss.net/security_center/static/9278.php Reference: BID:4951 Reference: URL:http://www.securityfocus.com/bid/4951 Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long "ed2k:" URL. INFERRED ACTION: CAN-2002-0967 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Frech NOOP(2) Foat, Wall ====================================================== Candidate: CAN-2002-0968 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0968 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020613 Remote DoS in AnalogX SimpleServer:www 1.16 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0106.html Reference: BUGTRAQ:20020702 Re: Remote DoS in AnlaogX SimpleServer:www 1.16 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102563702928443&w=2 Reference: CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm Reference: BID:5006 Reference: URL:http://www.securityfocus.com/bid/5006 Reference: XF:analogx-simpleserver-at-dos(9338) Reference: URL:http://www.iss.net/security_center/static/9338.php Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name. INFERRED ACTION: CAN-2002-0968 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Green, Baker, Frech NOOP(3) Foat, Cox, Wall ====================================================== Candidate: CAN-2002-0981 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0981 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020822 Category: SF Reference: CALDERA:CSSA-2002-SCO.36 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.36/CSSA-2002-SCO.36.txt Reference: XF:openunix-unixware-ndcfg-bo(9945) Reference: URL:http://www.iss.net/security_center/static/9945.php Reference: BID:5551 Reference: URL:http://www.securityfocus.com/bid/5551 Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line. Modifications: ADDREF XF:openunix-unixware-ndcfg-bo(9945) ADDREF BID:5551 INFERRED ACTION: CAN-2002-0981 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(4) Foat, Christey, Cox, Wall Voter Comments: Christey> XF:openunix-unixware-ndcfg-bo(9945) URL:http://www.iss.net/security_center/static/9945.php BID:5551 URL:http://www.securityfocus.com/bid/5551 ====================================================== Candidate: CAN-2002-0984 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0984 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020823 Category: SF Reference: BUGTRAQ:20020822 Light Security Advisory: Remotely-exploitable code execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0231.html Reference: DEBIAN:DSA-156 Reference: URL:http://www.debian.org/security/2002/dsa-156 Reference: XF:light-channel-execute-script(9943) Reference: URL:http://www.iss.net/security_center/static/9943.php Reference: BID:5555 Reference: URL:http://www.securityfocus.com/bid/5555 The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x before 2.8pre10, running EPIC allows remote attackers to execute arbitrary code if the user joins a channel whose topic includes EPIC4 code. Modifications: ADDREF BUGTRAQ:20020822 Light Security Advisory: Remotely-exploitable code execution ADDREF XF:light-channel-execute-script(9943) ADDREF BID:5555 INFERRED ACTION: CAN-2002-0984 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(4) Foat, Christey, Cox, Wall Voter Comments: Christey> XF:light-channel-execute-script(9943) URL:http://www.iss.net/security_center/static/9943.php BID:5555 URL:http://www.securityfocus.com/bid/5555 Christey> BUGTRAQ:20020822 Light Security Advisory: Remotely-exploitable code execution URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0231.html XF:light-channel-execute-script(9943) URL:http://www.iss.net/security_center/static/9943.php BID:5555 URL:http://www.securityfocus.com/bid/5555 ====================================================== Candidate: CAN-2002-0987 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0987 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020826 Category: SF Reference: CALDERA:CSSA-2002-SCO.38 Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38 Reference: XF:openunix-unixware-xsco-privileges(9976) Reference: URL:http://www.iss.net/security_center/static/9976.php Reference: BID:5575 Reference: URL:http://www.securityfocus.com/bid/5575 X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges. Modifications: ADDREF XF:openunix-unixware-xsco-privileges(9976) ADDREF BID:5575 INFERRED ACTION: CAN-2002-0987 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(3) Foat, Cox, Wall ====================================================== Candidate: CAN-2002-0988 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0988 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020826 Category: SF Reference: CALDERA:CSSA-2002-SCO.38 Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38 Reference: XF:openunix-unixware-xsco-bo(9977) Reference: URL:http://www.iss.net/security_center/static/9977.php Reference: BID:5577 Reference: URL:http://www.securityfocus.com/bid/5577 Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities. Modifications: ADDREF XF:openunix-unixware-xsco-bo(9977) ADDREF BID:5577 INFERRED ACTION: CAN-2002-0988 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Baker NOOP(3) Foat, Cox, Wall ====================================================== Candidate: CAN-2002-0989 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0989 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020827 Category: SF Reference: CONFIRM:http://gaim.sourceforge.net/ChangeLog Reference: DEBIAN:DSA-158 Reference: URL:http://www.debian.org/security/2002/dsa-158 Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=72728 Reference: MANDRAKE:MDKSA-2002:054 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:054 Reference: REDHAT:RHSA-2002:189 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-189.html Reference: CONECTIVA:CLA-2002:521 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000521 Reference: HP:HPSBTL0209-067 Reference: URL:http://online.securityfocus.com/advisories/4471 Reference: FREEBSD:FreeBSD-SN-02:06 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:06.asc Reference: BUGTRAQ:20020827 GLSA: gaim Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103046442403404&w=2 Reference: BID:5574 Reference: URL:http://www.securityfocus.com/bid/5574 Reference: XF:gaim-url-handler-command-execution(9978) Reference: URL:http://www.iss.net/security_center/static/9978.php The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link. Modifications: ADDREF MANDRAKE:MDKSA-2002:054 ADDREF REDHAT:RHSA-2002:189 ADDREF CONECTIVA:CLA-2002:521 ADDREF HP:HPSBTL0209-067 ADDREF FREEBSD:FreeBSD-SN-02:06 ADDREF XF:gaim-url-handler-command-execution(9978) ADDREF BID:5574 INFERRED ACTION: CAN-2002-0989 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox NOOP(3) Foat, Christey, Wall Voter Comments: Christey> ADDREF MANDRAKE:MDKSA-2002:054 Christey> REDHAT:RHSA-2002:189 URL:http://www.redhat.com/support/errata/RHSA-2002-189.html Christey> CONECTIVA:CLA-2002:521 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000521 BID:5574 URL:http://www.securityfocus.com/bid/5574 HP:HPSBTL0209-067 URL:http://online.securityfocus.com/advisories/4471 FREEBSD:FreeBSD-SN-02:06 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:06.asc XF:gaim-url-handler-command-execution(9978) URL:http://www.iss.net/security_center/static/9978.php ====================================================== Candidate: CAN-2002-0995 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0995 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020702 PHPAuction bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0014.html Reference: CONFIRM:http://www.phpauction.org/viewnew.php?id=5 Reference: XF:phpauction-admin-account-creation(9462) Reference: URL:http://www.iss.net/security_center/static/9462.php Reference: BID:5141 Reference: URL:http://www.securityfocus.com/bid/5141 login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table. INFERRED ACTION: CAN-2002-0995 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Baker, Frech NOOP(3) Foat, Cox, Wall ====================================================== Candidate: CAN-2002-1000 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1000 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020626 Foundstone Advisory - Buffer Overflow in AnalogX SimpleServer:Shout (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0338.html Reference: CONFIRM:http://www.analogx.com/contents/download/network/ssshout.htm Reference: BID:5104 Reference: URL:http://www.securityfocus.com/bid/5104 Reference: XF:analogx-simpleserver-shout-bo(9427) Reference: URL:http://www.iss.net/security_center/static/9427.php Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long request to TCP port 8001. INFERRED ACTION: CAN-2002-1000 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Green, Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1002 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1002 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020812 NOVL-2002-2963081 - Novell iManager (eMFrame 1.2.1) DoS Attack Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0093.html Reference: BUGTRAQ:20020627 Cluestick Advisory #001 Reference: URL:http://online.securityfocus.com/archive/1/279683 Reference: XF:netware-imanage-username-dos(9444) Reference: URL:http://www.iss.net/security_center/static/9444.php Reference: BID:5117 Reference: URL:http://www.securityfocus.com/bid/5117 Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name. INFERRED ACTION: CAN-2002-1002 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Green, Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1004 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1004 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020703 Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0029.html Reference: CONFIRM:http://www.argosoft.com/applications/mailserver/changelist.asp Reference: BID:5144 Reference: URL:http://www.securityfocus.com/bid/5144 Reference: XF:argosoft-dotdot-directory-traversal(9477) Reference: URL:http://www.iss.net/security_center/static/9477.php Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL. INFERRED ACTION: CAN-2002-1004 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1006 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1006 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020701 PTL-2002-03 Betsie XSS Vuln Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0002.html Reference: CONFIRM:http://www.bbc.co.uk/education/betsie/parser.pl.txt Reference: BID:5135 Reference: URL:http://www.securityfocus.com/bid/5135 Reference: XF:betsie-parserl-xss(9468) Reference: URL:http://www.iss.net/security_center/static/9468.php Cross-site scripting (XSS) vulnerability in BBC Education Text to Speech Internet Enhancer (Betsie) 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl. Modifications: DESC add "XSS" acronym INFERRED ACTION: CAN-2002-1006 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1013 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1013 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020702 CORE-20020620: Inktomi Traffic Server Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0023.html Reference: CONFIRM:http://support.inktomi.com/kb/070202-003.html Reference: BID:5098 Reference: URL:http://www.securityfocus.com/bid/5098 Reference: XF:inktomi-trafficserver-manager-bo(9465) Reference: URL:http://www.iss.net/security_center/static/9465.php Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument. INFERRED ACTION: CAN-2002-1013 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Frech> CONFIRM is now http://support.inktomi.com/kb/Private/070202-003.html, and is only available to customers with a current support contract. Christey> I will keep the original CONFIRM URL to indicate that, at one point in time, the entire public could access a confirmation note. ====================================================== Candidate: CAN-2002-1014 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1014 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020712 [SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html Reference: CONFIRM:http://service.real.com/help/faq/security/bufferoverrun07092002.html Reference: XF:realplayer-rjs-controlnimage-bo(9538) Reference: URL:http://www.iss.net/security_center/static/9538.php Reference: BID:5217 Reference: URL:http://www.securityfocus.com/bid/5217 Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image. INFERRED ACTION: CAN-2002-1014 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1015 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1015 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020712 [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html Reference: CONFIRM:http://service.real.com/help/faq/security/bufferoverrun07092002.html Reference: XF:realplayer-rjs-file-download(9539) Reference: URL:http://www.iss.net/security_center/static/9539.php Reference: BID:5210 Reference: URL:http://www.securityfocus.com/bid/5210 RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. INFERRED ACTION: CAN-2002-1015 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1024 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1024 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: CERT-VN:VU#290140 Reference: URL:http://www.kb.cert.org/vuls/id/290140 Reference: CISCO:20020627 Scanning for SSH Can Cause a Crash Reference: URL:http://www.cisco.com/warp/public/707/SSH-scanning.shtml Reference: XF:cisco-ssh-scan-dos(9437) Reference: URL:http://www.iss.net/security_center/static/9437.php Reference: BID:5114 Reference: URL:http://www.securityfocus.com/bid/5114 Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attackers to cause a denial of service (CPU consumption) via a large packet that was designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144). INFERRED ACTION: CAN-2002-1024 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Green, Baker, Frech, Wall, Cole NOOP(2) Cox, Foat ====================================================== Candidate: CAN-2002-1025 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1025 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020701 [VulnWatch] KPMG-2002026: Jrun sourcecode Disclosure Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.html Reference: BUGTRAQ:20020701 KPMG-2002026: Jrun sourcecode Disclosure Reference: URL:http://online.securityfocus.com/archive/1/280062 Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23164 Reference: BID:5134 Reference: URL:http://www.securityfocus.com/bid/5134 Reference: XF:jrun-null-view-source(9459) Reference: URL:http://www.iss.net/security_center/static/9459.php JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed. INFERRED ACTION: CAN-2002-1025 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1030 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1030 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020708 [VulnWatch] KPMG-2002029: Bea Weblogic Performance Pack Denial of Service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html Reference: BUGTRAQ:20020708 KPMG-2002029: Bea Weblogic Performance Pack Denial of Service Reference: URL:http://online.securityfocus.com/archive/1/281046 Reference: CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm Reference: BID:5159 Reference: URL:http://www.securityfocus.com/bid/5159 Reference: XF:weblogic-race-condition-dos(9486) Reference: URL:http://www.iss.net/security_center/static/9486.php Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. INFERRED ACTION: CAN-2002-1030 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1031 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1031 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020707 KF Web Server version 1.0.2 shows file and directory content Reference: URL:http://online.securityfocus.com/archive/1/281102 Reference: VULNWATCH:20020707 [VulnWatch] KF Web Server version 1.0.2 shows file and directory content Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0007.html Reference: CONFIRM:http://www.keyfocus.net/kfws/support/ Reference: BID:5177 Reference: URL:http://www.securityfocus.com/bid/5177 Reference: XF:kfwebserver-null-view-dir(9500) Reference: URL:http://www.iss.net/security_center/static/9500.php KeyFocus (KF) web server 1.0.2 allows remote attackers to list directories and read restricted files via an HTTP request containing a %00 (null) character. INFERRED ACTION: CAN-2002-1031 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1035 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1035 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20020701 BufferOverflow in OmniHTTPd 2.09 Reference: URL:http://online.securityfocus.com/archive/1/280132 Reference: XF:omnihttpd-http-version-bo(9457) Reference: URL:http://www.iss.net/security_center/static/9457.php Reference: BID:5136 Reference: URL:http://www.securityfocus.com/bid/5136 Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of service (crash) via an HTTP request with a long, malformed HTTP 1version number. INFERRED ACTION: CAN-2002-1035 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1039 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1039 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html Reference: BUGTRAQ:20020714 Double Choco Latte multiple vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102668783632589&w=2 Reference: CONFIRM:http://dcl.sourceforge.net/index.php Reference: XF:dcl-dotdot-directory-traversal(9743) Reference: URL:http://www.iss.net/security_center/static/9743.php Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Attachments feature. INFERRED ACTION: CAN-2002-1039 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1046 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1046 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020827 Category: SF Reference: VULNWATCH:20020709 KPMG-2002030: Watchguard Firebox Dynamic VPN Configuration Protocol DoS Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0012.html Reference: BID:5186 Reference: URL:http://www.securityfocus.com/bid/5186 Reference: XF:firebox-dvcp-dos(9509) Reference: URL:http://www.iss.net/security_center/static/9509.php Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP port 4110. Modifications: CHANGEREF VULNWATCH [normalize] INFERRED ACTION: CAN-2002-1046 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Foat NOOP(3) Cox, Wall, Cole ====================================================== Candidate: CAN-2002-1049 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1049 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020729 HylaFAX - Various Vulnerabilities Fixed Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html Reference: DEBIAN:DSA-148 Reference: URL:http://www.debian.org/security/2002/dsa-148 Reference: MANDRAKE:MDKSA-2002:055 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:055 Reference: SUSE:SuSE-SA:2002:035 Reference: URL:http://www.suse.de/de/security/2002_035_hylafax.html Reference: CONFIRM:http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=300 Reference: BID:5348 Reference: URL:http://www.securityfocus.com/bid/5348 Reference: XF:hylafax-faxgetty-tsi-dos(9728) Reference: URL:http://www.iss.net/security_center/static/9728.php Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service (crash) via the TSI data element. Modifications: ADDREF MANDRAKE:MDKSA-2002:055 ADDREF SUSE:SuSE-SA:2002:035 INFERRED ACTION: CAN-2002-1049 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> MANDRAKE:MDKSA-2002:055 Christey> SUSE:SuSE-SA:2002:035 ====================================================== Candidate: CAN-2002-1050 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1050 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020729 HylaFAX - Various Vulnerabilities Fixed Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html Reference: DEBIAN:DSA-148 Reference: URL:http://www.debian.org/security/2002/dsa-148 Reference: CONFIRM:http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=312 Reference: MANDRAKE:MDKSA-2002:055 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:055 Reference: SUSE:SuSE-SA:2002:035 Reference: URL:http://www.suse.de/de/security/2002_035_hylafax.html Reference: BID:5349 Reference: URL:http://www.securityfocus.com/bid/5349 Reference: XF:hylafax-faxgetty-image-bo(9729) Reference: URL:http://www.iss.net/security_center/static/9729.php Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long line of image data. Modifications: ADDREF MANDRAKE:MDKSA-2002:055 ADDREF SUSE:SuSE-SA:2002:035 DESC fix typo INFERRED ACTION: CAN-2002-1050 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> MANDRAKE:MDKSA-2002:055 Christey> SUSE:SuSE-SA:2002:035 Close off parenthesis in desc. Christey> fix typo (extra parenthesis) ====================================================== Candidate: CAN-2002-1051 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1051 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020606 Format String bug in TrACESroute 6.0 GOLD Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0040.html Reference: BUGTRAQ:20020721 Nanog traceroute format string exploit. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102737546927749&w=2 Reference: BUGTRAQ:20020723 Re: Nanog traceroute format string exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0254.html Reference: BUGTRAQ:20020724 Re: Nanog traceroute format string exploit. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102753136231920&w=2 Reference: SUSE:SuSE-SA:2000:041 Reference: URL:http://www.suse.de/de/security/2000_041_traceroute_txt.html Reference: BID:4956 Reference: URL:http://www.securityfocus.com/bid/4956 Reference: XF:tracesroute-t-format-string(9291) Reference: URL:http://www.iss.net/security_center/static/9291.php Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T (terminator) command line argument. INFERRED ACTION: CAN-2002-1051 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Frech, Foat, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2002-1053 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1053 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020817 W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0190.html Reference: CONFIRM:http://www.w3.org/Jigsaw/RelNotes.html#2.2.1 Reference: BID:5506 Reference: URL:http://www.securityfocus.com/bid/5506 Reference: XF:jigsaw-http-proxy-xss(9914) Reference: URL:http://www.iss.net/security_center/static/9914.php Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message. Modifications: DESC add "XSS" term INFERRED ACTION: CAN-2002-1053 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1054 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020722 Pablo Sofware Solutions FTP server Directory Traversal Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/283665 Reference: VULNWATCH:20020722 [VulnWatch] Pablo Sofware Solutions FTP server Directory Traversal Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0035.html Reference: CONFIRM:http://www.pablovandermeer.nl/ftpserversrc.zip Reference: BID:5283 Reference: URL:http://www.securityfocus.com/bid/5283 Reference: XF:pablo-ftp-directory-traversal(9647) Reference: URL:http://www.iss.net/security_center/static/9647.php Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via "..\" (dot-dot backslash) sences in a LIST command. INFERRED ACTION: CAN-2002-1054 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1057 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1057 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020723 MailMax security advisory/exploit/patch Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0245.html Reference: BID:5285 Reference: URL:http://www.securityfocus.com/bid/5285 Reference: XF:mailmax-pop3max-user-bo(9651) Reference: URL:http://www.iss.net/security_center/static/9651.php Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows remote attackers to execute arbitrary code via a long USER command. INFERRED ACTION: CAN-2002-1057 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1059 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020723 Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102744150718462&w=2 Reference: BUGTRAQ:20020723 Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102746007908689&w=2 Reference: CONFIRM:http://www.vandyke.com/products/securecrt/security07-25-02.html Reference: XF:securecrt-ssh1-identifier-bo(9650) Reference: URL:http://www.iss.net/security_center/static/9650.php Reference: BID:5287 Reference: URL:http://www.securityfocus.com/bid/5287 Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string. INFERRED ACTION: CAN-2002-1059 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1060 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1060 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020724 CacheFlow CacheOS Cross-site Scripting Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0283.html Reference: CONFIRM:http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm Reference: BID:5305 Reference: URL:http://www.securityfocus.com/bid/5305 Reference: XF:cacheos-unresolved-error-xss(9674) Reference: URL:http://www.iss.net/security_center/static/9674.php Cross-site scripting (XSS) vulnerability in CacheFlow CacheOS 4.1.06 and earlier allows remote attackers to insert arbitrary HTML, including script, via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error message. Modifications: DESC add XSS term INFERRED ACTION: CAN-2002-1060 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-1076 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1076 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020725 IPSwitch IMail ADVISORY/EXPLOIT/PATCH Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html Reference: BUGTRAQ:20020729 Hoax Exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html Reference: BUGTRAQ:20020729 Re: Hoax Exploit (2c79cbe14ac7d0b8472d3f129fa1df55 RETURNS) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20020731-DM02.htm Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20020729-DM01.htm Reference: BID:5323 Reference: URL:http://www.securityfocus.com/bid/5323 Reference: XF:imail-web-messaging-bo(9679) Reference: URL:http://www.iss.net/security_center/static/9679.php Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0. INFERRED ACTION: CAN-2002-1076 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Wall, Cole NOOP(2) Cox, Foat ====================================================== Candidate: CAN-2002-1079 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1079 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020822 Abyss 1.0.3 directory traversal and administration bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html Reference: CONFIRM:http://www.aprelium.com/news/patch1033.html Reference: XF:abyss-get-directory-traversal(9941) Reference: URL:http://www.iss.net/security_center/static/9941.php Reference: XF:abyss-http-directory-traversal(9940) Reference: URL:http://www.iss.net/security_center/static/9940.php Reference: BID:5547 Reference: URL:http://www.securityfocus.com/bid/5547 Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in an HTTP GET request. Modifications: ADDREF BID:5547 INFERRED ACTION: CAN-2002-1079 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> BID:5547 URL:http://www.securityfocus.com/bid/5547 ====================================================== Candidate: CAN-2002-1081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1081 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020822 Abyss 1.0.3 directory traversal and administration bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html Reference: CONFIRM:http://www.aprelium.com/news/patch1033.html Reference: XF:abyss-plus-file-disclosure(9956) Reference: URL:http://www.iss.net/security_center/static/9956.php Reference: BID:5549 Reference: URL:http://www.securityfocus.com/bid/5549 The Administration console for Abyss Web Server 1.0.3 allows remote attackers to read files without providing login credentials via an HTTP request to a target file that ends in a "+" character. Modifications: ADDREF BID:5549 INFERRED ACTION: CAN-2002-1081 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> BID:5549 URL:http://www.securityfocus.com/bid/5549 ====================================================== Candidate: CAN-2002-1088 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1088 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020725 Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0296.html Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963273 Reference: BID:5313 Reference: URL:http://www.securityfocus.com/bid/5313 Reference: XF:groupwise-rcpt-bo(9671) Reference: URL:http://www.iss.net/security_center/static/9671.php Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command. INFERRED ACTION: CAN-2002-1088 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Baker, Cole NOOP(3) Cox, Wall, Foat
|
||||
