|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 350 Candidates
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-1999-1337 CVE-1999-1337 CAN-1999-1468 CVE-1999-1468 CAN-1999-1490 CVE-1999-1490 CAN-2000-0502 CVE-2000-0502 CAN-2000-0590 CVE-2000-0590 CAN-2000-1210 CVE-2000-1210 CAN-2000-1211 CVE-2000-1211 CAN-2000-1212 CVE-2000-1212 CAN-2001-0724 CVE-2001-0724 CAN-2001-0748 CVE-2001-0748 CAN-2001-0763 CVE-2001-0763 CAN-2001-0873 CVE-2001-0873 CAN-2001-0891 CVE-2001-0891 CAN-2001-0921 CVE-2001-0921 CAN-2001-0959 CVE-2001-0959 CAN-2001-0960 CVE-2001-0960 CAN-2001-0978 CVE-2001-0978 CAN-2001-1008 CVE-2001-1008 CAN-2001-1028 CVE-2001-1028 CAN-2001-1036 CVE-2001-1036 CAN-2001-1059 CVE-2001-1059 CAN-2001-1106 CVE-2001-1106 CAN-2001-1145 CVE-2001-1145 CAN-2001-1251 CVE-2001-1251 CAN-2001-1291 CVE-2001-1291 CAN-2001-1296 CVE-2001-1296 CAN-2001-1301 CVE-2001-1301 CAN-2001-1303 CVE-2001-1303 CAN-2001-1327 CVE-2001-1327 CAN-2001-1334 CVE-2001-1334 CAN-2001-1349 CVE-2001-1349 CAN-2001-1359 CVE-2001-1359 CAN-2001-1369 CVE-2001-1369 CAN-2001-1370 CVE-2001-1370 CAN-2001-1371 CVE-2001-1371 CAN-2001-1372 CVE-2001-1372 CAN-2001-1373 CVE-2001-1373 CAN-2001-1374 CVE-2001-1374 CAN-2001-1375 CVE-2001-1375 CAN-2001-1378 CVE-2001-1378 CAN-2001-1380 CVE-2001-1380 CAN-2001-1382 CVE-2001-1382 CAN-2001-1383 CVE-2001-1383 CAN-2001-1385 CVE-2001-1385 CAN-2001-1406 CVE-2001-1406 CAN-2001-1407 CVE-2001-1407 CAN-2002-0006 CVE-2002-0006 CAN-2002-0009 CVE-2002-0009 CAN-2002-0011 CVE-2002-0011 CAN-2002-0014 CVE-2002-0014 CAN-2002-0017 CVE-2002-0017 CAN-2002-0024 CVE-2002-0024 CAN-2002-0032 CVE-2002-0032 CAN-2002-0033 CVE-2002-0033 CAN-2002-0042 CVE-2002-0042 CAN-2002-0054 CVE-2002-0054 CAN-2002-0061 CVE-2002-0061 CAN-2002-0062 CVE-2002-0062 CAN-2002-0067 CVE-2002-0067 CAN-2002-0068 CVE-2002-0068 CAN-2002-0069 CVE-2002-0069 CAN-2002-0071 CVE-2002-0071 CAN-2002-0072 CVE-2002-0072 CAN-2002-0073 CVE-2002-0073 CAN-2002-0074 CVE-2002-0074 CAN-2002-0075 CVE-2002-0075 CAN-2002-0076 CVE-2002-0076 CAN-2002-0079 CVE-2002-0079 CAN-2002-0094 CVE-2002-0094 CAN-2002-0095 CVE-2002-0095 CAN-2002-0120 CVE-2002-0120 CAN-2002-0123 CVE-2002-0123 CAN-2002-0146 CVE-2002-0146 CAN-2002-0147 CVE-2002-0147 CAN-2002-0148 CVE-2002-0148 CAN-2002-0149 CVE-2002-0149 CAN-2002-0150 CVE-2002-0150 CAN-2002-0155 CVE-2002-0155 CAN-2002-0157 CVE-2002-0157 CAN-2002-0163 CVE-2002-0163 CAN-2002-0169 CVE-2002-0169 CAN-2002-0170 CVE-2002-0170 CAN-2002-0171 CVE-2002-0171 CAN-2002-0172 CVE-2002-0172 CAN-2002-0173 CVE-2002-0173 CAN-2002-0174 CVE-2002-0174 CAN-2002-0178 CVE-2002-0178 CAN-2002-0181 CVE-2002-0181 CAN-2002-0184 CVE-2002-0184 CAN-2002-0185 CVE-2002-0185 CAN-2002-0186 CVE-2002-0186 CAN-2002-0187 CVE-2002-0187 CAN-2002-0190 CVE-2002-0190 CAN-2002-0191 CVE-2002-0191 CAN-2002-0213 CVE-2002-0213 CAN-2002-0241 CVE-2002-0241 CAN-2002-0246 CVE-2002-0246 CAN-2002-0250 CVE-2002-0250 CAN-2002-0267 CVE-2002-0267 CAN-2002-0274 CVE-2002-0274 CAN-2002-0276 CVE-2002-0276 CAN-2002-0287 CVE-2002-0287 CAN-2002-0290 CVE-2002-0290 CAN-2002-0292 CVE-2002-0292 CAN-2002-0299 CVE-2002-0299 CAN-2002-0300 CVE-2002-0300 CAN-2002-0302 CVE-2002-0302 CAN-2002-0309 CVE-2002-0309 CAN-2002-0318 CVE-2002-0318 CAN-2002-0329 CVE-2002-0329 CAN-2002-0330 CVE-2002-0330 CAN-2002-0339 CVE-2002-0339 CAN-2002-0355 CVE-2002-0355 CAN-2002-0356 CVE-2002-0356 CAN-2002-0358 CVE-2002-0358 CAN-2002-0359 CVE-2002-0359 CAN-2002-0363 CVE-2002-0363 CAN-2002-0364 CVE-2002-0364 CAN-2002-0366 CVE-2002-0366 CAN-2002-0367 CVE-2002-0367 CAN-2002-0368 CVE-2002-0368 CAN-2002-0369 CVE-2002-0369 CAN-2002-0372 CVE-2002-0372 CAN-2002-0373 CVE-2002-0373 CAN-2002-0374 CVE-2002-0374 CAN-2002-0377 CVE-2002-0377 CAN-2002-0379 CVE-2002-0379 CAN-2002-0381 CVE-2002-0381 CAN-2002-0382 CVE-2002-0382 CAN-2002-0389 CVE-2002-0389 CAN-2002-0391 CVE-2002-0391 CAN-2002-0392 CVE-2002-0392 CAN-2002-0394 CVE-2002-0394 CAN-2002-0401 CVE-2002-0401 CAN-2002-0402 CVE-2002-0402 CAN-2002-0403 CVE-2002-0403 CAN-2002-0404 CVE-2002-0404 CAN-2002-0406 CVE-2002-0406 CAN-2002-0412 CVE-2002-0412 CAN-2002-0414 CVE-2002-0414 CAN-2002-0423 CVE-2002-0423 CAN-2002-0424 CVE-2002-0424 CAN-2002-0425 CVE-2002-0425 CAN-2002-0429 CVE-2002-0429 CAN-2002-0431 CVE-2002-0431 CAN-2002-0435 CVE-2002-0435 CAN-2002-0437 CVE-2002-0437 CAN-2002-0441 CVE-2002-0441 CAN-2002-0442 CVE-2002-0442 CAN-2002-0451 CVE-2002-0451 CAN-2002-0454 CVE-2002-0454 CAN-2002-0462 CVE-2002-0462 CAN-2002-0463 CVE-2002-0463 CAN-2002-0464 CVE-2002-0464 CAN-2002-0473 CVE-2002-0473 CAN-2002-0484 CVE-2002-0484 CAN-2002-0488 CVE-2002-0488 CAN-2002-0490 CVE-2002-0490 CAN-2002-0493 CVE-2002-0493 CAN-2002-0494 CVE-2002-0494 CAN-2002-0495 CVE-2002-0495 CAN-2002-0497 CVE-2002-0497 CAN-2002-0501 CVE-2002-0501 CAN-2002-0505 CVE-2002-0505 CAN-2002-0506 CVE-2002-0506 CAN-2002-0511 CVE-2002-0511 CAN-2002-0512 CVE-2002-0512 CAN-2002-0513 CVE-2002-0513 CAN-2002-0516 CVE-2002-0516 CAN-2002-0531 CVE-2002-0531 CAN-2002-0532 CVE-2002-0532 CAN-2002-0536 CVE-2002-0536 CAN-2002-0538 CVE-2002-0538 CAN-2002-0539 CVE-2002-0539 CAN-2002-0542 CVE-2002-0542 CAN-2002-0543 CVE-2002-0543 CAN-2002-0545 CVE-2002-0545 CAN-2002-0553 CVE-2002-0553 CAN-2002-0567 CVE-2002-0567 CAN-2002-0569 CVE-2002-0569 CAN-2002-0571 CVE-2002-0571 CAN-2002-0573 CVE-2002-0573 CAN-2002-0574 CVE-2002-0574 CAN-2002-0575 CVE-2002-0575 CAN-2002-0576 CVE-2002-0576 CAN-2002-0594 CVE-2002-0594 CAN-2002-0597 CVE-2002-0597 CAN-2002-0598 CVE-2002-0598 CAN-2002-0599 CVE-2002-0599 CAN-2002-0601 CVE-2002-0601 CAN-2002-0605 CVE-2002-0605 CAN-2002-0613 CVE-2002-0613 CAN-2002-0616 CVE-2002-0616 CAN-2002-0617 CVE-2002-0617 CAN-2002-0618 CVE-2002-0618 CAN-2002-0619 CVE-2002-0619 CAN-2002-0621 CVE-2002-0621 CAN-2002-0622 CVE-2002-0622 CAN-2002-0623 CVE-2002-0623 CAN-2002-0631 CVE-2002-0631 CAN-2002-0638 CVE-2002-0638 CAN-2002-0639 CVE-2002-0639 CAN-2002-0640 CVE-2002-0640 CAN-2002-0642 CVE-2002-0642 CAN-2002-0647 CVE-2002-0647 CAN-2002-0648 CVE-2002-0648 CAN-2002-0650 CVE-2002-0650 CAN-2002-0653 CVE-2002-0653 CAN-2002-0658 CVE-2002-0658 CAN-2002-0663 CVE-2002-0663 CAN-2002-0665 CVE-2002-0665 CAN-2002-0671 CVE-2002-0671 CAN-2002-0676 CVE-2002-0676 CAN-2002-0678 CVE-2002-0678 CAN-2002-0679 CVE-2002-0679 CAN-2002-0685 CVE-2002-0685 CAN-2002-0687 CVE-2002-0687 CAN-2002-0688 CVE-2002-0688 CAN-2002-0691 CVE-2002-0691 CAN-2002-0695 CVE-2002-0695 CAN-2002-0697 CVE-2002-0697 CAN-2002-0698 CVE-2002-0698 CAN-2002-0700 CVE-2002-0700 CAN-2002-0701 CVE-2002-0701 CAN-2002-0703 CVE-2002-0703 CAN-2002-0704 CVE-2002-0704 CAN-2002-0710 CVE-2002-0710 CAN-2002-0714 CVE-2002-0714 CAN-2002-0716 CVE-2002-0716 CAN-2002-0718 CVE-2002-0718 CAN-2002-0719 CVE-2002-0719 CAN-2002-0720 CVE-2002-0720 CAN-2002-0722 CVE-2002-0722 CAN-2002-0726 CVE-2002-0726 CAN-2002-0727 CVE-2002-0727 CAN-2002-0733 CVE-2002-0733 CAN-2002-0734 CVE-2002-0734 CAN-2002-0736 CVE-2002-0736 CAN-2002-0737 CVE-2002-0737 CAN-2002-0738 CVE-2002-0738 CAN-2002-0741 CVE-2002-0741 CAN-2002-0748 CVE-2002-0748 CAN-2002-0754 CVE-2002-0754 CAN-2002-0755 CVE-2002-0755 CAN-2002-0758 CVE-2002-0758 CAN-2002-0759 CVE-2002-0759 CAN-2002-0760 CVE-2002-0760 CAN-2002-0761 CVE-2002-0761 CAN-2002-0762 CVE-2002-0762 CAN-2002-0765 CVE-2002-0765 CAN-2002-0766 CVE-2002-0766 CAN-2002-0768 CVE-2002-0768 CAN-2002-0776 CVE-2002-0776 CAN-2002-0777 CVE-2002-0777 CAN-2002-0778 CVE-2002-0778 CAN-2002-0785 CVE-2002-0785 CAN-2002-0788 CVE-2002-0788 CAN-2002-0789 CVE-2002-0789 CAN-2002-0790 CVE-2002-0790 CAN-2002-0794 CVE-2002-0794 CAN-2002-0795 CVE-2002-0795 CAN-2002-0801 CVE-2002-0801 CAN-2002-0802 CVE-2002-0802 CAN-2002-0804 CVE-2002-0804 CAN-2002-0805 CVE-2002-0805 CAN-2002-0806 CVE-2002-0806 CAN-2002-0808 CVE-2002-0808 CAN-2002-0809 CVE-2002-0809 CAN-2002-0810 CVE-2002-0810 CAN-2002-0813 CVE-2002-0813 CAN-2002-0814 CVE-2002-0814 CAN-2002-0816 CVE-2002-0816 CAN-2002-0817 CVE-2002-0817 CAN-2002-0818 CVE-2002-0818 CAN-2002-0823 CVE-2002-0823 CAN-2002-0824 CVE-2002-0824 CAN-2002-0826 CVE-2002-0826 CAN-2002-0829 CVE-2002-0829 CAN-2002-0830 CVE-2002-0830 CAN-2002-0831 CVE-2002-0831 CAN-2002-0845 CVE-2002-0845 CAN-2002-0846 CVE-2002-0846 CAN-2002-0847 CVE-2002-0847 CAN-2002-0848 CVE-2002-0848 CAN-2002-0851 CVE-2002-0851 CAN-2002-0853 CVE-2002-0853 CAN-2002-0856 CVE-2002-0856 CAN-2002-0859 CVE-2002-0859 CAN-2002-0860 CVE-2002-0860 CAN-2002-0871 CVE-2002-0871 CAN-2002-0872 CVE-2002-0872 CAN-2002-0873 CVE-2002-0873 CAN-2002-0875 CVE-2002-0875 CAN-2002-0887 CVE-2002-0887 CAN-2002-0889 CVE-2002-0889 CAN-2002-0891 CVE-2002-0891 CAN-2002-0892 CVE-2002-0892 CAN-2002-0897 CVE-2002-0897 CAN-2002-0898 CVE-2002-0898 CAN-2002-0900 CVE-2002-0900 CAN-2002-0904 CVE-2002-0904 CAN-2002-0906 CVE-2002-0906 CAN-2002-0911 CVE-2002-0911 CAN-2002-0914 CVE-2002-0914 CAN-2002-0916 CVE-2002-0916 CAN-2002-0935 CVE-2002-0935 CAN-2002-0938 CVE-2002-0938 CAN-2002-0941 CVE-2002-0941 CAN-2002-0945 CVE-2002-0945 CAN-2002-0946 CVE-2002-0946 CAN-2002-0947 CVE-2002-0947 CAN-2002-0952 CVE-2002-0952 CAN-2002-0953 CVE-2002-0953 CAN-2002-0958 CVE-2002-0958 CAN-2002-0964 CVE-2002-0964 CAN-2002-0965 CVE-2002-0965 CAN-2002-0967 CVE-2002-0967 CAN-2002-0968 CVE-2002-0968 CAN-2002-0981 CVE-2002-0981 CAN-2002-0984 CVE-2002-0984 CAN-2002-0987 CVE-2002-0987 CAN-2002-0988 CVE-2002-0988 CAN-2002-0989 CVE-2002-0989 CAN-2002-0995 CVE-2002-0995 CAN-2002-1000 CVE-2002-1000 CAN-2002-1002 CVE-2002-1002 CAN-2002-1004 CVE-2002-1004 CAN-2002-1006 CVE-2002-1006 CAN-2002-1013 CVE-2002-1013 CAN-2002-1014 CVE-2002-1014 CAN-2002-1015 CVE-2002-1015 CAN-2002-1024 CVE-2002-1024 CAN-2002-1025 CVE-2002-1025 CAN-2002-1030 CVE-2002-1030 CAN-2002-1031 CVE-2002-1031 CAN-2002-1035 CVE-2002-1035 CAN-2002-1039 CVE-2002-1039 CAN-2002-1046 CVE-2002-1046 CAN-2002-1049 CVE-2002-1049 CAN-2002-1050 CVE-2002-1050 CAN-2002-1051 CVE-2002-1051 CAN-2002-1053 CVE-2002-1053 CAN-2002-1054 CVE-2002-1054 CAN-2002-1057 CVE-2002-1057 CAN-2002-1059 CVE-2002-1059 CAN-2002-1060 CVE-2002-1060 CAN-2002-1076 CVE-2002-1076 CAN-2002-1079 CVE-2002-1079 CAN-2002-1081 CVE-2002-1081 CAN-2002-1088 CVE-2002-1088 ====================================================== Candidate: CAN-1999-1337 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1337 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990801 midnight commander vulnerability(?) (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93370073207984&w=2 Reference: XF:midnight-commander-data-disclosure(9873) Reference: URL:http://www.iss.net/security_center/static/9873.php FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges. Modifications: ADDREF XF:midnight-commander-data-disclosure(9873) INFERRED ACTION: CAN-1999-1337 FINAL (Final Decision 20030402) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> (Task 1765) CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:midnight-commander-data-disclosure(9873) ====================================================== Candidate: CAN-1999-1468 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1468 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html Reference: CERT:CA-91.20 Reference: URL:http://www.cert.org/advisories/CA-91.20.rdist.vulnerability Reference: BID:31 Reference: URL:http://www.securityfocus.com/bid/31 Reference: XF:rdist-popen-gain-privileges(7160) Reference: URL:http://www.iss.net/security_center/static/7160.php rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable. Modifications: ADDREF XF:rdist-popen-gain-privileges(7160) CHANGEREF MISC [change url] INFERRED ACTION: CAN-1999-1468 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Frech> XF:rdist-popen-gain-privileges(7160) MISC reference is dead. Alternative: http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html Christey> It is unclear whether this is addressed by SUN:00115, SUN:00110, both, or neither. ====================================================== Candidate: CAN-1999-1490 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1490 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980528 ALERT: Tiresome security hole in "xosview", RedHat5.1? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926021&w=2 Reference: BUGTRAQ:19980529 Re: Tiresome security hole in "xosview" (xosexp.c) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926034&w=2 Reference: BID:362 Reference: URL:http://www.securityfocus.com/bid/362 Reference: XF:linux-xosview-bo(8787) Reference: URL:http://www.iss.net/security_center/static/8787.php xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable. Modifications: ADDREF XF:linux-xosview-bo(8787) INFERRED ACTION: CAN-1999-1490 FINAL (Final Decision 20030402) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> (ACCEPT; Task 2354) CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:linux-xosview-bo(8787) ====================================================== Candidate: CAN-2000-0502 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0502 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020222-01 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000607 Mcafee Alerting DOS vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html Reference: BID:1326 Reference: URL:http://www.securityfocus.com/bid/1326 Reference: XF:mcafee-alerting-dos(4641) Reference: URL:http://xforce.iss.net/static/4641.php Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion. Modifications: ADDREF XF:mcafee-alerting-dos(4641) INFERRED ACTION: CAN-2000-0502 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Ozancin, Levy, Wall MODIFY(1) Frech NOOP(1) LeBlanc Voter Comments: Frech> XF:mcafee-alerting-dos(4641) CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0590 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0590 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20010910-01 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000706 Vulnerability in Poll_It cgi v2.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0076.html Reference: BID:1431 Reference: URL:http://www.securityfocus.com/bid/1431 Reference: XF:http-cgi-pollit-variable-overwrite(4878) Reference: URL:http://xforce.iss.net/static/4878.php Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter. Modifications: ADDREF XF:http-cgi-pollit-variable-overwrite(4878) INFERRED ACTION: CAN-2000-0590 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(4) Magdych, LeBlanc, Wall, Christey Voter Comments: Frech> XF;http-cgi-pollit-variable-overwrite(4878) CHANGE> [Magdych changed vote from REVIEWING to NOOP] Christey> MISC:http://www.cgi-world.com/download/pollit.html An item on October 24, 2000 says "Updated to Version 2.05 from 2.0 to Fix Security Issues" but it's not clear whether it's related to *this* security issue; it's probably talking about CVE-2000-1068/1069/1070. Inquiry sent to http://www.cgi-world.com/cgi-bin/forms/forms.cgi on 2/22/2002. Confirmed by vendor on 2/22/2002. ====================================================== Candidate: CAN-2000-1210 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1210 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20000322 Security bug in Apache project: Jakarta Tomcat Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95371672300045&w=2 Reference: XF:apache-tomcat-file-contents(4205) Reference: URL:http://www.iss.net/security_center/static/4205.php Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp. INFERRED ACTION: CAN-2000-1210 FINAL (Final Decision 20030402) Current Votes: ACCEPT(6) Baker, Frech, Cox, Cole, Armstrong, Green NOOP(2) Wall, Foat Voter Comments: Green> APPEARS TO BE ACKNOWLEDGED IN APACHE'S BUGZILLA (#93 SEEMS CLOSE) ====================================================== Candidate: CAN-2000-1211 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1211 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20001222 Zope DTML Role Issue Reference: REDHAT:RHSA-2000:125 Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert Reference: MANDRAKE:MDKSA-2000:083 Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3 Reference: XF:zope-legacy-names(5824) Reference: URL:http://www.iss.net/security_center/static/5824.php Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities. Modifications: ADDREF XF:zope-legacy-names(5824) INFERRED ACTION: CAN-2000-1211 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Cox, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Cox> ADDREF:REDHAT:RHSA-2000:125 Frech> XF:zope-legacy-names(5824) ====================================================== Candidate: CAN-2000-1212 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1212 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: MANDRAKE:MDKSA-2000:086 Reference: CONECTIVA:CLA-2000:365 Reference: DEBIAN:DSA-007 Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert Reference: REDHAT:RHSA-2000:135 Reference: XF:zope-image-file(5778) Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects. INFERRED ACTION: CAN-2000-1212 FINAL (Final Decision 20030402) Current Votes: ACCEPT(6) Baker, Frech, Cox, Cole, Armstrong, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0724 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0724 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-02 Proposed: 20020131 Assigned: 20010927 Category: SF Reference: MS:MS01-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp Reference: XF:ie-incorrect-security-zone-variant(8471) Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664. Modifications: ADDREF XF:ie-incorrect-security-zone-variant(8471) DESC Change "CAN" to "CVE" in description. INFERRED ACTION: CAN-2001-0724 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Foat, Cole, Armstrong, Baker MODIFY(1) Frech Voter Comments: Frech> (ACCEPT) CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:ie-incorrect-security-zone-variant(8471) ====================================================== Candidate: CAN-2001-0748 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0748 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010531 Acme.Server v1.7 of 13nov96 Directory Browsing Reference: URL:http://www.securityfocus.com/archive/1/188141 Reference: XF:acme-serve-directory-traversal(6634) Reference: URL:http://www.iss.net/security_center/static/6634.php Reference: CISCO:20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml Reference: BID:2809 Reference: URL:http://www.securityfocus.com/bid/2809 Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI. Modifications: ADDREF XF:acme-serve-directory-traversal(6634) ADDREF CISCO:20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability DESC replace "." with "/"; change spelling ADDREF BID:2809 INFERRED ACTION: CAN-2001-0748 FINAL (Final Decision 20030402) Current Votes: ACCEPT(1) Armstrong MODIFY(1) Frech NOOP(4) Wall, Foat, Cole, Christey Voter Comments: Frech> XF:acme-serve-directory-traversal(6634) Christey> Change description to say "Acme.Serve". The original discloser spelled it 2 different ways. Christey> Description: Is it . or slash? Christey> Acknowledged by Cisco (!): CISCO:20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability URL:http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml This affects Cisco Secure ACS Unix installation, and Cisco reports that it's due to multiple / at the end. ====================================================== Candidate: CAN-2001-0763 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0763 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020821-03 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0064.html Reference: CONECTIVA:CLA-2001:404 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000404 Reference: DEBIAN:DSA-063 Reference: URL:http://www.debian.org/security/2001/dsa-063 Reference: SUSE:SA:2001:022 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Jun/0002.html Reference: IMMUNIX:IMNX-2001-70-024-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-024-01 Reference: ENGARDE:ESA-20010621-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1469.html Reference: CIAC:L-104 Reference: URL:http://www.ciac.org/ciac/bulletins/l-104.shtml Reference: REDHAT:RHSA-2001:075 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-075.html Reference: FREEBSD:FreeBSD-SA-01:47 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:47.xinetd.asc Reference: XF:xinetd-identd-bo(6670) Reference: URL:http://xforce.iss.net/static/6670.php Reference: BID:2840 Reference: URL:http://www.securityfocus.com/bid/2840 Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function. Modifications: ADDREF XF:xinetd-identd-bo(6670) ADDREF BID:2840 ADDREF IMMUNIX:IMNX-2001-70-029-01 ADDREF ENGARDE:ESA-20010621-01 ADDREF CIAC:L-104 ADDREF REDHAT:RHSA-2001:075 ADDREF FREEBSD:FreeBSD-SA-01:47 ADDREF CONECTIVA:CLA-2001:404 DELREF CONECTIVA:CLA-2001:406 CHANGEREF IMMUNIX:IMNX-2001-70-024-01 INFERRED ACTION: CAN-2001-0763 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Baker MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:xinetd-identd-bo(6670) Christey> Need to sift through the references to make sure they're correct and appropriately distinguish from CAN-2001-0825. Christey> ADDREF CONECTIVA:CLA-2001:404 Christey> ADDREF FREEBSD:FreeBSD-SA-01:47 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:47.xinetd.asc DELREF CONECTIVA:CLA-2001:406 (that's for CAN-2001-0825) ADDREF CONECTIVA:CLA-2001:404 DELREF IMMUNIX:IMNX-2001-70-029-01 (that's for CAN-2001-0825) ADDREF IMMUNIX:IMNX-2001-70-024-01 ====================================================== Candidate: CAN-2001-0873 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0873 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020818-01 Proposed: 20020131 Assigned: 20011206 Category: SF Reference: BUGTRAQ:20010908 Multiple vendor 'Taylor UUCP' problems. Reference: URL:http://www.securityfocus.com/archive/1/212892 Reference: BUGTRAQ:20011130 Redhat 7.0 local root (via uucp) (attempt 2) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715446131820 Reference: CALDERA:CSSA-2001-033.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-033.0.txt Reference: CONECTIVA:CLA-2001:425 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425 Reference: SUSE:SuSE-SA:2001:38 Reference: URL:http://www.suse.de/de/support/security/2001_038_uucp_txt.txt Reference: BID:3312 Reference: URL:http://www.securityfocus.com/bid/3312 Reference: XF:uucp-argument-gain-privileges(7099) Reference: URL:http://xforce.iss.net/static/7099.php Reference: REDHAT:RHSA-2001:165 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-165.html uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option. Modifications: ADDREF REDHAT:RHSA-2001:165 INFERRED ACTION: CAN-2001-0873 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(3) Wall, Foat, Christey Voter Comments: Christey> ADDREF CONECTIVA:CLA-2002:463 Christey> No wait, scratch CONECTIVA:CLA-2002:463... It only mentions this older vulnerability. Christey> REDHAT:RHSA-2001:165 (per Mark Cox) ====================================================== Candidate: CAN-2001-0891 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0891 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020116 Category: SF Reference: BUGTRAQ:20011127 UNICOS LOCAL HOLE ALL VERSIONS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100695627423924&w=2 Reference: SGI:20020101-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020101-01-I Reference: XF:unicos-nqsd-format-string(7618) Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters. Modifications: ADDREF XF:unicos-nqsd-format-string(7618) DESC Add SGI IRIX versions INFERRED ACTION: CAN-2001-0891 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Armstrong, Baker MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Frech> XF:unicos-nqsd-format-string(7618) Christey> Change desc to include SGI versions ====================================================== Candidate: CAN-2001-0921 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0921 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 Mac Netscape password fields Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638816318705&w=2 Reference: XF:macos-netscape-print-passwords(7593) Reference: URL:http://xforce.iss.net/static/7593.php Reference: BID:3565 Reference: URL:http://www.securityfocus.com/bid/3565 Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext. INFERRED ACTION: CAN-2001-0921 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(2) Wall, Armstrong ====================================================== Candidate: CAN-2001-0959 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0959 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html Reference: BID:3342 Reference: URL:http://www.securityfocus.com/bid/3342 Reference: XF:arcserve-aremote-plaintext(7122) Reference: URL:http://www.iss.net/security_center/static/7122.php Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files. Modifications: ADDREF XF:arcserve-aremote-plaintext(7122) INFERRED ACTION: CAN-2001-0959 FINAL (Final Decision 20030402) Current Votes: ACCEPT(1) Cole MODIFY(2) Green, Frech NOOP(2) Wall, Foat Voter Comments: Green> VENDOR ACKNOWLEDGEMENT VAGUE Frech> XF:arcserve-aremote-plaintext(7122) ====================================================== Candidate: CAN-2001-0960 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0960 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html Reference: XF:arcserve-aremote-plaintext(7122) Reference: URL:http://xforce.iss.net/static/7122.php Reference: BID:3343 Reference: URL:http://www.securityfocus.com/bid/3343 Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges. INFERRED ACTION: CAN-2001-0960 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Cole, Frech MODIFY(1) Green NOOP(2) Wall, Foat Voter Comments: Green> VENDOR ACKNOWLEDGEMENT MISSING ====================================================== Candidate: CAN-2001-0978 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0978 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: HPBUG:PHCO_17719 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0052.html Reference: HPBUG:PHCO_24454 Reference: BID:3289 Reference: URL:http://www.securityfocus.com/bid/3289 Reference: XF:hpux-login-btmp(8632) Reference: URL:http://www.iss.net/security_center/static/8632.php login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program. Modifications: ADDREF XF:hpux-login-btmp(8632) INFERRED ACTION: CAN-2001-0978 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Baker MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:hpux-login-btmp(8632) ====================================================== Candidate: CAN-2001-1008 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1008 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010824 Java Plugin 1.4 with JRE 1.3 -> Ignores certificates. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.html Reference: BID:3245 Reference: URL:http://www.securityfocus.com/bid/3245 Reference: XF:javaplugin-jre-expired-certificate(7048) Reference: URL:http://www.iss.net/security_center/static/7048.php Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate. Modifications: ADDREF XF:javaplugin-jre-expired-certificate(7048) INFERRED ACTION: CAN-2001-1008 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Armstrong Voter Comments: Frech> XF:javaplugin-jre-expired-certificate(7048) ====================================================== Candidate: CAN-2001-1028 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1028 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: REDHAT:RHSA-2001:072 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-072.html Reference: XF:man-ultimate-source-bo(8622) Reference: URL:http://www.iss.net/security_center/static/8622.php Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges. Modifications: ADDREF XF:man-ultimate-source-bo(8622) INFERRED ACTION: CAN-2001-1028 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Baker MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:man-ultimate-source-bo(8622) ====================================================== Candidate: CAN-2001-1036 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1036 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Reference: URL:http://www.securityfocus.com/archive/1/200991 Reference: XF:locate-command-execution(6932) Reference: URL:http://xforce.iss.net/static/6932.php Reference: BID:3127 Reference: URL:http://www.securityfocus.com/bid/3127 GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory. INFERRED ACTION: CAN-2001-1036 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(3) Wall, Foat, Armstrong ====================================================== Candidate: CAN-2001-1059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1059 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20010730 vmware bug? Reference: URL:http://www.securityfocus.com/archive/1/200455 Reference: BID:3119 Reference: URL:http://www.securityfocus.com/bid/3119 Reference: XF:vmware-obtain-license-info(6925) Reference: URL:http://xforce.iss.net/static/6925.php VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information. INFERRED ACTION: CAN-2001-1059 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Foat, Cole, Green, Frech NOOP(2) Wall, Armstrong ====================================================== Candidate: CAN-2001-1106 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1106 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010725 Sambar Server password decryption Reference: URL:http://www.securityfocus.com/archive/1/199418 Reference: BID:3095 Reference: URL:http://www.securityfocus.com/bid/3095 Reference: XF:sambar-insecure-passwords(6909) Reference: URL:http://xforce.iss.net/static/6909.php The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure. INFERRED ACTION: CAN-2001-1106 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Green, Baker, Frech, Ziese NOOP(5) Wall, Foat, Cole, Armstrong, Christey Voter Comments: Green> There is vendor acknowledgement in http://www.security.nnov.ru/advisories/sambarpass.asp Christey> For CVE's purposes, I do not count a vendor quote or excerpt from a third party as acknowledgement. ====================================================== Candidate: CAN-2001-1145 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1145 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020315 Assigned: 20020315 Category: SF Reference: NETBSD:NetBSD-SA2001-016 Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html Reference: FREEBSD:FreeBSD-SA-01:40 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc Reference: OPENBSD:20010530 029: SECURITY FIX: May 30, 2001 Reference: URL:http://www.openbsd.org/errata28.html Reference: BID:3205 Reference: URL:http://online.securityfocus.com/bid/3205 Reference: XF:bsd-fts-race-condition(8715) Reference: URL:http://www.iss.net/security_center/static/8715.php fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories. Modifications: ADDREF XF:bsd-fts-race-condition(8715) INFERRED ACTION: CAN-2001-1145 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Baker, Ziese MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:bsd-fts-race-condition(8715) ====================================================== Candidate: CAN-2001-1251 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1251 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP Reference: URL:http://online.securityfocus.com/archive/1/194418 Reference: BID:2980 Reference: URL:http://online.securityfocus.com/bid/2980 Reference: XF:vwebserver-long-url-dos(6771) Reference: URL:http://www.iss.net/security_center/static/6771.php SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests. INFERRED ACTION: CAN-2001-1251 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1291 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1291 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010712 3Com TelnetD Reference: URL:http://www.securityfocus.com/archive/1/196957 Reference: XF:3com-telnetd-brute-force(6855) Reference: URL:http://xforce.iss.net/static/6855.php Reference: BID:3034 Reference: URL:http://www.securityfocus.com/bid/3034 The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing. INFERRED ACTION: CAN-2001-1291 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1296 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1296 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://www.securityfocus.com/archive/1/218000 Reference: MISC:http://www.moregroupware.org/index.php?action=detail&news_id=24 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://www.iss.net/security_center/static/7215.php Reference: BID:3383 Reference: URL:http://www.securityfocus.com/bid/3383 More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. INFERRED ACTION: CAN-2001-1296 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1301 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1301 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030325-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010807 rcs2log Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0093.html Reference: CONFIRM:http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95 Reference: XF:rcs2log-tmp-symlink(11210) Reference: URL:http://www.iss.net/security_center/static/11210.php rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. Modifications: ADDREF CONFIRM:http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95 ADDREF XF:rcs2log-tmp-symlink(11210) DESC change versions INFERRED ACTION: CAN-2001-1301 FINAL (Final Decision 20030402) Current Votes: ACCEPT(1) Green MODIFY(2) Frech, Cox NOOP(3) Wall, Foat, Cole Voter Comments: Frech> Task xxxx. CHANGE> [Cox changed vote from REVIEWING to MODIFY] Cox> Addref: http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95 This was public at least as far back as 28 September 1998, this is the date that the Red Hat emacs package was given a patch for this issue. Cox> Description currently says "xemacs 21.1.10" and it would be more correct to say "xemacs before version 21.4" CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:rcs2log-tmp-symlink(11210) ====================================================== Candidate: CAN-2001-1303 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1303 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20010718 Firewall-1 Information leak Reference: URL:http://www.securityfocus.com/archive/1/197566 Reference: BID:3058 Reference: URL:http://online.securityfocus.com/bid/3058 Reference: XF:fw1-securemote-gain-information(6857) Reference: URL:http://xforce.iss.net/static/6857.php The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication. INFERRED ACTION: CAN-2001-1303 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1327 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1327 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: TURBO:TLSA2001024 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-May/000313.html Reference: XF:pmake-binary-gain-privileges(9988) Reference: URL:http://www.iss.net/security_center/static/9988.php pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake. Modifications: ADDREF XF:pmake-binary-gain-privileges(9988) INFERRED ACTION: CAN-2001-1327 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Cox Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:pmake-binary-gain-privileges(9988) ====================================================== Candidate: CAN-2001-1334 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1334 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010515 PHPSlash : potential vulnerability in URL blocks Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0126.html Reference: CONFIRM:http://marc.theaimsgroup.com/?l=phpslash&m=99029398904419&w=2 Reference: BID:2724 Reference: URL:http://online.securityfocus.com/bid/2724 Reference: XF:phpslash-block-read-files(9990) Reference: URL:http://www.iss.net/security_center/static/9990.php Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL. Modifications: ADDREF XF:phpslash-block-read-files(9990) INFERRED ACTION: CAN-2001-1334 FINAL (Final Decision 20030402) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Cox Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:phpslash-block-read-files(9990) ====================================================== Candidate: CAN-2001-1349 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1349 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BINDVIEW:20010528 Unsafe Signal Handling in Sendmail Reference: URL:http://razor.bindview.com/publish/advisories/adv_sm8120.html Reference: BUGTRAQ:20010529 sendmail 8.11.4 and 8.12.0.Beta10 available (fwd) Reference: URL:http://www.securityfocus.com/archive/1/187127 Reference: REDHAT:RHSA-2001:106 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-106.html Reference: CONFIRM:http://archives.neohapsis.com/archives/sendmail/2001-q2/0001.html Reference: BID:2794 Reference: URL:http://www.securityfocus.com/bid/2794 Reference: XF:sendmail-signal-handling(6633) Reference: URL:http://www.iss.net/security_center/static/6633.php Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers. Modifications: ADDREF REDHAT:RHSA-2001:106 ADDREF XF:sendmail-signal-handling(6633) INFERRED ACTION: CAN-2001-1349 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Wall, Cole, Green, Cox MODIFY(1) Frech NOOP(1) Foat Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Cox> ADDREF: RHSA-2001:106 Frech> XF:sendmail-signal-handling(6633) ====================================================== Candidate: CAN-2001-1359 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1359 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: CF Reference: CALDERA:CSSA-2001-021.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-021.0.txt Reference: BID:2850 Reference: URL:http://www.securityfocus.com/bid/2850 Reference: XF:volution-authentication-failure-access(6672) Reference: URL:http://xforce.iss.net/static/6672.php Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server. INFERRED ACTION: CAN-2001-1359 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Cole, Alderson, Green, Frech NOOP(2) Foat, Cox ====================================================== Candidate: CAN-2001-1369 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1369 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: FREEBSD:FreeBSD-SA-02:14 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:14.pam-pgsql.asc Reference: BID:3319 Reference: URL:http://online.securityfocus.com/bid/3319 Reference: XF:postgresql-pam-authentication-module(7110) Reference: URL:http://www.iss.net/security_center/static/7110.php Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields. INFERRED ACTION: CAN-2001-1369 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Alderson, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1370 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1370 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20010722 [SEC] Hole in PHPLib 7.2 prepend.php3 Reference: URL:http://www.securityfocus.com/archive/1/198768 Reference: BUGTRAQ:20010726 TSLSA-2001-0014 - PHPLib Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99616122712122&w=2 Reference: BUGTRAQ:20010721 IMP 2.2.6 (SECURITY) released Reference: URL:http://online.securityfocus.com/archive/1/198495 Reference: CONECTIVA:CLA-2001:410 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410 Reference: CALDERA:CSSA-2001-027.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-027.0.txt Reference: DEBIAN:DSA-073 Reference: URL:http://www.debian.org/security/2001/dsa-073 Reference: BID:3079 Reference: URL:http://www.securityfocus.com/bid/3079 Reference: XF:phplib-script-execution(6892) Reference: URL:http://www.iss.net/security_center/static/6892.php prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib. INFERRED ACTION: CAN-2001-1370 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Alderson, Green, Frech NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1371 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1371 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020206 Hackproofing Oracle Application Server paper Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301813117562&w=2 Reference: MISC:http://www.nextgenss.com/papers/hpoas.pdf Reference: CERT-VN:VU#736923 Reference: URL:http://www.kb.cert.org/vuls/id/736923 Reference: CERT:CA-2002-08 Reference: URL:http://www.cert.org/advisories/CA-2002-08.html Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf Reference: BID:4289 Reference: URL:http://www.securityfocus.com/bid/4289 Reference: XF:oracle-appserver-soap-components(8449) Reference: URL:http://www.iss.net/security_center/static/8449.php The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. Modifications: ADDREF XF:oracle-appserver-soap-components(8449) INFERRED ACTION: CAN-2001-1371 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Foat, Cole, Alderson, Green MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:oracle-appserver-soap-components(8449) ====================================================== Candidate: CAN-2001-1372 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1372 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20021116-01 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20010917 Yet another path disclosure vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100074087824021&w=2 Reference: BUGTRAQ:20010921 Response to "Path disclosure vulnerability in Oracle 9i and 8i Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100119633925473&w=2 Reference: MISC:http://www.nii.co.in/research.html Reference: CERT:CA-2002-08 Reference: URL:http://www.cert.org/advisories/CA-2002-08.html Reference: CERT-VN:VU#278971 Reference: URL:http://www.kb.cert.org/vuls/id/278971 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf Reference: BID:3341 Reference: URL:http://www.securityfocus.com/bid/3341 Reference: XF:oracle-jsp-reveal-path(7135) Reference: URL:http://xforce.iss.net/static/7135.php Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. INFERRED ACTION: CAN-2001-1372 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Cole, Alderson, Green, Frech NOOP(3) Foat, Christey, Cox Voter Comments: Christey> ADDREF MISC:http://www.nii.co.in/research.html ====================================================== Candidate: CAN-2001-1373 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1373 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20010718 ZoneAlarm Pro Reference: URL:http://www.securityfocus.com/archive/1/197681 Reference: CONFIRM:http://www.zonelabs.com/products/zap/rel_history.html#2.6.362 Reference: XF:zonealarm-bypass-mailsafe(6877) Reference: URL:http://xforce.iss.net/static/6877.php Reference: BID:3055 Reference: URL:http://www.securityfocus.com/bid/3055 MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments. INFERRED ACTION: CAN-2001-1373 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Cole, Alderson, Green, Frech NOOP(2) Foat, Cox ====================================================== Candidate: CAN-2001-1374 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1374 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-02 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=22187 Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224 Reference: CONECTIVA:CLA-2001:409 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409 Reference: XF:expect-insecure-library-search(6870) Reference: URL:http://xforce.iss.net/static/6870.php Reference: BID:3074 Reference: URL:http://www.securityfocus.com/bid/3074 Reference: REDHAT:RHSA-2002:148 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-148.html Reference: MANDRAKE:MDKSA-2002:060 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:060 expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd. Modifications: ADDREF REDHAT:RHSA-2002:148 ADDREF MANDRAKE:MDKSA-2002:060 INFERRED ACTION: CAN-2001-1374 FINAL (Final Decision 20030402) Current Votes: ACCEPT(6) Wall, Cole, Alderson, Green, Frech, Cox NOOP(2) Foat, Christey Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Christey> REDHAT:RHSA-2002:148 Christey> MANDRAKE:MDKSA-2002:060 ====================================================== Candidate: CAN-2001-1375 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1375 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-02 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28226 Reference: CONECTIVA:CLA-2001:409 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409 Reference: XF:tcltk-insecure-library-search(6869) Reference: URL:http://www.iss.net/security_center/static/6869.php Reference: BID:3073 Reference: URL:http://www.securityfocus.com/bid/3073 Reference: REDHAT:RHSA-2002:148 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-148.html Reference: MANDRAKE:MDKSA-2002:060 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:060 tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory. Modifications: ADDREF REDHAT:RHSA-2002:148 ADDREF MANDRAKE:MDKSA-2002:060 INFERRED ACTION: CAN-2001-1375 FINAL (Final Decision 20030402) Current Votes: ACCEPT(6) Foat, Cole, Alderson, Green, Frech, Cox NOOP(2) Wall, Christey Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Christey> REDHAT:RHSA-2002:148 Christey> MANDRAKE:MDKSA-2002:060 ====================================================== Candidate: CAN-2001-1378 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1378 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020715 Category: SF Reference: MISC:http://lists.ccil.org/pipermail/fetchmail-announce/2001-March/000015.html Reference: REDHAT:RHSA-2001:103 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-103.html fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files. INFERRED ACTION: CAN-2001-1378 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1380 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20011018 Immunix OS update for OpenSSH Reference: BUGTRAQ:20011017 TSLSA-2001-0023 - OpenSSH Reference: BUGTRAQ:20010926 OpenSSH Security Advisory (adv.option) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100154541809940&w=2 Reference: BUGTRAQ:20011019 TSLSA-2001-0026 - OpenSSH Reference: REDHAT:RHSA-2001:114 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-114.html Reference: MANDRAKE:MDKSA-2001:081 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-081.php OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses. INFERRED ACTION: CAN-2001-1380 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1382 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1382 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: CONFIRM:http://www.openwall.com/Owl/CHANGES-stable.shtml The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used. INFERRED ACTION: CAN-2001-1382 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1383 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1383 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: REDHAT:RHSA-2001:110 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-110.html Reference: XF:linux-setserial-initscript-symlink(7177) Reference: URL:http://www.iss.net/security_center/static/7177.php Reference: BID:3367 Reference: URL:http://online.securityfocus.com/bid/3367 initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files. INFERRED ACTION: CAN-2001-1383 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Wall, Cole, Armstrong, Baker, Cox NOOP(1) Foat ====================================================== Candidate: CAN-2001-1385 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1385 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97957961212852 Reference: REDHAT:RHSA-2000:136 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-136.html Reference: MANDRAKE:MDKSA-2001:013 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3 Reference: CONECTIVA:CLA-2001:373 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373 Reference: DEBIAN:DSA-020 Reference: URL:http://www.debian.org/security/2001/dsa-020 Reference: BID:2205 Reference: URL:http://online.securityfocus.com/bid/2205 Reference: XF:php-view-source-code(5939) Reference: URL:http://www.iss.net/security_center/static/5939.php The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. INFERRED ACTION: CAN-2001-1385 FINAL (Final Decision 20030402) Current Votes: ACCEPT(7) Wall, Cole, Armstrong, Green, Baker, Frech, Cox NOOP(1) Foat ====================================================== Candidate: CAN-2001-1406 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1406 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=66235 Reference: REDHAT:RHSA-2001:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html Reference: XF:bugzilla-processbug-old-restrictions(10478) Reference: URL:http://www.iss.net/security_center/static/10478.php process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent. Modifications: ADDREF XF:bugzilla-processbug-old-restrictions(10478) INFERRED ACTION: CAN-2001-1406 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Baker, Cox MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:bugzilla-processbug-old-restrictions(10478) ====================================================== Candidate: CAN-2001-1407 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1407 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030318-01 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=96085 Reference: REDHAT:RHSA-2001:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html Reference: XF:bugzilla-duplicate-view-restricted(10479) Reference: URL:http://www.iss.net/security_center/static/10479.php Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug. Modifications: ADDREF XF:bugzilla-duplicate-view-restricted(10479) INFERRED ACTION: CAN-2001-1407 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Cole, Armstrong, Green, Baker, Cox MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:bugzilla-duplicate-view-restricted(10479) ====================================================== Candidate: CAN-2002-0006 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0006 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020108 Category: SF Reference: BUGTRAQ:20020109 xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101060676210255&w=2 Reference: DEBIAN:DSA-099 Reference: URL:http://www.debian.org/security/2002/dsa-099 Reference: REDHAT:RHSA-2002:005 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-005.html Reference: HP:HPSBTL0201-016 Reference: URL:http://online.securityfocus.com/advisories/3806 Reference: CONECTIVA:CLA-2002:453 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000453 Reference: XF:xchat-ctcp-ping-command(7856) Reference: URL:http://xforce.iss.net/static/7856.php Reference: BID:3830 Reference: URL:http://www.securityfocus.com/bid/3830 XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set. INFERRED ACTION: CAN-2002-0006 FINAL (Final Decision 20030402) Current Votes: ACCEPT(6) Baker, Frech, Cox, Wall, Cole, Alderson NOOP(2) Foat, Christey Voter Comments: Christey> Consider adding BID:3830 ====================================================== Candidate: CAN-2002-0009 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0009 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020131 Assigned: 20020109 Category: SF Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=102141 Reference: XF:bugzilla-showbug-reveal-bugs(7802) Reference: URL:http://www.iss.net/security_center/static/7802.php Reference: BID:3798 Reference: URL:http://www.securityfocus.com/bid/3798 show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. Modifications: ADDREF XF:bugzilla-showbug-reveal-bugs(7802) ADDREF BID:3798 INFERRED ACTION: CAN-2002-0009 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:bugzilla-showbug-reveal-bugs(7802) ====================================================== Candidate: CAN-2002-0011 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0011 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020131 Assigned: 20020109 Category: SF Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=98146 Reference: XF:bugzilla-doeditvotes-login-information(7803) Reference: URL:http://www.iss.net/security_center/static/7803.php Reference: BID:3800 Reference: URL:http://www.securityfocus.com/bid/3800 Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login. Modifications: ADDREF XF:bugzilla-doeditvotes-login-information(7803) ADDREF BID:3800 INFERRED ACTION: CAN-2002-0011 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Cole, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:bugzilla-doeditvotes-login-information(7803) ====================================================== Candidate: CAN-2002-0014 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0014 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020726 Assigned: 20020110 Category: SF Reference: BUGTRAQ:20020105 Pine 4.33 (at least) URL handler allows embedded commands. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101027841605918&w=2 Reference: REDHAT:RHSA-2002:009 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-009.html Reference: ENGARDE:ESA-20020114-002 Reference: CONECTIVA:CLA-2002:460 Reference: FREEBSD:FreeBSD-SA-02:05 Reference: HP:HPSBTL0201-015 Reference: BID:3815 Reference: URL:http://online.securityfocus.com/bid/3815 URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&). INFERRED ACTION: CAN-2002-0014 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong NOOP(2) Foat, Christey Voter Comments: Christey> Consider adding BID:3815 ====================================================== Candidate: CAN-2002-0017 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0017 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020502 Assigned: 20020111 Category: SF Reference: ISS:20020403 Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon Reference: URL:http://www.iss.net/security_center/alerts/advise113.php Reference: SGI:20020201-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-P Reference: BID:4421 Reference: URL:http://www.securityfocus.com/bid/4421 Reference: XF:irix-snmp-bo(7846) Reference: URL:http://www.iss.net/security_center/static/7846.php Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request. Modifications: ADDREF BID:4421 ADDREF XF:irix-snmp-bo(7846) INFERRED ACTION: CAN-2002-0017 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Levy, Cole, Armstrong, Green MODIFY(1) Frech NOOP(4) Cox, Wall, Foat, Christey Voter Comments: Christey> Consider adding BID:4421 Levy> BID 4421 Frech> XF:irix-snmp-bo(7846) ====================================================== Candidate: CAN-2002-0024 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0024 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020315 Assigned: 20020114 Category: SF Reference: MS:MS02-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp Reference: BID:4087 Reference: URL:http://www.securityfocus.com/bid/4087 File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. Modifications: ADDREF BID:4087 INFERRED ACTION: CAN-2002-0024 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Ziese, Wall, Foat, Cole, Green NOOP(1) Christey Voter Comments: Christey> Consider adding BID:4087 ====================================================== Candidate: CAN-2002-0032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0032 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020611 Assigned: 20020116 Category: SF Reference: BUGTRAQ:20020527 Yahoo Messenger - Multiple Vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/274223 Reference: CERT:CA-2002-16 Reference: URL:http://www.cert.org/advisories/CA-2002-16.html Reference: CERT-VN:VU#172315 Reference: URL:http://www.kb.cert.org/vuls/id/172315 Reference: BID:4838 Reference: URL:http://www.securityfocus.com/bid/4838 Reference: XF:yahoo-messenger-script-injection(9184) Reference: URL:http://www.iss.net/security_center/static/9184.php Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI. Modifications: ADDREF XF:yahoo-messenger-script-injection(9184) INFERRED ACTION: CAN-2002-0032 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong MODIFY(1) Frech NOOP(3) Cox, Foat, Christey Voter Comments: Christey> XF:yahoo-messenger-script-injection(9184) URL:http://www.iss.net/security_center/static/9184.php Frech> XF:yahoo-messenger-script-injection(9184) ====================================================== Candidate: CAN-2002-0033 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0033 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020611 Assigned: 20020116 Category: SF Reference: BUGTRAQ:20020505 [LSD] Solaris cachefsd remote buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0026.html Reference: CERT:CA-2002-11 Reference: URL:http://www.cert.org/advisories/CA-2002-11.html Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309 Reference: CERT-VN:VU#635811 Reference: URL:http://www.kb.cert.org/vuls/id/635811 Reference: BID:4674 Reference: URL:http://www.securityfocus.com/bid/4674 Reference: XF:solaris-cachefsd-name-bo(8999) Reference: URL:http://www.iss.net/security_center/static/8999.php Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name. Modifications: ADDREF XF:solaris-cachefsd-name-bo(8999) DESC change "heap overflow" to "heap-based buffer overflow" INFERRED ACTION: CAN-2002-0033 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(2) Cox, Christey Voter Comments: Christey> Note: this is a different vulnerability than CAN-2002-0084. However, if there are different patches for the 2 issues, then they may need to be merged per CD:SF-LOC. Frech> XF:solaris-cachefsd-name-bo(8999) ====================================================== Candidate: CAN-2002-0042 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0042 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: Proposed: 20020611 Assigned: 20020116 Category: SF Reference: SGI:20020402-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020402-01-P Reference: XF:irix-xfs-dos(8839) Reference: URL:http://www.iss.net/security_center/static/8839.php Reference: BID:4511 Reference: URL:http://www.securityfocus.com/bid/4511 Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS. INFERRED ACTION: CAN-2002-0042 FINAL (Final Decision 20030402) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0054 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020315 Assigned: 20020202 Category: SF Reference: MS:MS02-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-011.asp Reference: BID:4205 Reference: URL:http://www.securityfocus.com/bid/4205 Reference: BUGTRAQ:20020301 IIS SMTP component allows mail relaying via Null Session Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101501580409373&w=2 SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. Modifications: ADDREF BID:4205 ADDREF BUGTRAQ:20020301 IIS SMTP component allows mail relaying via Null Session DESC add "SMTP AUTH" and null session info to desc INFERRED ACTION: CAN-2002-0054 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Ziese, Wall, Foat, Cole, Green NOOP(1) Christey Voter Comments: Christey> Consider adding BID:4205 Christey> BUGTRAQ:20020301 IIS SMTP component allows mail relaying via Null Session URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101501580409373&w=2 Add details to desc, specifically that the issue is related to null sessions and SMTP AUTH. ====================================================== Candidate: CAN-2002-0061 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0061 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-01 Proposed: 20020611 Assigned: 20020213 Category: SF Reference: BUGTRAQ:20020321 Vulnerability in Apache for Win32 batch file processing - Remote command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101674082427358&w=2 Reference: BUGTRAQ:20020325 Apache 1.3.24 Released! (fwd) Reference: URL:http://online.securityfocus.com/archive/1/263927 Reference: XF:apache-dos-batch-command-execution(8589) Reference: URL:http://www.iss.net/security_center/static/8589.php Reference: BID:4335 Reference: URL:http://www.securityfocus.com/bid/4335 Reference: CONFIRM:http://www.apacheweek.com/issues/02-03-29#apache1324 Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. Modifications: ADDREF CONFIRM:http://www.apacheweek.com/issues/02-03-29#apache1324 INFERRED ACTION: CAN-2002-0061 FINAL (Final Decision 20030402) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Green MODIFY(1) Cox NOOP(1) Christey Voter Comments: Christey> Consider adding BID:4335 Christey> XF:apache-dos-batch-command-execution(8589) URL:http://www.iss.net/security_center/static/8589.php Cox> ADDREF: http://www.apacheweek.com/issues/02-03-29#apache1324 ====================================================== Candidate: CAN-2002-0062 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0062 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-02 Proposed: 20020315 Assigned: 20020213 Category: SF Reference: REDHAT:RHSA-2002:020 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-020.html Reference: DEBIAN:DSA-113 Reference: URL:http://www.debian.org/security/2002/dsa-113 Reference: BID:2116 Reference: URL:http://online.securityfocus.com/bid/2116 Reference: XF:gnu-ncurses-window-bo(8222) Reference: URL:http://www.iss.net/security_center/static/8222.php Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." Modifications: ADDREF BID:2116 DESC clarify ncurses4 package ADDREF XF:gnu-ncurses-window-bo(8222) INFERRED ACTION: CAN-2002-0062 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Ziese, Wall, Cole, Green NOOP(3) Jones, Foat, Christey Voter Comments: Christey> BID:2116 URL:http://online.securityfocus.com/bid/2116 Also need to add other vendor advisories. Christey> Consider adding BID:2116 Christey> Specifically state that the ncurses4 compatibility package is Red Hat's. Also say that the problem is in the "routines for moving the physical cursor and scrolling" as stated by Daniel Jacobowitz. ====================================================== Candidate: CAN-2002-0067 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0067 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020315 Assigned: 20020219 Category: SF Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/ Reference: REDHAT:RHSA-2002:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Reference: MANDRAKE:MDKSA-2002:016 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php Reference: CALDERA:CSSA-2002-SCO.7 Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html Reference: CONECTIVA:CLA-2002:464 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 Reference: FREEBSD:FreeBSD-SA-02:12 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc Reference: XF:squid-htcp-enabled(8261) Reference: URL:http://www.iss.net/security_center/static/8261.php Reference: BID:4150 Reference: URL:http://www.securityfocus.com/bid/4150 Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions. Modifications: ADDREF BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 ADDREF BUGTRAQ:20020222 TSLSA-2002-0031 - squid ADDREF MANDRAKE:MDKSA-2002:016 CHANGEREF REDHAT [normalize] ADDREF CALDERA:CSSA-2002-SCO.7 ADDREF CONECTIVA:CLA-2002:464 ADDREF FREEBSD:FreeBSD-SA-02:12 ADDREF XF:squid-htcp-enabled(8261) ADDREF BID:4150 DESC change version from STABLE2 to STABLE3 INFERRED ACTION: CAN-2002-0067 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Ziese, Wall, Cole, Green MODIFY(2) Cox, Jones NOOP(2) Foat, Christey Voter Comments: Christey> BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Christey> BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Christey> MANDRAKE:MDKSA-2002:016 Christey> Fix ref: REDHAT:REDHAT:RHSA-2002:029 Jones> Change description to "Squid 2.4 STABLE3 and earlier" (vice STABLE2). Change description from "...which could allow remote attackers to bypass intended access restrictions" to "...which could allow remote attackers to access and/or modify cached data". Christey> CALDERA:CSSA-2002-SCO.7 URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html CONECTIVA:CLA-2002:464 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0257.html MANDRAKE:MDKSA-2002:016 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php3 FREEBSD:FreeBSD-SA-02:12 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc XF:squid-htcp-enabled(8261) URL:http://www.iss.net/security_center/static/8261.php BID:4150 URL:http://www.securityfocus.com/bid/4150 Cox> This references REDHAT:REDHAT:RHSA-2002:029 instead of REDHAT:RHSA-2002:029 ====================================================== Candidate: CAN-2002-0068 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0068 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-02 Proposed: 20020315 Assigned: 20020219 Category: SF Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/ Reference: BUGTRAQ:20020222 Squid buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440163111826&w=2 Reference: REDHAT:RHSA-2002:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Reference: MANDRAKE:MDKSA-2002:016 Reference: CALDERA:CSSA-2002-010.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt Reference: CALDERA:CSSA-2002-SCO.7 Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html Reference: CONECTIVA:CLA-2002:464 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 Reference: SUSE:SuSE-SA:2002:008 Reference: URL:http://www.suse.com/de/support/security/2002_008_squid_txt.html Reference: FREEBSD:FreeBSD-SA-02:12 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc Reference: BID:4148 Reference: URL:http://www.securityfocus.com/bid/4148 Reference: XF:squid-ftpbuildtitleurl-bo(8258) Reference: URL:http://www.iss.net/security_center/static/8258.php Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters. Modifications: ADDREF BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 ADDREF BUGTRAQ:20020222 TSLSA-2002-0031 - squid ADDREF MANDRAKE:MDKSA-2002:016 CHANGEREF REDHAT [normalize] ADDREF CALDERA:CSSA-2002-010.0 ADDREF CALDERA:CSSA-2002-SCO.7 ADDREF CONECTIVA:CLA-2002:464 ADDREF SUSE:SuSE-SA:2002:008 ADDREF BUGTRAQ:20020222 Squid buffer overflow ADDREF FREEBSD:FreeBSD-SA-02:12 ADDREF BID:4148 ADDREF XF:squid-ftpbuildtitleurl-bo(8258) DESC add that the problem occurs during escape processing INFERRED ACTION: CAN-2002-0068 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Ziese, Wall, Cole, Green MODIFY(2) Cox, Jones NOOP(2) Foat, Christey Voter Comments: Christey> BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Christey> BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Christey> MANDRAKE:MDKSA-2002:016 Christey> Fix ref: REDHAT:REDHAT:RHSA-2002:029 Jones> Drop "malformed" from description; legitimate FTP URL with reasonable userid and password may cause crash. Add enough detail to distinguish this vulnerability (i.e., the flaw is in authenticated FTP URL handling). Reference: BUGTRAQ:20020222 - Squid buffer overflow. Suggest: "Squid 2.4 STABLE3 and earlier contains a flaw in handling authenticated FTP URLs (FTP URLs with userID and passwords) which allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code via ftp:// URLs." Christey> fix typo: "possible" should be "possibly" CALDERA:CSSA-2002-010.0 URL:http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt CALDERA:CSSA-2002-SCO.7 URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html CONECTIVA:CLA-2002:464 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 SUSE:SuSE-SA:2002:008 URL:http://www.suse.com/de/support/security/2002_008_squid_txt.html BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0257.html MANDRAKE:MDKSA-2002:016 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php3 BUGTRAQ:20020222 Squid buffer overflow URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440163111826&w=2 FREEBSD:FreeBSD-SA-02:12 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc BID:4148 URL:http://www.securityfocus.com/bid/4148 XF:squid-ftpbuildtitleurl-bo(8258) URL:http://www.iss.net/security_center/static/8258.php Cox> This references REDHAT:REDHAT:RHSA-2002:029 instead of REDHAT:RHSA-2002:029 Christey> See Bugtraq post for more information... the problem isn't a malformed URL, it's that the string exceeds the buffer size when it is URL-escaped. ====================================================== Candidate: CAN-2002-0069 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0069 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20020817-01 Proposed: 20020315 Assigned: 20020219 Category: SF Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/ Reference: REDHAT:RHSA-2002:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Reference: MANDRAKE:MDKSA-2002:016 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php Reference: CALDERA:CSSA-2002-SCO.7 Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html Reference: CONECTIVA:CLA-2002:464 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 Reference: FREEBSD:FreeBSD-SA-02:12 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc Reference: XF:squid-snmp-dos(8260) Reference: URL:http://www.iss.net/security_center/static/8260.php Reference: BID:4146 Reference: URL:http://www.securityfocus.com/bid/4146 Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service. Modifications: DESC change STABLE2 to STABLE3 ADDREF BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 ADDREF BUGTRAQ:20020222 TSLSA-2002-0031 - squid ADDREF MANDRAKE:MDKSA-2002:016 CHANGEREF REDHAT [normalize] ADDREF CALDERA:CSSA-2002-SCO.7 ADDREF CONECTIVA:CLA-2002:464 ADDREF FREEBSD:FreeBSD-SA-02:12 ADDREF XF:squid-snmp-dos(8260) ADDREF BID:4146 INFERRED ACTION: CAN-2002-0069 FINAL (Final Decision 20030402) Current Votes: ACCEPT(4) Ziese, Wall, Cole, Green MODIFY(2) Cox, Jones NOOP(2) Foat, Christey Voter Comments: Christey> BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2 Need to add version number to description (2.4) Christey> BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2 Christey> MANDRAKE:MDKSA-2002:016 Christey> Fix ref: REDHAT:REDHAT:RHSA-2002:029 Jones> Add version info to description (like 2002-0068): Squid 2.4 STABLE3 and earlier. Christey> CALDERA:CSSA-2002-SCO.7 URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html CONECTIVA:CLA-2002:464 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464 BUGTRAQ:20020222 TSLSA-2002-0031 - squid URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0257.html MANDRAKE:MDKSA-2002:016 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php3 FREEBSD:FreeBSD-SA-02:12 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc XF:squid-snmp-dos(8260) URL:http://www.iss.net/security_center/static/8260.php BID:4146 URL:http://www.securityfocus.com/bid/4146 Cox> This references REDHAT:REDHAT:RHSA-2002:029 instead of REDHAT:RHSA-2002:029 ====================================================== Candidate: CAN-2002-0071 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0071 Final-Decision: 20030402 Interim-Decision: 20030326 Modified: 20030319-03 Proposed: 20020502 Assigned: 20020221 Category: SF Reference: ATSTAKE:A041002-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a041002-1.txt Reference: BUGTRAQ:20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101854087828265&w=2 Reference: VULNWATCH:20020411 [VulnWatch] KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun Reference: MS:MS02-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Reference: CERT:CA-2002-09 Reference: URL:http://www.cert.org/advisories/CA-2002-09.html Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Reference: CERT-VN:VU#363715 Reference: URL:http://www.kb.cert.org/vuls/id/363715 Reference: XF:iis-htr-isapi-bo(8799) Reference: URL:http://www.iss.net/security_center/static/8799.php Reference: BID:4474 Reference: URL: | ||||