|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster 2004-02-A - 57 candidates
I am proposing cluster 2004-02-A for review and voting by the Editorial Board. Name: 2004-02-A Description: CANs announced between 2004/02/02 and 2004/02/10 Size: 57 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-1574 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1574 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20031201 Category: SF Reference: REDHAT:RHSA-2004:044 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-044.html Reference: CIAC:N-096 Reference: URL:http://www.ciac.org/ciac/bulletins/n-096.shtml Reference: XF:linux-ixj-root-privileges(10417) Reference: URL:http://xforce.iss.net/xforce/xfdb/10417 Reference: BID:5985 Reference: URL:http://www.securityfocus.com/bid/5985 Buffer overflow in the ixj telephony card driver in Linux before 2.4.20, with unknown attack vectors and impact. Analysis ---------------- ED_PRI CAN-2002-1574 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0825 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0825 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20030918 Category: SF Reference: MS:MS04-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-006.asp The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. Analysis ---------------- ED_PRI CAN-2003-0825 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0991 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0991 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20031216 Category: SF Reference: MLIST:[Mailman-Announce] 20040208 RELEASED: Mailman 2.0.14 patch-only release Reference: URL:http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html Reference: DEBIAN:DSA-436 Reference: URL:http://www.debian.org/security/2004/dsa-436 Reference: REDHAT:RHSA-2004:019 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-019.html Reference: SGI:20040201-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc Reference: MANDRAKE:MDKSA-2004:013 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:013 Reference: XF:mailman-command-handler-dos(15106) Reference: URL:http://xforce.iss.net/xforce/xfdb/15106 Reference: BID:9620 Reference: URL:http://www.securityfocus.com/bid/9620 Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. Analysis ---------------- ED_PRI CAN-2003-0991 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0009 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0009 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040105 Category: SF Reference: BUGTRAQ:20040206 Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107619127531765&w=2 Reference: FULLDISC:20040206 [apache-ssl] Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016870.html Reference: CONFIRM:http://www.apache-ssl.org/advisory-20040206.txt Reference: XF:apachessl-default-password(15065) Reference: URL:http://xforce.iss.net/xforce/xfdb/15065 Reference: BID:9590 Reference: URL:http://www.securityfocus.com/bid/9590 Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user. Analysis ---------------- ED_PRI CAN-2004-0009 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0040 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0040 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040107 Category: SF Reference: ISS:20040204 Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow Reference: URL:http://xforce.iss.net/xforce/alerts/id/163 Reference: BUGTRAQ:20040205 Two checkpoint fw-1/vpn-1 vulns Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107604682227031&w=2 Reference: MISC:http://www.us-cert.gov/cas/techalerts/TA04-036A.html Reference: CERT-VN:VU#873334 Reference: URL:http://www.kb.cert.org/vuls/id/873334 Reference: CIAC:O-073 Reference: URL:http://www.ciac.org/ciac/bulletins/o-073.shtml Reference: XF:vpn1-ike-bo(14150) Reference: URL:http://xforce.iss.net/xforce/xfdb/14150 Reference: BID:9582 Reference: URL:http://www.securityfocus.com/bid/9582 Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet. Analysis ---------------- ED_PRI CAN-2004-0040 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0080 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040119 Category: SF Reference: REDHAT:RHSA-2004:056 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-056.html Reference: SGI:20040201-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. Analysis ---------------- ED_PRI CAN-2004-0080 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0114 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0114 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040203 Category: SF Reference: BUGTRAQ:20040205 [PINE-CERT-20040201] reference count overflow in shmat() Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107608375207601&w=2 Reference: MISC:http://www.pine.nl/press/pine-cert-20040201.txt Reference: FREEBSD:FreeBSD-SA-04:02 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc Reference: NETBSD:NetBSD-SA2004-004 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-004.txt.asc Reference: BID:9586 Reference: URL:http://www.securityfocus.com/bid/9586 Reference: XF:bsd-shmat-gain-privileges(15061) Reference: URL:http://xforce.iss.net/xforce/xfdb/15061 The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges. Analysis ---------------- ED_PRI CAN-2004-0114 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0115 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0115 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040203 Category: SF Reference: MS:MS04-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-005.asp Reference: ATSTAKE:A021004-1 Reference: URL:http://www.atstake.com/research/advisories/2004/a021004-1.txt VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file. Analysis ---------------- ED_PRI CAN-2004-0115 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0129 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0129 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040204 Category: SF Reference: BUGTRAQ:20040203 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107582619125932&w=2 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=350228 Reference: CONFIRM:http://www.phpmyadmin.net/home_page/relnotes.php?rel=0 Reference: MLIST:[gentoo-announce] 20040217 [ GLSA 200402-05 ] phpMyAdmin < 2.5.6-rc1 directory traversal attack Reference: URL:http://marc.theaimsgroup.com/?l=gentoo-announce&m=107698496510511&w=2 Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter. Analysis ---------------- ED_PRI CAN-2004-0129 1 Vendor Acknowledgement: unknown discloser-claimed ACKNOWLEDGEMENT: the Changelog for version 2.5.6-rc1 states that "a security fix" was made, and a diff of export.php with an earlier version confirms it. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0131 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0131 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040210 Category: SF Reference: FULLDISC:20040204 iDEFENSE Security Advisory 02.04.04: GNU Radius Remote Denial of Service Vulnerability Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016721.html Reference: MISC:http://www.idefense.com/application/poi/display?id=71&type=vulnerabilities&flashstatus=true Reference: CONFIRM:http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz Reference: CERT-VN:VU#277396 Reference: URL:http://www.kb.cert.org/vuls/id/277396 Reference: XF:radius-radprintrequest-dos(15046) Reference: URL:http://xforce.iss.net/xforce/xfdb/15046 The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote atackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference. Analysis ---------------- ED_PRI CAN-2004-0131 1 Vendor Acknowledgement: unknown ACKNOWLEDGEMENT: the ChangeLog for Radius 1.2 includes an item dated 2003-11-26 which says "(rad_print_request): Removed." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0186 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0186 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040302 Category: SF Reference: BUGTRAQ:20040209 Samba 3.x + kernel 2.6.x local root vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107636290906296&w=2 Reference: BUGTRAQ:20040211 Re: Samba 3.x + kernel 2.6.x local root vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107657505718743&w=2 Reference: DEBIAN:DSA-463 Reference: URL:http://www.debian.org/security/2004/dsa-463 Reference: XF:samba-smbmnt-gain-privileges(15131) Reference: URL:http://xforce.iss.net/xforce/xfdb/15131 Reference: BID:9619 Reference: URL:http://www.securityfocus.com/bid/9619 smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted. Analysis ---------------- ED_PRI CAN-2004-0186 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0257 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0257 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040205 OpenBSD IPv6 remote kernel crash Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107604603226564&w=2 Reference: FULLDISC:20040204 [Full-Disclosure] Remote openbsd crash with ip6, yet still openbsd much better than windows Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016704.html Reference: MISC:http://www.guninski.com/obsdmtu.html Reference: CONFIRM:http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet6/ip6_output.c Reference: NETBSD:NetBSD-SA2004-002 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-002.txt.asc Reference: XF:openbsd-ipv6-dos(15044) Reference: URL:http://xforce.iss.net/xforce/xfdb/15044 Reference: BID:9577 Reference: URL:http://www.securityfocus.com/bid/9577 OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port. Analysis ---------------- ED_PRI CAN-2004-0257 1 Vendor Acknowledgement: yes changelog Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0261 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0261 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040206 Open Journal Blog Authenticaion Bypassing Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107619136600713&w=2 Reference: CONFIRM:http://www.grohol.com/downloads/oj/latest/changelog.txt Reference: BID:9598 Reference: URL:http://www.securityfocus.com/bid/9598 Reference: XF:openjournal-uid-admin-access(15069) Reference: URL:http://xforce.iss.net/xforce/xfdb/15069 oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter. Analysis ---------------- ED_PRI CAN-2004-0261 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the vendor changelog's entry under v2.06 - 05 Feb 2004 says "Fixed security issue in oj.cgi and oj.cfg" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0270 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0270 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040209 clamav 0.65 remote DOS exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634700823822&w=2 Reference: CONFIRM:http://www.freebsd.org/cgi/query-pr.cgi?pr=62586 Reference: BUGTRAQ:20040218 [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712186605402&w=2 Reference: XF:clam-antivirus-uuencoded-dos(15077) Reference: URL:http://xforce.iss.net/xforce/xfdb/15077 Reference: BID:9610 Reference: URL:http://www.securityfocus.com/bid/9610 libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program. Analysis ---------------- ED_PRI CAN-2004-0270 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0273 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0273 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040210 Directory traversal in RealPlayer allows code execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107642978524321&w=2 Reference: CONFIRM:http://service.real.com/help/faq/security/040123_player/EN/ Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. Analysis ---------------- ED_PRI CAN-2004-0273 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT:at http://service.real.com/help/faq/security/040123_player/EN/ under exploit 2 it says "To fashion RMP files which allow an attacker to download and execute arbitrary code on a user's machine." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0263 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0263 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040207 [gentoo-announce] [ GLSA 200402-01 ] PHP setting leaks from .htaccess files on virtual hosts Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107619072227748&w=2 Reference: XF:php-virtualhost-info-disclosure(15072) Reference: URL:http://xforce.iss.net/xforce/xfdb/15072 PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. Analysis ---------------- ED_PRI CAN-2004-0263 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0274 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0274 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040208 Eggrop bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634593827102&w=2 Reference: BUGTRAQ:20040210 Re: Eggrop bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643315623958&w=2 Reference: MISC:http://mogan.nonsoloirc.com/egg_advisory.txt Reference: XF:eggdrop-sharemod-gain-access(15084) Reference: URL:http://xforce.iss.net/xforce/xfdb/15084 Reference: BID:9606 Reference: URL:http://www.securityfocus.com/bid/9606 Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities. Analysis ---------------- ED_PRI CAN-2004-0274 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0818 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0818 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20030918 Category: SF Reference: BUGTRAQ:20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643836125615&w=2 Reference: NTBUGTRAQ:20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=107650972617367&w=2 Reference: BUGTRAQ:20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643892224825&w=2 Reference: NTBUGTRAQ:20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=107650972723080&w=2 Reference: MS:MS04-007 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS04-007.asp Reference: MISC:http://www.us-cert.gov/cas/techalerts/TA04-041A.html Reference: CERT-VN:VU#216324 Reference: URL:http://www.kb.cert.org/vuls/id/216324 Reference: CERT-VN:VU#583108 Reference: URL:http://www.kb.cert.org/vuls/id/583108 Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. Analysis ---------------- ED_PRI CAN-2003-0818 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ACCURACY/ACKNOWLEDGEMENT: while there are two eEye advisories on separate sets of integer overflow vulnerabilities, both of which provide MS04-007 as a reference, the description of MS04-007 itself suggests a single buffer overflow. MSRC confirmed via email on 2004/02/12 that MS04-007 addresses all the issues. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0039 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0039 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040107 Category: SF Reference: ISS:20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities Reference: URL:http://xforce.iss.net/xforce/alerts/id/162 Reference: BUGTRAQ:20040205 Two checkpoint fw-1/vpn-1 vulns Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107604682227031&w=2 Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/security_server.html Reference: MISC:http://www.us-cert.gov/cas/techalerts/TA04-036A.html Reference: CERT-VN:VU#790771 Reference: URL:http://www.kb.cert.org/vuls/id/790771 Reference: CIAC:O-072 Reference: URL:http://www.ciac.org/ciac/bulletins/o-072.shtml Reference: XF:fw1-format-string(14149) Reference: URL:http://xforce.iss.net/xforce/xfdb/14149 Reference: BID:9581 Reference: URL:http://www.securityfocus.com/bid/9581 Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI. Analysis ---------------- ED_PRI CAN-2004-0039 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0083 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040119 Category: SF Reference: BUGTRAQ:20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107644835523678&w=2 Reference: MISC:http://www.idefense.com/application/poi/display?id=72 Reference: BUGTRAQ:20040211 XFree86 vulnerability exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107653324115914&w=2 Reference: CONFIRM:http://www.xfree86.org/cvs/changes Reference: CONECTIVA:CLA-2004:821 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 Reference: DEBIAN:DSA-443 Reference: URL:http://www.debian.org/security/2004/dsa-443 Reference: REDHAT:RHSA-2004:059 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-059.html Reference: REDHAT:RHSA-2004:060 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-060.html Reference: REDHAT:RHSA-2004:061 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-061.html Reference: SLACKWARE:SSA:2004-043 Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053 Reference: SUSE:SuSE-SA:2004:006 Reference: URL:http://www.suse.de/de/security/2004_06_xf86.html Reference: MANDRAKE:MDKSA-2004:012 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:012 Reference: BUGTRAQ:20040211 [ GLSA 200402-02 ] XFree86 Font Information File Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107658060431049&w=2 Reference: XF:xfree86-fontalias-bo(15130) Reference: URL:http://xforce.iss.net/xforce/xfdb/15130 Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CAN-2004-0084 and CAN-2004-0106. Analysis ---------------- ED_PRI CAN-2004-0083 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ACKNOWLEDGEMENT: The change log for XFree86 4.3.99.903 includes the item "794. Fix font alias overrun." ABSTRACTION: CAN-2004-0083, CAN-2004-0084, and CAN-2004-0106 were all assigned by the CNA (Mark Cox) within a very short time frame as multiple changes were incorporated; some fixes would go out as other reported issues came in. So it's reasonable to expect that some distributions or versions might not have addressed all 3 issues, so the CANs should remain SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0103 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0103 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040129 Category: SF Reference: DEBIAN:DSA-432 Reference: URL:http://www.debian.org/security/2004/dsa-432 crawl before 4.0.0 beta23 does not properly "apply a size check" when copying a certain environment variable, which may allow local users to gain privileges, possibly triggering a buffer overflow. Analysis ---------------- ED_PRI CAN-2004-0103 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0132 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0132 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040210 Category: SF Reference: BUGTRAQ:20040210 PHP Code Injection Vulnerabilities in ezContents 2.0.2 and prior Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107651585921958&w=2 Reference: XF:ezcontents-multiple-file-include(15135) Reference: URL:http://xforce.iss.net/xforce/xfdb/15135 Multiple PHP remote code injection vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php. Analysis ---------------- ED_PRI CAN-2004-0132 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0143 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0143 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040212 Category: SF Reference: BUGTRAQ:20040209 ptl-2004-01: Multiple vulnerabilities in Nokia phones Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634788029065&w=2 Reference: VULNWATCH:20040209 ptl-2004-01: Multiple vulnerabilities in Nokia phones Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0034.html Reference: MISC:http://www.pentest.co.uk/documents/ptl-2004-01.html Reference: XF:nokia-obex-dos(15107) Reference: URL:http://xforce.iss.net/xforce/xfdb/15107 Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows. Analysis ---------------- ED_PRI CAN-2004-0143 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC, VAGUE, INCLUSION INCLUSION: the Editorial Board should discuss whether mobile phones and other IT-enabled devices should be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0238 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0238 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040202 0verkill - little simple vulnerability. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107577335424509&w=2 Reference: FULLDISC:20040202 0verkill - little simple vulnerability. Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016579.html Reference: MISC:http://www.securiteam.com/securitynews/5AP010KC0C.html Reference: XF:overkill-client-multiple-bo(14999) Reference: URL:http://xforce.iss.net/xforce/xfdb/14999 Reference: BID:9550 Reference: URL:http://www.securityfocus.com/bid/9550 Buffer overflow in (1) load_cfg and (2) save_cfg in Overkill 0.15pre3 allows local users to execute arbitrary code via a long HOME environment variable, and possibly (3) via long strings to send_message. Analysis ---------------- ED_PRI CAN-2004-0238 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0239 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0239 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040202 ZH2004-03SA (security advisory): Photopost PHP Pro 4.6 Sql Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107582512023998&w=2 Reference: MISC:http://www.securiteam.com/securitynews/5KP010UC0W.html Reference: XF:photopostphp-sql-injection(15008) Reference: URL:http://xforce.iss.net/xforce/xfdb/15008 Reference: BID:9557 Reference: URL:http://www.securityfocus.com/bid/9557 SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable. Analysis ---------------- ED_PRI CAN-2004-0239 3 Vendor Acknowledgement: unknown discloser-claimed ACKNOWLEDGEMENT:the poster of the vuln says at http://www.photopost.com/members/forum/showthread.php?s=&threadid=98113 there is a patch for the problem but that site is password protected. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0240 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0240 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040203 X-Cart vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107582648326448&w=2 Reference: XF:xcart-dotdot-directory-traversal(15033) Reference: URL:http://xforce.iss.net/xforce/xfdb/15033 Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php. Analysis ---------------- ED_PRI CAN-2004-0240 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0241 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0241 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040203 X-Cart vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107582648326448&w=2 Reference: XF:xcart-perlbinary-execute-commands(15034) Reference: URL:http://xforce.iss.net/xforce/xfdb/15034 Reference: BID:9560 Reference: URL:http://www.securityfocus.com/bid/9560 X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php. Analysis ---------------- ED_PRI CAN-2004-0241 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0242 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0242 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040203 X-Cart vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107582648326448&w=2 Reference: XF:xcart-generalphp-obtain-information(15036) Reference: URL:http://xforce.iss.net/xforce/xfdb/15036 Reference: BID:9563 Reference: URL:http://www.securityfocus.com/bid/9563 X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command. Analysis ---------------- ED_PRI CAN-2004-0242 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0243 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0243 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040203 Re: sqwebmail web login Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107583269206044&w=2 AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods. Analysis ---------------- ED_PRI CAN-2004-0243 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0244 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0244 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: CISCO:20040203 Cisco 6000/6500/7600 Crafted Layer 2 Frame Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040203-cat6k.shtml Reference: XF:cisco-malformed-frame-dos(15013) Reference: URL:http://xforce.iss.net/xforce/xfdb/15013 Reference: BID:9562 Reference: URL:http://www.securityfocus.com/bid/9562 Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet. Analysis ---------------- ED_PRI CAN-2004-0244 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0245 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0245 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040203 Web Crossing 4.x/5.x Denial of Service Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107586518120516&w=2 Web Crossing 4.x and 5.x allows remote attackers to cause a denial of service (crash) by sending a HTTP POST request with a large or negative Content-Length, which causes an integer divide-by-zero. Analysis ---------------- ED_PRI CAN-2004-0245 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0246 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0246 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040203 Les Commentaires (PHP) Include file Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107584083719763&w=2 Reference: XF:lescommentaires-multiple-file-include(15010) Reference: URL:http://xforce.iss.net/xforce/xfdb/15010 Reference: BID:9536 Reference: URL:http://www.securityfocus.com/bid/9536 Multiple PHP remote code injection vulnerabilities in (1) fonctions.lib.php, (2) derniers_commentaires.php, or (3) admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code by modifying the rep parameter to reference a URL on a remote web server that contains the code. Analysis ---------------- ED_PRI CAN-2004-0246 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0247 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0247 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040203 Remote crash of Chaser game <= 1.50 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107584109420084&w=2 Reference: BID:9567 Reference: URL:http://www.securityfocus.com/bid/9567 Reference: XF:chaser-memory-dos(15031) Reference: URL:http://xforce.iss.net/xforce/xfdb/15031 The client and server of Chaser 1.50 and earlier allow remote attackers to cause a denial of service (crash via exception) via a UDP packet with a length field that is greater than the actual data length, which causes Chaser to read unexpected memory. Analysis ---------------- ED_PRI CAN-2004-0247 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0248 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0248 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040203 Multiple Vulnerabilities in PHPX Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107586932324901&w=2 Reference: BID:9569 Reference: URL:http://www.securityfocus.com/bid/9569 Reference: XF:phpx-subject-html-injection(15050) Reference: URL:http://xforce.iss.net/xforce/xfdb/15050 Reference: XF:phpx-main-help-xss(15051) Reference: URL:http://xforce.iss.net/xforce/xfdb/15051 Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into (1) keywords argument of main.inc.php, (2) body argument of help.inc.php, or (3) the subject field in Personal Messages and Forum. Analysis ---------------- ED_PRI CAN-2004-0248 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0249 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0249 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040203 Multiple Vulnerabilities in PHPX Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107586932324901&w=2 Reference: BID:9569 Reference: URL:http://www.securityfocus.com/bid/9569 Reference: XF:phpx-cookie-account-hijacking(15052) Reference: URL:http://xforce.iss.net/xforce/xfdb/15052 PHPX 3.2.3 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID. Analysis ---------------- ED_PRI CAN-2004-0249 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0250 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0250 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040204 ZH2004-04SA (security advisory): Multiple Sql Injection Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107593114909696&w=2 Reference: MISC:http://www.zone-h.org/en/advisories/read/id=3864/ Reference: BID:9557 Reference: URL:http://www.securityfocus.com/bid/9557 Reference: XF:photopostphp-sql-injection(15008) Reference: URL:http://xforce.iss.net/xforce/xfdb/15008 SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php. Analysis ---------------- ED_PRI CAN-2004-0250 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC ACKNOWLEDGEMENT: The poster gives a link to a patch, but the site requires a username and password to get in. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0251 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0251 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040204 rxgoogle.cgi XSS Vulnerability. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107594183924958&w=2 Reference: XF:rxgoogle-query-xss(15043) Reference: URL:http://xforce.iss.net/xforce/xfdb/15043 Reference: BID:9575 Reference: URL:http://www.securityfocus.com/bid/9575 Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote attackers to execute arbitrary script as other users via the query parameter. Analysis ---------------- ED_PRI CAN-2004-0251 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0252 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0252 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040204 TYPSoft FTP Server 1.10 may be crashed Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107591511716707&w=2 Reference: XF:typsoft-empty-username-dos(15048) Reference: URL:http://xforce.iss.net/xforce/xfdb/15048 Reference: BID:9573 Reference: URL:http://www.securityfocus.com/bid/9573 TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of service (CPU consumption) via an empty USER name. Analysis ---------------- ED_PRI CAN-2004-0252 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0253 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0253 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040205 IBM cloudscape SQL Database (DB2J) vulnerable to remote command Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107604065819233&w=2 Reference: BID:9583 Reference: URL:http://www.securityfocus.com/bid/9583 Reference: XF:cloudscape-sql-injection(15067) Reference: URL:http://xforce.iss.net/xforce/xfdb/15067 IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability. Analysis ---------------- ED_PRI CAN-2004-0253 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0254 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0254 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040205 Possible Cross Site Scripting in Discuz! Board Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107606726417150&w=2 Reference: BID:9584 Reference: URL:http://www.securityfocus.com/bid/9584 Reference: XF:discuzboard-image-tag-xss(15066) Reference: URL:http://xforce.iss.net/xforce/xfdb/15066 Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag. Analysis ---------------- ED_PRI CAN-2004-0254 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0255 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0255 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040205 Remote crash Xlight ftp server 1.52 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107605633904122&w=2 Reference: XF:xlight-long-string-dos(15064) Reference: URL:http://xforce.iss.net/xforce/xfdb/15064 Reference: BID:9585 Reference: URL:http://www.securityfocus.com/bid/9585 Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . (dot) and / (slash) characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow. Analysis ---------------- ED_PRI CAN-2004-0255 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0258 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0258 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: VULNWATCH:20040204 [VulnWatch] Multiple File Format Vulnerabilities (Overruns) in REALOne & RealPlayer Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0028.html Reference: BUGTRAQ:20040204 Multiple File Format Vulnerabilities (Overruns) in REALOne & RealPlayer Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107608748813559&w=2 Reference: MISC:http://www.nextgenss.com/advisories/realone.txt Reference: CONFIRM:http://www.service.real.com/help/faq/security/040123_player/EN/ Reference: CERT-VN:VU#473814 Reference: URL:http://www.kb.cert.org/vuls/id/473814 Reference: CIAC:O-075 Reference: URL:http://www.ciac.org/ciac/bulletins/o-075.shtml Reference: BID:9579 Reference: URL:http://www.securityfocus.com/bid/9579 Reference: XF:realoneplayer-multiple-file-bo(15040) Reference: URL:http://xforce.iss.net/xforce/xfdb/15040 Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files. Analysis ---------------- ED_PRI CAN-2004-0258 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0259 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0259 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040206 formmail (PHP) Upload file using CSS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107619109629629&w=2 Reference: XF:jack-formmail-file-upload(15079) Reference: URL:http://xforce.iss.net/xforce/xfdb/15079 Reference: BID:9591 Reference: URL:http://www.securityfocus.com/bid/9591 The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue. Analysis ---------------- ED_PRI CAN-2004-0259 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0260 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0260 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040206 CactuSoft CactuShop 5.0 Lite shopping cart software backdoor Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107619501815888&w=2 Reference: FULLDISC:20040206 CactuSoft CactuShop 5.0 Lite shopping cart software backdoor Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016819.html Reference: XF:cactushoplite-backdoor(15063) Reference: URL:http://xforce.iss.net/xforce/xfdb/15063 Reference: BID:9589 Reference: URL:http://www.securityfocus.com/bid/9589 The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains a backdoor that allows remote attackers to delete arbitrary files via an email address that starts with |||. Analysis ---------------- ED_PRI CAN-2004-0260 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0262 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0262 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040207 The Palace 3.x (Client) Stack Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634556632195&w=2 Reference: MISC:http://www.elitehaven.net/thepalace.txt Reference: XF:palace-server-address-bo(15074) Reference: URL:http://xforce.iss.net/xforce/xfdb/15074 Reference: BID:9602 Reference: URL:http://www.securityfocus.com/bid/9602 Stack-based buffer overflow in The Palace 3.5 and earlier client allows remote attackers to execute arbitrary code via a link to a palace:// url followed by a long server address string. Analysis ---------------- ED_PRI CAN-2004-0262 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0264 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0264 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040208 PalmOS httpd accept() queue overflow DoS vulnerability. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634638201570&w=2 Reference: XF:palmhttpd-accept-bo(15090) Reference: URL:http://xforce.iss.net/xforce/xfdb/15090 Reference: BID:9608 Reference: URL:http://www.securityfocus.com/bid/9608 palmhttpd for PalmOS allows remote attackers to cause a denial of service (crash) by establishing two simultaneous HTTP connections, which exceeds the PalmOS accept queue. Analysis ---------------- ED_PRI CAN-2004-0264 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0265 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0265 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040208 [waraxe-2004-SA#002] - Cross-Site Scripting (XSS) in Php-Nuke 7.1.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634727520936&w=2 Reference: XF:phpnuke-mulitple-xss(15076) Reference: URL:http://xforce.iss.net/xforce/xfdb/15076 Reference: BID:9605 Reference: URL:http://www.securityfocus.com/bid/9605 Reference: BID:9613 Reference: URL:http://www.securityfocus.com/bid/9613 Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. Analysis ---------------- ED_PRI CAN-2004-0265 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0266 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0266 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040208 [waraxe-2004-SA#003] - SQL injection in Php-Nuke 7.1.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107635110327066&w=2 Reference: XF:phpnuke-publicmessage-sql-injection(15080) Reference: URL:http://xforce.iss.net/xforce/xfdb/15080 Reference: BID:9615 Reference: URL:http://www.securityfocus.com/bid/9615 SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers obtain the administrator password via the c_mid parameter. Analysis ---------------- ED_PRI CAN-2004-0266 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0267 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0267 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040209 [local problems] eTrust Virus Protection 6.0 InoculateIT for linux Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107635584431518&w=2 Reference: XF:etrust-inoculateit-symlink(15102) Reference: URL:http://xforce.iss.net/xforce/xfdb/15102 Reference: BID:9616 Reference: URL:http://www.securityfocus.com/bid/9616 The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp. Analysis ---------------- ED_PRI CAN-2004-0267 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0268 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0268 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040210 XBOX EvolutionX ftp 'cd' command and telnet 'dir' buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643394724891&w=2 Reference: FULLDISC:20040210 XBOX EvolutionX ftp 'cd' command and telnet 'dir' buffer overflow Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016988.html Reference: XF:evolutionx-command-line-dos(15104) Reference: URL:http://xforce.iss.net/xforce/xfdb/15104 Reference: BID:9631 Reference: URL:http://www.securityfocus.com/bid/9631 Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote attackers to cause a denial of service (hang) via (1) a long cd command to the FTP server, or (2) a long dir command to the telnet server. Analysis ---------------- ED_PRI CAN-2004-0268 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0269 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0269 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040210 [SCAN Associates Sdn Bhd Security Advisory] PHPNuke 6.9 > and below SQL Injection in multiple module Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643348117646&w=2 Reference: MISC:http://www.scan-associates.net/papers/phpnuke69.txt Reference: XF:phpnuke-modules-sql-injection(15115) Reference: URL:http://xforce.iss.net/xforce/xfdb/15115 Reference: BID:9630 Reference: URL:http://www.securityfocus.com/bid/9630 SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. Analysis ---------------- ED_PRI CAN-2004-0269 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0271 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0271 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040210 XSS, Sql Injection and Avatar ScriptCode Injection in MaxWebPortal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643014606515&w=2 Reference: XF:maxwebportal-register-xss(15122) Reference: URL:http://xforce.iss.net/xforce/xfdb/15122 Reference: BID:9625 Reference: URL:http://www.securityfocus.com/bid/9625 Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form. Analysis ---------------- ED_PRI CAN-2004-0271 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0272 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0272 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040210 XSS, Sql Injection and Avatar ScriptCode Injection in MaxWebPortal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643014606515&w=2 Reference: XF:maxwebportal-personalmesssages-sql-injection(15121) Reference: URL:http://xforce.iss.net/xforce/xfdb/15121 Reference: BID:9625 Reference: URL:http://www.securityfocus.com/bid/9625 SQL injection vulnerability in MaxWebPortal allows remote attackers to inject arbitrary SQL code and gain sensitive information via the SendTo parameter in Personal Messages. Analysis ---------------- ED_PRI CAN-2004-0272 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0277 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0277 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: FULLDISC:20040207 DreamFTP Server 1.02 Buffer Overflow Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016871.html Reference: MISC:http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722 Reference: BUGTRAQ:20040211 Re: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107656166402882&w=2 Reference: XF:dreamftp-username-format-string(15070) Reference: URL:http://xforce.iss.net/xforce/xfdb/15070 Reference: BID:9600 Reference: URL:http://www.securityfocus.com/bid/9600 Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the username. Analysis ---------------- ED_PRI CAN-2004-0277 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0280 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0280 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040205 Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access Resin Forbidden Directory ("/WEB-INF/") Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107635084830547&w=2 Reference: BID:9614 Reference: URL:http://www.securityfocus.com/bid/9614 Reference: XF:resin-source-disclosure(15085) Reference: URL:http://xforce.iss.net/xforce/xfdb/15085 Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. index.jsp%20. Analysis ---------------- ED_PRI CAN-2004-0280 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0281 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0281 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040205 Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access Resin Forbidden Directory ("/WEB-INF/") Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107635084830547&w=2 Reference: BID:9617 Reference: URL:http://www.securityfocus.com/bid/9617 Reference: XF:resin-dotdot-directory-traversal(15087) Reference: URL:http://xforce.iss.net/xforce/xfdb/15087 Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows. Analysis ---------------- ED_PRI CAN-2004-0281 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0284 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0284 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040210 ASPR #2004-01-20-1: Internet Explorer/Outlook double null character DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643134712133&w=2 Reference: XF:ie-host-null-dos(15127) Reference: URL:http://xforce.iss.net/xforce/xfdb/15127 Reference: BID:9629 Reference: URL:http://www.securityfocus.com/bid/9629 Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. Analysis ---------------- ED_PRI CAN-2004-0284 3 Vendor Acknowledgement: unknown discloser-claimed ACKNOWLEDGEMENT: the discloser claims that MS04-004 fixes this problem but MS04-004 does not mention a fix to this problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
