|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster 2004-02-B - 47 candidates
I am proposing cluster 2004-02-B for review and voting by the Editorial Board. Name: 2004-02-B Description: CANs announced between 2004/02/11 and 2004/02/19 Size: 47 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2004-0075 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0075 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040119 Category: SF Reference: REDHAT:RHSA-2004:065 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-065.html Reference: SUSE:SuSE-SA:2004:005 Reference: URL:http://www.suse.de/de/security/2004_05_linux_kernel.html Reference: XF:linux-vicam-dos(15246) Reference: URL:http://xforce.iss.net/xforce/xfdb/15246 The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service. Analysis ---------------- ED_PRI CAN-2004-0075 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0077 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040119 Category: SF Reference: BUGTRAQ:20040218 Second critical mremap() bug found in all Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107711762014175&w=2 Reference: VULNWATCH:20040218 Second critical mremap() bug found in all Linux kernels Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html Reference: MISC:http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt Reference: CONECTIVA:CLA-2004:820 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820 Reference: DEBIAN:DSA-438 Reference: URL:http://www.debian.org/security/2004/dsa-438 Reference: DEBIAN:DSA-439 Reference: URL:http://www.debian.org/security/2004/dsa-439 Reference: DEBIAN:DSA-440 Reference: URL:http://www.debian.org/security/2004/dsa-440 Reference: DEBIAN:DSA-441 Reference: URL:http://www.debian.org/security/2004/dsa-441 Reference: DEBIAN:DSA-442 Reference: URL:http://www.debian.org/security/2004/dsa-442 Reference: DEBIAN:DSA-444 Reference: URL:http://www.debian.org/security/2004/dsa-444 Reference: DEBIAN:DSA-456 Reference: URL:http://www.debian.org/security/2004/dsa-456 Reference: REDHAT:RHSA-2004:065 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-065.html Reference: REDHAT:RHSA-2004:066 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-066.html Reference: SLACKWARE:SSA:2004-049 Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.541911 Reference: SUSE:SuSE-SA:2004:005 Reference: URL:http://www.suse.de/de/security/2004_05_linux_kernel.html Reference: BUGTRAQ:20040218 TSLSA-2004-0007 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712137732553&w=2 Reference: BUGTRAQ:20040223 TSLSA-2004-0008 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755871932680&w=2 Reference: BUGTRAQ:20040306 [ GLSA 200403-02 ] Linux kernel do_mremap local privilege escalation Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107876807929721&w=2 Reference: XF:linux-mremap-gain-privileges(15244) Reference: URL:http://xforce.iss.net/xforce/xfdb/15244 Reference: BID:9686 Reference: URL:http://www.securityfocus.com/bid/9686 The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. Analysis ---------------- ED_PRI CAN-2004-0077 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0078 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0078 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040119 Category: SF Reference: BUGTRAQ:20040211 Mutt-1.4.2 fixes buffer overflow. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107651677817933&w=2 Reference: REDHAT:RHSA-2004:050 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-050.html Reference: REDHAT:RHSA-2004:051 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-051.html Reference: MANDRAKE:MDKSA-2004:010 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:010 Reference: SLACKWARE:SSA:2004-043 Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405607 Reference: CONFIRM:http://bugs.debian.org/126336 Reference: BUGTRAQ:20040215 LNSA-#2004-0001: mutt remote crash Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107696262905039&w=2 Reference: BUGTRAQ:20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107884956930903&w=2 Reference: XF:mutt-index-menu-bo(15134) Reference: URL:http://xforce.iss.net/xforce/xfdb/15134 Reference: BID:9641 Reference: URL:http://www.securityfocus.com/bid/9641 Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages. Analysis ---------------- ED_PRI CAN-2004-0078 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0082 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0082 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040119 Category: SF Reference: REDHAT:RHSA-2004:064 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-064.html Reference: CONFIRM:http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt Reference: XF:samba-mksmbpasswd-gain-access(15132) Reference: URL:http://xforce.iss.net/xforce/xfdb/15132 The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password. Analysis ---------------- ED_PRI CAN-2004-0082 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The release notes for Samba 3.02, dated February 9, 2004, explicitly reference this identifier. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0093 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0093 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040123 Category: SF Reference: DEBIAN:DSA-443 Reference: URL:http://www.debian.org/security/2004/dsa-443 Reference: XF:xfree86-glx-array-dos(15272) Reference: URL:http://xforce.iss.net/xforce/xfdb/15272 XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI). Analysis ---------------- ED_PRI CAN-2004-0093 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0094 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0094 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040123 Category: SF Reference: DEBIAN:DSA-443 Reference: URL:http://www.debian.org/security/2004/dsa-443 Reference: XF:xfree86-glx-integer-dos(15273) Reference: URL:http://xforce.iss.net/xforce/xfdb/15273 Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI). Analysis ---------------- ED_PRI CAN-2004-0094 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0276 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0276 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040211 Denial of Service in Monkey httpd <= 0.8.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107652610506968&w=2 Reference: CONFIRM:http://monkeyd.sourceforge.net/ Reference: MISC:http://aluigi.altervista.org/poc/monkeydos.zip Reference: XF:monkey-getrealstring-dos(15187) Reference: URL:http://xforce.iss.net/xforce/xfdb/15187 Reference: BID:9642 Reference: URL:http://www.securityfocus.com/bid/9642 The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field. Analysis ---------------- ED_PRI CAN-2004-0276 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: the announcement for Monkey 0.8.2 says that there are "a lot of bug fixes (including a fix for a DoS). Thanks to Luigi A." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0290 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0290 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: CF Reference: BUGTRAQ:20040216 Broadcast client buffer-overflow in Purge Jihad <= 2.0.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107695064204362&w=2 Reference: CONFIRM:http://purge.worthplaying.com/phpbb/viewtopic.php?t=1167 Reference: BID:9671 Reference: URL:http://www.securityfocus.com/bid/9671 Reference: XF:purge-battletype-map-bo(15216) Reference: URL:http://xforce.iss.net/xforce/xfdb/15216 Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game servers to execute arbitrary code via an information packet that contains large battle type and map name fields. Analysis ---------------- ED_PRI CAN-2004-0290 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: at http://purge.worthplaying.com/phpbb/viewtopic.php?t=1167, dated Feb 12, 2004, under [Engine/Technology] it says "Fixed buffer overflow security issue." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0297 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0297 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040217 iDEFENSE Security Advisory 02.17.04: Ipswitch IMail LDAP Daemon Remote Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107705541425564&w=2 Reference: MISC:http://www.idefense.com/application/poi/display?id=74 Reference: CONFIRM:http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html Reference: CERT-VN:VU#972334 Reference: URL:http://www.kb.cert.org/vuls/id/972334 Reference: BID:9682 Reference: URL:http://www.securityfocus.com/bid/9682 Reference: XF:imail-ldap-tag-bo(15243) Reference: URL:http://xforce.iss.net/xforce/xfdb/15243 Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length. Analysis ---------------- ED_PRI CAN-2004-0297 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: at http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html it says "fixes a possible LDAP Denial of Service vulnerability" and the poster refers to this patch and the patch is dated Feb 17. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0306 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0306 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: CF Reference: CISCO:20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml Reference: XF:cisco-ons-file-upload(15264) Reference: URL:http://xforce.iss.net/xforce/xfdb/15264 Reference: BID:9699 Reference: URL:http://www.securityfocus.com/bid/9699 Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories. Analysis ---------------- ED_PRI CAN-2004-0306 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0307 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0307 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: CISCO:20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml Reference: BID:9699 Reference: URL:http://www.securityfocus.com/bid/9699 Reference: XF:cisco-ons-ack-dos(15265) Reference: URL:http://xforce.iss.net/xforce/xfdb/15265 Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead. Analysis ---------------- ED_PRI CAN-2004-0307 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0308 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0308 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: CISCO:20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml Reference: XF:cisco-ons-gain-access(15266) Reference: URL:http://xforce.iss.net/xforce/xfdb/15266 Reference: BID:9699 Reference: URL:http://www.securityfocus.com/bid/9699 Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks shell. Analysis ---------------- ED_PRI CAN-2004-0308 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0309 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0309 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040219 EEYE: ZoneLabs SMTP Processing Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107722656827427&w=2 Reference: CERT-VN:VU#619982 Reference: URL:http://www.kb.cert.org/vuls/id/619982 Reference: CIAC:O-084 Reference: URL:http://www.ciac.org/ciac/bulletins/o-084.shtml Reference: CONFIRM:http://download.zonelabs.com/bin/free/securityAlert/8.html Reference: XF:zonelabs-multiple-products-bo(14991) Reference: URL:http://xforce.iss.net/xforce/xfdb/14991 Reference: BID:9696 Reference: URL:http://www.securityfocus.com/bid/9696 Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument. Analysis ---------------- ED_PRI CAN-2004-0309 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0084 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0084 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040119 Category: SF Reference: BUGTRAQ:20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107662833512775&w=2 Reference: MISC:http://www.idefense.com/application/poi/display?id=73 Reference: CONECTIVA:CLA-2004:821 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 Reference: DEBIAN:DSA-443 Reference: URL:http://www.debian.org/security/2004/dsa-443 Reference: REDHAT:RHSA-2004:059 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-059.html Reference: REDHAT:RHSA-2004:060 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-060.html Reference: REDHAT:RHSA-2004:061 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-061.html Reference: SLACKWARE:SSA:2004-043 Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053 Reference: SUSE:SuSE-SA:2004:006 Reference: URL:http://www.suse.de/de/security/2004_06_xf86.html Reference: MANDRAKE:MDKSA-2004:012 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:012 Reference: XF:xfree86-copyisolatin1lLowered-bo(15200) Reference: URL:http://xforce.iss.net/xforce/xfdb/15200 Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CAN-2004-0083 and CAN-2004-0106. Analysis ---------------- ED_PRI CAN-2004-0084 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: CAN-2004-0083, CAN-2004-0084, and CAN-2004-0106 were all assigned by the CNA (Mark Cox) within a very short time frame as multiple changes were incorporated; some fixes would go out as other reported issues came in. So it's reasonable to expect that some distributions or versions might not have addressed all 3 issues, so the CANs should remain SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0097 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0097 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040126 Category: SF Reference: DEBIAN:DSA-448 Reference: URL:http://www.debian.org/security/2004/dsa-448 Reference: REDHAT:RHSA-2004:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-047.html Reference: CERT:CA-2004-01 Reference: URL:http://www.cert.org/advisories/CA-2004-01.html Reference: CERT-VN:VU#749342 Reference: URL:http://www.kb.cert.org/vuls/id/749342 Reference: XF:pwlib-message-dos(15202) Reference: URL:http://xforce.iss.net/xforce/xfdb/15202 Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. Analysis ---------------- ED_PRI CAN-2004-0097 3 Vendor Acknowledgement: yes advisory Content Decisions: SUITE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0104 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0104 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040202 Category: SF Reference: BUGTRAQ:20040218 metamail format string bugs and buffer overflows Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107713476911429&w=2 Reference: VULNWATCH:20040218 metamail format string bugs and buffer overflows Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0041.html Reference: MANDRAKE:MDKSA-2004:014 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:014 Reference: REDHAT:RHSA-2004:073 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-073.html Reference: SLACKWARE:SSA:2004-049 Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734 Reference: XF:metamail-contenttype-format-string(15245) Reference: URL:http://xforce.iss.net/xforce/xfdb/15245 Reference: XF:metamail-printheader-format-string(15259) Reference: URL:http://xforce.iss.net/xforce/xfdb/15259 Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. Analysis ---------------- ED_PRI CAN-2004-0104 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0105 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0105 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040202 Category: SF Reference: BUGTRAQ:20040218 metamail format string bugs and buffer overflows Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107713476911429&w=2 Reference: VULNWATCH:20040218 metamail format string bugs and buffer overflows Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0041.html Reference: MANDRAKE:MDKSA-2004:014 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:014 Reference: REDHAT:RHSA-2004:073 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-073.html Reference: SLACKWARE:SSA:2004-049 Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734 Reference: XF:metamail-printheader-nonascii-bo(15247) Reference: URL:http://xforce.iss.net/xforce/xfdb/15247 Reference: XF:metamail-splitmail-subject-bo(15258) Reference: URL:http://xforce.iss.net/xforce/xfdb/15258 Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. Analysis ---------------- ED_PRI CAN-2004-0105 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0106 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0106 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040202 Category: SF Reference: CONECTIVA:CLA-2004:821 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 Reference: DEBIAN:DSA-443 Reference: URL:http://www.debian.org/security/2004/dsa-443 Reference: REDHAT:RHSA-2004:059 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-059.html Reference: REDHAT:RHSA-2004:060 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-060.html Reference: REDHAT:RHSA-2004:061 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-061.html Reference: SLACKWARE:SSA:2004-043 Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053 Reference: SUSE:SuSE-SA:2004:006 Reference: URL:http://www.suse.de/de/security/2004_06_xf86.html Reference: MANDRAKE:MDKSA-2004:012 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:012 Reference: XF:xfree86-multiple-font-improper-handling(15206) Reference: URL:http://xforce.iss.net/xforce/xfdb/15206 Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CAN-2004-0083 and CAN-2004-0084. Analysis ---------------- ED_PRI CAN-2004-0106 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: CAN-2004-0083, CAN-2004-0084, and CAN-2004-0106 were all assigned by the CNA (Mark Cox) within a very short time frame as multiple changes were incorporated; some fixes would go out as other reported issues came in. So it's reasonable to expect that some distributions or versions might not have addressed all 3 issues, so the CANs should remain SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0190 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0190 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040303 Category: SF Reference: BUGTRAQ:20040216 Symantec FireWall/VPN Appliance model 200 leak of security Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107694794031839&w=2 Reference: FULLDISC:20040216 Symantec FireWall/VPN Appliance model 200 leak of security Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/017414.html Reference: XF:symantec-firewallvpn-password-plaintext(15212) Reference: URL:http://xforce.iss.net/xforce/xfdb/15212 Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges. Analysis ---------------- ED_PRI CAN-2004-0190 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0217 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0217 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040312 Category: SF Reference: BUGTRAQ:20040216 Possible race condition in Symantec AntiVirus Scan Engine for Red Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107694800908164&w=2 Reference: XF:symantec-scanengine-race-condition(15215) Reference: URL:http://xforce.iss.net/xforce/xfdb/15215 Reference: BID:9662 Reference: URL:http://www.securityfocus.com/bid/9662 The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log. Analysis ---------------- ED_PRI CAN-2004-0217 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0275 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0275 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040211 ZH2004-05SA (security advisory): Sql Injection Vulnerability in BosDates Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107651618613575&w=2 Reference: MISC:http://www.zone-h.org/en/advisories/read/id=3925/ Reference: XF:bosdates-calendar-sql-injection(15133) Reference: URL:http://xforce.iss.net/xforce/xfdb/15133 Reference: BID:9639 Reference: URL:http://www.securityfocus.com/bid/9639 SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter. Analysis ---------------- ED_PRI CAN-2004-0275 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0278 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0278 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040211 Denial of Service in Ratbag's game engine Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107655269820530&w=2 Reference: XF:ratbag-data-length-dos(15188) Reference: URL:http://xforce.iss.net/xforce/xfdb/15188 Reference: BID:9644 Reference: URL:http://www.securityfocus.com/bid/9644 Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data. Analysis ---------------- ED_PRI CAN-2004-0278 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0279 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0279 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040212 aimSniff.pl file "deletion" (local) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107662243303439&w=2 Reference: XF:aim-sniff-symlink(15199) Reference: URL:http://xforce.iss.net/xforce/xfdb/15199 Reference: BID:9653 Reference: URL:http://www.securityfocus.com/bid/9653 AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary files via a symlink attack on /tmp/AS.log. Analysis ---------------- ED_PRI CAN-2004-0279 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0282 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0282 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040212 crob ftpd Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107665920909374&w=2 Reference: XF:crob-multiple-connections-dos(15201) Reference: URL:http://xforce.iss.net/xforce/xfdb/15201 Reference: BID:9651 Reference: URL:http://www.securityfocus.com/bid/9651 Crob FTP daemon 2.5.2 allows remote attackers to cause a denial of service (crash) by connecting and disconnecting repeatedly. Analysis ---------------- ED_PRI CAN-2004-0282 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0283 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0283 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040212 Symlink vulnerabilities in mailmgr Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107665013714517&w=2 Reference: XF:mailmgr-insecure-temp-directory (15203) Reference: URL:http://xforce.iss.net/xforce/xfdb/15203 Reference: BID:9654 Reference: URL:http://www.securityfocus.com/bid/9654 Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/mailmgr.unsort, (2) /tmp/mailmgr.tmp, or (3) /tmp/mailmgr.sort. Analysis ---------------- ED_PRI CAN-2004-0283 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0285 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0285 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040214 AllMyVisitors PHP Code Injection vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107696235424865&w=2 Reference: BUGTRAQ:20040214 AllMyGuests PHP Code Injection vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107696209514155&w=2 Reference: BUGTRAQ:20040214 AllMyLinks PHP Code Injection vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107696291728750&w=2 Reference: XF:allmyvisitors-file-include(15228) Reference: URL:http://xforce.iss.net/xforce/xfdb/15228 Reference: XF:allmyguests-php-file-include(15227) Reference: URL:http://xforce.iss.net/xforce/xfdb/15227 Reference: XF:allmylinks-file-include(15226) Reference: URL:http://xforce.iss.net/xforce/xfdb/15226 Reference: BID:9664 Reference: URL:http://www.securityfocus.com/bid/9664 PHP remote code injection vulnerabilities in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code by modifying the _AMVconfig[cfg_serverpath] parameter to reference a URL on a remote web server that contains template.inc.php. Analysis ---------------- ED_PRI CAN-2004-0285 3 Vendor Acknowledgement: unknown Content Decisions: SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0286 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0286 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040215 buffer overflow in Robot FTP Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107696194306878&w=2 Reference: XF:robot-username-bo(15225) Reference: URL:http://xforce.iss.net/xforce/xfdb/15225 Reference: BID:9672 Reference: URL:http://www.securityfocus.com/bid/9672 Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long username. Analysis ---------------- ED_PRI CAN-2004-0286 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0287 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0287 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040215 Xlight ftp server 1.52 RETR bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107695172917263&w=2 Reference: XF:xlight-retr-dos(15220) Reference: URL:http://xforce.iss.net/xforce/xfdb/15220 Reference: BID:9627 Reference: URL:http://www.securityfocus.com/bid/9627 Xlight FTP server 1.52 allows remote authenticated users to cause a denial of service (crash) via a RETR command with a long argument, possibly triggering a buffer overflow. Analysis ---------------- ED_PRI CAN-2004-0287 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0288 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0288 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040215 Buffer overflow in mnoGoSearch Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2 Reference: XF:mnogosearch-udmdoctotextbuf-bo(15209) Reference: URL:http://xforce.iss.net/xforce/xfdb/15209 Reference: BID:9667 Reference: URL:http://www.securityfocus.com/bid/9667 Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 through 3.2.15 could allow remote attackers to execute arbitrary code by indexing a large document. Analysis ---------------- ED_PRI CAN-2004-0288 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0289 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0289 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040215 problems with database files in 'SignatureDB' Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107695113832648&w=2 Reference: BID:9661 Reference: URL:http://www.securityfocus.com/bid/9661 Reference: XF:signaturedb-sdbscan-bo(15217) Reference: URL:http://xforce.iss.net/xforce/xfdb/15217 Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to cause a denial of service (segmentation fault) via a database file that contains a large key parameter. Analysis ---------------- ED_PRI CAN-2004-0289 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0291 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0291 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040216 Another YabbSE SQL Injection Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107696318522985&w=2 Reference: BID:9674 Reference: URL:http://www.securityfocus.com/bid/9674 Reference: XF:yabb-post-sql-injection(15224) Reference: URL:http://xforce.iss.net/xforce/xfdb/15224 SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter. Analysis ---------------- ED_PRI CAN-2004-0291 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0292 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0292 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040217 KarjaSoft Sami HTTP Server 1.0.4 Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107703630913205&w=2 Reference: MISC:http://www.security-protocols.com/modules.php?name=News&file=article&sid=1746 Reference: BID:9679 Reference: URL:http://www.securityfocus.com/bid/9679 Reference: XF:sami-http-get-bo(15237) Reference: URL:http://xforce.iss.net/xforce/xfdb/15237 Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. Analysis ---------------- ED_PRI CAN-2004-0292 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0293 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0293 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040217 ZH2004-06SA (security advisory): ShopCartCGI v2.3 Remote Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107703602707450&w=2 Reference: MISC:http://www.zone-h.org/en/advisories/read/id=3962/ Reference: XF:shopcartcgi-dotdot-directory-traversal(14982) Reference: URL:http://xforce.iss.net/xforce/xfdb/14982 Reference: BID:9670 Reference: URL:http://www.securityfocus.com/bid/9670 Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi. Analysis ---------------- ED_PRI CAN-2004-0293 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0294 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0294 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040217 YABB information leakage on failed login Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107703591314745&w=2 Reference: BID:9677 Reference: URL:http://www.securityfocus.com/bid/9677 Reference: XF:yabb-invalidmessage-obtain-information(15236) Reference: URL:http://xforce.iss.net/xforce/xfdb/15236 YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack. Analysis ---------------- ED_PRI CAN-2004-0294 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0295 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0295 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040217 Broker FTP DoS (Message Server) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107705346817241&w=2 Reference: MISC:http://www.securiteam.com/windowsntfocus/5IP0B0AC1I.html Reference: XF:broker-ftp-tsftpsrv-dos(15242) Reference: URL:http://xforce.iss.net/xforce/xfdb/15242 Reference: BID:9680 Reference: URL:http://www.securityfocus.com/bid/9680 TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a denial of service (CPU consumption) via an open idle connection. Analysis ---------------- ED_PRI CAN-2004-0295 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0296 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0296 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040217 Broker FTP DoS (Message Server) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107705346817241&w=2 Reference: MISC:http://www.securiteam.com/windowsntfocus/5IP0B0AC1I.html Reference: XF:broker-ftp-dos(15241) Reference: URL:http://xforce.iss.net/xforce/xfdb/15241 Reference: BID:9680 Reference: URL:http://www.securityfocus.com/bid/9680 TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a TsFtpSrv.exe to exit with an exception by opening and immediately closing a connection. NOTE: the original researcher Analysis ---------------- ED_PRI CAN-2004-0296 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0298 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0298 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040217 CesarFTP 0.99 : 100% employment of computer resources Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712057628250&w=2 Reference: BID:9666 Reference: URL:http://www.securityfocus.com/bid/9666 Reference: XF:cesarftp-userpass-dos(15252) Reference: URL:http://xforce.iss.net/xforce/xfdb/15252 CesarFTP 0.99e allows remote attackers to cause a denial of service (CPU consumption) via a long RETR parameter. Analysis ---------------- ED_PRI CAN-2004-0298 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0299 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0299 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040217 Smallftpd 1.0.3 DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107714207708375&w=2 Reference: BID:9684 Reference: URL:http://www.securityfocus.com/bid/9684 Reference: XF:smallftpd-forwardslash-dos(15262) Reference: URL:http://xforce.iss.net/xforce/xfdb/15262 Buffer overflow in smallftpd 0.99 allows local users to cause a denial of service (crash) via an FTP request with a large number of "/" (slash) characters. Analysis ---------------- ED_PRI CAN-2004-0299 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0300 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0300 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040218 ZH2004-07SA (security advisory): Multiple Sql injection Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712117913185&w=2 Reference: MISC:http://www.zone-h.org/en/advisories/read/id=3972/ Reference: MISC:http://www.systemsecure.org/advisories/ssadvisory16022004.php Reference: MISC:http://secunia.com/advisories/10902/ Reference: XF:onlinestorekit-more-sql-injection(15232) Reference: URL:http://xforce.iss.net/xforce/xfdb/15232 Reference: BID:9676 Reference: URL:http://www.securityfocus.com/bid/9676 Reference: BID:9687 Reference: URL:http://www.securityfocus.com/bid/9687 SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php. Analysis ---------------- ED_PRI CAN-2004-0300 3 Vendor Acknowledgement: unknown BID:9687 could be the same vuln. Site is not updated yet. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0301 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0301 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: MISC:http://www.systemsecure.org/advisories/ssadvisory16022004.php Reference: MISC:http://secunia.com/advisories/10902/ Reference: BID:9676 Reference: URL:http://www.securityfocus.com/bid/9676 Reference: XF:onlinestorekit-more-xss(15235) Reference: URL:http://xforce.iss.net/xforce/xfdb/15235 Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter. Analysis ---------------- ED_PRI CAN-2004-0301 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0302 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0302 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040218 ZH2004-08SA (security advisory): OWLS 1.0 Remote arbitrary files Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712123305706&w=2 Reference: MISC:http://www.zone-h.org/en/advisories/read/id=3973/ Reference: XF:owls-file-retrieval(15249) Reference: URL:http://xforce.iss.net/xforce/xfdb/15249 Reference: BID:9689 Reference: URL:http://www.securityfocus.com/bid/9689 Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php. Analysis ---------------- ED_PRI CAN-2004-0302 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC ABSTRACTION: the ".." and "/absolute/path" problems are regarded as distinct variants of the directory traversal class, so they are SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0303 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0303 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040218 ZH2004-08SA (security advisory): OWLS 1.0 Remote arbitrary files Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712123305706&w=2 Reference: MISC:http://www.zone-h.org/en/advisories/read/id=3973/ Reference: XF:owls-file-retrieval(15249) Reference: URL:http://xforce.iss.net/xforce/xfdb/15249 Reference: BID:9689 Reference: URL:http://www.securityfocus.com/bid/9689 OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd. Analysis ---------------- ED_PRI CAN-2004-0303 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC ABSTRACTION: the ".." and "/absolute/path" problems are regarded as distinct variants of the directory traversal class, so they are SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0304 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0304 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040218 WebCortex Webstores2000 version 6.0 multiple security vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712159425226&w=2 Reference: MISC:http://www.s-quadra.com/advisories/Adv-20040218.txt Reference: XF:webstores-browseitems-sql-injection(15253) Reference: URL:http://xforce.iss.net/xforce/xfdb/15253 Reference: BID:7766 Reference: URL:http://www.securityfocus.com/bid/7766 SQL injection vulnerability in browse_items.asp in WebCortex WebStores 2000 6.0 allows remote attackers to gain unauthorized access and execute arbitrary commands via the Search_Text parameter. Analysis ---------------- ED_PRI CAN-2004-0304 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0305 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0305 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040218 WebCortex Webstores2000 version 6.0 multiple security vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712159425226&w=2 Reference: XF:webstores-error-xss(15254) Reference: URL:http://xforce.iss.net/xforce/xfdb/15254 Reference: BID:9693 Reference: URL:http://www.securityfocus.com/bid/9693 Cross-site scripting (XSS) vulnerability in error.asp in WebCortex WebStores 2000 6.0 allows remote attackers to execute arbitrary script as other users and steal session IDs via the Message_id parameter. Analysis ---------------- ED_PRI CAN-2004-0305 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0310 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0310 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040219 LiveJournal XSS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107722627800820&w=2 Reference: BID:9700 Reference: URL:http://www.securityfocus.com/bid/9700 Reference: XF:livejournal-url-xss(15268) Reference: URL:http://xforce.iss.net/xforce/xfdb/15268 Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 allows remote attackers to execute Javascript as other users via the stylesheet, which does not strip the semicolon or parentheses, as demonstrated using a background:url. Analysis ---------------- ED_PRI CAN-2004-0310 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0311 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0311 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: CF Reference: BUGTRAQ:20040216 APC 9606 SmartSlot Web/SNMP management card "backdoor" Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107703696631367&w=2 Reference: BUGTRAQ:20040219 Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107721020803565&w=2 Reference: CONFIRM:http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131&p_created=1077139129 Reference: XF:apc-smartslot-default-password(15238) Reference: URL:http://xforce.iss.net/xforce/xfdb/15238 Reference: BID:9681 Reference: URL:http://www.securityfocus.com/bid/9681 American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access. Analysis ---------------- ED_PRI CAN-2004-0311 3 Vendor Acknowledgement: yes advisory Content Decisions: CF-PASS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0312 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0312 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040217 SNMP community string disclosure in Linksys WAP55AG Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712101324233&w=2 Reference: BUGTRAQ:20040219 Re: SNMP community string disclosure in Linksys WAP55AG Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107730681012131&w=2 Reference: XF:linksys-snmp-strings-disclosure(15257) Reference: URL:http://xforce.iss.net/xforce/xfdb/15257 Reference: BID:9688 Reference: URL:http://www.securityfocus.com/bid/9688 Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2. Analysis ---------------- ED_PRI CAN-2004-0312 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
