|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster 2004-02-C - 48 candidates
I am proposing cluster 2004-02-C for review and voting by the Editorial Board. Name: 2004-02-C Description: CANs announced between 2004/02/20 and 2004/02/29 Size: 48 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2004-0126 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0126 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040203 Category: SF Reference: FREEBSD:FreeBSD-SA-04:03 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc Reference: XF:freebsd-jailattach-gain-privileges(15344) Reference: URL:http://xforce.iss.net/xforce/xfdb/15344 Reference: BID:9762 Reference: URL:http://www.securityfocus.com/bid/9762 The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail. Analysis ---------------- ED_PRI CAN-2004-0126 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0159 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0159 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040213 Category: SF Reference: DEBIAN:DSA-447 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755803218677&w=2 Reference: FULLDISC:20040223 Re: [SECURITY] [DSA 447-1] New hsftp packages fix format string vulnerability Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/017737.html Reference: XF:hsftp-format-string(15276) Reference: URL:http://xforce.iss.net/xforce/xfdb/15276 Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command. Analysis ---------------- ED_PRI CAN-2004-0159 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0160 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0160 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040213 Category: SF Reference: DEBIAN:DSA-446 Reference: URL:http://www.debian.org/security/2004/dsa-446 Reference: XF:synaesthesia-configuration-symlink-attack(15279) Reference: URL:http://xforce.iss.net/xforce/xfdb/15279 Reference: BID:9713 Reference: URL:http://www.securityfocus.com/bid/9713 Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file. Analysis ---------------- ED_PRI CAN-2004-0160 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0165 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0165 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040218 Category: SF Reference: ATSTAKE:A022304-1 Reference: URL:http://www.atstake.com/research/advisories/2004/a022304-1.txt Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html Reference: CERT-VN:VU#841742 Reference: URL:http://www.kb.cert.org/vuls/id/841742 Reference: XF:macos-pppd-format-string(15297) Reference: URL:http://xforce.iss.net/xforce/xfdb/15297 Reference: BID:9730 Reference: URL:http://www.securityfocus.com/bid/9730 Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges. Analysis ---------------- ED_PRI CAN-2004-0165 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0167 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0167 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040218 Category: SF Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html Reference: XF:macos-diskarbitration-unknown(15300) Reference: URL:http://xforce.iss.net/xforce/xfdb/15300 DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media. Analysis ---------------- ED_PRI CAN-2004-0167 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0169 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0169 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040218 Category: SF Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html Reference: BUGTRAQ:20040224 iDEFENSE Security Advisory 02.23.04: Darwin Streaming Server Remote Denial of Service Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107765514003396&w=2 Reference: MISC:http://www.idefense.com/application/poi/display?id=75&type=vulnerabilities Reference: CERT-VN:VU#460350 Reference: URL:http://www.kb.cert.org/vuls/id/460350 Reference: XF:darwin-describe-request-dos(15291) Reference: URL:http://xforce.iss.net/xforce/xfdb/15291 Reference: BID:9735 Reference: URL:http://www.securityfocus.com/bid/9735 QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function. Analysis ---------------- ED_PRI CAN-2004-0169 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0173 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0173 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040225 Category: SF Reference: BUGTRAQ:20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107765545431387&w=2 Reference: FULLDISC:20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory traversal vulnerability Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/017740.html Reference: CONFIRM:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26152 Reference: BID:9733 Reference: URL:http://www.securityfocus.com/bid/9733 Reference: XF:apache-cygwin-directory-traversal(15293) Reference: URL:http://xforce.iss.net/xforce/xfdb/15293 Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. Analysis ---------------- ED_PRI CAN-2004-0173 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0185 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0185 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040302 Category: SF Reference: MISC:http://www.securiteam.com/unixfocus/6X00Q1P8KC.html Reference: CONFIRM:ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch Reference: MISC:http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt Reference: DEBIAN:DSA-457 Reference: URL:http://www.debian.org/security/2004/dsa-457 Reference: REDHAT:RHSA-2004:096 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-096.html Reference: XF:wuftpd-skey-bo(13518) Reference: URL:http://xforce.iss.net/xforce/xfdb/13518 Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name. Analysis ---------------- ED_PRI CAN-2004-0185 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0188 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0188 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040302 Category: SF Reference: BUGTRAQ:20040227 Calife heap corrupt / potential local root exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107789737832092&w=2 Reference: DEBIAN:DSA-461 Reference: URL:http://www.debian.org/security/2004/dsa-461 Reference: XF:calife-long-password-bo(15335) Reference: URL:http://xforce.iss.net/xforce/xfdb/15335 Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password. Analysis ---------------- ED_PRI CAN-2004-0188 1 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0189 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040303 Category: SF Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2004_1.txt Reference: XF:squid-urlregex-acl-bypass(15366) Reference: URL:http://xforce.iss.net/xforce/xfdb/15366 The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. Analysis ---------------- ED_PRI CAN-2004-0189 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0191 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0191 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040303 Category: SF Reference: BUGTRAQ:20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107774710729469&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=227417 Reference: XF:mozilla-event-handler-xss(15322) Reference: URL:http://xforce.iss.net/xforce/xfdb/15322 Reference: BID:9747 Reference: URL:http://www.securityfocus.com/bid/9747 Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. Analysis ---------------- ED_PRI CAN-2004-0191 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0193 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040304 Category: SF Reference: BUGTRAQ:20040227 EEYE: RealSecure/BlackICE Server Message Block (SMB) Processing Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107789851117176&w=2 Reference: MISC:http://www.eeye.com/html/Research/Upcoming/20040213.html Reference: ISS:20040226 Vulnerability in SMB Parsing in ISS Products Reference: URL:http://xforce.iss.net/xforce/alerts/id/165 Reference: CERT-VN:VU#150326 Reference: URL:http://www.kb.cert.org/vuls/id/150326 Reference: XF:pam-smb-protocol-bo(15207) Reference: URL:http://xforce.iss.net/xforce/xfdb/15207 Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username. Analysis ---------------- ED_PRI CAN-2004-0193 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0333 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0333 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040227 iDEFENSE Security Advisory 02.27.04a: WinZip MIME Parsing Buffer Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107789846720924&w=2 Reference: MISC:http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=true Reference: CONFIRM:http://www.winzip.com/fmwz90.htm Reference: CERT-VN:VU#116182 Reference: URL:http://www.kb.cert.org/vuls/id/116182 Reference: CIAC:O-092 Reference: URL:http://www.ciac.org/ciac/bulletins/o-092.shtml Reference: XF:winzip-mime-bo(15336) Reference: URL:http://xforce.iss.net/xforce/xfdb/15336 Reference: BID:9758 Reference: URL:http://www.securityfocus.com/bid/9758 Buffer overflow in the UUDeview package for WinZip 6.2 through WinZip 8.1 SR-1 allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters. Analysis ---------------- ED_PRI CAN-2004-0333 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: at http://www.winzip.com/fmwz90.htm at the top of the page it says WinZip 9.0 Fixes a Security Issue with MIME-Encoded Files and in the rest of the page it goes on to explain the vuln. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0320 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0320 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040223 nCipher Advisory #9: Host-side attackers can access secret data Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755899018249&w=2 Reference: XF:ncipher-hsm-obtain-info(15281) Reference: URL:http://xforce.iss.net/xforce/xfdb/15281 Reference: BID:9717 Reference: URL:http://www.securityfocus.com/bid/9717 Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands. Analysis ---------------- ED_PRI CAN-2004-0320 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0336 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0336 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107799540630302&w=2 Reference: BUGTRAQ:20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html Reference: XF:602pro-path-disclosure(15350) Reference: URL:http://xforce.iss.net/xforce/xfdb/15350 Reference: BID:9781 Reference: URL:http://www.securityfocus.com/bid/9781 LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory. Analysis ---------------- ED_PRI CAN-2004-0336 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0110 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040202 Category: SF Reference: REDHAT:RHSA-2004:090 Reference: URL:http://rhn.redhat.com/errata/RHSA-2004-090.html Reference: REDHAT:RHSA-2004:091 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-091.html Reference: BUGTRAQ:20040305 [OpenPKG-SA-2004.003] OpenPKG Security Advisory (libxml) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107851606605420&w=2 Reference: BUGTRAQ:20040306 TSLSA-2004-0010 - libxml2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107860178228804&w=2 Reference: BUGTRAQ:20040306 [ GLSA 200403-01 ] Libxml2 URI Parsing Buffer Overflow Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107876755716569&w=2 Reference: BID:9718 Reference: URL:http://www.securityfocus.com/bid/9718 Reference: XF:libxml2-nanohttp-bo(15301) Reference: URL:http://xforce.iss.net/xforce/xfdb/15301 Reference: XF:libxml2-nanoftp-bo(15302) Reference: URL:http://xforce.iss.net/xforce/xfdb/15302 Reference: MISC:http://secunia.com/advisories/10958/ Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml2 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. Analysis ---------------- ED_PRI CAN-2004-0110 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0158 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0158 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040213 Category: SF Reference: BUGTRAQ:20040222 lbreakout2 < 2.4beta-2 local exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755821705356&w=2 Reference: DEBIAN:DSA-445 Reference: URL:http://www.debian.org/security/2004/dsa-445 Reference: CONFIRM:http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.diff.gz Reference: BID:9712 Reference: URL:http://www.securityfocus.com/bid/9712 Reference: XF:breakout2-home-bo(15229) Reference: URL:http://xforce.iss.net/xforce/xfdb/15229 Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to (1) editor.c, (2) theme.c, (3) manager.c, (4) config.c, (5) game.c, (6) levels.c, or (7) main.c. Analysis ---------------- ED_PRI CAN-2004-0158 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0166 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0166 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040218 Category: SF Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html Reference: XF:macosx-safari-unknown(14993) Reference: URL:http://xforce.iss.net/xforce/xfdb/14993 Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar." Analysis ---------------- ED_PRI CAN-2004-0166 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0168 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0168 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040218 Category: SF Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798 Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html Reference: XF:macos-corefoundation-unknown(15299) Reference: URL:http://xforce.iss.net/xforce/xfdb/15299 Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging." Analysis ---------------- ED_PRI CAN-2004-0168 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0192 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0192 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040303 Category: SF Reference: BUGTRAQ:20040227 Symantec Gateway Security Management Service Cross Site Scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107790684732458&w=2 Reference: XF:symantecgateway-error-xss(15330) Reference: URL:http://xforce.iss.net/xforce/xfdb/15330 Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page. Analysis ---------------- ED_PRI CAN-2004-0192 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0313 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0313 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040220 Remote Buffer Overflow in PSOProxy 0.91 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107730731900261&w=2 Reference: BID:9706 Reference: URL:http://www.securityfocus.com/bid/9706 Reference: XF:psoproxy-long-get-bo(15275) Reference: URL:http://xforce.iss.net/xforce/xfdb/15275 Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as demonstrated using a long (1) GET argument or (2) method name. Analysis ---------------- ED_PRI CAN-2004-0313 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0314 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0314 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040221 Cross Site Scripting in WebzEdit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107757029514146&w=2 Reference: XF:webzedit-done-xss(15289) Reference: URL:http://xforce.iss.net/xforce/xfdb/15289 Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter. Analysis ---------------- ED_PRI CAN-2004-0314 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0315 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0315 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040223 Remote Buffer Overflow in Avirt Voice 4.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756584609841&w=2 Reference: XF:avirt-voice-get-bo(15288) Reference: URL:http://xforce.iss.net/xforce/xfdb/15288 Reference: BID:9721 Reference: URL:http://www.securityfocus.com/bid/9721 Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long GET request on port 1080. Analysis ---------------- ED_PRI CAN-2004-0315 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0316 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0316 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20030223 Multiple Remote Buffer Overflow in Avirt Soho 4.3 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756666701194&w=2 Reference: XF:avirt-soho-multiple-bo(15286) Reference: URL:http://xforce.iss.net/xforce/xfdb/15286 Reference: BID:9722 Reference: URL:http://www.securityfocus.com/bid/9722 Reference: BID:9723 Reference: URL:http://www.securityfocus.com/bid/9723 Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a denial of service (crash) via (1) a large GET request to port 1080 or (2) a large GET request of % characters to port 8080. Analysis ---------------- ED_PRI CAN-2004-0316 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0317 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0317 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040223 Lam3rZ Security Advisory #1/2004: LSF eauth vulnerability leads to remote code execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756611501236&w=2 Reference: XF:lsf-eauth-execute-code(15282) Reference: URL:http://xforce.iss.net/xforce/xfdb/15282 Reference: BID:9719 Reference: URL:http://www.securityfocus.com/bid/9719 Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x allows local users or remote attackers within the LSF cluster to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long LSF_From_PC parameter. Analysis ---------------- ED_PRI CAN-2004-0317 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0318 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0318 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040223 Lam3rZ Security Advisory #2/2004: LSF eauth vulnerability leads to a possibility of controlling cluster jobs on behalf of other users Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756600403557&w=2 Reference: XF:lsf-eauth-process-hijack(15278) Reference: URL:http://xforce.iss.net/xforce/xfdb/15278 Reference: BID:9724 Reference: URL:http://www.securityfocus.com/bid/9724 Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges. Analysis ---------------- ED_PRI CAN-2004-0318 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0319 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0319 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040223 ezBoard Cross Site Scripting Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756639427140&w=2 Reference: XF:ezboard-font-xss(15287) Reference: URL:http://xforce.iss.net/xforce/xfdb/15287 Reference: BID:9725 Reference: URL:http://www.securityfocus.com/bid/9725 Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a (1) font color or (2) font face argument. Analysis ---------------- ED_PRI CAN-2004-0319 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0321 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0321 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040223 Remote server crash in Team Factor <= 1.25 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756001412888&w=2 Reference: MISC:http://www.zone-h.org/advisories/read/id=4006 Reference: BID:9708 Reference: URL:http://www.securityfocus.com/bid/9708 Reference: XF:teamfactor-packet-dos(15274) Reference: URL:http://xforce.iss.net/xforce/xfdb/15274 Team Factor 1.25 and earlier allows remote attackers to cause a denial of service (crash) via a packet that uses a negative number to specify the size of the data block that follows, which causes Team Factor to read unallocated memory. Analysis ---------------- ED_PRI CAN-2004-0321 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0322 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0322 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756526625179&w=2 Reference: XF:xmb-multiple-scripts-xss(15292) Reference: URL:http://xforce.iss.net/xforce/xfdb/15292 Reference: BID:9726 Reference: URL:http://www.securityfocus.com/bid/9726 Cross-site scripting (XSS) vulnerability in XMB 1.8 Final SP2 allows remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) align tag where bbcode is allowed, or (5) img tag where bbcode is allowed. Analysis ---------------- ED_PRI CAN-2004-0322 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0323 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0323 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107756526625179&w=2 Reference: XF:xmb-multiple-sql-injection(15295) Reference: URL:http://xforce.iss.net/xforce/xfdb/15295 Reference: BID:9726 Reference: URL:http://www.securityfocus.com/bid/9726 Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. Analysis ---------------- ED_PRI CAN-2004-0323 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0324 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0324 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040223 Lam3rZ Security Advisory #3/2004: A bug in Confirm leads to remote command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107757320401858&w=2 Reference: XF:confirm-header-gain-access(15290) Reference: URL:http://xforce.iss.net/xforce/xfdb/15290 Reference: BID:9728 Reference: URL:http://www.securityfocus.com/bid/9728 Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $. Analysis ---------------- ED_PRI CAN-2004-0324 3 Vendor Acknowledgement: unknown discloser-claimed BID:9728 could be the same vuln, but the website is not updated. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0325 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0325 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040223 TYPSoft FTP Server 1.10 multiple vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107764173821905&w=2 Reference: BID:9702 Reference: URL:http://www.securityfocus.com/bid/9702 Reference: XF:typsoft-ftp-command-dos(15306) Reference: URL:http://xforce.iss.net/xforce/xfdb/15306 TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (CPU consumption) via "//../" arguments to (1) mkd, (2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe, (8) rnfr, (9) rnto, (10) rmd, or (11) xrmd, as demonstrated using "//../qwerty". Analysis ---------------- ED_PRI CAN-2004-0325 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0326 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0326 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040222 GateKeeper Pro 4.7 buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755692400728&w=2 Reference: FULLDISC:20040222 GateKeeper Pro 4.7 buffer overflow Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/017703.html Reference: BID:9716 Reference: URL:http://www.securityfocus.com/bid/9716 Reference: XF:gatekeeper-long-get-bo(15277) Reference: URL:http://xforce.iss.net/xforce/xfdb/15277 Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request. Analysis ---------------- ED_PRI CAN-2004-0326 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0327 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0327 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040223 ZH2004-09SA (security advisory): PhpNewsManager Remote arbitrary Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107772470111000&w=2 Reference: MISC:http://www.zone-h.org/advisories/read/id=4024 Reference: XF:phpnewsmanager-dotdot-directory-traversal(15283) Reference: URL:http://xforce.iss.net/xforce/xfdb/15283 Reference: BID:9720 Reference: URL:http://www.securityfocus.com/bid/9720 Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter. Analysis ---------------- ED_PRI CAN-2004-0327 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0328 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0328 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040224 Gigabyte Broadband Router - Multiple Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107766719227942&w=2 Reference: BID:9740 Reference: URL:http://www.securityfocus.com/bid/9740 Reference: XF:gigabyte-gnb46b-bypass-authentication(15313) Reference: URL:http://xforce.iss.net/xforce/xfdb/15313 Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 allows local users on the same local network as the router to bypass authentication by using a copy of the router's html menu on a separate system. Analysis ---------------- ED_PRI CAN-2004-0328 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0329 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0329 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040226 Denial Of Service in FreeChat 1.1.1a Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107781043621074&w=2 Reference: XF:freechat-string-dos(15321) Reference: URL:http://xforce.iss.net/xforce/xfdb/15321 Reference: BID:9744 Reference: URL:http://www.securityfocus.com/bid/9744 FreeChat 1.1.1a allows remote attackers to cause a denial of service (crash) via certain unexpected strings, as demonstrated using "aaaaa". Analysis ---------------- ED_PRI CAN-2004-0329 3 Vendor Acknowledgement: unknown BID:9744 could be the same vuln, but the site was not updated. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0330 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0330 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040226 [vulnwatch] Serv-U MDTM Command Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107781164214399&w=2 Reference: MISC:http://www.cnhonker.com/advisory/serv-u.mdtm.txt Reference: XF:servu-mdtm-bo(15323) Reference: URL:http://xforce.iss.net/xforce/xfdb/15323 Reference: BID:9751 Reference: URL:http://www.securityfocus.com/bid/9751 Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command. Analysis ---------------- ED_PRI CAN-2004-0330 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0331 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0331 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040226 Dell OpenManage Web Server Heap Overflow (Pre-Auth) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107781539829143&w=2 Reference: MISC:http://sh0dan.org/files/domadv.txt Reference: XF:dell-openmanage-ocsgetoeminpathfile-bo(15325) Reference: URL:http://xforce.iss.net/xforce/xfdb/15325 Reference: BID:9750 Reference: URL:http://www.securityfocus.com/bid/9750 Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable. Analysis ---------------- ED_PRI CAN-2004-0331 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0332 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0332 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040226 Extremail Security Problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107783767517850&w=2 Reference: XF:extremail-password-gain-access(15329) Reference: URL:http://xforce.iss.net/xforce/xfdb/15329 Reference: BID:9754 Reference: URL:http://www.securityfocus.com/bid/9754 Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges. Analysis ---------------- ED_PRI CAN-2004-0332 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0334 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0334 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040227 InnoMedia VideoPhone Authorization Bypass Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107799556111784&w=2 AXIS 2100 Network Camera allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, (2) videophone_syscfg.asp, (3) videophone_upgrade.asp, or (4) videophone_sysctrl.asp that contains an ending / (slash). Analysis ---------------- ED_PRI CAN-2004-0334 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0335 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0335 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: CF Reference: BUGTRAQ:20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107799540630302&w=2 Reference: BUGTRAQ:20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html Reference: XF:602pro-directory-listing(15349) Reference: URL:http://xforce.iss.net/xforce/xfdb/15349 Reference: BID:9780 Reference: URL:http://www.securityfocus.com/bid/9780 LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/. Analysis ---------------- ED_PRI CAN-2004-0335 3 Vendor Acknowledgement: no disputed Content Decisions: SF-LOC ACKNOWLEDGEMENT: a followup post by the vendor indicates that "this is a user configuration issue" and the feature is available "by design." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0337 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0337 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107799540630302&w=2 Reference: BUGTRAQ:20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html Reference: XF:602pro-index-xss(15351) Reference: URL:http://xforce.iss.net/xforce/xfdb/15351 Reference: BID:9777 Reference: URL:http://www.securityfocus.com/bid/9777 Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be REJECTed in the future. Analysis ---------------- ED_PRI CAN-2004-0337 3 Vendor Acknowledgement: no disputed Content Decisions: INCLUSION ACKNOWLEDGEMENT: a followup post by the vendor indicates that the vendor could not replicate the issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0338 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0338 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040228 Invision Power Board SQL injection! Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107799527428834&w=2 Reference: XF:invision-search-sql-injection(15343) Reference: URL:http://xforce.iss.net/xforce/xfdb/15343 Reference: BID:9766 Reference: URL:http://www.securityfocus.com/bid/9766 SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter. Analysis ---------------- ED_PRI CAN-2004-0338 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0339 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0339 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040228 New phpBB ViewTopic.php Cross Site Scripting Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107799508130700&w=2 Reference: XF:phpbb-viewtopicphp-xss(15348) Reference: URL:http://xforce.iss.net/xforce/xfdb/15348 Reference: BID:9765 Reference: URL:http://www.securityfocus.com/bid/9765 Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter. Analysis ---------------- ED_PRI CAN-2004-0339 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0340 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0340 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040228 Critical WFTPD buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107801208004699&w=2 Reference: XF:wftpd-ftp-commands-bo(15340) Reference: URL:http://xforce.iss.net/xforce/xfdb/15340 Reference: BID:9767 Reference: URL:http://www.securityfocus.com/bid/9767 Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands. Analysis ---------------- ED_PRI CAN-2004-0340 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0341 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0341 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040228 Multiple WFTPD Denial of Service vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107801142924976&w=2 Reference: XF:wftpd-string-0Ahbyte-dos(15341) Reference: URL:http://xforce.iss.net/xforce/xfdb/15341 Reference: BID:9767 Reference: URL:http://www.securityfocus.com/bid/9767 WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline. Analysis ---------------- ED_PRI CAN-2004-0341 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0342 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0342 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:20040228 Multiple WFTPD Denial of Service vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107801142924976&w=2 Reference: XF:wftpd-ftp-command-dos(15342) Reference: URL:http://xforce.iss.net/xforce/xfdb/15342 Reference: BID:9767 Reference: URL:http://www.securityfocus.com/bid/9767 WFTPD Pro Server 3.21 Release 1 allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error. Analysis ---------------- ED_PRI CAN-2004-0342 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2004-0360 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0360 Final-Decision: Interim-Decision: Modified: Proposed: 20040318 Assigned: 20040317 Category: SF Reference: BUGTRAQ:200470305 O-088: Sun passwd(1) Command Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107852274423414&w=2 Reference: SUNALERT:57454 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57454 Reference: CERT-VN:VU#694782 Reference: URL:http://www.kb.cert.org/vuls/id/694782 Reference: CIAC:O-088 Reference: URL:http://www.ciac.org/ciac/bulletins/o-088.shtml Reference: XF:solaris-passwd-gain-privileges(15327) Reference: URL:http://xforce.iss.net/xforce/xfdb/15327 Reference: BID:9757 Reference: URL:http://www.securityfocus.com/bid/9757 Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors. Analysis ---------------- ED_PRI CAN-2004-0360 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
