|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 480 candidates
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-1999-0718 CVE-1999-0718 CAN-1999-1189 CVE-1999-1189 CAN-1999-1199 CVE-1999-1199 CAN-1999-1201 CVE-1999-1201 CAN-1999-1217 CVE-1999-1217 CAN-1999-1365 CVE-1999-1365 CAN-1999-1397 CVE-1999-1397 CAN-1999-1486 CVE-1999-1486 CAN-1999-1520 CVE-1999-1520 CAN-1999-1537 CVE-1999-1537 CAN-1999-1556 CVE-1999-1556 CAN-1999-1568 CVE-1999-1568 CAN-2000-0247 CVE-2000-0247 CAN-2000-0747 CVE-2000-0747 CAN-2000-0773 CVE-2000-0773 CAN-2000-0781 CVE-2000-0781 CAN-2000-0797 CVE-2000-0797 CAN-2000-0894 CVE-2000-0894 CAN-2000-0895 CVE-2000-0895 CAN-2000-1203 CVE-2000-1203 CAN-2001-0042 CVE-2001-0042 CAN-2001-0375 CVE-2001-0375 CAN-2001-0423 CVE-2001-0423 CAN-2001-0485 CVE-2001-0485 CAN-2001-0548 CVE-2001-0548 CAN-2001-0612 CVE-2001-0612 CAN-2001-0643 CVE-2001-0643 CAN-2001-0741 CVE-2001-0741 CAN-2001-0749 CVE-2001-0749 CAN-2001-0792 CVE-2001-0792 CAN-2001-0825 CVE-2001-0825 CAN-2001-0837 CVE-2001-0837 CAN-2001-0902 CVE-2001-0902 CAN-2001-0907 CVE-2001-0907 CAN-2001-0909 CVE-2001-0909 CAN-2001-0914 CVE-2001-0914 CAN-2001-0951 CVE-2001-0951 CAN-2001-1029 CVE-2001-1029 CAN-2001-1055 CVE-2001-1055 CAN-2001-1066 CVE-2001-1066 CAN-2001-1069 CVE-2001-1069 CAN-2001-1081 CVE-2001-1081 CAN-2001-1098 CVE-2001-1098 CAN-2001-1103 CVE-2001-1103 CAN-2001-1186 CVE-2001-1186 CAN-2001-1200 CVE-2001-1200 CAN-2001-1267 CVE-2001-1267 CAN-2001-1279 CVE-2001-1279 CAN-2001-1302 CVE-2001-1302 CAN-2001-1328 CVE-2001-1328 CAN-2001-1347 CVE-2001-1347 CAN-2001-1350 CVE-2001-1350 CAN-2001-1351 CVE-2001-1351 CAN-2001-1352 CVE-2001-1352 CAN-2001-1367 CVE-2001-1367 CAN-2001-1386 CVE-2001-1386 CAN-2001-1391 CVE-2001-1391 CAN-2002-0036 CVE-2002-0036 CAN-2002-0090 CVE-2002-0090 CAN-2002-0158 CVE-2002-0158 CAN-2002-0188 CVE-2002-0188 CAN-2002-0193 CVE-2002-0193 CAN-2002-0275 CVE-2002-0275 CAN-2002-0313 CVE-2002-0313 CAN-2002-0357 CVE-2002-0357 CAN-2002-0362 CVE-2002-0362 CAN-2002-0376 CVE-2002-0376 CAN-2002-0380 CVE-2002-0380 CAN-2002-0384 CVE-2002-0384 CAN-2002-0387 CVE-2002-0387 CAN-2002-0395 CVE-2002-0395 CAN-2002-0396 CVE-2002-0396 CAN-2002-0397 CVE-2002-0397 CAN-2002-0398 CVE-2002-0398 CAN-2002-0400 CVE-2002-0400 CAN-2002-0443 CVE-2002-0443 CAN-2002-0444 CVE-2002-0444 CAN-2002-0445 CVE-2002-0445 CAN-2002-0546 CVE-2002-0546 CAN-2002-0615 CVE-2002-0615 CAN-2002-0627 CVE-2002-0627 CAN-2002-0630 CVE-2002-0630 CAN-2002-0651 CVE-2002-0651 CAN-2002-0662 CVE-2002-0662 CAN-2002-0668 CVE-2002-0668 CAN-2002-0672 CVE-2002-0672 CAN-2002-0673 CVE-2002-0673 CAN-2002-0674 CVE-2002-0674 CAN-2002-0682 CVE-2002-0682 CAN-2002-0692 CVE-2002-0692 CAN-2002-0694 CVE-2002-0694 CAN-2002-0696 CVE-2002-0696 CAN-2002-0729 CVE-2002-0729 CAN-2002-0835 CVE-2002-0835 CAN-2002-0836 CVE-2002-0836 CAN-2002-0840 CVE-2002-0840 CAN-2002-0842 CVE-2002-0842 CAN-2002-0844 CVE-2002-0844 CAN-2002-0850 CVE-2002-0850 CAN-2002-0864 CVE-2002-0864 CAN-2002-0865 CVE-2002-0865 CAN-2002-0866 CVE-2002-0866 CAN-2002-0867 CVE-2002-0867 CAN-2002-0895 CVE-2002-0895 CAN-2002-0969 CVE-2002-0969 CAN-2002-0970 CVE-2002-0970 CAN-2002-0974 CVE-2002-0974 CAN-2002-0985 CVE-2002-0985 CAN-2002-0986 CVE-2002-0986 CAN-2002-0990 CVE-2002-0990 CAN-2002-1091 CVE-2002-1091 CAN-2002-1092 CVE-2002-1092 CAN-2002-1093 CVE-2002-1093 CAN-2002-1095 CVE-2002-1095 CAN-2002-1096 CVE-2002-1096 CAN-2002-1097 CVE-2002-1097 CAN-2002-1098 CVE-2002-1098 CAN-2002-1099 CVE-2002-1099 CAN-2002-1102 CVE-2002-1102 CAN-2002-1104 CVE-2002-1104 CAN-2002-1105 CVE-2002-1105 CAN-2002-1106 CVE-2002-1106 CAN-2002-1107 CVE-2002-1107 CAN-2002-1108 CVE-2002-1108 CAN-2002-1109 CVE-2002-1109 CAN-2002-1111 CVE-2002-1111 CAN-2002-1112 CVE-2002-1112 CAN-2002-1113 CVE-2002-1113 CAN-2002-1116 CVE-2002-1116 CAN-2002-1117 CVE-2002-1117 CAN-2002-1118 CVE-2002-1118 CAN-2002-1119 CVE-2002-1119 CAN-2002-1122 CVE-2002-1122 CAN-2002-1123 CVE-2002-1123 CAN-2002-1126 CVE-2002-1126 CAN-2002-1132 CVE-2002-1132 CAN-2002-1135 CVE-2002-1135 CAN-2002-1137 CVE-2002-1137 CAN-2002-1138 CVE-2002-1138 CAN-2002-1139 CVE-2002-1139 CAN-2002-1140 CVE-2002-1140 CAN-2002-1141 CVE-2002-1141 CAN-2002-1142 CVE-2002-1142 CAN-2002-1146 CVE-2002-1146 CAN-2002-1147 CVE-2002-1147 CAN-2002-1148 CVE-2002-1148 CAN-2002-1151 CVE-2002-1151 CAN-2002-1152 CVE-2002-1152 CAN-2002-1153 CVE-2002-1153 CAN-2002-1154 CVE-2002-1154 CAN-2002-1156 CVE-2002-1156 CAN-2002-1157 CVE-2002-1157 CAN-2002-1158 CVE-2002-1158 CAN-2002-1159 CVE-2002-1159 CAN-2002-1160 CVE-2002-1160 CAN-2002-1169 CVE-2002-1169 CAN-2002-1170 CVE-2002-1170 CAN-2002-1178 CVE-2002-1178 CAN-2002-1179 CVE-2002-1179 CAN-2002-1180 CVE-2002-1180 CAN-2002-1182 CVE-2002-1182 CAN-2002-1183 CVE-2002-1183 CAN-2002-1184 CVE-2002-1184 CAN-2002-1185 CVE-2002-1185 CAN-2002-1186 CVE-2002-1186 CAN-2002-1187 CVE-2002-1187 CAN-2002-1188 CVE-2002-1188 CAN-2002-1189 CVE-2002-1189 CAN-2002-1193 CVE-2002-1193 CAN-2002-1195 CVE-2002-1195 CAN-2002-1196 CVE-2002-1196 CAN-2002-1197 CVE-2002-1197 CAN-2002-1198 CVE-2002-1198 CAN-2002-1199 CVE-2002-1199 CAN-2002-1200 CVE-2002-1200 CAN-2002-1211 CVE-2002-1211 CAN-2002-1214 CVE-2002-1214 CAN-2002-1219 CVE-2002-1219 CAN-2002-1220 CVE-2002-1220 CAN-2002-1221 CVE-2002-1221 CAN-2002-1222 CVE-2002-1222 CAN-2002-1223 CVE-2002-1223 CAN-2002-1224 CVE-2002-1224 CAN-2002-1227 CVE-2002-1227 CAN-2002-1230 CVE-2002-1230 CAN-2002-1231 CVE-2002-1231 CAN-2002-1232 CVE-2002-1232 CAN-2002-1236 CVE-2002-1236 CAN-2002-1239 CVE-2002-1239 CAN-2002-1242 CVE-2002-1242 CAN-2002-1244 CVE-2002-1244 CAN-2002-1245 CVE-2002-1245 CAN-2002-1248 CVE-2002-1248 CAN-2002-1250 CVE-2002-1250 CAN-2002-1251 CVE-2002-1251 CAN-2002-1252 CVE-2002-1252 CAN-2002-1253 CVE-2002-1253 CAN-2002-1255 CVE-2002-1255 CAN-2002-1256 CVE-2002-1256 CAN-2002-1257 CVE-2002-1257 CAN-2002-1260 CVE-2002-1260 CAN-2002-1264 CVE-2002-1264 CAN-2002-1265 CVE-2002-1265 CAN-2002-1266 CVE-2002-1266 CAN-2002-1267 CVE-2002-1267 CAN-2002-1268 CVE-2002-1268 CAN-2002-1270 CVE-2002-1270 CAN-2002-1271 CVE-2002-1271 CAN-2002-1272 CVE-2002-1272 CAN-2002-1277 CVE-2002-1277 CAN-2002-1278 CVE-2002-1278 CAN-2002-1284 CVE-2002-1284 CAN-2002-1296 CVE-2002-1296 CAN-2002-1307 CVE-2002-1307 CAN-2002-1308 CVE-2002-1308 CAN-2002-1311 CVE-2002-1311 CAN-2002-1313 CVE-2002-1313 CAN-2002-1317 CVE-2002-1317 CAN-2002-1318 CVE-2002-1318 CAN-2002-1319 CVE-2002-1319 CAN-2002-1320 CVE-2002-1320 CAN-2002-1323 CVE-2002-1323 CAN-2002-1325 CVE-2002-1325 CAN-2002-1327 CVE-2002-1327 CAN-2002-1336 CVE-2002-1336 CAN-2002-1337 CVE-2002-1337 CAN-2002-1348 CVE-2002-1348 CAN-2002-1349 CVE-2002-1349 CAN-2002-1350 CVE-2002-1350 CAN-2002-1361 CVE-2002-1361 CAN-2002-1362 CVE-2002-1362 CAN-2002-1363 CVE-2002-1363 CAN-2002-1364 CVE-2002-1364 CAN-2002-1365 CVE-2002-1365 CAN-2002-1366 CVE-2002-1366 CAN-2002-1367 CVE-2002-1367 CAN-2002-1369 CVE-2002-1369 CAN-2002-1371 CVE-2002-1371 CAN-2002-1372 CVE-2002-1372 CAN-2002-1373 CVE-2002-1373 CAN-2002-1374 CVE-2002-1374 CAN-2002-1375 CVE-2002-1375 CAN-2002-1377 CVE-2002-1377 CAN-2002-1380 CVE-2002-1380 CAN-2002-1381 CVE-2002-1381 CAN-2002-1382 CVE-2002-1382 CAN-2002-1384 CVE-2002-1384 CAN-2002-1385 CVE-2002-1385 CAN-2002-1388 CVE-2002-1388 CAN-2002-1389 CVE-2002-1389 CAN-2002-1390 CVE-2002-1390 CAN-2002-1391 CVE-2002-1391 CAN-2002-1392 CVE-2002-1392 CAN-2002-1394 CVE-2002-1394 CAN-2002-1396 CVE-2002-1396 CAN-2002-1403 CVE-2002-1403 CAN-2002-1405 CVE-2002-1405 CAN-2002-1407 CVE-2002-1407 CAN-2002-1412 CVE-2002-1412 CAN-2002-1413 CVE-2002-1413 CAN-2002-1414 CVE-2002-1414 CAN-2002-1417 CVE-2002-1417 CAN-2002-1418 CVE-2002-1418 CAN-2002-1419 CVE-2002-1419 CAN-2002-1420 CVE-2002-1420 CAN-2002-1424 CVE-2002-1424 CAN-2002-1425 CVE-2002-1425 CAN-2002-1430 CVE-2002-1430 CAN-2002-1435 CVE-2002-1435 CAN-2002-1436 CVE-2002-1436 CAN-2002-1437 CVE-2002-1437 CAN-2002-1438 CVE-2002-1438 CAN-2002-1443 CVE-2002-1443 CAN-2002-1446 CVE-2002-1446 CAN-2002-1447 CVE-2002-1447 CAN-2002-1448 CVE-2002-1448 CAN-2002-1463 CVE-2002-1463 CAN-2002-1468 CVE-2002-1468 CAN-2002-1469 CVE-2002-1469 CAN-2002-1471 CVE-2002-1471 CAN-2002-1472 CVE-2002-1472 CAN-2002-1476 CVE-2002-1476 CAN-2002-1477 CVE-2002-1477 CAN-2002-1478 CVE-2002-1478 CAN-2002-1479 CVE-2002-1479 CAN-2002-1490 CVE-2002-1490 CAN-2002-1491 CVE-2002-1491 CAN-2002-1493 CVE-2002-1493 CAN-2002-1494 CVE-2002-1494 CAN-2002-1496 CVE-2002-1496 CAN-2002-1497 CVE-2002-1497 CAN-2002-1501 CVE-2002-1501 CAN-2002-1502 CVE-2002-1502 CAN-2002-1505 CVE-2002-1505 CAN-2002-1509 CVE-2002-1509 CAN-2002-1510 CVE-2002-1510 CAN-2002-1511 CVE-2002-1511 CAN-2002-1513 CVE-2002-1513 CAN-2002-1514 CVE-2002-1514 CAN-2002-1516 CVE-2002-1516 CAN-2002-1517 CVE-2002-1517 CAN-2002-1518 CVE-2002-1518 CAN-2002-1519 CVE-2002-1519 CAN-2002-1520 CVE-2002-1520 CAN-2002-1521 CVE-2002-1521 CAN-2002-1524 CVE-2002-1524 CAN-2002-1528 CVE-2002-1528 CAN-2002-1529 CVE-2002-1529 CAN-2002-1530 CVE-2002-1530 CAN-2002-1531 CVE-2002-1531 CAN-2002-1532 CVE-2002-1532 CAN-2002-1534 CVE-2002-1534 CAN-2002-1537 CVE-2002-1537 CAN-2002-1538 CVE-2002-1538 CAN-2002-1540 CVE-2002-1540 CAN-2002-1541 CVE-2002-1541 CAN-2002-1543 CVE-2002-1543 CAN-2002-1547 CVE-2002-1547 CAN-2002-1548 CVE-2002-1548 CAN-2002-1549 CVE-2002-1549 CAN-2002-1550 CVE-2002-1550 CAN-2002-1552 CVE-2002-1552 CAN-2002-1560 CVE-2002-1560 CAN-2002-1574 CVE-2002-1574 CAN-2003-0002 CVE-2003-0002 CAN-2003-0003 CVE-2003-0003 CAN-2003-0004 CVE-2003-0004 CAN-2003-0007 CVE-2003-0007 CAN-2003-0009 CVE-2003-0009 CAN-2003-0012 CVE-2003-0012 CAN-2003-0013 CVE-2003-0013 CAN-2003-0015 CVE-2003-0015 CAN-2003-0016 CVE-2003-0016 CAN-2003-0017 CVE-2003-0017 CAN-2003-0018 CVE-2003-0018 CAN-2003-0019 CVE-2003-0019 CAN-2003-0020 CVE-2003-0020 CAN-2003-0021 CVE-2003-0021 CAN-2003-0022 CVE-2003-0022 CAN-2003-0023 CVE-2003-0023 CAN-2003-0024 CVE-2003-0024 CAN-2003-0027 CVE-2003-0027 CAN-2003-0032 CVE-2003-0032 CAN-2003-0033 CVE-2003-0033 CAN-2003-0039 CVE-2003-0039 CAN-2003-0040 CVE-2003-0040 CAN-2003-0043 CVE-2003-0043 CAN-2003-0045 CVE-2003-0045 CAN-2003-0050 CVE-2003-0050 CAN-2003-0051 CVE-2003-0051 CAN-2003-0052 CVE-2003-0052 CAN-2003-0053 CVE-2003-0053 CAN-2003-0054 CVE-2003-0054 CAN-2003-0055 CVE-2003-0055 CAN-2003-0058 CVE-2003-0058 CAN-2003-0059 CVE-2003-0059 CAN-2003-0062 CVE-2003-0062 CAN-2003-0063 CVE-2003-0063 CAN-2003-0064 CVE-2003-0064 CAN-2003-0065 CVE-2003-0065 CAN-2003-0066 CVE-2003-0066 CAN-2003-0067 CVE-2003-0067 CAN-2003-0068 CVE-2003-0068 CAN-2003-0069 CVE-2003-0069 CAN-2003-0070 CVE-2003-0070 CAN-2003-0071 CVE-2003-0071 CAN-2003-0073 CVE-2003-0073 CAN-2003-0075 CVE-2003-0075 CAN-2003-0077 CVE-2003-0077 CAN-2003-0078 CVE-2003-0078 CAN-2003-0079 CVE-2003-0079 CAN-2003-0081 CVE-2003-0081 CAN-2003-0087 CVE-2003-0087 CAN-2003-0088 CVE-2003-0088 CAN-2003-0093 CVE-2003-0093 CAN-2003-0094 CVE-2003-0094 CAN-2003-0095 CVE-2003-0095 CAN-2003-0097 CVE-2003-0097 CAN-2003-0100 CVE-2003-0100 CAN-2003-0102 CVE-2003-0102 CAN-2003-0103 CVE-2003-0103 CAN-2003-0104 CVE-2003-0104 CAN-2003-0107 CVE-2003-0107 CAN-2003-0108 CVE-2003-0108 CAN-2003-0120 CVE-2003-0120 CAN-2003-0122 CVE-2003-0122 CAN-2003-0123 CVE-2003-0123 CAN-2003-0124 CVE-2003-0124 CAN-2003-0125 CVE-2003-0125 CAN-2003-0143 CVE-2003-0143 CAN-2003-0145 CVE-2003-0145 CAN-2003-0825 CVE-2003-0825 CAN-2003-0903 CVE-2003-0903 CAN-2003-0905 CVE-2003-0905 CAN-2003-0924 CVE-2003-0924 CAN-2003-0966 CVE-2003-0966 CAN-2003-0969 CVE-2003-0969 CAN-2003-0985 CVE-2003-0985 CAN-2003-0988 CVE-2003-0988 CAN-2003-0991 CVE-2003-0991 CAN-2003-0993 CVE-2003-0993 CAN-2003-0994 CVE-2003-0994 CAN-2003-1022 CVE-2003-1022 CAN-2003-1326 CVE-2003-1326 CAN-2003-1328 CVE-2003-1328 CAN-2004-0001 CVE-2004-0001 CAN-2004-0004 CVE-2004-0004 CAN-2004-0009 CVE-2004-0009 CAN-2004-0011 CVE-2004-0011 CAN-2004-0013 CVE-2004-0013 CAN-2004-0015 CVE-2004-0015 CAN-2004-0016 CVE-2004-0016 CAN-2004-0028 CVE-2004-0028 CAN-2004-0031 CVE-2004-0031 CAN-2004-0032 CVE-2004-0032 CAN-2004-0033 CVE-2004-0033 CAN-2004-0035 CVE-2004-0035 CAN-2004-0036 CVE-2004-0036 CAN-2004-0040 CVE-2004-0040 CAN-2004-0044 CVE-2004-0044 CAN-2004-0045 CVE-2004-0045 CAN-2004-0049 CVE-2004-0049 CAN-2004-0063 CVE-2004-0063 CAN-2004-0068 CVE-2004-0068 CAN-2004-0070 CVE-2004-0070 CAN-2004-0075 CVE-2004-0075 CAN-2004-0077 CVE-2004-0077 CAN-2004-0078 CVE-2004-0078 CAN-2004-0080 CVE-2004-0080 CAN-2004-0082 CVE-2004-0082 CAN-2004-0089 CVE-2004-0089 CAN-2004-0093 CVE-2004-0093 CAN-2004-0094 CVE-2004-0094 CAN-2004-0095 CVE-2004-0095 CAN-2004-0096 CVE-2004-0096 CAN-2004-0099 CVE-2004-0099 CAN-2004-0108 CVE-2004-0108 CAN-2004-0111 CVE-2004-0111 CAN-2004-0113 CVE-2004-0113 CAN-2004-0114 CVE-2004-0114 CAN-2004-0115 CVE-2004-0115 CAN-2004-0121 CVE-2004-0121 CAN-2004-0122 CVE-2004-0122 CAN-2004-0126 CVE-2004-0126 CAN-2004-0128 CVE-2004-0128 CAN-2004-0129 CVE-2004-0129 CAN-2004-0131 CVE-2004-0131 CAN-2004-0148 CVE-2004-0148 CAN-2004-0150 CVE-2004-0150 CAN-2004-0159 CVE-2004-0159 CAN-2004-0160 CVE-2004-0160 CAN-2004-0165 CVE-2004-0165 CAN-2004-0167 CVE-2004-0167 CAN-2004-0169 CVE-2004-0169 CAN-2004-0171 CVE-2004-0171 CAN-2004-0173 CVE-2004-0173 CAN-2004-0185 CVE-2004-0185 CAN-2004-0186 CVE-2004-0186 CAN-2004-0188 CVE-2004-0188 CAN-2004-0189 CVE-2004-0189 CAN-2004-0190 CVE-2004-0190 CAN-2004-0191 CVE-2004-0191 CAN-2004-0193 CVE-2004-0193 CAN-2004-0194 CVE-2004-0194 CAN-2004-0256 CVE-2004-0256 CAN-2004-0257 CVE-2004-0257 CAN-2004-0261 CVE-2004-0261 CAN-2004-0263 CVE-2004-0263 CAN-2004-0270 CVE-2004-0270 CAN-2004-0273 CVE-2004-0273 CAN-2004-0274 CVE-2004-0274 CAN-2004-0276 CVE-2004-0276 CAN-2004-0297 CVE-2004-0297 CAN-2004-0306 CVE-2004-0306 CAN-2004-0307 CVE-2004-0307 CAN-2004-0309 CVE-2004-0309 CAN-2004-0320 CVE-2004-0320 CAN-2004-0336 CVE-2004-0336 CAN-2004-0347 CVE-2004-0347 CAN-2004-0356 CVE-2004-0356 ====================================================== Candidate: CAN-1999-0718 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0718 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20010214 Assigned: 19991125 Category: unknown Reference: NTBUGTRAQ:19990823 IBM Gina security warning Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=&S=&P=5534 Reference: BID:608 Reference: URL:http://www.securityfocus.com/bid/608 Reference: XF:ibm-gina-group-add Reference: URL:http://xforce.iss.net/static/3166.php IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. INFERRED ACTION: CAN-1999-0718 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Frech, Cole Voter Comments: Frech> XF:ibm-gina-group-add ====================================================== Candidate: CAN-1999-1189 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1189 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991124 Netscape Communicator 4.7 - Navigator Overflows Reference: URL:http://www.securityfocus.com/archive/1/36306 Reference: BUGTRAQ:19991127 Netscape Communicator 4.7 - Navigator Overflows Reference: URL:http://www.securityfocus.com/archive/1/36608 Reference: BID:822 Reference: URL:http://www.securityfocus.com/bid/822 Reference: XF:netscape-long-argument-bo(7884) Reference: URL:http://xforce.iss.net/xforce/xfdb/7884 Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file. Modifications: 20040723 ADDREF XF:netscape-long-argument-bo(7884) INFERRED ACTION: CAN-1999-1189 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:netscape-long-argument-bo(7884) ====================================================== Candidate: CAN-1999-1199 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1199 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980807 YA Apache DoS attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90252779826784&w=2 Reference: BUGTRAQ:19980808 Debian Apache Security Update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90276683825862&w=2 Reference: BUGTRAQ:19980810 Apache DoS Attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90286768232093&w=2 Reference: BUGTRAQ:19980811 Apache 'sioux' DOS fix for TurboLinux Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90280517007869&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#apache Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. Modifications: 20040723 ADDREF CONFIRM INFERRED ACTION: CAN-1999-1199 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Cox, Cole NOOP(3) Christey, Wall, Foat Voter Comments: Christey> CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#apache ====================================================== Candidate: CAN-1999-1201 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1201 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990206 New Windows 9x Bug: TCP Chorusing Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91849617221319&w=2 Reference: BID:225 Reference: URL:http://www.securityfocus.com/bid/225 Reference: XF:win-multiple-ip-dos(7542) Reference: URL:http://xforce.iss.net/xforce/xfdb/7542 Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing. Modifications: 20040723 ADDREF XF:win-multiple-ip-dos(7542) INFERRED ACTION: CAN-1999-1201 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:win-multiple-ip-dos(7542) ====================================================== Candidate: CAN-1999-1217 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1217 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19970725 Re: NT security - why bother? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319435&w=2 Reference: NTBUGTRAQ:19970723 NT security - why bother? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319426&w=2 Reference: XF:nt-path(526) Reference: URL:http://xforce.iss.net/static/526.php The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. INFERRED ACTION: CAN-1999-1217 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Frech, Foat, Cole Voter Comments: CHANGE> [Foat changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-1999-1365 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1365 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990628 NT runs Explorer.exe, Taskmgr.exe etc. from wrong location Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93069418400856&w=2 Reference: NTBUGTRAQ:19990630 Update: NT runs explorer.exe, etc... Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93127894731200&w=2 Reference: XF:nt-login-default-folder(2336) Reference: URL:http://xforce.iss.net/xforce/xfdb/2336 Reference: BID:0515 Reference: URL:http://www.securityfocus.com/bid/0515 Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. Modifications: 20040723 ADDREF XF:nt-login-default-folder(2336) INFERRED ACTION: CAN-1999-1365 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-login-default-folder(2336) CHANGE> [Foat changed vote from NOOP to ACCEPT] Frech> XF:nt-login-default-folder(2336) ====================================================== Candidate: CAN-1999-1397 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1397 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990323 Index Server 2.0 and the Registry Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92242671024118&w=2 Reference: NTBUGTRAQ:19990323 Index Server 2.0 and the Registry Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92223293409756&w=2 Reference: BID:476 Reference: URL:http://www.securityfocus.com/bid/476 Reference: XF:iis-indexserver-reveal-path(7559) Reference: URL:http://www.iss.net/security_center/static/7559.php Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. Modifications: ADDREF XF:iis-indexserver-reveal-path(7559) INFERRED ACTION: CAN-1999-1397 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:iis-indexserver-reveal-path(7559) ====================================================== Candidate: CAN-1999-1486 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1486 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CONFIRM:http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info Reference: AIXAPAR:IX75554 Reference: AIXAPAR:IX76853 Reference: AIXAPAR:IX76330 Reference: BID:408 Reference: URL:http://www.securityfocus.com/bid/408 Reference: XF:aix-sadc-timex(7675) Reference: URL:http://xforce.iss.net/xforce/xfdb/7675 sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack. Modifications: 20040723 fix desc. to show linkage with timex 20040723 ADDREF CONFIRM INFERRED ACTION: CAN-1999-1486 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Bollinger, Foat, Cole, Stracener NOOP(1) Christey Voter Comments: Christey> The description needs to be modified to mention the role of timex. The one-line description for the IX75554 APAR mentions timex instead of sadc, but the BID mentions sadc and not timex. This apparent discrepancy is resolved by a README file for the fileset that is used by IX75554: CONFIRM:http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info This clearly shows the relationship between timex and sadc. Bollinger> The one line abstract is somewhat misleading. The timex command calls sadc with a filename and it's the sadc command that can be tricked into modifying files owned by the adm group. Since sadc is only executable by group adm, a local attacker would need to use timex to exploit this. (timex is setgid adm.) So the vulnerability is really in sadc and that's where the fix was made. ====================================================== Candidate: CAN-1999-1520 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1520 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19990511 [ALERT] Site Server 3.0 May Expose SQL IDs and PSWs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92647407227303&w=2 Reference: BID:256 Reference: URL:http://www.securityfocus.com/bid/256 Reference: XF:siteserver-site-csc(2270) Reference: URL:http://xforce.iss.net/static/2270.php A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information. Modifications: 20040723 update desc style INFERRED ACTION: CAN-1999-1520 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Frech, Wall, Cole NOOP(1) Foat ====================================================== Candidate: CAN-1999-1537 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1537 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990707 SSL and IIS. Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827329577&w=2 Reference: BID:521 Reference: URL:http://www.securityfocus.com/bid/521 Reference: XF:ssl-iis-dos(2352) Reference: URL:http://xforce.iss.net/static/2352.php IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. INFERRED ACTION: CAN-1999-1537 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Frech, Wall, Cole NOOP(1) Foat ====================================================== Candidate: CAN-1999-1556 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1556 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19980629 MS SQL Server 6.5 stores password in unprotected registry keys Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222453431645&w=2 Reference: BID:109 Reference: URL:http://www.securityfocus.com/bid/109 Reference: XF:mssql-sqlexecutivecmdexec-password(7354) Reference: URL:http://xforce.iss.net/xforce/xfdb/7354 Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. Modifications: 20040723 ADDREF XF:mssql-sqlexecutivecmdexec-password(7354) 20040723 desc: fix typo "andd" INFERRED ACTION: CAN-1999-1556 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(2) Christey, Foat Voter Comments: Frech> XF:mssql-sqlexecutivecmdexec-password(7354) Christey> Need to consult MS on this issue. ====================================================== Candidate: CAN-1999-1568 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1568 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990223 NcFTPd remote buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91981352617720&w=2 Reference: BUGTRAQ:19990223 Comments on NcFTPd "theoretical root compromise" Reference: URL:http://www.securityfocus.com/archive/1/12699 Reference: XF:ncftpd-port-bo(1833) Reference: URL:http://xforce.iss.net/static/1833.php Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command. INFERRED ACTION: CAN-1999-1568 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Frech, Foat, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2000-0247 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0247 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000322 Local root compromise in GNQS 3.50.6 and 3.50.7 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0236.html Reference: MISC:http://ftp.gnqs.org/pub/gnqs/source/by-version-number/v3.50/Generic-NQS-3.50.8-ChangeLog.txt Reference: FREEBSD:FreeBSD-SA-00:13 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:13.generic-nqs.asc Reference: BID:1842 Reference: URL:http://www.securityfocus.com/bid/1842 Reference: XF:generic-nqs-local-root(4306) Reference: URL:http://xforce.iss.net/xforce/xfdb/4306 Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges. Modifications: 20040723 desc: add "unknown" 20040723 ADDREF BID:1842 20040723 ADDREF XF:generic-nqs-local-root(4306) 20040723 ADDREF FREEBSD:FreeBSD-SA-00:13 INFERRED ACTION: CAN-2000-0247 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Baker MODIFY(2) Frech, Christey NOOP(2) Magdych, Cole REVIEWING(1) Levy Voter Comments: Christey> ADDREF FREEBSD:FreeBSD-SA-00:13 ADDREF ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A13-generic-nqs.asc CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:generic-nqs-local-root CHANGE> [Magdych changed vote from REVIEWING to NOOP] CHANGE> [Christey changed vote from NOOP to MODIFY] Christey> BID:1842 XF:generic-nqs-local-root(4306) ====================================================== Candidate: CAN-2000-0747 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0747 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000726 CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENLDAP Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0379.html Reference: XF:openldap-logrotate-script-dos(5036) Reference: URL:http://xforce.iss.net/xforce/xfdb/5036 The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it. Modifications: 20040723 ADDREF XF:openldap-logrotate-script-dos(5036) INFERRED ACTION: CAN-2000-0747 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cole NOOP(1) Wall REVIEWING(1) Levy ====================================================== Candidate: CAN-2000-0773 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0773 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000731 Two security flaws in Bajie Webserver Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0426.html Reference: BID:1522 Reference: URL:http://www.securityfocus.com/bid/1522 Reference: XF:bajie-view-arbitrary-files(5021) Reference: URL:http://xforce.iss.net/xforce/xfdb/5021 Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack. Modifications: 20040723 XF:bajie-view-arbitrary-files(5021) INFERRED ACTION: CAN-2000-0773 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Levy, Williams MODIFY(1) Christey NOOP(2) Wall, Cole Voter Comments: Baker> Apparently the vendor fixed this issue, as it doesn't appear in later versions of the software. Christey> XF:bajie-view-arbitrary-files(5021) ====================================================== Candidate: CAN-2000-0781 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0781 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000728 Client Agent 6.62 for Unix Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0431.html Reference: BID:1519 Reference: URL:http://www.securityfocus.com/bid/1519 Reference: XF:arcserveit-clientagent-temp-file(5023) Reference: URL:http://xforce.iss.net/xforce/xfdb/5023 uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved. Modifications: 20040723 desc fix "the the" 20040723 XF:arcserveit-clientagent-temp-file(5023) INFERRED ACTION: CAN-2000-0781 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Levy, Williams MODIFY(2) Baker, Christey NOOP(2) Wall, Cole Voter Comments: Christey> fix typo: "the the" Baker> Can't really access the CA website to get info on this. CHANGE> [Christey changed vote from NOOP to MODIFY] Christey> XF:arcserveit-clientagent-temp-file(5023) ====================================================== Candidate: CAN-2000-0797 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0797 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl Reference: SGI:20040104-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc Reference: BID:1526 Reference: URL:http://www.securityfocus.com/bid/1526 Reference: XF:irix-grosview-bo(5062) Reference: URL:http://xforce.iss.net/xforce/xfdb/5062 Reference: OSVDB:3815 Reference: URL:http://www.osvdb.org/3815 Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option. Modifications: 20040723 ADDREF XF:irix-grosview-bo(5062) 20040723 ADDREF SGI:20040104-01-P 20040818 ADDREF OSVDB:3815 INFERRED ACTION: CAN-2000-0797 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Levy NOOP(4) Williams, Wall, Cole, Christey Voter Comments: Christey> XF:irix-grosview-bo http://xforce.iss.net/static/5062.php Christey> SGI:20040104-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc ====================================================== Candidate: CAN-2000-0894 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0894 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20010202 Assigned: 20001114 Category: SF Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall Reference: URL:http://xforce.iss.net/alerts/advise70.php Reference: XF:watchguard-soho-web-auth(5554) Reference: URL:http://xforce.iss.net/xforce/xfdb/5554 Reference: BID:2119 Reference: URL:http://www.securityfocus.com/bid/2119 Reference: OSVDB:4404 Reference: URL:http://www.osvdb.org/4404 HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities. Modifications: 20040818 ADDREF OSVDB:4404 INFERRED ACTION: CAN-2000-0894 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey REVIEWING(1) Ziese Voter Comments: Frech> XF:watchguard-soho-web-auth(5554) Christey> Consider adding BID:2119 ====================================================== Candidate: CAN-2000-0895 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0895 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20010202 Assigned: 20001114 Category: SF Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall Reference: URL:http://xforce.iss.net/alerts/advise70.php Reference: BID:2114 Reference: URL:http://www.securityfocus.com/bid/2114 Reference: XF:watchguard-soho-web-dos(5218) Reference: URL:http://xforce.iss.net/xforce/xfdb/5218 Reference: OSVDB:4403 Reference: URL:http://www.osvdb.org/4403 Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request. Modifications: 20040723 ADDREF XF:watchguard-soho-web-dos(5218) 20040723 desc normalize to "arbitrary code" 20040818 ADDREF OSVDB:4403 INFERRED ACTION: CAN-2000-0895 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall REVIEWING(1) Ziese Voter Comments: Frech> XF:watchguard-soho-web-dos(5218) ====================================================== Candidate: CAN-2000-1203 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1203 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020131 Category: SF Reference: VULN-DEV:20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=95886062521327&w=2 Reference: BUGTRAQ:20010820 Lotus Domino DoS Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-21&end=2002-01-27&mid=209116&threads=1 Reference: BUGTRAQ:20010823 Lotus Domino DoS solution Reference: URL:http://www.securityfocus.com/archive/1/209754 Reference: BID:3212 Reference: URL:http://www.securityfocus.com/bid/3212 Reference: XF:lotus-domino-bounced-message-dos(7012) Reference: URL:http://xforce.iss.net/xforce/xfdb/7012 Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop. Modifications: ADDREF XF:lotus-domino-bounced-message-dos(7012) INFERRED ACTION: CAN-2000-1203 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Armstrong, Green MODIFY(1) Frech NOOP(5) Cox, Wall, Foat, Cole, Christey Voter Comments: Green> Since a work around involving configuration settings exists the presenting problem should also exist. Frech> XF:lotus-domino-bounced-message-dos(7012) CONFIRM: http://www-1.ibm.com/support/docview.wss?rs=0&org=sims&doc=DA18AA221C3 B982085256B84000033EB Christey> The CONFIRM URL provided by Andre is broken ====================================================== Candidate: CAN-2001-0042 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0042 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001206 CHINANSL Security Advisory(CSA-200011) Reference: URL:http://www.securityfocus.com/archive/1/149210 Reference: BID:2060 Reference: URL:http://www.securityfocus.com/bid/2060 Reference: XF:apache-php-disclose-files Reference: URL:http://xforce.iss.net/static/5659.php PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences. Modifications: 20040723 desc normalize, add "%5c" detail INFERRED ACTION: CAN-2001-0042 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Cole, Baker, Frech NOOP(1) Wall REVIEWING(1) Ziese ====================================================== Candidate: CAN-2001-0375 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0375 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010406 PIX Firewall 5.1 DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98658271707833&w=2 Reference: CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml Reference: XF:cisco-pix-tacacs-dos(6353) Reference: URL:http://xforce.iss.net/xforce/xfdb/6353 Reference: BID:2551 Reference: URL:http://www.securityfocus.com/bid/2551 Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. Modifications: 20040723 desc normalize 20040723 XF:cisco-pix-tacacs-dos(6353) 20040723 CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability INFERRED ACTION: CAN-2001-0375 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Christey REVIEWING(1) Ziese Voter Comments: Frech> XF:cisco-pix-tacacs-dos(6353) Christey> CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability URL:http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml ====================================================== Candidate: CAN-2001-0423 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0423 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010412 Solaris ipcs vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0217.html Reference: BID:2581 Reference: URL:http://www.securityfocus.com/bid/2581 Reference: XF:solaris-ipcs-bo(6369) Reference: URL:http://xforce.iss.net/xforce/xfdb/6369 Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093. Modifications: 20040723 desc add "different from CAN-2002-0093" 20040723 ADDREF XF:solaris-ipcs-bo(6369) INFERRED ACTION: CAN-2001-0423 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Dik MODIFY(1) Frech NOOP(3) Wall, Cole, Christey REVIEWING(2) Ziese, Williams Voter Comments: Frech> XF:solaris-ipcs-bo(6369) Dik> sun bug: 4448598 Christey> This might be a duplicate of CAN-2002-0093, which is for Compaq IPCS. Christey> An authoritative source confirmed that this issue is in fact different from CAN-2002-0093. ====================================================== Candidate: CAN-2001-0485 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0485 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010426 IRIX /usr/lib/print/netprint local root symbols exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0475.html Reference: BUGTRAQ:20010427 Re: IRIX /usr/lib/print/netprint local root symbols exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0502.html Reference: SGI:20010701-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010701-01-P Reference: BID:2656 Reference: URL:http://www.securityfocus.com/bid/2656 Reference: XF:irix-netprint-shared-library(6473) Reference: URL:http://xforce.iss.net/xforce/xfdb/6473 Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option. Modifications: 20040723 ADDREF SGI:20010701-01-P 20040723 ADDREF BID:2656 20040723 ADDREF XF:irix-netprint-shared-library(6473) INFERRED ACTION: CAN-2001-0485 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(5) Wall, Cole, Christey, Ziese, Renaud REVIEWING(1) Williams Voter Comments: Williams> Apply the following patch: 2022? See advisory 19961203-01-PX for more information? Frech> XF:irix-netprint-shared-library(6473) Christey> SGI:20010701-01-P Baker> SGI Patch 20010701-01-P Christey> ADDREF BID:2656 ====================================================== Candidate: CAN-2001-0548 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0548 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010717 Category: SF Reference: BUGTRAQ:20010724 NSFOCUS SA2001-04 : Solaris dtmail Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99598918914068&w=2 Reference: XF:solaris-dtmail-bo(6879) Reference: URL:http://xforce.iss.net/static/6879.php Reference: BID:3081 Reference: URL:http://www.securityfocus.com/bid/3081 Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable. Modifications: ADDREF XF:solaris-dtmail-bo(6879) DESC remove "possibly other OSes" INFERRED ACTION: CAN-2001-0548 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Foat, Armstrong, Stracener MODIFY(2) Frech, Balinsky NOOP(4) Wall, Cole, Christey, Ziese Voter Comments: Frech> XF:solaris-dtmail-bo(6879) Balinsky> Delete "and possibly other operating systems" because that is not verifiable, and add the following references from Sun, which acknowledge the problem: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/105338 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/105339 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/107200 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/107201 Christey> BID:3081 URL:http://www.securityfocus.com/bid/3081 Christey> It is not clear from the patch list whether these *particular* dtmail overflows have been addressed. ====================================================== Candidate: CAN-2001-0612 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0612 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010516 Remote Desktop DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0158.html Reference: XF:remote-desktop-dos(6547) Reference: URL:http://xforce.iss.net/static/6547.php Reference: BID:2726 Reference: URL:http://www.securityfocus.com/bid/2726 Reference: OSVDB:6288 Reference: URL:http://www.osvdb.org/6288 McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045. Modifications: 20040723 desc normalize 20040818 ADDREF OSVDB:6288 INFERRED ACTION: CAN-2001-0612 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Cole, Frech, Ziese NOOP(3) Wall, Foat, Bishop Voter Comments: CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0643 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0643 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010829 Assigned: 20010806 Category: SF Reference: BUGTRAQ:20010416 Double clicking on innocent looking files may be dangerous Reference: URL:http://www.securityfocus.com/archive/1/176909 Reference: MISC:http://www.guninski.com/clsidext.html Reference: MISC:http://vil.nai.com/vil/virusSummary.asp?virus_k=99048 Reference: MISC:http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html Reference: XF:ie-clsid-execute-files(6426) Reference: URL:http://xforce.iss.net/static/6426.php Reference: BID:2612 Reference: URL:http://www.securityfocus.com/bid/2612 A type-check flaw in Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type. Modifications: 20040723 ADDREF MISC:http://www.guninski.com/clsidext.html 20040723 ADDREF BID:2612 INFERRED ACTION: CAN-2001-0643 FINAL (Final Decision 20040901) Current Votes: ACCEPT(5) Wall, Foat, Cole, Baker, Frech NOOP(2) Stracener, Ziese Voter Comments: CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0741 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0741 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20011012 Assigned: 20011012 Category: CF Reference: BUGTRAQ:20010503 Cisco HSRP Weakness/DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0035.html Reference: MISC:http://www.cisco.com/networkers/nw00/pres/2402.pdf Reference: XF:cisco-hsrp-dos(6497) Reference: URL:http://xforce.iss.net/static/6497.php Reference: BID:2684 Reference: URL:http://www.securityfocus.com/bid/2684 Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets. INFERRED ACTION: CAN-2001-0741 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Foat, Armstrong, Frech NOOP(2) Wall, Cole ====================================================== Candidate: CAN-2001-0749 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0749 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010524 IPC@Chip Security Reference: URL:http://www.securityfocus.com/archive/1/186418 Reference: BID:2775 Reference: URL:http://www.securityfocus.com/bid/2775 Reference: XF:ipcchip-web-root-system(8922) Reference: URL:http://xforce.iss.net/xforce/xfdb/8922 Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attacker to retrieve arbitrary files via webserver root directory set to system root. Modifications: 20040723 ADDREF XF:ipcchip-web-root-system(8922) INFERRED ACTION: CAN-2001-0749 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Armstrong Voter Comments: Frech> XF:ipcchip-web-root-system(8922) ====================================================== Candidate: CAN-2001-0792 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0792 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: MISC:http://www.securiteam.com/exploits/5AP0Q2A4AQ.html Reference: XF:xchat-nickname-format-string(7416) Reference: URL:http://xforce.iss.net/static/7416.php Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname. Modifications: ADDREF XF:xchat-nickname-format-string(7416) INFERRED ACTION: CAN-2001-0792 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Cole, Armstrong MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Frech> XF:xchat-nickname-format-string(7416) Christey> Inquiry sent to xchat developer on 2/25/2002. Christey> Received a reply 2/26/2002: "I don't know... It doesn't seem to effect [sic] any recent versions though." This vulnerability was reported for a *MUCH* older version. ====================================================== Candidate: CAN-2001-0825 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0825 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20020821-02 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: SUSE:SuSE-SA:2001:022 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Jun/0002.html Reference: CONECTIVA:CLA-2001:406 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406 Reference: REDHAT:RHSA-2001:092 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-092.html Reference: IMMUNIX:IMNX-2001-70-029-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-029-01 Reference: BID:2971 Reference: URL:http://www.securityfocus.com/bid/2971 Reference: XF:xinetd-zero-length-bo(6804) Reference: URL:http://xforce.iss.net/static/6804.php Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. Modifications: ADDREF XF:xinetd-zero-length-bo(6804) ADDREF IMMUNIX:IMNX-2001-70-024-01 DELREF IMMUNIX:IMNX-2001-70-024-01 DELREF BUGTRAQ:20010629 xinetd update [normalize to IMMUNIX] DELREF BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1 INFERRED ACTION: CAN-2001-0825 FINAL (Final Decision 20040901) Current Votes: ACCEPT(6) Wall, Foat, Cole, Armstrong, Baker, Bishop MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:xinetd-zero-length-bo(6804) Christey> Need to sift through the references to make sure they're correct and appropriately distinguish from CAN-2001-0763. Christey> DELREF IMMUNIX:IMNX-2001-70-024-01 - it does not explicitly mention this issue. DELREF BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1 That's for CAN-2001-0763. Change affected version to 2.1.8, I have no idea where 2.3.1 came from. ====================================================== Candidate: CAN-2001-0837 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0837 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011025 Pc-to-Phone vulnerability - broken by design Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100403691432052&w=2 Reference: XF:pc2phone-temp-account-readable(7393) Reference: URL:http://xforce.iss.net/xforce/xfdb/7393 Reference: BID:3475 Reference: URL:http://www.securityfocus.com/bid/3475 DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder. Modifications: 20040723 ADDREF XF:pc2phone-temp-account-readable(7393) INFERRED ACTION: CAN-2001-0837 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Armstrong, Baker MODIFY(1) Frech NOOP(4) Wall, Foat, Cole, Bishop Voter Comments: Frech> XF:pc2phone-temp-account-readable(7393) Armstrong> http://www.securiteam.com/windowsntfocus/6V00P202UC.html ====================================================== Candidate: CAN-2001-0902 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0902 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011120 IIS logging issue Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626531103946&w=2 Reference: NTBUGTRAQ:20011120 IIS logging issue Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100627497122247&w=2 Reference: XF:iis-fake-log-entry(7613) Reference: URL:http://xforce.iss.net/xforce/xfdb/7613 Reference: BID:6795 Reference: URL:http://www.securityfocus.com/bid/6795 Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. Modifications: 20040723 ADDREF XF:iis-fake-log-entry(7613) INFERRED ACTION: CAN-2001-0902 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(1) Armstrong REVIEWING(1) Wall Voter Comments: Frech> XF:iis-fake-log-entry(7613) ====================================================== Candidate: CAN-2001-0907 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0907 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20020817-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011018 Flaws in recent Linux kernels Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337 Reference: MANDRAKE:MDKSA-2001:082 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082-1.php3 Reference: SUSE:SuSE-SA:2001:036 Reference: URL:http://www.suse.de/de/support/security/2001_036_kernel_txt.html Reference: IMMUNIX:IMNX-2001-70-035-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01 Reference: CALDERA:CSSA-2001-036.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt Reference: MANDRAKE:MDKSA-2001:079 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-079.php Reference: ENGARDE:ESA-20011019-02 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1650.html Reference: BUGTRAQ:20011019 TSLSA-2001-0028 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100350685431610&w=2 Reference: XF:linux-multiple-symlink-dos(7312) Reference: URL:http://www.iss.net/security_center/static/7312.php Reference: BID:3444 Reference: URL:http://www.securityfocus.com/bid/3444 Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link. Modifications: ADDREF SUSE:SuSE-SA:2001:036 ADDREF IMMUNIX:IMNX-2001-70-035-01 ADDREF CALDERA:CSSA-2001-036.0 ADDREF MANDRAKE:MDKSA-2001:079 ADDREF ENGARDE:ESA-20011019-02 ADDREF BUGTRAQ:20011019 TSLSA-2001-0028 ADDREF XF:linux-multiple-symlink-dos(7312) ADDREF BID:3444 INFERRED ACTION: CAN-2001-0907 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Foat, Cole, Green, Baker MODIFY(1) Frech NOOP(1) Christey REVIEWING(1) Wall Voter Comments: Frech> XF:linux-multiple-symlink-dos(7312) Christey> SUSE:SuSE-SA:2001:036 URL:http://www.suse.de/de/support/security/2001_036_kernel_txt.html IMMUNIX:IMNX-2001-70-035-01 URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01 CALDERA:CSSA-2001-036.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt MANDRAKE:MDKSA-2001:079 ENGARDE:ESA-20011019-02 URL:http://www.linuxsecurity.com/advisories/other_advisory-1650.html BUGTRAQ:20011019 TSLSA-2001-0028 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100350685431610&w=2 ====================================================== Candidate: CAN-2001-0909 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0909 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 Buffer overflow in Windows XP "helpctr.exe" Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638955422011&w=2 Reference: XF:winxp-helpctr-bo(7605) Reference: URL:http://xforce.iss.net/static/7605.php Reference: BID:6802 Reference: URL:http://www.securityfocus.com/bid/6802 Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL. Modifications: 20040723 BID:6802 INFERRED ACTION: CAN-2001-0909 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Armstrong REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-0914 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0914 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 SuSE 7.3 : Kernel 2.4.10-4GB Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638584813349&w=2 Reference: BUGTRAQ:20011122 Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654787226869&w=2L:2 Reference: XF:linux-vmlinux-dos(7591) Reference: URL:http://xforce.iss.net/xforce/xfdb/7591 Reference: BID:3570 Reference: URL:http://www.securityfocus.com/bid/3570 Linux kernel before 2.4.11pre3 in multiple Linux distributions allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, possibly related to poor error checking during ELF loading. Modifications: 20040723 ADDREF XF:linux-vmlinux-dos(7591) 20040723 ADDREF BID:3570 INFERRED ACTION: CAN-2001-0914 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Baker MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-vmlinux-dos(7591) ====================================================== Candidate: CAN-2001-0951 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0951 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011207 UDP DoS attack in Win2k via IKE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100774842520403&w=2 Reference: BUGTRAQ:20011211 UDP DoS attack in Win2k via IKE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100813081913496&w=2 Reference: XF:win2k-ike-dos(7667) Reference: URL:http://xforce.iss.net/static/7667.php Reference: BID:3652 Reference: URL:http://www.securityfocus.com/bid/3652 Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. Modifications: 20040723 desc normalize DoS term INFERRED ACTION: CAN-2001-0951 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(1) Cole REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1029 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1029 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html Reference: XF:bsd-libutil-privilege-dropping(8697) Reference: URL:http://xforce.iss.net/xforce/xfdb/8697 Reference: OSVDB:6073 Reference: URL:http://www.osvdb.org/6073 libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. Modifications: 20040723 ADDREF XF:bsd-libutil-privilege-dropping(8697) 20040818 ADDREF OSVDB:6073 INFERRED ACTION: CAN-2001-1029 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Foat, Green MODIFY(1) Frech NOOP(2) Wall, Cole Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:bsd-libutil-privilege-dropping(8697) ====================================================== Candidate: CAN-2001-1055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1055 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010730 ARPNuke - 80 kb/s kills a whole subnet Reference: URL:http://www.securityfocus.com/archive/1/200323 Reference: BID:3113 Reference: URL:http://www.securityfocus.com/bid/3113 Reference: XF:win-arp-packet-flooding-dos(6924) Reference: URL:http://xforce.iss.net/xforce/xfdb/6924 The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. Modifications: 20040723 ADDREF XF:win-arp-packet-flooding-dos(6924) 20040723 desc - add ARPNuke INFERRED ACTION: CAN-2001-1055 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Foat MODIFY(2) Green, Frech NOOP(3) Wall, Cole, Armstrong Voter Comments: Green> TOO VAGUE TO REACH ANY CONCLUSION Frech> XF:win-arp-packet-flooding-dos(6924) ====================================================== Candidate: CAN-2001-1066 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1066 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010827 Dangerous temp file creation during installation of Netscape 6. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99893667921216&w=2 Reference: VULNWATCH:20010827 Dangerous temp file creation during installation of Netscape 6. Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0036.html Reference: SUNBUG:4633888 Reference: BID:3243 Reference: URL:http://www.securityfocus.com/bid/3243 Reference: XF:netscape-install-tmpfile-symlink(7042) Reference: URL:http://xforce.iss.net/static/7042.php ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack. Modifications: 20040725 ADDREF SUNBUG:4633888 20040725 ADDREF BID:3243 20040725 ADDREF XF:netscape-install-tmpfile-symlink(7042) 20040725 ADDREF VULNWATCH:20010827 [VulnWatch] Dangerous temp file creation during installation of Netscape 6. INFERRED ACTION: CAN-2001-1066 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Dik, Green MODIFY(1) Frech NOOP(4) Foat, Cole, Armstrong, Christey REVIEWING(1) Wall Voter Comments: Dik> Verified by code inspection of ns6install from netscape 6.2.1 beta Sun bug: 4633888 (just filed) Christey> BID:3243 URL:http://www.securityfocus.com/bid/3243 XF:netscape-install-tmpfile-symlink(7042) URL:http://xforce.iss.net/static/7042.php Christey> VULNWATCH:20010827 [VulnWatch] Dangerous temp file creation during installation of Netscape 6. URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0036.html Frech> XF:netscape-install-tmpfile-symlink(7042) ====================================================== Candidate: CAN-2001-1069 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1069 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20010822 Adobe Acrobat creates world writable ~/AdobeFnt.lst files Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99849121502399&w=2 Reference: MISC:http://lists.debian.org/debian-security/2001/debian-security-200101/msg00085.html Reference: BID:3225 Reference: URL:http://www.securityfocus.com/bid/3225 Reference: XF:adobe-acrobat-insecure-permissions(7024) Reference: URL:http://xforce.iss.net/static/7024.php libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior. INFERRED ACTION: CAN-2001-1069 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(3) Cole, Armstrong, Christey REVIEWING(1) Wall Voter Comments: Christey> SGI:20020806-01-I points to this candidate, but I'm not so sure that's correct; the SGI advisory discusses symlink attacks, but this CAN is related to permissions. ====================================================== Candidate: CAN-2001-1081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1081 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CONFIRM:http://freshmeat.net/releases/52020/ Reference: MLIST:[fm-news] 20010713 Newsletter for Friday, July 13th 2001 Reference: URL:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0009.html Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html Reference: BID:2994 Reference: URL:http://www.securityfocus.com/bid/2994 Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages. Modifications: 20040725 VULNWATCH:20010719 Changelog maddness (14 various broken apps) 20040725 MLIST:[fm-news] 20010713 Newsletter for Friday, July 13th 2001 INFERRED ACTION: CAN-2001-1081 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Baker MODIFY(2) Christey, Frech NOOP(2) Wall, Foat Voter Comments: Frech> ISS: ISS Security Advisory: Remote Buffer Overflow in Multiple RADIUS Implementations XF:lucent-radius-authentication-bo(6794) CONFIRM reference is no longer available. Christey> VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html MISC:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0009.html Christey> XF:lucent-radius-authentication-bo(6794) does not seem appropriate, as it deals with buffer overflows; however, this is a format string issue. XF:lucent-radius-authentication-bo(6794) is really about CAN-2001-0534. ====================================================== Candidate: CAN-2001-1098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1098 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011010 Vulnerability: Cisco PIX Firewall Manager Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0071.html Reference: CERT-VN:VU#639507 Reference: URL:http://www.kb.cert.org/vuls/id/639507 Reference: XF:cisco-pfm-plaintext-password(7265) Reference: URL:http://xforce.iss.net/static/7265.php Reference: BID:3419 Reference: URL:http://www.securityfocus.com/bid/3419 Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file. Modifications: 20040725 ADDREF BID:3419 20040725 ADDREF CERT-VN:VU#639507 INFERRED ACTION: CAN-2001-1098 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(3) Wall, Cole, Armstrong REVIEWING(1) Ziese Voter Comments: CHANGE> [Armstrong changed vote from REVIEWING to NOOP] Frech> HAS-INDEPENDENT-CONFIRMATION:http://www.kb.cert.org/vuls/id/6 39507 ====================================================== Candidate: CAN-2001-1103 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1103 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CERT-VN:VU#320944 Reference: URL:http://www.kb.cert.org/vuls/id/320944 Reference: XF:ftp-voyager-embedded-script-execution(7119) Reference: URL:http://xforce.iss.net/static/7119.php FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands. INFERRED ACTION: CAN-2001-1103 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Frech, Ziese NOOP(3) Foat, Cole, Armstrong REVIEWING(1) Wall Voter Comments: Green> Vendor appears to have acknowledged with a new release of the product, although there is no explicit citing of the vulnerability on the vendor's website ====================================================== Candidate: CAN-2001-1186 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1186 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug. Reference: URL:http://www.securityfocus.com/archive/1/244892 Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug Memory attack Reference: URL:http://online.securityfocus.com/archive/1/244931 Reference: BUGTRAQ:20011212 Microsoft IIS/5.0 Content-Length DoS (proved) Reference: URL:http://online.securityfocus.com/archive/1/245100 Reference: BID:3667 Reference: URL:http://www.securityfocus.com/bid/3667 Reference: XF:iis-false-content-length-dos(7691) Reference: URL:http://www.iss.net/security_center/static/7691.php Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. INFERRED ACTION: CAN-2001-1186 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(2) Foat, Ziese REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1200 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1200 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011217 Hot keys permissions bypass under XP Reference: URL:http://www.securityfocus.com/archive/1/246014 Reference: BID:3703 Reference: URL:http://www.securityfocus.com/bid/3703 Reference: XF:winxp-hotkey-execute-programs(7713) Reference: URL:http://www.iss.net/security_center/static/7713.php Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. INFERRED ACTION: CAN-2001-1200 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(2) Cole, Ziese REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1267 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1267 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers Reference: URL:http://online.securityfocus.com/archive/1/196445 Reference: CONFIRM:ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz Reference: MANDRAKE:MDKSA-2002:066 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:066 Reference: REDHAT:RHSA-2002:096 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-096.html Reference: REDHAT:RHSA-2002:138 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-138.html Reference: REDHAT:RHSA-2003:218 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-218.html Reference: CONECTIVA:CLA-2002:538 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 Reference: HP:HPSBTL0209-068 Reference: URL:http://online.securityfocus.com/advisories/4514 Reference: XF:archive-extraction-directory-traversal(10224) Reference: URL:http://www.iss.net/security_center/static/10224.php Reference: BID:3024 Reference: URL:http://www.securityfocus.com/bid/3024 Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). Modifications: ADDREF MANDRAKE:MDKSA-2002:066 ADDREF REDHAT:RHSA-2002:096 ADDREF CONECTIVA:CLA-2002:538 ADDREF HP:HPSBTL0209-068 ADDREF XF:archive-extraction-directory-traversal(10224) 20040725 BID:3024 20040818 ADDREF REDHAT:RHSA-2002:138 20040818 ADDREF REDHAT:RHSA-2003:218 INFERRED ACTION: CAN-2001-1267 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Cole, Green MODIFY(2) Frech, Cox NOOP(3) Wall, Foat, Christey Voter Comments: Christey> MANDRAKE:MDKSA-2002:066 CHANGE> [Cox changed vote from REVIEWING to MODIFY] Cox> ADDREF: RHSA-2002:096 Frech> XF:archive-extraction-directory-traversal(10224) Christey> MANDRAKE:MDKSA-2002:066 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:066 CONECTIVA:CLA-2002:538 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 HP:HPSBTL0209-068 URL:http://online.securityfocus.com/advisories/4514 REDHAT:RHSA-2002:096 URL:http://www.redhat.com/support/errata/RHSA-2002-096.html Christey> There are a couple directory traversal variants for GNU tar out there. Can we be sure the references line up correctly? ====================================================== Candidate: CAN-2001-1279 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1279 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20030318-02 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: REDHAT:RHSA-2001:089 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-089.html Reference: FREEBSD:FreeBSD-SA-01:48 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc Reference: CONECTIVA:CLA-2002:480 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480 Reference: MANDRAKE:MDKSA-2002:032 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-032.php Reference: CALDERA:CSSA-2002-025.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt Reference: XF:tcpdump-afs-rpc-bo(7006) Reference: URL:http://www.iss.net/security_center/static/7006.php Reference: BID:3065 Reference: URL:http://online.securityfocus.com/bid/3065 Reference: CERT-VN:VU#797201 Reference: URL:http://www.kb.cert.org/vuls/id/797201 Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026. Modifications: ADDREF CONECTIVA:CLA-2002:480 ADDREF MANDRAKE:MDKSA-2002:032 ADDREF CALDERA:CSSA-2002-025.0 ADDREF XF:tcpdump-afs-rpc-bo(7006) ADDREF CERT-VN:VU#797201 INFERRED ACTION: CAN-2001-1279 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Cole, Green, Cox MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Christey> ADDREF CONECTIVA:CLA-2002:480 The Conectiva advisory references the FreeBSD advisory used in this CAN, along with other issues that are addressed. Christey> CONECTIVA:CLA-2002:480 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480 Christey> MANDRAKE:MDKSA-2002:032 CONECTIVA:CLA-2002:480 CALDERA:CSSA-2002-025.0 Frech> XF:tcpdump-afs-rpc-bo(7006) Christey> Consider whether SUSE:SuSE-SA:2002:020 addresses this issue or not. ====================================================== Candidate: CAN-2001-1302 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1302 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: NTBUGTRAQ:20010718 Changing NT/2000 accounts password from the command line Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1911 Reference: BID:3063 Reference: URL:http://www.securityfocus.com/bid/3063 Reference: XF:win2k-change-network-passwords(6876) Reference: URL:http://xforce.iss.net/static/6876.php The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function. INFERRED ACTION: CAN-2001-1302 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Foat, Cole, Green, Frech NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1328 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1328 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020502 Assigned: 20020501 Category: Reference: CIAC:L-103 Reference: AUSCERT:AA-2001.03 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2001.03 Reference: SUN:00203 Reference: XF:solaris-ypbind-bo(6828) Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code. INFERRED ACTION: CAN-2001-1328 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Frech NOOP(3) Foat, Cole, Cox REVIEWING(1) Wall Voter Comments: Green> Sun Security bulletin 00203 ====================================================== Candidate: CAN-2001-1347 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1347 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010524 Elevation of privileges with debug registers on Win2K Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html Reference: XF:win2k-debug-elevate-privileges(6590) Reference: URL:http://www.iss.net/security_center/static/6590.php Reference: BID:2764 Reference: URL:http://www.securityfocus.com/bid/2764 Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes. INFERRED ACTION: CAN-2001-1347 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Foat, Cole, Green, Frech NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1350 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1350 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020602 Category: SF Reference: REDHAT:RHSA-2001:162 Reference: MISC:http://search.namazu.org/ml/namazu-devel-ja/msg02114.html Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter. Modifications: 20040725 XF:linux-namazu-css(7875) INFERRED ACTION: CAN-2001-1350 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Wall, Cole, Green, Cox MODIFY(1) Frech NOOP(2) Foat, Christey Voter Comments: Frech> XF:linux-namazu-bo(7876) Christey> This is not a buffer overflow as suggested by the XF reference, it's a CSS/XSS issue (XF:linux-namazu-css(7875)) ====================================================== Candidate: CAN-2001-1351 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1351 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020602 Category: SF Reference: REDHAT:RHSA-2001:162 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&w=2&r=1&s=namazu&q=b Reference: XF:linux-namazu-css(7875) Reference: URL:http://www.iss.net/security_center/static/7875.php Reference: OSVDB:5690 Reference: URL:http://www.osvdb.org/5690 Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers. Modifications: ADDREF XF:linux-namazu-css(7875) 20040818 ADDREF OSVDB:5690 INFERRED ACTION: CAN-2001-1351 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Cole, Alderson, Green, Cox MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:linux-namazu-css(7875) ====================================================== Candidate: CAN-2001-1352 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1352 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020602 Category: SF Reference: REDHAT:RHSA-2001:179 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101060476404565&w=2 Reference: BUGTRAQ:20011227 Re: [RHSA-2001:162-04] Updated namazu packages are available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100947261916155&w=2 Reference: BUGTRAQ:20020109 Details on the updated namazu packages that are available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101068116016472&w=2 Reference: XF:linux-namazu-css(7875) Reference: URL:http://xforce.iss.net/xforce/xfdb/7875 Reference: OSVDB:5691 Reference: URL:http://www.osvdb.org/5691 Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter. Modifications: 20040725 ADDREF XF:linux-namazu-css(7875) 20040818 ADDREF OSVDB:5691 INFERRED ACTION: CAN-2001-1352 FINAL (Final Decision 20040901) Current Votes: ACCEPT(5) Wall, Cole, Alderson, Green, Cox MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:linux-namazu-css(7875) ====================================================== Candidate: CAN-2001-1367 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1367 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:http://phpslice.org/comments.php?aid=1031&; Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html Reference: XF:phpslice-checkaccess-function-privileges(9649) Reference: URL:http://xforce.iss.net/xforce/xfdb/9649 The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges. Modifications: 20040725 ADDREF XF:phpslice-checkaccess-function-privileges(9649) INFERRED ACTION: CAN-2001-1367 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Cox REVIEWING(1) Alderson Voter Comments: Alderson> Is there a candidate already in existence for the problem as it relates to 0.1.4? If so, since this problem was not fixed, perhaps that one needs to be modified to include 0.1.7. Frech> XF:phpslice-checkaccess-function-privileges(9649) ====================================================== Candidate: CAN-2001-1386 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1386 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20010701 WFTPD v3.00 R5 Directory Traversal Reference: URL:http://www.securityfocus.com/archive/1/194442 Reference: XF:ftp-lnk-directory-traversal(6760) Reference: URL:http://www.iss.net/security_center/static/6760.php Reference: BID:2957 Reference: URL:http://www.securityfocus.com/bid/2957 WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension. INFERRED ACTION: CAN-2001-1386 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Frech MODIFY(1) Foat NOOP(3) Cole, Armstrong, Cox REVIEWING(1) Wall Voter Comments: Foat> If a windows shortcut file (*.lnk) linked to a directory is uploaded, an ftp user would be3 able to have access to the directory link points by typing 'cd <file>.lnk'. If an ftp user uploads a *.lnk file to a known file for which the user does not have access and then does a 'GET' on the link, the file will be downloaded. ====================================================== Candidate: CAN-2001-1391 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1391 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2 Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html Reference: IMMUNIX:IMNX-2001-70-010-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2 Reference: CALDERA:CSSA-2001-012.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2 Reference: MANDRAKE:MDKSA-2001:037 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2 Reference: DEBIAN:DSA-047 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2 Reference: SUSE:SuSE-SA:2001:018 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2 Reference: CONECTIVA:CLA-2001:394 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2 Reference: REDHAT:RHSA-2001:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html Reference: XF:linux-cpia-memory-overwrite(11162) Reference: URL:http://xforce.iss.net/xforce/xfdb/11162 Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory. Modifications: 20040725 desc fix small typo 20040725 XF:linux-cpia-memory-overwrite(11162) INFERRED ACTION: CAN-2001-1391 FINAL (Final Decision 20040901) Current Votes: ACCEPT(6) Wall, Cole, Armstrong, Green, Baker, Cox MODIFY(1) Frech NOOP(2) Foat, Christey Voter Comments: Frech> XF:linux-ptrace-modify-process(6080) Christey> fix typo: "off-by-one" should be "Off-by-one" Christey> XF:linux-cpia-memory-overwrite(11162) is clearly the correct reference here. ====================================================== Candidate: CAN-2002-0036 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0036 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020116 Category: SF Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt Reference: CERT-VN:VU#587579 Reference: URL:http://www.kb.cert.org/vuls/id/587579 Reference: CONECTIVA:CLA-2003:639 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639 Reference: MANDRAKE:MDKSA-2003:043 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043 Reference: REDHAT:RHSA-2003:051 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html Reference: REDHAT:RHSA-2003:052 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html Reference: REDHAT:RHSA-2003:168 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html Reference: XF:kerberos-kdc-neglength-bo(11190) Reference: URL:http://xforce.iss.net/xforce/xfdb/11190 Reference: BID:6713 Reference: URL:http://www.securityfocus.com/bid/6713 Reference: OSVDB:4896 Reference: URL:http://www.osvdb.org/4896 Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. Modifications: 20040725 ADDREF REDHAT:RHSA-2003:051 20040725 ADDREF REDHAT:RHSA-2003:052 20040725 ADDREF MANDRAKE:MDKSA-2003:043 20040725 ADDREF CONECTIVA:CLA-2003:639 20040725 ADDREF XF:kerberos-kdc-neglength-bo(11190) 20040725 ADDREF BID:6713 20040818 ADDREF REDHAT:RHSA-2003:168 20040818 ADDREF OSVDB:4896 INFERRED ACTION: CAN-2002-0036 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Wall, Cole MODIFY(2) Frech, Cox NOOP(1) Christey Voter Comments: Cox> This is fixed in krb5 version 1.2.5 Cox> Addref RHSA-2003:051 Cox> Addref REDHAT:RHSA-2003:052 Christey> MANDRAKE:MDKSA-2003:043 (as suggested by Vincent Danen of Mandrake) Frech> XF:kerberos-kdc-neglength-bo(11190) ====================================================== Candidate: CAN-2002-0090 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0090 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20020315 Assigned: 20020306 Category: SF Reference: MISC:http://www.esecurityonline.com/advisories/eSO3761.asp Reference: VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0041.html Reference: BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability Reference: URL:http://online.securityfocus.com/archive/1/270149 Reference: SUNALERT:44842 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/44842 Reference: CERT-VN:VU#188507 Reference: URL:http://www.kb.cert.org/vuls/id/188507 Reference: BID:4633 Reference: URL:http://www.securityfocus.com/bid/4633 Reference: XF:solaris-lbxproxy-display-bo(8958) Reference: URL:http://www.iss.net/security_center/static/8958.php Reference: OVAL:OVAL179 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL179.html Reference: OVAL:OVAL86 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL86.html Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option. Modifications: ADDREF VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability ADDREF BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability ADDREF BID:4633 ADDREF CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44842&zone_32=category%3Asecurity%20lbxproxy ADDREF XF:solaris-lbxproxy-display-bo(8958) ADDREF CERT-VN:VU#188507 DESC expanded "lbx" term 20040725 Normalize SUNALERT reference 20040824 ADDREF OVAL:OVAL179 20040824 ADDREF OVAL:OVAL86 INFERRED ACTION: CAN-2002-0090 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Balinsky, Wall, Cole, Green NOOP(3) Ziese, Foat, Christey Voter Comments: Balinsky> Patch at http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 resolves an lbxproxy buffer overflow. Christey> VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0041.html BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability URL:http://online.securityfocus.com/archive/1/270149 BID:4633 URL:http://www.securityfocus.com/bid/4633 ====================================================== Candidate: CAN-2002-0158 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0158 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20020502 Assigned: 20020327 Category: SF Reference: BUGTRAQ:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2 Reference: VULNWATCH:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 Reference: OVAL:OVAL14 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL14.html Reference: OVAL:OVAL33 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL33.html Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. Modifications: ADDREF CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 20040824 ADDREF OVAL:OVAL14 20040824 ADDREF OVAL:OVAL33 INFERRED ACTION: CAN-2002-0158 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Baker, Foat, Armstrong, Green MODIFY(1) Frech NOOP(3) Christey, Cox, Cole REVIEWING(1) Wall Voter Comments: Green> The documentation of this vulnerability is compelling Christey> CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 the description for patch 108652-52, bug 4661987, explicitly references CAN-2002-0158. Green> The documentation of this vulnerability is compelling Frech> XF:solaris-xsun-co-bo(8703) Christey> I received an email on Oct 10, 2003, that suggested that other non-Sun operating systems may be affected. Christey> XSco is also affected: BUGTRAQ:20020611 SCO Openserver Xsco heap overflow. URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102380830430665&w=2 VULN-DEV:20020611 SCO Openserver Xsco heap overflow. URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102381771109722&w=2 CALDERA:CSSA-2003-SCO.26 ====================================================== Candidate: CAN-2002-0188 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0188 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20030320-01 Proposed: 20020611 Assigned: 20020420 Category: SF Reference: BUGTRAQ:20020516 [SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0126.html Reference: MS:MS02-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp Reference: MISC:http://www.lac.co.jp/security/english/snsadv_e/48_e.html Reference: XF:ie-content-disposition-variant2(9086) Reference: URL:http://www.iss.net/security_center/static/9086.php Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. Modifications: ADDREF BUGTRAQ:20020516 [SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically ADDREF MISC:http://www.lac.co.jp/security/english/snsadv_e/48_e.html ADDREF XF:ie-content-disposition-variant2(9086) INFERRED ACTION: CAN-2002-0188 FINAL (Final Decision 20040901) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:ie-content-disposition-variant2(9086) ====================================================== Candidate: CAN-2002-0193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0193 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20020611 Assigned: 20020420 Category: SF Reference: MS:MS02-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp Reference: XF:ie-content-disposition-variant(9085) Reference: URL:http://xforce.iss.net/xforce/xfdb/9085 Reference: BID:4752 Reference: URL:http://www.securityfocus.com/bid/4752 Reference: OVAL:OVAL27 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL27.html Reference: OVAL:OVAL99 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL99.html Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. Modifications: 20040725 XF:ie-content-disposition-variant(9085) 20040725 BID:4752 20040824 ADDREF OVAL:OVAL27 20040824 ADDREF OVAL:OVAL99 INFERRED ACTION: CAN-2002-0193 FINAL (Final Decision 20040901) Current Votes: ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:ie-content-disposition-variant(9085) ====================================================== Candidate: CAN-2002-0275 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0275 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020213 Falcon Web Server Authentication Circumvention Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363946626951&w=2 Reference: VULNWATCH:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0082.html Reference: BUGTRAQ:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102253858809370&w=2 Reference: BID:4099 Reference: URL:http://online.securityfocus.com/bid/4099 Reference: XF:falcon-protected-dir-access(8189) Reference: URL:http://xforce.iss.net/xforce/xfdb/8189 Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL. Modifications: 20040725 XF:falcon-protected-dir-access(8189) 20040725 VULNWATCH:20020526 [VulnWatch] [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability 20040725 BUGTRAQ:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability INFERRED ACTION: CAN-2002-0275 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(6) Christey, Cox, Wall, Foat, Cole, Armstrong Voter Comments: Frech> XF:falcon-protected-dir-access(8189) Christey> This issue was rediscovered a few months later: VULNWATCH:20020526 [VulnWatch] [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0082.html BUGTRAQ:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102253858809370&w=2 ====================================================== Candidate: CAN-2002-0313 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0313 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch) Reference: URL:http://online.securityfocus.com/archive/1/258365 Reference: BUGTRAQ:20020221 SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440530023617&w=2 Reference: FULLDISC:20030704 Essentia Web Server 2.12 (Linux) Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2003-July/006231.html Reference: XF:essentia-server-long-request-dos(8249) Reference: URL:http://www.iss.net/security_center/static/8249.php Reference: BID:4159 Reference: URL:http://www.securityfocus.com/bid/4159 Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL. Modifications: 20040725 ADDREF FULLDISC:20030704 Essentia Web Server 2.12 (Linux) INFERRED ACTION: CAN-2002-0313 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> FULLDISC:20030704 Essentia Web Server 2.12 (Linux) URL:http://lists.netsys.com/pipermail/full-disclosure/2003-July/010909.html ====================================================== Candidate: CAN-2002-0357 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0357 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20030320-01 Proposed: 20020611 Assigned: 20020502 Category: SF Reference: SGI:20020601-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020601-01-P Reference: XF:irix-rpcpasswd-gain-privileges(9261) Reference: URL:http://www.iss.net/security_center/static/9261.php Reference: BID:4939 Reference: URL:http://online.securityfocus.com/bid/4939 Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges. Modifications: ADDREF XF:irix-rpcpasswd-gain-privileges(9261) ADDREF BID:4939 INFERRED ACTION: CAN-2002-0357 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(4) Christey, Cox, Wall, Foat Voter Comments: Christey> XF:irix-rpcpasswd-gain-privileges(9261) URL:http://www.iss.net/security_center/static/9261.php BID:4939 URL:http://online.securityfocus.com/bid/4939 SecurityFocus' title for the BID implies that the problem is due to a buffer overflow, but there does not seem to be specific information about the type of problem in the SGI advisory, which appears to be the only public information regarding this vulnerability. Frech> XF:irix-rpcpasswd-gain-privileges(9261) ====================================================== Candidate: CAN-2002-0362 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0362 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020506 Category: SF Reference: VULNWATCH:20020506 [VulnWatch] w00w00 on AOL Instant Messenger remote overflow #2 Reference: BUGTRAQ:20020506 w00w00 on AOL Instant Messenger remote overflow #2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102071080509955&w=2 Reference: BID:4677 Reference: URL:http://www.securityfocus.com/bid/4677 Reference: XF:aim-addexternalapp-bo(9017) Reference: URL:http://www.iss.net/security_center/static/9017.php Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711. Modifications: 20040725 ADDREF XF:aim-addexternalapp-bo(9017) INFERRED ACTION: CAN-2002-0362 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Wall MODIFY(1) Frech NOOP(5) Christey, Cox, Foat, Cole, Armstrong Voter Comments: Frech> XF:aim-addexternalapp-bo(9017) Christey> XF:aim-addexternalapp-bo(9017) URL:http://www.iss.net/security_center/static/9017.php ====================================================== Candidate: CAN-2002-0376 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0376 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020513 Category: SF Reference: ATSTAKE:A091002-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a091002-1.txt Reference: BUGTRAQ:20020925 Fwd: QuickTime for Windows ActiveX security advisory Reference: URL:http://online.securityfocus.com/archive/1/293095 Reference: XF:quicktime-activex-pluginspage-bo(10077) Reference: URL:http://www.iss.net/security_center/static/10077.php Reference: BID:5685 Reference: URL:http://www.securityfocus.com/bid/5685 Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field. INFERRED ACTION: CAN-2002-0376 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cole NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-0380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0380 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020517 Category: SF Reference: REDHAT:RHSA-2002:094 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-094.html Reference: REDHAT:RHSA-2002:121 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-121.html Reference: REDHAT:RHSA-2003:214 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html Reference: FREEBSD:FreeBSD-SA-02:29 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102650721503642&w=2 Reference: CONECTIVA:CLA-2002:491 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000491 Reference: CALDERA:CSSA-2002-025.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt Reference: DEBIAN:DSA-255 Reference: URL:http://www.debian.org/security/2003/dsa-255 Reference: BUGTRAQ:20020606 TSLSA-2002-0055 - tcpdump Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102339541014226&w=2 Reference: XF:tcpdump-nfs-bo(9216) Reference: URL:http://www.iss.net/security_center/static/9216.php Reference: BID:4890 Reference: URL:http://online.securityfocus.com/bid/4890 Reference: HP:HPSBTL0205-044 Reference: URL:http://online.securityfocus.com/advisories/4169 Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet. Modifications: CHANGEREF REDHAT:RHSA-2002:094 (advisory ID was wrong) ADDREF FREEBSD:FreeBSD-SA-02:29 ADDREF CONECTIVA:CLA-2002:491 ADDREF CALDERA:CSSA-2002-025.0 ADDREF XF:tcpdump-nfs-bo(9216) ADDREF BID:4890 ADDREF BUGTRAQ:20020606 TSLSA-2002-0055 - tcpdump ADDREF HP:HPSBTL0205-044 20040818 ADDREF REDHAT:RHSA-2002:121 20040818 ADDREF REDHAT:RHSA-2003:214 20040818 ADDREF DEBIAN:DSA-255 INFERRED ACTION: CAN-2002-0380 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Baker, Wall, Cole, Armstrong MODIFY(2) Frech, Cox NOOP(2) Christey, Foat Voter Comments: Cox> ADDREF: CLA-2002:491 TSLSA-2002-0055 Christey> I clearly screwed up the references here. This is supposed to be REDHAT:RHSA-2002:094. #089 is already covered by CAN-2001-1279. ADDREF FREEBSD:FreeBSD-SA-02:29 Christey> CALDERA:CSSA-2002-025.0 CONECTIVA:CLA-2002:491 Consider SUSE:SuSE-SA:2002:020, but beware that it upgrades *to* 3.6.2, and it mentions *AFS* packets. There are no cross-references to know for sure whether they meant this tcpdump vulnerability or an older one. Frech> XF:tcpdump-nfs-bo(9216) Christey> HP:HPSBTL0205-044 URL:http://online.securityfocus.com/advisories/4169 Christey> I'm not going to add the SuSE reference, which may be describing CAN-2001-1279. I don't want to hold this CAN back from promotion to an entry any further. ====================================================== Candidate: CAN-2002-0384 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0384 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020522 Category: SF Reference: REDHAT:RHSA-2002:098 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-098.html Reference: REDHAT:RHSA-2002:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-107.html Reference: REDHAT:RHSA-2002:122 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-122.html Reference: REDHAT:RHSA-2003:156 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-156.html Reference: MANDRAKE:MDKSA-2002:054 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-054.php Reference: HP:HPSBTL0208-057 Reference: URL:http://online.securityfocus.com/advisories/4358 Reference: XF:gaim-jabber-module-bo(9766) Reference: URL:http://www.iss.net/security_center/static/9766.php Reference: BID:5406 Reference: URL:http://www.securityfocus.com/bid/5406 Reference: OSVDB:3729 Reference: URL:http://www.osvdb.org/3729 Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code. Modifications: 20040725 ADDREF REDHAT:RHSA-2003:122 20040818 ADDREF REDHAT:RHSA-2002:122 20040818 ADDREF REDHAT:RHSA-2003:156 20040725 DELREF REDHAT:RHSA-2003:122 [does not exist] 20040818 ADDREF OSVDB:3729 INFERRED ACTION: CAN-2002-0384 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Cox, Cole, Armstrong, Green NOOP(1) Christey Voter Comments: Christey> ADDREF MANDRAKE:MDKSA-2002:054 Cox> Addref: RHSA-2003:122 ====================================================== Candidate: CAN-2002-0387 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0387 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020522 Category: SF Reference: ATSTAKE:A031303-1 Reference: URL:http://www.atstake.com/research/advisories/2003/a031303-1.txt Reference: SUNALERT:52022 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/52022 Reference: CIAC:N-064 Reference: URL:http://www.ciac.org/ciac/bulletins/n-064.shtml Reference: XF:sunone-gxnsapi6-bo(11529) Reference: URL:http://xforce.iss.net/xforce/xfdb/11529 Reference: BID:7082 Reference: URL:http://www.securityfocus.com/bid/7082 Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL. Modifications: 20040725 ADDREF XF:sunone-gxnsapi6-bo(11529) 20040725 ADDREF SUNALERT:52022 20040725 CIAC:N-064 INFERRED ACTION: CAN-2002-0387 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Stracener, Green NOOP(3) Cox, Wall, Cole Voter Comments: Green> ACKNOWLEDGED IN SP1 AVAILABLE AT http://wwws.sun.com/software/download/products/3e3afb89.html Stracener> cf. Sun[tm] ONE Application Server, Enterprise Edition 6.5 Service Pack 1 ====================================================== Candidate: CAN-2002-0395 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0395 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Reference: XF:redm-1050ap-tftp-bruteforce(9264) Reference: URL:http://xforce.iss.net/xforce/xfdb/9264 The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods. Modifications: 20040725 ADDREF XF:redm-1050ap-tftp-bruteforce(9264) INFERRED ACTION: CAN-2002-0395 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Foat MODIFY(1) Frech NOOP(4) Cox, Wall, Cole, Armstrong Voter Comments: Frech> XF:redm-1050ap-tftp-bruteforce (9264) ====================================================== Candidate: CAN-2002-0396 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0396 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Reference: XF:redm-1050ap-insecure-session(9265) Reference: URL:http://xforce.iss.net/xforce/xfdb/9265 The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session. Modifications: 20040725 ADDREF XF:redm-1050ap-insecure-session(9265) INFERRED ACTION: CAN-2002-0396 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Foat MODIFY(1) Frech NOOP(4) Cox, Wall, Cole, Armstrong Voter Comments: Frech> XF:redm-1050ap-insecure-session(9265) ====================================================== Candidate: CAN-2002-0397 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0397 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Reference: XF:redm-1050ap-device-existence(9266) Reference: URL:http://xforce.iss.net/xforce/xfdb/9266 Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887. Modifications: 20040725 ADDREF XF:redm-1050ap-device-existence(9266) INFERRED ACTION: CAN-2002-0397 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Foat MODIFY(1) Frech NOOP(4) Cox, Wall, Cole, Armstrong Voter Comments: Frech> XF:redm-1050ap-device-existence (9266) ====================================================== Candidate: CAN-2002-0398 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0398 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Reference: XF:redm-1050ap-ppp-dos(9267) Reference: URL:http://xforce.iss.net/xforce/xfdb/9267 Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name. Modifications: 20040725 ADDREF XF:redm-1050ap-ppp-dos(9267) INFERRED ACTION: CAN-2002-0398 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Foat MODIFY(1) Frech NOOP(4) Cox, Wall, Cole, Armstrong Voter Comments: Frech> XF:redm-1050ap-ppp-dos(9267) ====================================================== Candidate: CAN-2002-0400 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0400 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020603 Category: SF Reference: CERT:CA-2002-15 Reference: URL:http://www.cert.org/advisories/CA-2002-15.html Reference: CERT-VN:VU#739123 Reference: URL:http://www.kb.cert.org/vuls/id/739123 Reference: ISS:20020604 Remote Denial of Service Vulnerability in ISC BIND Reference: CALDERA:CSSA-2002-SCO.24 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt Reference: CONECTIVA:CLA-2002:494 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494 Reference: HP:HPSBUX0207-202 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0022.html Reference: MANDRAKE:MDKSA-2002:038 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-038.php Reference: REDHAT:RHSA-2002:105 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-105.html Reference: REDHAT:RHSA-2002:119 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-119.html Reference: REDHAT:RHSA-2003:154 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-154.html Reference: SUSE:SuSE-SA:2002:021 Reference: URL:http://www.suse.de/de/security/2002_21_bind9.html Reference: BID:4936 Reference: URL:http://www.securityfocus.com/bid/4936 Reference: XF:bind-findtype-dos(9250) Reference: URL:http://www.iss.net/security_center/static/9250.php ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL. Modifications: ADDREF CALDERA:CSSA-2002-SCO.24 ADDREF CONECTIVA:CLA-2002:494 ADDREF SUSE:SuSE-SA:2002:021 ADDREF REDHAT:RHSA-2002:105 ADDREF MANDRAKE:MDKSA-2002:038 ADDREF BID:4936 ADDREF XF:bind-findtype-dos(9250) ADDREF HP:HPSBUX0207-202 20040725 ADDREF REDHAT:RHSA-2003:154 20040818 ADDREF REDHAT:RHSA-2002:119 INFERRED ACTION: CAN-2002-0400 FINAL (Final Decision 20040901) Current Votes: ACCEPT(6) Baker, Cox, Wall, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> CALDERA:CSSA-2002-SCO.24 Christey> CALDERA:CSSA-2002-SCO.24 URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt CONECTIVA:CLA-2002:494 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494 SUSE:SuSE-SA:2002:021 URL:http://www.suse.de/de/support/security/2002_21_bind9.html XF:bind-findtype-dos(9250) URL:http://www.iss.net/security_center/static/9250.php BID:4936 URL:http://www.securityfocus.com/bid/4936 Christey> REDHAT:RHSA-2002:105 Frech> XF:bind-findtype-dos(9250) Christey> MANDRAKE:MDKSA-2002:038 Christey> HP:HPSBUX0207-202 URL:http://archives.neohapsis.com/archives/hp/2002-q3/0022.html Christey> REDHAT:RHSA-2003:154 ====================================================== Candidate: CAN-2002-0443 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0443 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020307 Windows 2000 password policy bypass possibility Reference: URL:http://online.securityfocus.com/archive/1/260704 Reference: XF:win2k-password-bypass-policy(8402) Reference: URL:http://www.iss.net/security_center/static/8402.php Reference: BID:4256 Reference: URL:http://www.securityfocus.com/bid/4256 Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. INFERRED ACTION: CAN-2002-0443 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Frech, Foat, Cole, Alderson NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-0444 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0444 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020408 Vulnerability: Windows2000Server running Terminalservices Reference: URL:http://www.securityfocus.com/archive/1/266729 Reference: BID:4464 Reference: URL:http://www.securityfocus.com/bid/4464 Reference: XF:win2k-terminal-bypass-policies(8813) Reference: URL:http://www.iss.net/security_center/static/8813.php Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. INFERRED ACTION: CAN-2002-0444 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Frech, Foat, Cole, Alderson NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-0445 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0445 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020312 [ARL02-A05] PHP FirstPost System Information Path Disclosure Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/261337 Reference: XF:phpfirstpost-path-disclosure(8434) Reference: URL:http://www.iss.net/security_center/static/8434.php Reference: BID:4274 Reference: URL:http://www.securityfocus.com/bid/4274 Reference: OSVDB:7170 Reference: URL:http://www.osvdb.org/7170 article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message. Modifications: 20040818 ADDREF OSVDB:7170 INFERRED ACTION: CAN-2002-0445 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Frech, Cole NOOP(3) Cox, Wall, Foat ====================================================== Candidate: CAN-2002-0546 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0546 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020611 Assigned: 20020607 Category: SF Reference: BUGTRAQ:20020403 Winamp: Mp3 file can control the minibrowser Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html Reference: BUGTRAQ:20020403 Re: Winamp: Mp3 file can control the minibrowser Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html Reference: XF:winamp-mp3-browser-css(8753) Reference: URL:http://www.iss.net/security_center/static/8753.php Reference: BID:4414 Reference: URL:http://www.securityfocus.com/bid/4414 Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file. INFERRED ACTION: CAN-2002-0546 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Frech, Cole NOOP(4) Cox, Wall, Foat, Armstrong ====================================================== Candidate: CAN-2002-0615 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0615 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020726 Assigned: 20020612 Category: SF Reference: MS:MS02-032 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp Reference: XF:mediaplayer-playlist-script-execution(9422) Reference: URL:http://www.iss.net/security_center/static/9422.php Reference: BID:5110 Reference: URL:http://www.securityfocus.com/bid/5110 The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". Modifications: 20040725 ADDREF XF:mediaplayer-playlist-script-execution(9422) 20040725 ADDREF BID:5110 20040725 DELREF BID:4821 INFERRED ACTION: CAN-2002-0615 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Baker, Wall, Foat, Cole NOOP(2) Christey, Cox Voter Comments: Christey> XF:mediaplayer-playlist-script-execution(9422) URL:http://www.iss.net/security_center/static/9422.php BID:5110 URL:http://www.securityfocus.com/bid/5110 Christey> DELREF BID:4821 (that BID is for CVE-2002-0618) ====================================================== Candidate: CAN-2002-0627 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0627 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020617 Category: SF Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089 Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf Reference: CIAC:M-123 Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml Reference: XF:viewstation-unicode-retrieve-password(9348) Reference: URL:http://www.iss.net/security_center/static/9348.php Reference: BID:5632 Reference: URL:http://www.securityfocus.com/bid/5632 The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests. INFERRED ACTION: CAN-2002-0627 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0630 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0630 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020617 Category: SF Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089 Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf Reference: CIAC:M-123 Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml Reference: XF:viewstation-icmp-dos(9350) Reference: URL:http://www.iss.net/security_center/static/9350.php Reference: BID:5637 Reference: URL:http://www.securityfocus.com/bid/5637 The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets. INFERRED ACTION: CAN-2002-0630 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0651 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0651 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020726 Assigned: 20020628 Category: SF Reference: BUGTRAQ:20020626 Remote buffer overflow in resolver code of libc Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102513011311504&w=2 Reference: NTBUGTRAQ:20020703 Buffer overflow and DoS i BIND Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html Reference: MISC:http://www.pine.nl/advisories/pine-cert-20020601.txt Reference: CERT:CA-2002-19 Reference: URL:http://www.cert.org/advisories/CA-2002-19.html Reference: CERT-VN:VU#803539 Reference: URL:http://www.kb.cert.org/vuls/id/803539 Reference: AIXAPAR:IY32719 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0001.html Reference: AIXAPAR:IY32746 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0001.html Reference: CALDERA:CSSA-2002-SCO.37 Reference: URL:ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37 Reference: CALDERA:CSSA-2002-SCO.39 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39 Reference: CONECTIVA:CLSA-2002:507 Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507 Reference: ENGARDE:ESA-20020724-018 Reference: URL:http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html Reference: FREEBSD:FreeBSD-SA-02:28 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102520962320134&w=2 Reference: MANDRAKE:MDKSA-2002:038 Reference: URL:http://online.securityfocus.com/advisories/4397 Reference: MANDRAKE:MDKSA-2002:043 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php Reference: NETBSD:NetBSD-SA2002-006 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc Reference: REDHAT:RHSA-2002:119 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-119.html Reference: REDHAT:RHSA-2002:133 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-133.html Reference: REDHAT:RHSA-2002:139 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-139.html Reference: REDHAT:RHSA-2002:167 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-167.html Reference: REDHAT:RHSA-2003:154 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-154.html Reference: SGI:20020701-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/ Reference: BUGTRAQ:20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102579743329251&w=2 Reference: XF:dns-resolver-lib-bo(9432) Reference: URL:http://www.iss.net/security_center/static/9432.php Reference: BID:5100 Reference: URL:http://online.securityfocus.com/bid/5100 Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers. Modifications: ADDREF REDHAT:RHSA-2002:133 ADDREF MANDRAKE:MDKSA-2002:038 ADDREF CONECTIVA:CLSA-2002:507 ADDREF XF:dns-resolver-lib-bo(9432) ADDREF BUGTRAQ:20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind) ADDREF BID:5100 ADDREF SGI:20020701-01-I ADDREF REDHAT:RHSA-2002:139 ADDREF AIXAPAR:IY32719 ADDREF AIXAPAR:IY32746 ADDREF ENGARDE:ESA-20020724-018 20040725 ADDREF CALDERA:CSSA-2002-SCO.37 20040725 ADDREF CALDERA:CSSA-2002-SCO.39 20040725 ADDREF MISC:http://www.pine.nl/advisories/pine-cert-20020601.txt 20040725 ADDREF REDHAT:RHSA-2003:154 20040725 CHANGEREF CERT:VU#803539 (use CERT-VN source) 20040818 ADDREF REDHAT:RHSA-2002:119 20040818 ADDREF REDHAT:RHSA-2002:167 20040818 ADDREF REDHAT:RHSA-2003:154 20040818 DELREF REDHAT:RHSA-2002:154 INFERRED ACTION: CAN-2002-0651 FINAL (Final Decision 20040901) Current Votes: ACCEPT(5) Baker, Cox, Wall, Foat, Cole NOOP(1) Christey Voter Comments: Christey> There are actually 2 closely related issues, one in gethostbyname/etc. responses related to dn_expand(), and another in the getnetbyX functions. The getnetby* functions apparently don't affect BIND 8.x, so they should get a different CAN. See: http://marc.theaimsgroup.com/?l=bugtraq&m=102581482511612&w=2 Christey> Need to beef up the description to more clearly distinguish it from CAN-2002-0684. The NetBSD reference has details, related to padding and getanswer() and getnetanswer(). Also need to closely check each reference to see which issue(s) the reference is *really* referring to. Christey> REDHAT:RHSA-2002:133 Christey> MANDRAKE:MDKSA-2002:038 Christey> MANDRAKE:MDKSA-2002:050 Christey> The getnet* functions were assigned to CAN-2002-0684. Note: MANDRAKE:MDKSA-2002:038-1 explicitly acknowledges this issue, but the Mandrake site doesn't have this new revision yet. Don't add MANDRAKE:MDKSA-2002:050, that's for CAN-2002-0684 Christey> XF:dns-resolver-lib-bo(9432) URL:http://www.iss.net/security_center/static/9432.php CONECTIVA:CLSA-2002:507 BUGTRAQ:20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind) BID:5100 URL:http://online.securityfocus.com/bid/5100 SGI:20020701-01-I REDHAT:RHSA-2002:139 AIXAPAR:IY32719 AIXAPAR:IY32746 ENGARDE:ESA-20020724-018 Christey> CALDERA:CSSA-2002-SCO.37 URL:ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37 Christey> Change the CERT:VU#803539 to a CERT-VN reference. Christey> MISC:http://www.pine.nl/advisories/pine-cert-20020601.txt CALDERA:CSSA-2002-SCO.39 Christey> REDHAT:RHSA-2003:154 ====================================================== Candidate: CAN-2002-0662 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0662 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020702 Category: SF Reference: BUGTRAQ:20020902 The ScrollKeeper Root Trap Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103098575826031&w=2 Reference: DEBIAN:DSA-160 Reference: URL:http://www.debian.org/security/2002/dsa-160 Reference: REDHAT:RHSA-2002:186 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-186.html Reference: BUGTRAQ:20020904 GLSA: scrollkeeper Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103115387102294&w=2 Reference: XF:scrollkeeper-tmp-file-symlink(10002) Reference: URL:http://www.iss.net/security_center/static/10002.php Reference: BID:5602 Reference: URL:http://www.securityfocus.com/bid/5602 scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files. Modifications: 20040725 ADDREF XF:scrollkeeper-tmp-file-symlink(10002) 20040725 ADDREF BID:5602 INFERRED ACTION: CAN-2002-0662 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong NOOP(1) Christey Voter Comments: Christey> XF:scrollkeeper-tmp-file-symlink(10002) URL:http://www.iss.net/security_center/static/10002.php BID:5602 URL:http://www.securityfocus.com/bid/5602 ====================================================== Candidate: CAN-2002-0668 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0668 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020726 Assigned: 20020709 Category: SF Reference: ATSTAKE:A071202-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp Reference: XF:pingtel-xpressa-call-hijacking(9563) Reference: URL:http://xforce.iss.net/xforce/xfdb/9563 Reference: OSVDB:5144 Reference: URL:http://www.osvdb.org/5144 The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls. Modifications: 20040725 ADDREF XF:pingtel-xpressa-call-hijacking(9563) 20040818 ADDREF OSVDB:5144 INFERRED ACTION: CAN-2002-0668 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(5) Cox, Wall, Foat, Cole, Armstrong Voter Comments: Frech> XF:pingtel-xpressa-call-hijacking(9563) ====================================================== Candidate: CAN-2002-0672 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0672 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020726 Assigned: 20020709 Category: SF Reference: ATSTAKE:A071202-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp Reference: XF:pingtel-xpressa-factory-defaults(9567) Reference: URL:http://www.iss.net/security_center/static/9567.php Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null. Modifications: 20040725 XF:pingtel-xpressa-factory-defaults(9567) INFERRED ACTION: CAN-2002-0672 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(6) Christey, Cox, Wall, Foat, Cole, Armstrong Voter Comments: Christey> XF:pingtel-xpressa-factory-defaults(9567) URL:http://www.iss.net/security_center/static/9567.php Frech> XF:pingtel-xpressa-factory-defaults(9567) ====================================================== Candidate: CAN-2002-0673 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0673 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020726 Assigned: 20020709 Category: SF Reference: ATSTAKE:A071202-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp Reference: XF:pingtel-xpressa-phone-reregister(9568) Reference: URL:http://www.iss.net/security_center/static/9568.php The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions. Modifications: 20040725 ADDREF XF:pingtel-xpressa-phone-reregister(9568) INFERRED ACTION: CAN-2002-0673 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(6) Christey, Cox, Wall, Foat, Cole, Armstrong Voter Comments: Christey> XF:pingtel-xpressa-phone-reregister(9568) URL:http://www.iss.net/security_center/static/9568.php Frech> XF:pingtel-xpressa-phone-reregister(9568) ====================================================== Candidate: CAN-2002-0674 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0674 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020726 Assigned: 20020709 Category: SF Reference: ATSTAKE:A071202-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp Reference: XF:pingtel-xpressa-admin-timeout(9569) Reference: URL:http://xforce.iss.net/xforce/xfdb/9569 Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication. Modifications: 20040725 ADDREF XF:pingtel-xpressa-admin-timeout(9569) INFERRED ACTION: CAN-2002-0674 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(5) Cox, Wall, Foat, Cole, Armstrong Voter Comments: Frech> XF:pingtel-xpressa-admin-timeout(9569) ====================================================== Candidate: CAN-2002-0682 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0682 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020726 Assigned: 20020710 Category: SF Reference: BUGTRAQ:20020710 wp-02-0008: Apache Tomcat Cross Site Scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102631703811297&w=2 Reference: VULNWATCH:20020710 [VulnWatch] wp-02-0008: Apache Tomcat Cross Site Scripting Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0014.html Reference: XF:tomcat-servlet-xss(9520) Reference: URL:http://xforce.iss.net/xforce/xfdb/9520 Reference: BID:5193 Reference: URL:http://www.securityfocus.com/bid/5193 Reference: OSVDB:4973 Reference: URL:http://www.osvdb.org/4973 Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet. Modifications: 20040725 ADDREF XF:tomcat-servlet-xss(9520) 20040725 ADDREF BID:5193 20040818 ADDREF OSVDB:4973 INFERRED ACTION: CAN-2002-0682 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(5) Christey, Cox, Balinsky, Wall, Foat Voter Comments: Christey> XF:tomcat-servlet-xss(9520) URL:http://www.iss.net/security_center/static/9520.php BID:5193 URL:http://www.securityfocus.com/bid/5193 Frech> XF:tomcat-servlet-xss(9520) ====================================================== Candidate: CAN-2002-0692 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0692 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020712 Category: SF Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2002-September/002252.html Reference: MS:MS02-053 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-053.asp Reference: CERT-VN:VU#723537 Reference: URL:http://www.kb.cert.org/vuls/id/723537 Reference: XF:fpse-smarthtml-interpreter-dos(10194) Reference: URL:http://www.iss.net/security_center/static/10194.php Reference: XF:fpse-smarthtml-interpreter-bo(10195) Reference: URL:http://www.iss.net/security_center/static/10195.php Reference: BID:5804 Reference: URL:http://www.securityfocus.com/bid/5804 Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request. Modifications: 20040725 ADDREF CERT-VN:VU#723537 INFERRED ACTION: CAN-2002-0692 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(2) Christey, Cox Voter Comments: Christey> ADDREF CERT-VN:VU#723537 URL:http://www.kb.cert.org/vuls/id/723537 ====================================================== Candidate: CAN-2002-0694 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0694 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20020712 Category: SF Reference: MS:MS02-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-055.asp Reference: XF:win-chm-code-execution(10254) Reference: URL:http://www.iss.net/security_center/static/10254.php Reference: OVAL:OVAL403 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL403.html The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." Modifications: 20040824 ADDREF OVAL:OVAL403 INFERRED ACTION: CAN-2002-0694 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-0696 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0696 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020712 Category: SF Reference: MS:MS02-049 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-049.asp Reference: XF:ms-foxpro-app-execution(10035) Reference: URL:http://www.iss.net/security_center/static/10035.php Reference: BID:5633 Reference: URL:http://www.securityfocus.com/bid/5633 Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames. INFERRED ACTION: CAN-2002-0696 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-0729 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0729 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020726 Assigned: 20020725 Category: SF Reference: BUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102760196931518&w=2 Reference: NTBUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102760479902411&w=2 Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator. INFERRED ACTION: CAN-2002-0729 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Baker, Balinsky, Cole, Armstrong MODIFY(1) Frech NOOP(3) Christey, Cox, Foat REVIEWING(1) Wall Voter Comments: Balinsky> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp Frech> XF:mssql-resolution-service-bo(9661) Christey> Microsoft MS02-039 does not mention this issue, therefore it is uncertain whether they acknowledged it or not. The XF reference is for an overflow, not a malformed packet. ====================================================== Candidate: CAN-2002-0835 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0835 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020808 Category: SF Reference: REDHAT:RHSA-2002:162 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-162.html Reference: REDHAT:RHSA-2002:165 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-165.html Reference: CALDERA:CSSA-2002-044.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt Reference: HP:HPSBTL0209-066 Reference: URL:http://online.securityfocus.com/advisories/4449 Reference: BID:5596 Reference: URL:http://www.securityfocus.com/bid/5596 Reference: XF:pxe-dhcp-dos(10003) Reference: URL:http://www.iss.net/security_center/static/10003.php Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones. INFERRED ACTION: CAN-2002-0835 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Cox ====================================================== Candidate: CAN-2002-0836 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0836 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020808 Category: SF Reference: REDHAT:RHSA-2002:194 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-194.html Reference: REDHAT:RHSA-2002:195 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-195.html Reference: MANDRAKE:MDKSA-2002:070 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php Reference: DEBIAN:DSA-207 Reference: URL:http://www.debian.org/security/2002/dsa-207 Reference: BUGTRAQ:20021018 GLSA: tetex Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103497852330838&w=2 Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005975415582&w=2 Reference: CONECTIVA:CLA-2002:537 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537 Reference: HP:HPSBTL0210-073 Reference: URL:http://www.securityfocus.com/advisories/4567 Reference: CERT-VN:VU#169841 Reference: URL:http://www.kb.cert.org/vuls/id/169841 Reference: BID:5978 Reference: URL:http://www.securityfocus.com/bid/5978 Reference: XF:dvips-system-execute-commands(10365) Reference: URL:http://www.iss.net/security_center/static/10365.php dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. Modifications: 20040725 ADDREF REDHAT:RHSA-2002:195 INFERRED ACTION: CAN-2002-0836 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Cole, Baker, Frech, Wall MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2002:195 ====================================================== Candidate: CAN-2002-0840 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020808 Category: SF Reference: BUGTRAQ:20021002 Apache 2 Cross-Site Scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103357160425708&w=2 Reference: VULNWATCH:20021002 Apache 2 Cross-Site Scripting Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2 Reference: CONECTIVA:CLA-2002:530 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 Reference: ENGARDE:ESA-20021007-024 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2414.html Reference: MANDRAKE:MDKSA-2002:068 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php Reference: DEBIAN:DSA-187 Reference: URL:http://www.debian.org/security/2002/dsa-187 Reference: DEBIAN:DSA-188 Reference: URL:http://www.debian.org/security/2002/dsa-188 Reference: DEBIAN:DSA-195 Reference: URL:http://www.debian.org/security/2002/dsa-195 Reference: HP:HPSBUX0210-224 Reference: URL:http://online.securityfocus.com/advisories/4617 Reference: BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103376585508776&w=2 Reference: BUGTRAQ:20021017 TSLSA-2002-0069-apache Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html Reference: REDHAT:RHSA-2002:222 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-222.html Reference: REDHAT:RHSA-2002:243 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html Reference: REDHAT:RHSA-2002:244 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html Reference: REDHAT:RHSA-2002:248 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html Reference: REDHAT:RHSA-2002:251 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-251.html Reference: REDHAT:RHSA-2003:106 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-106.html Reference: SGI:20021105-02-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I Reference: CERT-VN:VU#240329 Reference: URL:http://www.kb.cert.org/vuls/id/240329 Reference: XF:apache-http-host-xss(10241) Reference: URL:http://xforce.iss.net/xforce/xfdb/10241 Reference: BID:5847 Reference: URL:http://www.securityfocus.com/bid/5847 Reference: OSVDB:862 Reference: URL:http://www.osvdb.org/862 Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Modifications: 20040725 ADDREF REDHAT:RHSA-2002:222 20040725 ADDREF REDHAT:RHSA-2002:243 20040725 ADDREF REDHAT:RHSA-2002:244 20040725 ADDREF REDHAT:RHSA-2002:248 20040725 ADDREF REDHAT:RHSA-2002:251 20040725 ADDREF SGI:20021105-02-I 20040725 ADDREF XF:apache-http-host-xss(10241) 20040725 ADDREF BID:5847 20040818 ADDREF REDHAT:RHSA-2003:106 20040818 ADDREF OSVDB:862 INFERRED ACTION: CAN-2002-0840 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Cole, Baker, Wall MODIFY(2) Frech, Cox NOOP(1) Christey Voter Comments: Christey> CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Cox> Addref: RHSA-2002:251 Addref: RHSA-2002:248 Addref: RHSA-2002:244 Addref: RHSA-2002:243 Addref: RHSA-2002:222 Frech> XF:apache-http-host-xss(10241) Christey> SGI:20021105-02-I URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I ====================================================== Candidate: CAN-2002-0842 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0842 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020808 Category: SF Reference: BUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549708626309&w=2 Reference: NTBUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549708626309&w=2 Reference: VULNWATCH:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0076.html Reference: MISC:http://www.nextgenss.com/advisories/ora-appservfmtst.txt Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf Reference: CERT:CA-2003-05 Reference: URL:http://www.cert.org/advisories/CA-2003-05.html Reference: CERT-VN:VU#849993 Reference: URL:http://www.kb.cert.org/vuls/id/849993 Reference: CIAC:N-046 Reference: URL:http://www.ciac.org/ciac/bulletins/n-046.shtml Reference: BUGTRAQ:20030218 CSSA-2003-007.0 Advisory withdrawn. Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav mo Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104559446010858&w=2 Reference: BUGTRAQ:20030218 Re: CSSA-2003-007.0 Advisory withdrawn. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104560577227981&w=2 Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2003-February/004258.html Reference: XF:oracle-appserver-davpublic-dos(11330) Reference: URL:http://www.iss.net/security_center/static/11330.php Reference: BID:6846 Reference: URL:http://www.securityfocus.com/bid/6846 Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror(). Modifications: 20040725 ADDREF CERT:CA-2003-05 20040725 ADDREF CIAC:N-046 20040725 ADDREF BID:6846 20040725 ADDREF MISC:http://www.nextgenss.com/advisories/ora-appservfmtst.txt INFERRED ACTION: CAN-2002-0842 FINAL (Final Decision 20040901) Current Votes: ACCEPT(5) Cole, Baker, Frech, Cox, Wall NOOP(1) Christey Voter Comments: Christey> CERT:CA-2003-05 URL:http://www.cert.org/advisories/CA-2003-05.html CIAC:N-046 URL:http://www.ciac.org/ciac/bulletins/n-046.shtml BID:6846 URL:http://www.securityfocus.com/bid/6846 MISC:http://www.nextgenss.com/advisories/ora-appservfmtst.txt ====================================================== Candidate: CAN-2002-0844 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0844 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020830 Assigned: 20020809 Category: SF Reference: BUGTRAQ:20020525 [DER ADV#8] - Local off by one in CVSD Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102233767925177&w=2 Reference: VULNWATCH:20020525 [DER ADV#8] - Local off by one in CVSD Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html Reference: CALDERA:CSSA-2002-035.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt Reference: REDHAT:RHSA-2004:004 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-004.html Reference: SGI:20040103-01-U Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc Reference: XF:cvs-rcs-offbyone-bo(9175) Reference: URL:http://xforce.iss.net/xforce/xfdb/9175 Reference: BID:4829 Reference: URL:http://www.securityfocus.com/bid/4829 Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. Modifications: 20040725 ADDREF XF:cvs-rcs-offbyone-bo(9175) 20040725 ADDREF REDHAT:RHSA-2004:004 20040725 ADDREF SGI:20040103-01-U INFERRED ACTION: CAN-2002-0844 FINAL (Final Decision 20040901) Current Votes: ACCEPT(5) Cole, Armstrong, Alderson, Baker, Cox MODIFY(1) Frech NOOP(2) Christey, Foat REVIEWING(1) Jones Voter Comments: Jones> Vulnerable version unclear. CVE description says 1.11.2, Caldera reference says 1.11-8 is both vulnerable AND is the version of the patched code. Frech> XF:cvs-rcs-offbyone-bo(9175) Christey> REDHAT:RHSA-2004:004 URL:http://www.redhat.com/support/errata/RHSA-2004-004.html Christey> SGI:20040103-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc ====================================================== Candidate: CAN-2002-0850 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0850 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020809 Category: SF Reference: BUGTRAQ:20020906 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103133995920090&w=2 Reference: VULNWATCH:20020905 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0106.html Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/ReadMe.txt Reference: XF:pgp-long-filename-bo(10043) Reference: URL:http://xforce.iss.net/xforce/xfdb/10043 Reference: BID:5656 Reference: URL:http://www.securityfocus.com/bid/5656 Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted. Modifications: 20040725 ADDREF XF:pgp-long-filename-bo(10043) 20040725 ADDREF BID:5656 INFERRED ACTION: CAN-2002-0850 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Cole, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-0864 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0864 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020815 Category: SF Reference: BUGTRAQ:20020916 Microsoft Windows XP Remote Desktop denial of service vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103235745116592&w=2 Reference: BUGTRAQ:20020918 Microsoft Windows Terminal Services vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103236181522253&w=2 Reference: MS:MS02-051 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-051.asp Reference: XF:winxp-remote-desktop-dos(10120) Reference: URL:http://www.iss.net/security_center/static/10120.php Reference: BID:5713 Reference: URL:http://www.securityfocus.com/bid/5713 The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." INFERRED ACTION: CAN-2002-0864 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Cole, Green, Wall NOOP(1) Cox ====================================================== Candidate: CAN-2002-0865 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0865 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020815 Category: SF Reference: MS:MS02-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp Reference: CERT-VN:VU#140898 Reference: URL:http://www.kb.cert.org/vuls/id/140898 Reference: XF:msvm-xml-methods-access(10135) Reference: URL:http://www.iss.net/security_center/static/10135.php Reference: BID:5752 Reference: URL:http://online.securityfocus.com/bid/5752 A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes." Modifications: 20040725 ADDREF CERT-VN:VU#140898 INFERRED ACTION: CAN-2002-0865 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Cole, Green, Wall NOOP(2) Christey, Cox Voter Comments: Christey> ADDREF CERT-VN:VU#140898 URL:http://www.kb.cert.org/vuls/id/140898 This VU# also explicitly mentions the com.ms.osp.ospmrshl class. ====================================================== Candidate: CAN-2002-0866 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0866 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020815 Category: SF Reference: BUGTRAQ:20020923 Technical information about the vulnerabilities fixed by MS-02-52 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0271.html Reference: MS:MS02-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp Reference: CERT-VN:VU#307306 Reference: URL:http://www.kb.cert.org/vuls/id/307306 Reference: XF:msvm-jdbc-dll-execution(10133) Reference: URL:http://www.iss.net/security_center/static/10133.php Reference: BID:5751 Reference: URL:http://online.securityfocus.com/bid/5751 Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes." Modifications: 20040725 ADDREF CERT-VN:VU#307306 INFERRED ACTION: CAN-2002-0866 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Cole, Green, Wall NOOP(2) Christey, Cox Voter Comments: Christey> ADDREF CERT-VN:VU#307306 URL:http://www.kb.cert.org/vuls/id/307306 ====================================================== Candidate: CAN-2002-0867 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0867 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020815 Category: SF Reference: MS:MS02-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp Reference: CERT-VN:VU#792881 Reference: URL:http://www.kb.cert.org/vuls/id/792881 Reference: XF:msvm-jdbc-ie-dos(10134) Reference: URL:http://www.iss.net/security_center/static/10134.php Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw." Modifications: 20040725 CERT-VN:VU#792881 INFERRED ACTION: CAN-2002-0867 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Cole, Green, Wall NOOP(2) Christey, Cox Voter Comments: Christey> ADDREF CERT-VN:VU#792881 URL:http://www.kb.cert.org/vuls/id/792881 Consider adding BID:5670 ====================================================== Candidate: CAN-2002-0895 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0895 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20020522 MatuFtpServer Remote Buffer Overflow and Possible DoS Reference: URL:http://online.securityfocus.com/archive/1/273581 Reference: BID:4792 Reference: URL:http://www.securityfocus.com/bid/4792 Reference: XF:matuftpserver-pass-bo(9138) Reference: URL:http://www.iss.net/security_center/static/9138.php Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PASS (password) command. INFERRED ACTION: CAN-2002-0895 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Alderson, Frech, Jones NOOP(4) Cole, Armstrong, Cox, Foat Voter Comments: Alderson> The fact that the vendor page is in Japanese and therefore couldnt be verified may highlight future problems of a similar nature. ====================================================== Candidate: CAN-2002-0969 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0969 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020820 Category: SF Reference: VULNWATCH:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html Reference: BUGTRAQ:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103358628011935&w=2 Reference: MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt Reference: CONFIRM:http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x Reference: XF:mysql-myini-datadir-bo(10243) Reference: URL:http://www.iss.net/security_center/static/10243.php Reference: BID:5853 Reference: URL:http://www.securityfocus.com/bid/5853 Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. Modifications: 20040725 desc - add Win32 INFERRED ACTION: CAN-2002-0969 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Cox, Wall Voter Comments: Cox> Note that description should refer to Win32 platform Green> THE VENDOR'S STATEMENTS IN THE CHANGELOG SHOULD SURFICE AS ACKNOWLEDGEMENT ====================================================== Candidate: CAN-2002-0970 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0970 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020812 Re: IE SSL Vulnerability (Konqueror affected too) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918241005893&w=2 Reference: BUGTRAQ:20020818 KDE Security Advisory: Konqueror SSL vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0170.html Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020818-1.txt Reference: DEBIAN:DSA-155 Reference: URL:http://www.debian.org/security/2002/dsa-155 Reference: MANDRAKE:MDKSA-2002:058 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:058 Reference: CALDERA:CSSA-2002-047.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt Reference: CONECTIVA:CLA-2002:519 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000519 Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: REDHAT:RHSA-2002:221 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-221.html Reference: XF:ssl-ca-certificate-spoofing(9776) Reference: URL:http://xforce.iss.net/xforce/xfdb/9776 Reference: BID:5410 Reference: URL:http://www.securityfocus.com/bid/5410 The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. Modifications: ADDREF BUGTRAQ:20020818 KDE Security Advisory: Konqueror SSL vulnerability ADDREF CONFIRM:http://www.kde.org/info/security/advisory-20020818-1.txt ADDREF MANDRAKE:MDKSA-2002:058 ADDREF CALDERA:CSSA-2002-047.0 ADDREF CONECTIVA:CLA-2002:519 ADDREF REDHAT:RHSA-2002:220 20040725 ADDREF XF:ssl-ca-certificate-spoofing(9776) 20040725 ADDREF BID:5410 20040818 ADDREF REDHAT:RHSA-2002:221 INFERRED ACTION: CAN-2002-0970 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Cole, Armstrong, Baker, Cox MODIFY(1) Frech NOOP(3) Foat, Christey, Wall Voter Comments: Christey> CAN-2002-0970 and CAN-2002-0828 are treated differently because, as I understand it, the SSL design requires that you verify Basic Constraints. Here, we have 2 separate implementations that had the same implementation error, just like the 20+ FTP servers have the "buffer overflow in USER command" implementation error. It is assumed that CAN-2002-0970 and CAN-2002-0828 don't share the same codebases. Christey> BUGTRAQ:20020818 KDE Security Advisory: Konqueror SSL vulnerability URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0170.html Christey> CONFIRM:http://www.kde.org/info/security/advisory-20020818-1.txt MANDRAKE:MDKSA-2002:058 Christey> CALDERA:CSSA-2002-047.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt Christey> CONECTIVA:CLA-2002:519 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000519 Christey> REDHAT:RHSA-2002:220 Frech> XF:ssl-ca-certificate-spoofing(9776) ====================================================== Candidate: CAN-2002-0974 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0974 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020815 Delete arbitrary files using Help and Support Center [MSRC 1198dg] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102942549832077&w=2 Reference: MS:MS02-060 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-060.asp Reference: MSKB:Q328940 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q328940 Reference: XF:winxp-helpctr-delete-files(9878) Reference: URL:http://www.iss.net/security_center/static/9878.php Reference: BID:5478 Reference: URL:http://www.securityfocus.com/bid/5478 Reference: OSVDB:3001 Reference: URL:http://www.osvdb.org/3001 Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm. Modifications: 20040725 ADDREF MS:MS02-060 20040725 ADDREF MSKB:Q328940 20040725 ADDREF XF:winxp-helpctr-delete-files(9878) 20040725 ADDREF BID:5478 20040818 ADDREF OSVDB:3001 INFERRED ACTION: CAN-2002-0974 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Foat, Armstrong MODIFY(1) Frech NOOP(3) Cole, Christey, Cox REVIEWING(1) Wall Voter Comments: Christey> MSKB:Q328940 Christey> MS:MS02-060 URL:http://www.microsoft.com/technet/security/bulletin/ms02-060.asp XF:winxp-helpctr-delete-files(9878) URL:http://www.iss.net/security_center/static/9878.php BID:5478 URL:http://www.securityfocus.com/bid/5478 Frech> XF:winxp-helpctr-delete-files(9878) ====================================================== Candidate: CAN-2002-0985 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0985 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020830 Assigned: 20020823 Category: SF Reference: BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail() Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2 Reference: DEBIAN:DSA-168 Reference: URL:http://www.debian.org/security/2002/dsa-168 Reference: REDHAT:RHSA-2002:213 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-213.html Reference: REDHAT:RHSA-2002:214 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-214.html Reference: REDHAT:RHSA-2002:243 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html Reference: REDHAT:RHSA-2002:244 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html Reference: REDHAT:RHSA-2002:248 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html Reference: REDHAT:RHSA-2003:159 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-159.html Reference: SUSE:SuSE-SA:2002:036 Reference: URL:http://www.suse.de/de/security/2002_036_modphp4.html Reference: CONECTIVA:CLA-2002:545 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 Reference: CALDERA:CSSA-2003-008.0 Reference: XF:php-mail-safemode-bypass(9966) Reference: URL:http://xforce.iss.net/xforce/xfdb/9966 Reference: BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2 Reference: MANDRAKE:MDKSA-2003:082 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:0 Reference: OSVDB:2111 Reference: URL:http://www.osvdb.org/2111 Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. Modifications: 20040725 desc change "remote attackers" 20040725 desc say "argument injection" 20040725 ADDREF DEBIAN:DSA-168 20040725 ADDREF SUSE:SuSE-SA:2002:036 20040725 ADDREF REDHAT:RHSA-2002:213 20040725 ADDREF CONECTIVA:CLA-2002:545 20040725 ADDREF CALDERA:CSSA-2003-008.0 20040725 ADDREF XF:php-mail-safemode-bypass(9966) 20040725 ADDREF BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) 20040725 ADDREF MANDRAKE:MDKSA-2003:082 20040818 ADDREF REDHAT:RHSA-2002:214 20040818 ADDREF REDHAT:RHSA-2002:243 20040818 ADDREF REDHAT:RHSA-2002:244 20040818 ADDREF REDHAT:RHSA-2002:248 20040818 ADDREF REDHAT:RHSA-2003:159 20040818 ADDREF OSVDB:2111 INFERRED ACTION: CAN-2002-0985 FINAL (Final Decision 20040901) Current Votes: MODIFY(2) Frech, Cox NOOP(5) Foat, Cole, Armstrong, Christey, Wall Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] CHANGE> [Cox changed vote from ACCEPT to MODIFY] Cox> this should read "local script authors" not "remote attackers" (can be confirmed by checking the PHP advisory too). Christey> DEBIAN:DSA-168 Christey> SUSE:SuSE-SA:2002:036 Christey> REDHAT:RHSA-2002:213 URL:http://www.redhat.com/support/errata/RHSA-2002-213.html Christey> CONECTIVA:CLA-2002:545 Christey> Ummm... what is the relationship between this and CVE-2001-1246? The Debian advisory may help to make the distinction. XF:php-mail-safemode-bypass(9966) URL:http://www.iss.net/security_center/static/9966.php Christey> CALDERA:CSSA-2003-008.0 Frech> XF:php-mail-safemode-bypass(9966) Christey> BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2 Christey> MANDRAKE:MDKSA-2003:082 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:082 ====================================================== Candidate: CAN-2002-0986 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0986 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020830 Assigned: 20020823 Category: SF Reference: BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail() Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2 Reference: DEBIAN:DSA-168 Reference: URL:http://www.debian.org/security/2002/dsa-168 Reference: SUSE:SuSE-SA:2002:036 Reference: URL:http://www.suse.de/de/security/2002_036_modphp4.html Reference: REDHAT:RHSA-2002:213 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-213.html Reference: REDHAT:RHSA-2002:214 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-214.html Reference: REDHAT:RHSA-2002:243 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html Reference: REDHAT:RHSA-2002:244 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html Reference: REDHAT:RHSA-2002:248 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html Reference: REDHAT:RHSA-2003:159 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-159.html Reference: CONECTIVA:CLA-2002:545 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 Reference: CALDERA:CSSA-2003-008.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt Reference: MANDRAKE:MDKSA-2003:082 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 Reference: BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2 Reference: XF:php-mail-ascii-injection(9959) Reference: URL:http://xforce.iss.net/xforce/xfdb/9959 Reference: BID:5562 Reference: URL:http://www.securityfocus.com/bid/5562 Reference: OSVDB:2160 Reference: URL:http://www.osvdb.org/2160 The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." Modifications: 20040725 ADDREF DEBIAN:DSA-168 20040725 ADDREF SUSE:SuSE-SA:2002:036 20040725 ADDREF REDHAT:RHSA-2002:213 20040725 ADDREF CONECTIVA:CLA-2002:545 20040725 ADDREF CALDERA:CSSA-2003-008.0 20040725 ADDREF MANDRAKE:MDKSA-2003:082 20040725 ADDREF BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) 20040725 ADDREF XF:php-mail-ascii-injection(9959) 20040725 ADDREF BID:5562 20040818 ADDREF REDHAT:RHSA-2002:214 20040818 ADDREF REDHAT:RHSA-2002:243 20040818 ADDREF REDHAT:RHSA-2002:244 20040818 ADDREF REDHAT:RHSA-2002:248 20040818 ADDREF REDHAT:RHSA-2003:159 20040818 ADDREF OSVDB:2160 INFERRED ACTION: CAN-2002-0986 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Cox MODIFY(1) Frech NOOP(5) Foat, Cole, Armstrong, Christey, Wall Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Christey> DEBIAN:DSA-168 Christey> SUSE:SuSE-SA:2002:036 Christey> REDHAT:RHSA-2002:213 URL:http://www.redhat.com/support/errata/RHSA-2002-213.html Christey> CONECTIVA:CLA-2002:545 Christey> XF:php-mail-ascii-injection(9959) URL:http://www.iss.net/security_center/static/9959.php BID:5562 URL:http://www.securityfocus.com/bid/5562 Christey> CALDERA:CSSA-2003-008.0 Frech> XF:php-mail-ascii-injection(9959) Christey> BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2 Christey> MANDRAKE:MDKSA-2003:082 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:082 ====================================================== Candidate: CAN-2002-0990 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0990 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20021014 Multiple Symantec Firewall Secure Webserver timeout DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103463869503124&w=2 Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html Reference: BID:5958 Reference: URL:http://www.securityfocus.com/bid/5958 Reference: XF:simple-webserver-url-dos(10364) Reference: URL:http://www.iss.net/security_center/static/10364.php The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout. INFERRED ACTION: CAN-2002-0990 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Cole, Green, Baker NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1091 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1091 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134051120770&w=2 Reference: MISC:http://crash.ihug.co.nz/~Sneuro/zerogif/ Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=157989 Reference: MANDRAKE:MDKSA-2002:075 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075 Reference: REDHAT:RHSA-2002:192 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html Reference: REDHAT:RHSA-2003:046 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-046.html Reference: XF:netscape-zero-gif-bo(10058) Reference: URL:http://www.iss.net/security_center/static/10058.php Reference: BID:5665 Reference: URL:http://www.securityfocus.com/bid/5665 Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width. Modifications: 20040725 ADDREF REDHAT:RHSA-2003:046 INFERRED ACTION: CAN-2002-1091 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2003:046 Green> ACKNOWLEDGED IN REDHAT ERRATA ====================================================== Candidate: CAN-2002-1092 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1092 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-bypass-authentication(10017) Reference: URL:http://xforce.iss.net/xforce/xfdb/10017 Reference: BID:5613 Reference: URL:http://www.securityfocus.com/bid/5613 Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication. Modifications: 20040725 ADDREF XF:cisco-vpn-bypass-authentication(10017) 20040725 ADDREF BID:5613 INFERRED ACTION: CAN-2002-1092 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1093 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1093 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-html-parser-dos(10018) Reference: URL:http://www.iss.net/security_center/static/10018.php Reference: BID:5615 Reference: URL:http://www.securityfocus.com/bid/5615 HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request. INFERRED ACTION: CAN-2002-1093 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1095 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-pptp-dos(10021) Reference: URL:http://www.iss.net/security_center/static/10021.php Reference: BID:5625 Reference: URL:http://www.securityfocus.com/bid/5625 Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set. INFERRED ACTION: CAN-2002-1095 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1096 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1096 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: BID:5611 Reference: URL:http://www.securityfocus.com/bid/5611 Reference: XF:cisco-vpn-user-passwords(10019) Reference: URL:http://www.iss.net/security_center/static/10019.php Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code. INFERRED ACTION: CAN-2002-1096 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1097 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1097 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-certificate-passwords(10022) Reference: URL:http://www.iss.net/security_center/static/10022.php Reference: BID:5612 Reference: URL:http://www.securityfocus.com/bid/5612 Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages. INFERRED ACTION: CAN-2002-1097 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1098 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-xml-filter(10023) Reference: URL:http://www.iss.net/security_center/static/10023.php Reference: BID:5614 Reference: URL:http://www.securityfocus.com/bid/5614 Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator. INFERRED ACTION: CAN-2002-1098 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1099 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-web-access(10024) Reference: URL:http://www.iss.net/security_center/static/10024.php Reference: BID:5616 Reference: URL:http://www.securityfocus.com/bid/5616 Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages. INFERRED ACTION: CAN-2002-1099 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1102 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1102 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Reference: XF:cisco-vpn-lan-connection-dos(10027) Reference: URL:http://xforce.iss.net/xforce/xfdb/10027 Reference: BID:5622 Reference: URL:http://www.securityfocus.com/bid/5622 The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection. Modifications: 20040725 ADDREF XF:cisco-vpn-lan-connection-dos(10027) INFERRED ACTION: CAN-2002-1102 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1104 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1104 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml Reference: XF:cisco-vpn-tcp-dos(10042) Reference: URL:http://xforce.iss.net/xforce/xfdb/10042 Reference: BID:5649 Reference: URL:http://www.securityfocus.com/bid/5649 Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS). Modifications: 20040725 ADDREF XF:cisco-vpn-tcp-dos(10042) INFERRED ACTION: CAN-2002-1104 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1105 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1105 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml Reference: XF:cisco-vpn-obtain-password(10044) Reference: URL:http://xforce.iss.net/xforce/xfdb/10044 Reference: BID:5650 Reference: URL:http://www.securityfocus.com/bid/5650 Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password. Modifications: 20040725 desc - add "local users" 20040725 ADDREF XF:cisco-vpn-obtain-password(10044) 20040725 ADDREF BID:5650 INFERRED ACTION: CAN-2002-1105 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(1) Cox REVIEWING(1) Jones Voter Comments: Jones> [JHJ] "...allows local attackers..."? ====================================================== Candidate: CAN-2002-1106 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1106 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml Reference: XF:cisco-vpn-certificate-mitm(10045) Reference: URL:http://xforce.iss.net/xforce/xfdb/10045 Reference: BID:5652 Reference: URL:http://www.securityfocus.com/bid/5652 Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks. Modifications: 20040725 ADDREF XF:cisco-vpn-certificate-mitm(10045) 20040725 ADDREF BID:5652 INFERRED ACTION: CAN-2002-1106 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1107 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1107 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml Reference: XF:cisco-vpn-random-numbers(10046) Reference: URL:http://xforce.iss.net/xforce/xfdb/10046 Reference: BID:5653 Reference: URL:http://www.securityfocus.com/bid/5653 Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. Modifications: 20040725 ADDREF XF:cisco-vpn-random-numbers(10046) 20040725 ADDREF BID:5653 INFERRED ACTION: CAN-2002-1107 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole MODIFY(1) Jones NOOP(1) Cox Voter Comments: Jones> Suggest changing "...vulnerable to certain attacks such as spoofing." to "vulnerable to certain attacks which exploit this cryptographic weakness." Spoofing is a specific example of a broader class of attacks based on the weak RN generation. ====================================================== Candidate: CAN-2002-1108 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1108 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml Reference: XF:cisco-vpn-tcp-filter(10047) Reference: URL:http://xforce.iss.net/xforce/xfdb/10047 Reference: BID:5651 Reference: URL:http://www.securityfocus.com/bid/5651 Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel. Modifications: ADDREF 20040725 XF:cisco-vpn-tcp-filter(10047) ADDREF 20040725 BID:5651 INFERRED ACTION: CAN-2002-1108 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole MODIFY(1) Jones NOOP(1) Cox Voter Comments: Jones> Suggest adding quotes around "all tunnel", e.g., ...configured with "all tunnel" mode..., to remove amiguity. ====================================================== Candidate: CAN-2002-1109 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1109 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: CONFIRM:http://marc.theaimsgroup.com/?l=amavis-announce&m=103121272122242&w=2 Reference: BUGTRAQ:20020905 GLSA: amavis Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103124270321404&w=2 Reference: XF:amavis-securetar-tar-dos(10056) Reference: URL:http://www.iss.net/security_center/static/10056.php securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter. INFERRED ACTION: CAN-2002-1109 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1111 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978873620491&w=2 Reference: DEBIAN:DSA-153 Reference: URL:http://www.debian.org/security/2002/dsa-153 Reference: BID:5515 Reference: URL:http://www.securityfocus.com/bid/5515 Reference: XF:mantis-limit-reporters-bypass(9898) Reference: URL:http://xforce.iss.net/xforce/xfdb/9898 print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted. Modifications: 20040725 ADDREF XF:mantis-limit-reporters-bypass(9898) INFERRED ACTION: CAN-2002-1111 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1112 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1112 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978673018271&w=2 Reference: DEBIAN:DSA-153 Reference: URL:http://www.debian.org/security/2002/dsa-153 Reference: BID:5514 Reference: URL:http://www.securityfocus.com/bid/5514 Reference: XF:mantis-private-project-bug-listing(9899) Reference: URL:http://xforce.iss.net/xforce/xfdb/9899 Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page. Modifications: 20040725 ADDREF XF:mantis-private-project-bug-listing(9899) INFERRED ACTION: CAN-2002-1112 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1113 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1113 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040820 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020813 mantisbt security flaw Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102927873301965&w=2 Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-04] Arbitrary code execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978924821040&w=2 Reference: DEBIAN:DSA-153 Reference: URL:http://www.debian.org/security/2002/dsa-153 Reference: BID:5504 Reference: URL:http://www.securityfocus.com/bid/5504 Reference: XF:mantis-include-remote-files(9829) Reference: URL:http://xforce.iss.net/xforce/xfdb/9829 Reference: OSVDB:4858 Reference: URL:http://www.osvdb.org/4858 summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code. Modifications: 20040725 ADDREF XF:mantis-include-remote-files(9829) 20040818 ADDREF OSVDB:4858 INFERRED ACTION: CAN-2002-1113 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1116 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1116 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on 'View Bugs' Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103014152320112&w=2 Reference: DEBIAN:DSA-161 Reference: URL:http://www.debian.org/security/2002/dsa-161 The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects. INFERRED ACTION: CAN-2002-1116 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1117 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1117 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20020906 Category: SF Reference: BUGTRAQ:20020906 Veritas Backup Exec opens networks for NetBIOS based attacks? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134395124579&w=2 Reference: BUGTRAQ:20020906 UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134930629683&w=2 Reference: CONFIRM:http://seer.support.veritas.com/docs/238618.htm Reference: XF:veritas-backupexec-restrictanonymous-zero(10093) Reference: URL:http://xforce.iss.net/xforce/xfdb/10093 Reference: OSVDB:8230 Reference: URL:http://www.osvdb.org/8230 Reference: OVAL:OVAL1036 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1036.html Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares. Modifications: 20040804 ADDREF XF:veritas-backupexec-restrictanonymous-zero(10093) 20040818 ADDREF OSVDB:8230 20040824 ADDREF OVAL:OVAL1036 INFERRED ACTION: CAN-2002-1117 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1118 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1118 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020909 Category: SF Reference: VULNWATCH:20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf Reference: XF:oracle-net-services-dos(10283) Reference: URL:http://www.iss.net/security_center/static/10283.php Reference: BID:5678 Reference: URL:http://www.securityfocus.com/bid/5678 TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command. Modifications: 20040804 ADDREF BID:5678 INFERRED ACTION: CAN-2002-1118 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1119 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1119 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020909 Category: SF Reference: MISC:http://mail.python.org/pipermail/python-dev/2002-August/027229.html Reference: DEBIAN:DSA-159 Reference: URL:http://www.debian.org/security/2002/dsa-159 Reference: CONECTIVA:CLA-2002:527 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000527 Reference: CALDERA:CSSA-2002-045.0 Reference: MANDRAKE:MDKSA-2002:082 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-082.php Reference: REDHAT:RHSA-2002:202 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-202.html Reference: REDHAT:RHSA-2003:048 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-048.html Reference: BUGTRAQ:20030123 [OpenPKG-SA-2003.006] OpenPKG Security Advisory (python) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104333092200589&w=2 Reference: XF:python-execvpe-tmpfile-symlink(10009) Reference: URL:http://www.iss.net/security_center/static/10009.php Reference: BID:5581 Reference: URL:http://www.securityfocus.com/bid/5581 os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:048 INFERRED ACTION: CAN-2002-1119 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2003:048 ====================================================== Candidate: CAN-2002-1122 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1122 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020911 Category: SF Reference: VULNWATCH:20020918 Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS Scanner Reference: ISS:20020918 Flaw in Internet Scanner Parsing Mechanism Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21165 Reference: XF:is-http-response-bo(10130) Reference: URL:http://www.iss.net/security_center/static/10130.php Reference: BID:5738 Reference: URL:http://www.securityfocus.com/bid/5738 Reference: OSVDB:3150 Reference: URL:http://www.osvdb.org/3150 Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response. Modifications: 20040818 ADDREF OSVDB:3150 INFERRED ACTION: CAN-2002-1122 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1123 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1123 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020911 Category: SF Reference: BUGTRAQ:20020806 SPIKE 2.5 and associated vulns Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865925419469&w=2 Reference: BUGTRAQ:20020807 MS SQL Server Hello Overflow NASL script Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102873609025020&w=2 Reference: MS:MS02-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp Reference: BID:5411 Reference: URL:http://online.securityfocus.com/bid/5411 Reference: XF:mssql-preauth-bo(9788) Reference: URL:http://www.iss.net/security_center/static/9788.php Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow. Modifications: 20040804 [refs] delete extra XF:mssql-preauth-bo(9788) INFERRED ACTION: CAN-2002-1123 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1126 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1126 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020917 Category: SF Reference: BUGTRAQ:20020911 Privacy leak in mozilla Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103176760004720&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=145579 Reference: REDHAT:RHSA-2002:192 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html Reference: REDHAT:RHSA-2003:046 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-046.html Reference: MANDRAKE:MDKSA-2002:075 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075 Reference: XF:mozilla-onunload-url-leak(10084) Reference: URL:http://www.iss.net/security_center/static/10084.php Reference: BID:5694 Reference: URL:http://www.securityfocus.com/bid/5694 Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:046 INFERRED ACTION: CAN-2002-1126 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2003:046 ====================================================== Candidate: CAN-2002-1132 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1132 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020920 Category: SF Reference: BUGTRAQ:20020919 Squirrel Mail 1.2.7 XSS Exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html Reference: REDHAT:RHSA-2002:204 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-204.html Reference: DEBIAN:DSA-191 Reference: URL:http://www.debian.org/security/2002/dsa-191 Reference: XF:squirrelmail-options-path-disclosure(10345) Reference: URL:http://www.iss.net/security_center/static/10345.php SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. Modifications: 20040804 [desc] remove "and possibly later versions" INFERRED ACTION: CAN-2002-1132 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> We have verified through source code inspection that the issue mentioned in CAN-2002-1132 was fixed in upstream Squirrelmail 1.2.8 ====================================================== Candidate: CAN-2002-1135 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1135 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020923 Category: SF Reference: BUGTRAQ:20020922 PHP source injection in phpWebSite Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103279980906880&w=2 Reference: CONFIRM:http://phpwebsite.appstate.edu/article.php?sid=400 Reference: XF:phpwebsite-modsecurity-file-include(10164) Reference: URL:http://www.iss.net/security_center/static/10164.php Reference: BID:5779 Reference: URL:http://www.securityfocus.com/bid/5779 Reference: OSVDB:3848 Reference: URL:http://www.osvdb.org/3848 modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code. Modifications: 20040818 ADDREF OSVDB:3848 INFERRED ACTION: CAN-2002-1135 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1137 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1137 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MISC:http://www.scan-associates.net/papers/foxpro.txt Reference: MS:MS02-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp Reference: XF:mssql-dbcc-bo-variant(10255) Reference: URL:http://xforce.iss.net/xforce/xfdb/10255 Reference: BID:5877 Reference: URL:http://www.securityfocus.com/bid/5877 Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. Modifications: 20040804 ADDREF XF:mssql-dbcc-bo-variant(10255) INFERRED ACTION: CAN-2002-1137 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1138 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1138 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp Reference: XF:mssql-agent-create-files(10257) Reference: URL:http://www.iss.net/security_center/static/10257.php Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." INFERRED ACTION: CAN-2002-1138 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1139 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1139 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-054 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-054.asp Reference: XF:win-zip-incorrect-path(10252) Reference: URL:http://www.iss.net/security_center/static/10252.php Reference: BID:5876 Reference: URL:http://www.securityfocus.com/bid/5876 The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression." INFERRED ACTION: CAN-2002-1139 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1140 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1140 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-057.asp Reference: XF:sfu-rpc-parameter-bo(10258) Reference: URL:http://www.iss.net/security_center/static/10258.php Reference: BID:5879 Reference: URL:http://www.securityfocus.com/bid/5879 The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service." INFERRED ACTION: CAN-2002-1140 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1141 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1141 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-057.asp Reference: XF:sfu-invalid-rpc-dos(10259) Reference: URL:http://www.iss.net/security_center/static/10259.php Reference: BID:5880 Reference: URL:http://www.securityfocus.com/bid/5880 An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request." INFERRED ACTION: CAN-2002-1141 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1142 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1142 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-065 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-065.asp Reference: VULNWATCH:20021120 Foundstone Advisory Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html Reference: MISC:http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337 Reference: CERT:CA-2002-33 Reference: URL:http://www.cert.org/advisories/CA-2002-33.html Reference: CERT-VN:VU#542081 Reference: URL:http://www.kb.cert.org/vuls/id/542081 Reference: XF:mdac-rds-server-bo(10659) Reference: URL:http://xforce.iss.net/xforce/xfdb/10659 Reference: BID:6214 Reference: URL:http://www.securityfocus.com/bid/6214 Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub. Modifications: 20040804 ADDREF VULNWATCH:20021120 Foundstone Advisory 20040804 ADDREF MISC:http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337 20040804 ADDREF CERT:CA-2002-33 20040804 ADDREF CERT-VN:VU#542081 20040804 ADDREF XF:mdac-rds-server-bo(10659) 20040804 ADDREF BID:6214 INFERRED ACTION: CAN-2002-1142 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(2) Christey, Cox Voter Comments: Christey> VULNWATCH:20021120 Foundstone Advisory URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html MISC:http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337 CERT:CA-2002-33 URL:http://www.cert.org/advisories/CA-2002-33.html CERT-VN:VU#542081 URL:http://www.kb.cert.org/vuls/id/542081 XF:mdac-rds-server-bo(10659) URL:http://xforce.iss.net/xforce/xfdb/10659 BID:6214 URL:http://www.securityfocus.com/bid/6214 ====================================================== Candidate: CAN-2002-1146 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1146 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020923 Category: SF Reference: FREEBSD:FreeBSD-SA-02:42 Reference: MANDRAKE:MDKSA-2004:009 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:009 Reference: NETBSD:NetBSD-SA2002-015 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-015.txt.asc Reference: REDHAT:RHSA-2002:197 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-197.html Reference: REDHAT:RHSA-2002:258 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-258.html Reference: REDHAT:RHSA-2003:022 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-022.html Reference: REDHAT:RHSA-2003:212 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-212.html Reference: CERT-VN:VU#738331 Reference: URL:http://www.kb.cert.org/vuls/id/738331 Reference: XF:dns-resolver-lib-read-bo(10295) Reference: URL:http://www.iss.net/security_center/static/10295.php Reference: CONECTIVA:CLA-2002:535 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535 The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). Modifications: 20040804 ADDREF REDHAT:RHSA-2003:022 20040804 ADDREF REDHAT:RHSA-2002:258 20040804 ADDREF MANDRAKE:MDKSA-2004:009 20040818 ADDREF REDHAT:RHSA-2003:212 INFERRED ACTION: CAN-2002-1146 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: RHSA-2003:022 Addref: RHSA-2002:258 Christey> MANDRAKE:MDKSA-2004:009 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:009 ====================================================== Candidate: CAN-2002-1147 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1147 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020924 Category: SF Reference: MISC:http://www.tech-serve.com/research/advisories/2002/a092302-1.txt Reference: BUGTRAQ:20020924 HP Procurve 4000M Stacked Switch HTTP Reset Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103287951910420&w=2 Reference: HP:HPSBUX0209-219 Reference: URL:http://online.securityfocus.com/advisories/4501 Reference: BID:5784 Reference: URL:http://www.securityfocus.com/bid/5784 Reference: XF:hp-procurve-http-reset-dos(10172) Reference: URL:http://www.iss.net/security_center/static/10172.php The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program. INFERRED ACTION: CAN-2002-1147 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Cole, Armstrong NOOP(1) Cox REVIEWING(1) Green ====================================================== Candidate: CAN-2002-1148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1148 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020924 JSP source code exposure in Tomcat 4.x Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103288242014253&w=2 Reference: DEBIAN:DSA-170 Reference: URL:http://www.debian.org/security/2002/dsa-170 Reference: HP:HPSBUX0212-229 Reference: URL:http://online.securityfocus.com/advisories/4758 Reference: REDHAT:RHSA-2002:217 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-217.html Reference: REDHAT:RHSA-2002:218 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-218.html Reference: BID:5786 Reference: URL:http://www.securityfocus.com/bid/5786 Reference: XF:tomcat-servlet-source-code(10175) Reference: URL:http://www.iss.net/security_center/static/10175.php The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:217 20040804 ADDREF REDHAT:RHSA-2002:218 INFERRED ACTION: CAN-2002-1148 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Armstrong MODIFY(1) Cox NOOP(2) Christey, Cole Voter Comments: Christey> DEBIAN:DSA-170 Note: DSA-170 was originally published with the DSA-169 ID, but DSA-169 is really ht://Check, and DSA-170 is really tomcat, as confirmed by Debian via email. The online advisories at www.debian.org are authoritative. Cox> Addref: RHSA-2002:218 Addref: RHSA-2002:217 ====================================================== Candidate: CAN-2002-1151 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1151 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020910 KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103175850925395&w=2 Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020908-2.txt Reference: CALDERA:CSSA-2002-047.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt Reference: CONECTIVA:CLA-2002:525 Reference: DEBIAN:DSA-167 Reference: URL:http://www.debian.org/security/2002/dsa-167 Reference: MANDRAKE:MDKSA-2002:064 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-064.php Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: REDHAT:RHSA-2002:221 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-221.html Reference: BID:5689 Reference: URL:http://online.securityfocus.com/bid/5689 Reference: XF:ie-sameoriginpolicy-bypass(10039) Reference: URL:http://www.iss.net/security_center/static/10039.php Reference: OSVDB:7867 Reference: URL:http://www.osvdb.org/7867 The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:221 20040818 ADDREF OSVDB:7867 INFERRED ACTION: CAN-2002-1151 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2002:221 ====================================================== Candidate: CAN-2002-1152 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1152 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020910 KDE Security Advisory: Secure Cookie Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103175827225044&w=2 Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020908-1.txt Reference: REDHAT:RHSA-2002:220 Reference: XF:kde-konqueror-cookie-hijacking(10083) Reference: URL:http://www.iss.net/security_center/static/10083.php Reference: BID:5691 Reference: URL:http://www.securityfocus.com/bid/5691 Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. INFERRED ACTION: CAN-2002-1152 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong ====================================================== Candidate: CAN-2002-1153 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1153 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020924 Category: SF Reference: BUGTRAQ:20020919 KPMG-2002035: IBM Websphere Large Header DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103244572803950&w=2 Reference: CONFIRM:ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/pq62144/readme.txt Reference: XF:websphere-host-header-bo(10140) Reference: URL:http://www.iss.net/security_center/static/10140.php Reference: BID:5749 Reference: URL:http://www.securityfocus.com/bid/5749 Reference: OSVDB:2092 Reference: URL:http://www.osvdb.org/2092 IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host". Modifications: 20040818 ADDREF OSVDB:2092 INFERRED ACTION: CAN-2002-1153 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cole NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-1154 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1154 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020925 Category: SF Reference: CONFIRM:http://www.analog.cx/security5.html Reference: REDHAT:RHSA-2002:059 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-059.html Reference: XF:analog-anlgform-dos(10344) Reference: URL:http://www.iss.net/security_center/static/10344.php Reference: OSVDB:3779 Reference: URL:http://www.osvdb.org/3779 anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log. Modifications: 20040818 ADDREF REDHAT:RHSA-2002:059 20040818 ADDREF OSVDB:3779 INFERRED ACTION: CAN-2002-1154 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1156 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1156 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20020926 Category: SF Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04 Reference: CONFIRM:http://www.apache.org/dist/httpd/CHANGES_2.0 Reference: HP:HPSBUX0210-224 Reference: URL:http://online.securityfocus.com/advisories/4617 Reference: CERT-VN:VU#910713 Reference: URL:http://www.kb.cert.org/vuls/id/910713 Reference: BID:6065 Reference: URL:http://online.securityfocus.com/bid/6065 Reference: XF:apache-webdav-cgi-source(10499) Reference: URL:http://xforce.iss.net/xforce/xfdb/10499 Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled. Modifications: 20040804 ADDREF XF:apache-webdav-cgi-source(10499) INFERRED ACTION: CAN-2002-1156 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Baker, Cox, Wall, Cole MODIFY(1) Frech Voter Comments: Frech> XF:apache-webdav-cgi-source(10499) ====================================================== Candidate: CAN-2002-1157 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1157 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020926 Category: SF Reference: CONECTIVA:CLA-2002:541 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541 Reference: DEBIAN:DSA-181 Reference: URL:http://www.debian.org/security/2002/dsa-181 Reference: ENGARDE:ESA-20021029-027 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2512.html Reference: MANDRAKE:MDKSA-2002:072 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php Reference: REDHAT:RHSA-2002:222 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-222.html Reference: REDHAT:RHSA-2002:243 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html Reference: REDHAT:RHSA-2002:244 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html Reference: REDHAT:RHSA-2002:248 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html Reference: REDHAT:RHSA-2002:251 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-251.html Reference: REDHAT:RHSA-2003:106 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-106.html Reference: BUGTRAQ:20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache) Reference: URL:http://online.securityfocus.com/archive/1/296753 Reference: BUGTRAQ:20021026 GLSA: mod_ssl Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html Reference: BID:6029 Reference: URL:http://www.securityfocus.com/bid/6029 Reference: XF:apache-modssl-host-xss(10457) Reference: URL:http://www.iss.net/security_center/static/10457.php Reference: OSVDB:2107 Reference: URL:http://www.osvdb.org/2107 Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:248 20040804 ADDREF REDHAT:RHSA-2002:251 20040804 ADDREF REDHAT:RHSA-2002:222 20040804 ADDREF REDHAT:RHSA-2002:243 20040804 ADDREF REDHAT:RHSA-2002:244 20040818 ADDREF REDHAT:RHSA-2003:106 20040818 ADDREF OSVDB:2107 INFERRED ACTION: CAN-2002-1157 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2002:251 Addref: RHSA-2002:248 Addref: RHSA-2002:244 Addref: RHSA-2002:243 Addref: RHSA-2002:222 ====================================================== Candidate: CAN-2002-1158 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1158 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020926 Category: SF Reference: CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt Reference: DEBIAN:DSA-224 Reference: URL:http://www.debian.org/security/2003/dsa-224 Reference: REDHAT:RHSA-2002:246 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-246.html Reference: REDHAT:RHSA-2002:261 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-261.html Reference: REDHAT:RHSA-2003:115 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-115.html Reference: BUGTRAQ:20021220 GLSA: canna Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104041812206344&w=2 Reference: BID:6351 Reference: URL:http://www.securityfocus.com/bid/6351 Reference: XF:canna-irwthrough-bo(10831) Reference: URL:http://xforce.iss.net/xforce/xfdb/10831 Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:261 20040804 ADDREF BID:6351 20040804 ADDREF XF:canna-irwthrough-bo(10831) 20040804 ADDREF DEBIAN:DSA-224 20040804 ADDREF BUGTRAQ:20021220 GLSA: canna 20040804 ADDREF CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt 20040804 [desc] add "irw_through" 20040818 ADDREF REDHAT:RHSA-2003:115 INFERRED ACTION: CAN-2002-1158 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2002:261 ====================================================== Candidate: CAN-2002-1159 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1159 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020926 Category: SF Reference: DEBIAN:DSA-224 Reference: URL:http://www.debian.org/security/2003/dsa-224 Reference: REDHAT:RHSA-2002:246 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-246.html Reference: REDHAT:RHSA-2002:261 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-261.html Reference: REDHAT:RHSA-2003:115 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-115.html Reference: CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt Reference: BID:6354 Reference: URL:http://www.securityfocus.com/bid/6354 Reference: XF:canna-improper-request-validation(10832) Reference: URL:http://xforce.iss.net/xforce/xfdb/10832 Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:261 20040804 ADDREF CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt 20040804 ADDREF DEBIAN:DSA-224 20040804 ADDREF BID:6354 20040804 ADDREF XF:canna-improper-request-validation(10832) 20040818 ADDREF REDHAT:RHSA-2003:115 INFERRED ACTION: CAN-2002-1159 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Baker MODIFY(1) Cox NOOP(1) Cole Voter Comments: Cox> Addref: RHSA-2002:261 ====================================================== Candidate: CAN-2002-1160 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1160 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020926 Category: CF Reference: BUGTRAQ:20021214 BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104431622818954&w=2 Reference: CONECTIVA:CLA-2003:693 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693 Reference: MANDRAKE:MDKSA-2003:017 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:017 Reference: REDHAT:RHSA-2003:028 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-028.html Reference: REDHAT:RHSA-2003:035 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-035.html Reference: SUNALERT:55760 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55760 Reference: CERT-VN:VU#911505 Reference: URL:http://www.kb.cert.org/vuls/id/911505 Reference: BID:6753 Reference: URL:http://www.securityfocus.com/bid/6753 Reference: XF:linux-pamxauth-gain-privileges(11254) Reference: URL:http://www.iss.net/security_center/static/11254.php The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su. Modifications: 20040804 ADDREF CONECTIVA:CLA-2003:693 20040804 ADDREF CERT-VN:VU#911505 20040804 ADDREF SUNALERT:55760 20040818 ADDREF REDHAT:RHSA-2003:028 INFERRED ACTION: CAN-2002-1160 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Cox NOOP(2) Christey, Cole Voter Comments: Green> CLEARLY ACKNOWLEDGED IN THE MANDRAKE SUPPORT ADVISORY Christey> CONECTIVA:CLA-2003:693 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693 ====================================================== Candidate: CAN-2002-1169 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1169 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040820 Proposed: 20030317 Assigned: 20020927 Category: SF Reference: MISC:http://www.rapid7.com/advisories/R7-0007.txt Reference: VULNWATCH:20021023 R7-0007: IBM WebSphere Edge Server Caching Proxy Denial of Service Reference: AIXAPAR:IY35970 Reference: BID:6002 Reference: URL:http://online.securityfocus.com/bid/6002 Reference: XF:ibm-wte-helpout-dos(10452) Reference: URL:http://www.iss.net/security_center/static/10452.php Reference: OSVDB:2090 Reference: URL:http://www.osvdb.org/2090 IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash. Modifications: 20040818 ADDREF OSVDB:2090 INFERRED ACTION: CAN-2002-1169 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Armstrong NOOP(2) Cox, Cole Voter Comments: Green> PATCH RELEASED BY VENDOR ====================================================== Candidate: CAN-2002-1170 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1170 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20020930 Category: SF Reference: BUGTRAQ:20021002 iDEFENSE Security Advisory 10.02.2002: Net-SNMP DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359362020365&w=2 Reference: BUGTRAQ:20021014 GLSA: net-snmp Reference: MISC:http://www.idefense.com/advisory/10.02.02.txt Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=216532 Reference: REDHAT:RHSA-2002:228 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-228.html The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference. INFERRED ACTION: CAN-2002-1170 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong ====================================================== Candidate: CAN-2002-1178 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1178 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021003 Category: SF Reference: BUGTRAQ:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103358725813039&w=2 Reference: VULNWATCH:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution Reference: MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt Reference: CONFIRM:http://groups.yahoo.com/group/jetty-announce/message/45 Reference: XF:jetty-cgiservlet-directory-traversal(10246) Reference: URL:http://www.iss.net/security_center/static/10246.php Reference: BID:5852 Reference: URL:http://www.securityfocus.com/bid/5852 Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory. INFERRED ACTION: CAN-2002-1178 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1179 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1179 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021004 Category: SF Reference: NTBUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103429637822920&w=2 Reference: NTBUGTRAQ:20021010 Re: Problems applying MS02-058 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103429681123297&w=2 Reference: BUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103435413105661&w=2 Reference: MS:MS02-058 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-058.asp Reference: XF:outlook-smime-bo(10338) Reference: URL:http://www.iss.net/security_center/static/10338.php Reference: BID:5944 Reference: URL:http://www.securityfocus.com/bid/5944 Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. INFERRED ACTION: CAN-2002-1179 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1180 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1180 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: MS:MS02-062 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp Reference: XF:iis-script-source-access-bypass(10504) Reference: URL:http://www.iss.net/security_center/static/10504.php Reference: BID:6071 Reference: URL:http://www.securityfocus.com/bid/6071 Reference: OVAL:OVAL931 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL931.html A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." Modifications: 20040804 ADDREF 20040824 ADDREF OVAL:OVAL931 INFERRED ACTION: CAN-2002-1180 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1182 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1182 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: VULNWATCH:20021031 Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0048.html Reference: MS:MS02-062 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp Reference: XF:iis-webdav-memory-allocation-dos(10503) Reference: URL:http://xforce.iss.net/xforce/xfdb/10503 Reference: BID:6070 Reference: URL:http://www.securityfocus.com/bid/6070 Reference: OVAL:OVAL1009 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1009.html Reference: OVAL:OVAL1011 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1011.html IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. Modifications: 20040804 ADDREF XF:iis-webdav-memory-allocation-dos(10503) 20040804 ADDREF BID:6070 20040824 ADDREF OVAL:OVAL1009 20040824 ADDREF OVAL:OVAL1011 INFERRED ACTION: CAN-2002-1182 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1183 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1183 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: MS:MS02-050 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-050.asp Reference: XF:ssl-ca-certificate-spoofing(9776) Reference: URL:http://xforce.iss.net/xforce/xfdb/9776 Reference: BID:5410 Reference: URL:http://www.securityfocus.com/bid/5410 Reference: OVAL:OVAL1059 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1059.html Reference: OVAL:OVAL1455 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1455.html Reference: OVAL:OVAL2108 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL2108.html Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). Modifications: 20040804 ADDREF XF:ssl-ca-certificate-spoofing(9776) 20040804 ADDREF BID:5410 20040824 ADDREF OVAL:OVAL1059 20040824 ADDREF OVAL:OVAL1455 20040824 ADDREF OVAL:OVAL2108 INFERRED ACTION: CAN-2002-1183 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1184 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1184 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021004 Category: CF Reference: MS:MS02-064 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-064.asp Reference: XF:win2k-partition-weak-permissions(9779) Reference: URL:http://xforce.iss.net/xforce/xfdb/9779 Reference: BID:5415 Reference: URL:http://www.securityfocus.com/bid/5415 The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. Modifications: 20040804 ADDREF XF:win2k-partition-weak-permissions(9779) 20040804 ADDREF BID:5415 INFERRED ACTION: CAN-2002-1184 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1185 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1185 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: VULNWATCH:20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html Reference: BUGTRAQ:20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103970996205091&w=2 Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: XF:ie-png-bo(10662) Reference: URL:http://www.iss.net/security_center/static/10662.php Reference: BID:6216 Reference: URL:http://online.securityfocus.com/bid/6216 Reference: OVAL:OVAL393 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL393.html Reference: OVAL:OVAL542 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL542.html Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." Modifications: 20040824 ADDREF OVAL:OVAL393 20040824 ADDREF OVAL:OVAL542 INFERRED ACTION: CAN-2002-1185 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1186 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1186 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: BUGTRAQ:20020903 MSIEv6 % encoding causes a problem again Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: XF:ie-sameoriginpolicy-bypass(10039) Reference: URL:http://www.iss.net/security_center/static/10039.php Reference: BID:5610 Reference: URL:http://online.securityfocus.com/bid/5610 Reference: OVAL:OVAL143 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL143.html Reference: OVAL:OVAL471 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL471.html Reference: OVAL:OVAL495 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL495.html Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." Modifications: 20040824 ADDREF OVAL:OVAL143 20040824 ADDREF OVAL:OVAL471 20040824 ADDREF OVAL:OVAL495 INFERRED ACTION: CAN-2002-1186 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1187 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1187 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: BUGTRAQ:20020909 Who framed Internet Explorer (GM#010-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103158601431054&w=2 Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: XF:ie-frame-script-execution (10066) Reference: URL:http://www.iss.net/security_center/static/10066.php Reference: BID:5672 Reference: URL:http://online.securityfocus.com/bid/5672 Reference: OSVDB:2998 Reference: URL:http://www.osvdb.org/2998 Reference: OVAL:OVAL203 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL203.html Reference: OVAL:OVAL225 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL225.html Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource. Modifications: 20040818 ADDREF OSVDB:2998 20040824 ADDREF OVAL:OVAL203 20040824 ADDREF OVAL:OVAL225 INFERRED ACTION: CAN-2002-1187 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1188 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1188 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021004 Category: SF Reference: BUGTRAQ:20020912 LEVERAGING CROSS-PROTOCOL SCRIPTING IN MSIE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184415307193&w=2 Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: BID:6217 Reference: URL:http://www.securityfocus.com/bid/6217 Reference: XF:ie-object-read-tif(10665) Reference: URL:http://www.iss.net/security_center/static/10665.php Reference: OVAL:OVAL444 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL444.html Reference: OVAL:OVAL690 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL690.html Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading." Modifications: 20040804 ADDREF BID:6217 20040824 ADDREF OVAL:OVAL444 20040824 ADDREF OVAL:OVAL690 INFERRED ACTION: CAN-2002-1188 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1189 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1189 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021004 Category: SF Reference: CISCO:20021004 Predefined Restriction Tables Allow Calls to International Operator Reference: URL:http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml Reference: XF:cisco-unity-insecure-configuration(10282) Reference: URL:http://www.iss.net/security_center/static/10282.php Reference: BID:5896 Reference: URL:http://www.securityfocus.com/bid/5896 The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding. INFERRED ACTION: CAN-2002-1189 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1193 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021008 Category: SF Reference: DEBIAN:DSA-172 Reference: URL:http://www.debian.org/security/2002/dsa-172 Reference: XF:tkmail-tmp-file-symlink(10307) Reference: URL:http://www.iss.net/security_center/static/10307.php Reference: BID:5911 Reference: URL:http://www.securityfocus.com/bid/5911 tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files. INFERRED ACTION: CAN-2002-1193 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1195 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1195 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20020912 ht://Check XSS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184269605160&w=2 Reference: DEBIAN:DSA-169 Reference: URL:http://www.debian.org/security/2002/dsa-169 Reference: XF:htcheck-server-header-xss(10089) Reference: URL:http://www.iss.net/security_center/static/10089.php Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page. INFERRED ACTION: CAN-2002-1195 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> DEBIAN:DSA-169 Note: DSA-170 was originally published with the DSA-169 ID, but DSA-169 is really ht://Check, and DSA-170 is really tomcat, as confirmed by Debian via email. The online advisories at www.debian.org are authoritative. ====================================================== Candidate: CAN-2002-1196 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1196 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12 Reference: DEBIAN:DSA-173 Reference: URL:http://www.debian.org/security/2002/dsa-173 Reference: BID:5843 Reference: URL:http://www.securityfocus.com/bid/5843 Reference: XF:bugzilla-usebuggroups-permissions-leak(10233) Reference: URL:http://www.iss.net/security_center/static/10233.php editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. Modifications: 20040804 ADDREF BID:5843 INFERRED ACTION: CAN-2002-1196 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> ADDREF BID:5843 URL:http://www.securityfocus.com/bid/5843 ====================================================== Candidate: CAN-2002-1197 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1197 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=163024 Reference: XF:bugzilla-emailappend-command-injection(10234) Reference: URL:http://www.iss.net/security_center/static/10234.php bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. INFERRED ACTION: CAN-2002-1197 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(3) Christey, Cox, Wall Voter Comments: Christey> Via email, Debian said that they are NOT vulnerable to this issue, because the bug is in a "contrib" package and not part of the core product. ====================================================== Candidate: CAN-2002-1198 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1198 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=165221 Reference: XF:bugzilla-email-sql-injection(10235) Reference: URL:http://www.iss.net/security_center/static/10235.php Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack. INFERRED ACTION: CAN-2002-1198 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(3) Christey, Cox, Wall Voter Comments: Christey> Via email, Debian said that they are NOT vulnerable to this issue. ====================================================== Candidate: CAN-2002-1199 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1199 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021011 Category: SF Reference: BUGTRAQ:20021010 Multiple vendor ypxfrd map handling vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103426842025029&w=2 Reference: CALDERA:CSSA-2002-SCO.40 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40 Reference: COMPAQ:SSRT2339 Reference: SUNALERT:47903 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47903 Reference: CERT-VN:VU#538033 Reference: URL:http://www.kb.cert.org/vuls/id/538033 Reference: XF:ypxfrd-file-disclosure(10329) Reference: URL:http://www.iss.net/security_center/static/10329.php Reference: BID:5937 Reference: URL:http://www.securityfocus.com/bid/5937 The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments. Modifications: 20040804 [refs] normalize SUNALERT ref INFERRED ACTION: CAN-2002-1199 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1200 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1200 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021011 Category: SF Reference: CONFIRM:http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt Reference: BUGTRAQ:20021010 syslog-ng buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103426595021928&w=2 Reference: DEBIAN:DSA-175 Reference: URL:http://www.debian.org/security/2002/dsa-175 Reference: ENGARDE:ESA-20021016-025 Reference: ENGARDE:ESA-20021029-028 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2513.html Reference: CONECTIVA:CLA-2002:547 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000547 Reference: SUSE:SuSE-SA:2002:039 Reference: URL:http://www.suse.com/de/security/2002_039_syslog_ng.html Reference: BID:5934 Reference: URL:http://www.securityfocus.com/bid/5934 Reference: XF:syslogng-macro-expansion-bo(10339) Reference: URL:http://www.iss.net/security_center/static/10339.php Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. INFERRED ACTION: CAN-2002-1200 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1211 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1211 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021014 Category: SF Reference: MISC:http://www.idefense.com/advisory/10.31.02b.txt Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616306403031&w=2 Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0050.html Reference: XF:prometheus-php-file-include(10515) Reference: URL:http://www.iss.net/security_center/static/10515.php Reference: BID:6087 Reference: URL:http://www.securityfocus.com/bid/6087 Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.php, (2) install.php, or (3) various test_*.php scripts. INFERRED ACTION: CAN-2002-1211 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1214 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1214 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021014 Category: SF Reference: BUGTRAQ:20020926 Microsoft PPTP Server and Client remote vulnerability Reference: URL:http://online.securityfocus.com/archive/1/293146 Reference: MS:MS02-063 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-063.asp Reference: XF:win-pptp-packet-bo (10199) Reference: URL:http://www.iss.net/security_center/static/10199.php Reference: BID:5807 Reference: URL:http://online.securityfocus.com/bid/5807 Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. INFERRED ACTION: CAN-2002-1214 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox Voter Comments: Green> ACKNOWLEDGED IN http://www.microsoft.com/technet/security/bulletin/ms02-063.asp ====================================================== Candidate: CAN-2002-1219 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021016 Category: SF Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8 Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2 Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html Reference: CERT:CA-2002-31 Reference: URL:http://www.cert.org/advisories/CA-2002-31.html Reference: CERT-VN:VU#852283 Reference: URL:http://www.kb.cert.org/vuls/id/852283 Reference: FREEBSD:FreeBSD-SA-02:43 Reference: ENGARDE:ESA-20021114-029 Reference: SUSE:SuSE-SA:2002:044 Reference: MANDRAKE:MDKSA-2002:077 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php Reference: DEBIAN:DSA-196 Reference: URL:http://www.debian.org/security/2002/dsa-196 Reference: CONECTIVA:CLA-2002:546 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546 Reference: CALDERA:CSSA-2003-SCO.2 Reference: CIAC:N-013 Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) Reference: URL:http://online.securityfocus.com/archive/1/300019 Reference: COMPAQ:SSRT2408 Reference: URL:http://online.securityfocus.com/advisories/4999 Reference: SGI:20021201-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2 Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818 Reference: BID:6160 Reference: URL:http://www.securityfocus.com/bid/6160 Reference: XF:bind-sig-rr-bo(10304) Reference: URL:http://xforce.iss.net/xforce/xfdb/10304 Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). Modifications: 20040804 ADDREF XF:bind-sig-rr-bo(10304) INFERRED ACTION: CAN-2002-1219 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Baker, Cox, Wall, Cole MODIFY(1) Frech Voter Comments: Frech> XF:bind-sig-rr-bo(10304) ====================================================== Candidate: CAN-2002-1220 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1220 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021016 Category: SF Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8 Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2 Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html Reference: CERT:CA-2002-31 Reference: URL:http://www.cert.org/advisories/CA-2002-31.html Reference: CERT-VN:VU#229595 Reference: URL:http://www.kb.cert.org/vuls/id/229595 Reference: FREEBSD:FreeBSD-SA-02:43 Reference: ENGARDE:ESA-20021114-029 Reference: SUSE:SuSE-SA:2002:044 Reference: MANDRAKE:MDKSA-2002:077 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php Reference: DEBIAN:DSA-196 Reference: URL:http://www.debian.org/security/2002/dsa-196 Reference: CALDERA:CSSA-2003-SCO.2 Reference: CIAC:N-013 Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) Reference: URL:http://online.securityfocus.com/archive/1/300019 Reference: COMPAQ:SSRT2408 Reference: URL:http://online.securityfocus.com/advisories/4999 Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2 Reference: XF:bind-opt-rr-dos(10332) Reference: URL:http://xforce.iss.net/xforce/xfdb/10332 Reference: BID:6161 Reference: URL:http://www.securityfocus.com/bid/6161 BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size. Modifications: 20040804 ADDREF XF:bind-opt-rr-dos(10332) INFERRED ACTION: CAN-2002-1220 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Baker, Cox, Wall, Cole MODIFY(1) Frech Voter Comments: Frech> XF:bind-opt-rr-dos(10332) ====================================================== Candidate: CAN-2002-1221 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021016 Category: SF Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8 Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2 Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html Reference: CERT:CA-2002-31 Reference: URL:http://www.cert.org/advisories/CA-2002-31.html Reference: CERT-VN:VU#581682 Reference: URL:http://www.kb.cert.org/vuls/id/581682 Reference: FREEBSD:FreeBSD-SA-02:43 Reference: ENGARDE:ESA-20021114-029 Reference: SUSE:SuSE-SA:2002:044 Reference: MANDRAKE:MDKSA-2002:077 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php Reference: DEBIAN:DSA-196 Reference: URL:http://www.debian.org/security/2002/dsa-196 Reference: CONECTIVA:CLA-2002:546 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546 Reference: CALDERA:CSSA-2003-SCO.2 Reference: CIAC:N-013 Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) Reference: URL:http://online.securityfocus.com/archive/1/300019 Reference: COMPAQ:SSRT2408 Reference: URL:http://online.securityfocus.com/advisories/4999 Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2 Reference: XF:bind-null-dereference-dos(10333) Reference: URL:http://xforce.iss.net/xforce/xfdb/10333 Reference: BID:6159 Reference: URL:http://www.securityfocus.com/bid/6159 BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. Modifications: 20040804 ADDREF XF:bind-null-dereference-dos(10333) 20040804 ADDREF BID:6159 INFERRED ACTION: CAN-2002-1221 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Baker, Cox, Wall, Cole MODIFY(1) Frech Voter Comments: Frech> XF:bind-null-dereference-dos(10333) ====================================================== Candidate: CAN-2002-1222 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1222 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: CISCO:20021016 Cisco CatOS Embedded HTTP Server Buffer Overflow Reference: URL:http://www.cisco.com/warp/public/707/catos-http-overflow-vuln.shtml Reference: XF:cisco-catalyst-ciscoview-bo(10382) Reference: URL:http://www.iss.net/security_center/static/10382.php Reference: BID:5976 Reference: URL:http://www.securityfocus.com/bid/5976 Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request. INFERRED ACTION: CAN-2002-1222 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Jones, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1223 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1223 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: BUGTRAQ:20021009 KDE Security Advisory: KGhostview Arbitary Code Execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0163.html Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-1.txt Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: MANDRAKE:MDKSA-2002:071 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:071 Reference: XF:gsview-dsc-ps-bo(11319) Reference: URL:http://www.iss.net/security_center/static/11319.php Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. INFERRED ACTION: CAN-2002-1223 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cox, Cole ====================================================== Candidate: CAN-2002-1224 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1224 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-2.txt Reference: REDHAT:RHSA-2002:220 Reference: BUGTRAQ:20021009 KDE Security Advisory: kpf Directory traversal Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0164.html Reference: BUGTRAQ:20021011 Security hole in kpf - KDE personal fileserver. Reference: URL:http://online.securityfocus.com/archive/1/294991 Reference: XF:kpf-icon-view-files(10347) Reference: URL:http://www.iss.net/security_center/static/10347.php Reference: BID:5951 Reference: URL:http://www.securityfocus.com/bid/5951 Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter. INFERRED ACTION: CAN-2002-1224 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong ====================================================== Candidate: CAN-2002-1227 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1227 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: DEBIAN:DSA-177 Reference: URL:http://www.debian.org/security/2002/dsa-177 Reference: XF:pam-disabled-bypass-authentication(10405) Reference: URL:http://www.iss.net/security_center/static/10405.php Reference: BID:5994 Reference: URL:http://www.securityfocus.com/bid/5994 PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users. INFERRED ACTION: CAN-2002-1227 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2002-1230 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1230 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021021 Category: SF Reference: MISC:http://getad.chat.ru/ Reference: MISC:http://www.packetstormsecurity.nl/filedesc/GetAd.c.html Reference: MS:MS02-071 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-071.asp Reference: BID:5927 Reference: URL:http://online.securityfocus.com/bid/5927 Reference: XF:win-netdde-gain-privileges(10343) Reference: URL:http://www.iss.net/security_center/static/10343.php NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation." INFERRED ACTION: CAN-2002-1230 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Wall NOOP(2) Cox, Cole Voter Comments: Green> ACKNOWLEDGED IN http://www.microsoft.com/technet/security/bulletin/ms02-071.asp ====================================================== Candidate: CAN-2002-1231 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1231 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021021 Category: SF Reference: CALDERA:CSSA-2002-SCO.41 Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.41 Reference: XF:openunix-unixware-rcp-dos(10425) Reference: URL:http://www.iss.net/security_center/static/10425.php Reference: BID:6025 Reference: URL:http://www.securityfocus.com/bid/6025 SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc. INFERRED ACTION: CAN-2002-1231 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1232 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1232 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021022 Category: SF Reference: CALDERA:CSSA-2002-054.0 Reference: CONECTIVA:CLA-2002:539 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539 Reference: DEBIAN:DSA-180 Reference: URL:http://www.debian.org/security/2002/dsa-180 Reference: HP:HPSBTL0210-074 Reference: URL:http://online.securityfocus.com/advisories/4605 Reference: MANDRAKE:MDKSA-2002:078 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php Reference: REDHAT:RHSA-2002:223 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-223.html Reference: REDHAT:RHSA-2002:224 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-224.html Reference: REDHAT:RHSA-2003:229 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-229.html Reference: BUGTRAQ:20021028 GLSA: ypserv Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103582692228894&w=2 Reference: BID:6016 Reference: URL:http://www.securityfocus.com/bid/6016 Reference: XF:ypserv-map-memory-leak(10423) Reference: URL:http://www.iss.net/security_center/static/10423.php Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:224 20040818 ADDREF REDHAT:RHSA-2003:229 INFERRED ACTION: CAN-2002-1232 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref RHSA-2002:224 ====================================================== Candidate: CAN-2002-1236 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1236 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021024 Category: SF Reference: MISC:http://www.idefense.com/advisory/10.31.02a.txt Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616324103171&w=2 Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0049.html Reference: XF:linksys-etherfast-gozila-dos(10514) Reference: URL:http://www.iss.net/security_center/static/10514.php Reference: BID:6086 Reference: URL:http://www.securityfocus.com/bid/6086 The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments. INFERRED ACTION: CAN-2002-1236 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall Voter Comments: Green> RELEASED IN DEC., 2002 IS REPORTED TO CORRECT THE PROBLEM ====================================================== Candidate: CAN-2002-1239 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1239 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: BUGTRAQ:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103679043232178&w=2 Reference: VULNWATCH:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0066.html Reference: MISC:http://www.idefense.com/advisory/11.08.02b.txt Reference: XF:qnx-rtos-gain-privileges(10564) Reference: URL:http://www.iss.net/security_center/static/10564.php Reference: BID:6146 Reference: URL:http://www.securityfocus.com/bid/6146 QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program. INFERRED ACTION: CAN-2002-1239 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall Voter Comments: Green> QNX ACKNOWNLEDGED THE ISSUE AND CORRECTED IT IN CURRENT VERSION RELEASED JAN. 2003 ====================================================== Candidate: CAN-2002-1242 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1242 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/10.31.02c.txt Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616324103171&w=2 Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html Reference: XF:phpnuke-accountmanager-sql-injection(10516) Reference: URL:http://www.iss.net/security_center/static/10516.php Reference: BID:6088 Reference: URL:http://www.securityfocus.com/bid/6088 Reference: OSVDB:6244 Reference: URL:http://www.osvdb.org/6244 SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php. Modifications: 20040818 ADDREF OSVDB:6244 INFERRED ACTION: CAN-2002-1242 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Baker, Balinsky, Cole, Armstrong NOOP(2) Cox, Wall Voter Comments: Balinsky> Vendor acknowledged problem in its fix: http://phpnuke.org/modules.php?name=News&file=article&sid=5647 ====================================================== Candidate: CAN-2002-1244 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1244 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021101 Category: SF Reference: BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103642642802889&w=2 Reference: VULNWATCH:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0057.html Reference: CONFIRM:http://www.pablovandermeer.nl/ftpserver.zip Reference: BID:6099 Reference: URL:http://www.securityfocus.com/bid/6099 Reference: XF:pablo-ftp-username-dos(10532) Reference: URL:http://www.iss.net/security_center/static/10532.php Reference: OSVDB:4996 Reference: URL:http://www.osvdb.org/4996 Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command. Modifications: 20040804 [refs] remove dupe XF:pablo-ftp-username-dos(10532) 20040818 ADDREF OSVDB:4996 INFERRED ACTION: CAN-2002-1244 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1245 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1245 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/11.06.02.txt Reference: BUGTRAQ:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103660334009855&w=2 Reference: VULNWATCH:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0062.html Reference: DEBIAN:DSA-189 Reference: URL:http://www.debian.org/security/2002/dsa-189 Reference: XF:luxman-maped-read-memory(10549) Reference: URL:http://www.iss.net/security_center/static/10549.php Reference: BID:6113 Reference: URL:http://www.securityfocus.com/bid/6113 Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program. INFERRED ACTION: CAN-2002-1245 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1248 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1248 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103642597302308&w=2 Reference: MISC:http://www.idefense.com/advisory/11.04.02b.txt Reference: XF:xeneo-php-dos(10534) Reference: URL:http://www.iss.net/security_center/static/10534.php Reference: BID:6098 Reference: URL:http://www.securityfocus.com/bid/6098 Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI. INFERRED ACTION: CAN-2002-1248 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1250 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1250 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/11.01.02.txt Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html Reference: XF:abuse-net-command-bo(10519) Reference: URL:http://www.iss.net/security_center/static/10519.php Reference: BID:6094 Reference: URL:http://www.securityfocus.com/bid/6094 Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument. INFERRED ACTION: CAN-2002-1250 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Balinsky, Wall ====================================================== Candidate: CAN-2002-1251 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1251 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: DEBIAN:DSA-186 Reference: URL:http://www.debian.org/security/2002/dsa-186 Reference: XF:log2mail-log-file-bo(10527) Reference: URL:http://www.iss.net/security_center/static/10527.php Reference: BID:6089 Reference: URL:http://www.securityfocus.com/bid/6089 Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to execute arbitrary code via a long log message. INFERRED ACTION: CAN-2002-1251 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1252 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1252 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021101 Category: SF Reference: ISS:20030120 PeopleSoft XML External Entities Vulnerability Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811 Reference: BID:6647 Reference: URL:http://www.securityfocus.com/bid/6647 Reference: XF:peoplesoft-xxe-read-files(10520) Reference: URL:http://www.iss.net/security_center/static/10520.php The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler. Modifications: 20040804 ADDREF BID:6647 INFERRED ACTION: CAN-2002-1252 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Stracener, Baker NOOP(4) Green, Cox, Wall, Cole ====================================================== Candidate: CAN-2002-1253 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1253 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/11.01.02.txt Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html Reference: XF:abuse-lisp-gain-privileges(11300) Reference: URL:http://www.iss.net/security_center/static/11300.php Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files. INFERRED ACTION: CAN-2002-1253 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Cole, Armstrong NOOP(3) Cox, Balinsky, Wall ====================================================== Candidate: CAN-2002-1255 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1255 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-067 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-067.asp Reference: XF:outlook-email-header-dos(10763) Reference: URL:http://xforce.iss.net/xforce/xfdb/10763 Reference: BID:6319 Reference: URL:http://www.securityfocus.com/bid/6319 Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail." Modifications: 20040804 ADDREF XF:outlook-email-header-dos(10763) 20040804 ADDREF BID:6319 INFERRED ACTION: CAN-2002-1255 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1256 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1256 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-070 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-070.asp Reference: XF:win-smb-policy-modification(10843) Reference: URL:http://xforce.iss.net/xforce/xfdb/10843 Reference: BID:6367 Reference: URL:http://www.securityfocus.com/bid/6367 Reference: OVAL:OVAL277 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL277.html The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller. Modifications: 20040804 ADDREF XF:win-smb-policy-modification(10843) 20040804 ADDREF BID:6367 20040824 ADDREF OVAL:OVAL277 INFERRED ACTION: CAN-2002-1256 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(2) Christey, Cox Voter Comments: Christey> XF:win-smb-policy-modification (10843) URL:http://www.iss.net/security_center/static/10843.php BID:6367 URL:http://www.securityfocus.com/bid/6367 ====================================================== Candidate: CAN-2002-1257 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1257 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp Reference: BID:6371 Reference: URL:http://www.securityfocus.com/bid/6371 Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail. Modifications: 20040804 ADDREF BID:6371 INFERRED ACTION: CAN-2002-1257 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1260 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1260 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp Reference: XF:msvm-jdbc-gain-access(10833) Reference: URL:http://xforce.iss.net/xforce/xfdb/10833 Reference: BID:6379 Reference: URL:http://www.securityfocus.com/bid/6379 The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet. Modifications: 20040804 ADDREF XF:msvm-jdbc-gain-access(10833) 20040804 ADDREF BID:6379 INFERRED ACTION: CAN-2002-1260 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1264 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1264 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: BUGTRAQ:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103643298712284&w=2 Reference: VULNWATCH:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf Reference: XF:oracle-isqlplus-userid-bo(10524) Reference: URL:http://www.iss.net/security_center/static/10524.php Reference: BID:6085 Reference: URL:http://www.securityfocus.com/bid/6085 Reference: OSVDB:4013 Reference: URL:http://www.osvdb.org/4013 Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL. Modifications: 20040818 ADDREF OSVDB:4013 INFERRED ACTION: CAN-2002-1264 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2002-1265 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1265 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CERT-VN:VU#266817 Reference: URL:http://www.kb.cert.org/vuls/id/266817 Reference: HP:HPSBUX01020 Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0800.1 Reference: SGI:20021103-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021103-01-P Reference: SUNALERT:51082 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51082 Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: BID:6103 Reference: URL:http://www.securityfocus.com/bid/6103 Reference: XF:sun-rpc-libc-dos(10539) Reference: URL:http://www.iss.net/security_center/static/10539.php The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). Modifications: 20040804 ADDREF HP:HPSBUX01020 20040804 ADDREF SUNALERT:51082 20040804 ADDREF BID:6103 INFERRED ACTION: CAN-2002-1265 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1266 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1266 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: XF:macos-disk-image-privileges(10818) Reference: URL:http://xforce.iss.net/xforce/xfdb/10818 Reference: OSVDB:7057 Reference: URL:http://www.osvdb.org/7057 Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File." Modifications: 20040804 ADDREF XF:macos-disk-image-privileges(10818) 20040818 ADDREF OSVDB:7057 INFERRED ACTION: CAN-2002-1266 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1267 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1267 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: XF:macos-cups-dos(10824) Reference: URL:http://xforce.iss.net/xforce/xfdb/10824 Reference: OSVDB:7058 Reference: URL:http://www.osvdb.org/7058 Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible." Modifications: 20040804 ADDREF XF:macos-cups-dos(10824) 20040818 ADDREF OSVDB:7058 INFERRED ACTION: CAN-2002-1267 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1268 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1268 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: XF:macos-iso9600-gain-privileges(10828) Reference: URL:http://xforce.iss.net/xforce/xfdb/10828 Reference: OSVDB:7059 Reference: URL:http://www.osvdb.org/7059 Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD." Modifications: 20040804 ADDREF XF:macos-iso9600-gain-privileges(10828) 20040818 ADDREF OSVDB:7059 INFERRED ACTION: CAN-2002-1268 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1270 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1270 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Reference: XF:macos-mach-read-files(10829) Reference: URL:http://xforce.iss.net/xforce/xfdb/10829 Reference: OSVDB:7060 Reference: URL:http://www.osvdb.org/7060 Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call. Modifications: 20040804 ADDREF XF:macos-mach-read-files(10829) 20040818 ADDREF OSVDB:7060 INFERRED ACTION: CAN-2002-1270 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1271 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1271 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021105 Category: SF Reference: DEBIAN:DSA-386 Reference: URL:http://www.debian.org/security/2003/dsa-386 Reference: MANDRAKE:MDKSA-2002:076 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php Reference: SUSE:SuSE-SA:2002:041 Reference: URL:http://www.suse.de/de/security/2002_041_perl_mailtools.html Reference: BUGTRAQ:20021106 GLSA: MailTools Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103659723101369&w=2 Reference: BUGTRAQ:20021108 [Security Announce] Re: MDKSA-2002:076 - perl-MailTools update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103679569705086&w=2 Reference: XF:mail-mailer-command-execution(10548) Reference: URL:http://www.iss.net/security_center/static/10548.php Reference: BID:6104 Reference: URL:http://www.securityfocus.com/bid/6104 The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx. Modifications: 20040804 ADDREF DEBIAN:DSA-386 INFERRED ACTION: CAN-2002-1271 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> DEBIAN:DSA-386 URL:http://www.debian.org/security/2003/dsa-386 ====================================================== Candidate: CAN-2002-1272 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1272 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021106 Category: SF Reference: CERT:CA-2002-32 Reference: URL:http://www.cert.org/advisories/CA-2002-32.html Reference: CERT-VN:VU#181721 Reference: URL:http://www.kb.cert.org/vuls/id/181721 Reference: BID:6220 Reference: URL:http://online.securityfocus.com/bid/6220 Reference: XF:alcatel-omniswitch-backdoor(10664) Reference: URL:http://xforce.iss.net/xforce/xfdb/10664 Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges. Modifications: 20040804 ADDREF XF:alcatel-omniswitch-backdoor(10664) INFERRED ACTION: CAN-2002-1272 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Cox, Wall Voter Comments: Frech> XF:alcatel-omniswitch-backdoor(10664) ====================================================== Candidate: CAN-2002-1277 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1277 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021108 Category: SF Reference: DEBIAN:DSA-190 Reference: URL:http://www.debian.org/security/2002/dsa-190 Reference: CONECTIVA:CLA-2002:548 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548 Reference: MANDRAKE:MDKSA-2002:085 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-085.php Reference: REDHAT:RHSA-2003:009 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-009.html Reference: REDHAT:RHSA-2003:043 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-043.html Reference: XF:window-maker-image-bo(10560) Reference: URL:http://www.iss.net/security_center/static/10560.php Reference: BID:6119 Reference: URL:http://www.securityfocus.com/bid/6119 Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer. INFERRED ACTION: CAN-2002-1277 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong NOOP(1) Christey Voter Comments: Christey> REDHAT:RHSA-2003:009 URL:http://www.redhat.com/support/errata/RHSA-2003-009.html ====================================================== Candidate: CAN-2002-1278 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1278 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021108 Category: CF Reference: CONECTIVA:CLA-2002:544 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000544 Reference: XF:linuxconf-sendmail-mail-relay(10554) Reference: URL:http://www.iss.net/security_center/static/10554.php Reference: BID:6118 Reference: URL:http://www.securityfocus.com/bid/6118 Reference: OSVDB:6066 Reference: URL:http://www.osvdb.org/6066 The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email. Modifications: 20040804 [desc] add "and possibly other distros" and 1.28 20040818 ADDREF OSVDB:6066 INFERRED ACTION: CAN-2002-1278 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> This is an issue that does not just affect Conectiva Linux, so perhaps remove or add "and possibly other distributions". This is fixed in Linuxconf 1.28 ====================================================== Candidate: CAN-2002-1284 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1284 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021112 Category: SF Reference: CONFIRM:http://devel-home.kde.org/~kgpg/bug.html Reference: BUGTRAQ:20021110 GLSA: kgpg Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103702926611286&w=2 Reference: XF:kgpg-wizard-empty-password(10629) Reference: URL:http://xforce.iss.net/xforce/xfdb/10629 Reference: BID:6152 Reference: URL:http://www.securityfocus.com/bid/6152 The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers to steal the keys if they can be read. Modifications: 20040804 ADDREF XF:kgpg-wizard-empty-password(10629) 20040804 ADDREF BID:6152 INFERRED ACTION: CAN-2002-1284 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1296 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1296 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021113 Category: SF Reference: BUGTRAQ:20021127 Solaris priocntl exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103842619803173&w=2 Reference: CERT-VN:VU#683673 Reference: URL:http://www.kb.cert.org/vuls/id/683673 Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/49131 Reference: BID:6262 Reference: URL:http://online.securityfocus.com/bid/6262 Reference: XF:solaris-priocntl-pcclname-modules(10717) Reference: URL:http://www.iss.net/security_center/static/10717.php Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module. INFERRED ACTION: CAN-2002-1296 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1307 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1307 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021115 Category: SF Reference: DEBIAN:DSA-199 Reference: URL:http://www.debian.org/security/2002/dsa-199 Reference: CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200210211713.g9LHDXE02256@mcguire.earlhood.com Reference: BID:6204 Reference: URL:http://online.securityfocus.com/bid/6204 Reference: XF:mhonarc-mime-header-xss(10666) Reference: URL:http://xforce.iss.net/xforce/xfdb/10666 Reference: OSVDB:7353 Reference: URL:http://www.osvdb.org/7353 Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name. Modifications: 20040804 ADDREF XF:mhonarc-mime-header-xss(10666) 20040818 ADDREF OSVDB:7353 INFERRED ACTION: CAN-2002-1307 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1308 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1308 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021115 Category: SF Reference: BUGTRAQ:20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103730181813075&w=2 Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=157646 Reference: REDHAT:RHSA-2003:162 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-162.html Reference: REDHAT:RHSA-2003:163 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-163.html Reference: XF:mozilla-netscape-jar-bo(10636) Reference: URL:http://xforce.iss.net/xforce/xfdb/10636 Reference: BID:6185 Reference: URL:http://www.securityfocus.com/bid/6185 Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:162 20040804 ADDREF REDHAT:RHSA-2003:163 20040804 ADDREF XF:mozilla-netscape-jar-bo(10636) 20040804 ADDREF BID:6185 INFERRED ACTION: CAN-2002-1308 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cox NOOP(3) Christey, Wall, Cole REVIEWING(1) Green Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Christey> REDHAT:RHSA-2003:162 URL:http://www.redhat.com/support/errata/RHSA-2003-162.html Christey> REDHAT:RHSA-2003:163 Christey> REDHAT:RHSA-2003:163 URL:http://www.redhat.com/support/errata/RHSA-2003-163.html ====================================================== Candidate: CAN-2002-1311 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1311 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021116 Category: SF Reference: DEBIAN:DSA-197 Reference: URL:http://www.debian.org/security/2002/dsa-197 Reference: BUGTRAQ:20021119 GLSA: courier Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103794021013436&w=2 Reference: XF:courier-mta-insecure-permissions(10643) Reference: URL:http://www.iss.net/security_center/static/10643.php Reference: BID:6189 Reference: URL:http://www.securityfocus.com/bid/6189 Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files. Modifications: 20040804 ADDREF BUGTRAQ:20021119 GLSA: courier 20040804 ADDREF XF:courier-mta-insecure-permissions(10643) 20040804 ADDREF BID:6189 INFERRED ACTION: CAN-2002-1311 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(2) Christey, Cox Voter Comments: Christey> BUGTRAQ:20021119 GLSA: courier URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103794021013436&w=2 XF:courier-mta-insecure-permissions(10643) URL:http://www.iss.net/security_center/static/10643.php BID:6189 URL:http://www.securityfocus.com/bid/6189 ====================================================== Candidate: CAN-2002-1313 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1313 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021118 Category: SF Reference: DEBIAN:DSA-198 Reference: URL:http://www.debian.org/security/2002/dsa-198 Reference: BID:6193 Reference: URL:http://www.securityfocus.com/bid/6193 Reference: XF:nullmailer-nonexistent-user-dos(10649) Reference: URL:http://xforce.iss.net/xforce/xfdb/10649 nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users. Modifications: 20040804 ADDREF XF:nullmailer-nonexistent-user-dos(10649) 20040804 ADDREF BID:6193 INFERRED ACTION: CAN-2002-1313 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1317 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1317 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20030317 Assigned: 20021125 Category: SF Reference: ISS:20021125 Solaris fs.auto Remote Compromise Vulnerability Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541 Reference: BUGTRAQ:20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103825150527843&w=2 Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879 Reference: SGI:20021202-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I Reference: HP:HPSBUX0212-228 Reference: URL:http://www.securityfocus.com/advisories/4988 Reference: CERT:CA-2002-34 Reference: URL:http://www.cert.org/advisories/CA-2002-34.html Reference: CERT-VN:VU#312313 Reference: URL:http://www.kb.cert.org/vuls/id/312313 Reference: CIAC:N-024 Reference: URL:http://www.ciac.org/ciac/bulletins/n-024.shtml Reference: XF:solaris-fsauto-execute-code(10375) Reference: URL:http://www.iss.net/security_center/static/10375.php Reference: BID:6241 Reference: URL:http://www.securityfocus.com/bid/6241 Reference: OVAL:OVAL149 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL149.html Reference: OVAL:OVAL152 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL152.html Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. Modifications: 20040804 ADDREF BID:6241 20040804 ADDREF CERT-VN:VU#312313 20040804 ADDREF CIAC:N-024 20040804 ADDREF HP:HPSBUX0212-228 20040824 ADDREF OVAL:OVAL149 20040824 ADDREF OVAL:OVAL152 INFERRED ACTION: CAN-2002-1317 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Baker, Frech, Wall, Cole NOOP(2) Christey, Cox Voter Comments: Christey> BID:6241 URL:http://www.securityfocus.com/bid/6241 CERT-VN:VU#312313 URL:http://www.kb.cert.org/vuls/id/312313 CIAC:N-024 URL:http://www.ciac.org/ciac/bulletins/n-024.shtml HP:HPSBUX0212-228 URL:http://www.securityfocus.com/advisories/4988 ====================================================== Candidate: CAN-2002-1318 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1318 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021125 Category: SF Reference: CONFIRM:http://us1.samba.org/samba/whatsnew/samba-2.2.7.html Reference: CONECTIVA:CLA-2002:550 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000550 Reference: DEBIAN:DSA-200 Reference: URL:http://www.debian.org/security/2002/dsa-200 Reference: HP:HPSBUX0212-230 Reference: URL:http://www.ciac.org/ciac/bulletins/n-023.shtml Reference: MANDRAKE:MDKSA-2002:081 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-081.php Reference: REDHAT:RHSA-2002:266 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-266.html Reference: SGI:20021204-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021204-01-I Reference: SUNALERT:53580 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/53580 Reference: SUSE:SuSE-SA:2002:045 Reference: URL:http://www.suse.de/de/security/2002_045_samba.html Reference: TURBO:TSLSA-2002-0080 Reference: BUGTRAQ:20021121 GLSA: samba Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103801986818076&w=2 Reference: BUGTRAQ:20021129 [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103859045302448&w=2 Reference: CERT-VN:VU#958321 Reference: URL:http://www.kb.cert.org/vuls/id/958321 Reference: XF:samba-password-change-bo(10683) Reference: URL:http://xforce.iss.net/xforce/xfdb/10683 Reference: BID:6210 Reference: URL:http://www.securityfocus.com/bid/6210 Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string. Modifications: 20040804 ADDREF XF:samba-password-change-bo(10683) 20040804 ADDREF BID:6210 20040804 ADDREF SUNALERT:53580 20040804 ADDREF CERT-VN:VU#958321 20040804 ADDREF HP:HPSBUX0212-230 INFERRED ACTION: CAN-2002-1318 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong ====================================================== Candidate: CAN-2002-1319 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1319 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021125 Category: SF Reference: BUGTRAQ:20021111 i386 Linux kernel DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103714004623587&w=2 Reference: BUGTRAQ:20021114 Re: i386 Linux kernel DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103737292709297&w=2 Reference: CONECTIVA:CLA-2002:553 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000553 Reference: REDHAT:RHSA-2002:262 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-262.html Reference: REDHAT:RHSA-2002:263 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-263.html Reference: REDHAT:RHSA-2002:264 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-264.html The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:263 INFERRED ACTION: CAN-2002-1319 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref :RHSA-2002:263 ====================================================== Candidate: CAN-2002-1320 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1320 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021125 Category: SF Reference: BUGTRAQ:20021107 Remote pine Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103668430620531&w=2 Reference: CONECTIVA:CLA-2002:551 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000551 Reference: ENGARDE:ESA-20021127-032 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html Reference: MANDRAKE:MDKSA-2002:084 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-084.php Reference: REDHAT:RHSA-2002:270 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-270.html Reference: REDHAT:RHSA-2002:271 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-271.html Reference: SUSE:SuSE-SA:2002:046 Reference: URL:http://www.suse.de/de/security/2002_046_pine.html Reference: BUGTRAQ:20021202 GLSA: pine Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103884988306241&w=2 Reference: XF:pine-from-header-dos(10555) Reference: URL:http://www.iss.net/security_center/static/10555.php Reference: BID:6120 Reference: URL:http://www.securityfocus.com/bid/6120 Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a >From header that contains a large number of quotation marks ("). Modifications: 20040804 ADDREF REDHAT:RHSA-2002:271 INFERRED ACTION: CAN-2002-1320 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox Voter Comments: Cox> Addref: RHSA-2002:271 ====================================================== Candidate: CAN-2002-1323 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021126 Category: SF Reference: CONFIRM:http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744 Reference: CONFIRM:http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5 Reference: DEBIAN:DSA-208 Reference: URL:http://www.debian.org/security/2002/dsa-208 Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005919814869&w=2 Reference: BUGTRAQ:20021219 TSLSA-2002-0087 - perl Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104033126305252&w=2 Reference: BUGTRAQ:20021220 GLSA: perl Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104040175522502&w=2 Reference: VULNWATCH:20021105 Perl Safe.pm compartment reuse vuln Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html Reference: REDHAT:RHSA-2003:256 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-256.html Reference: REDHAT:RHSA-2003:257 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-257.html Reference: SGI:20030606-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A Reference: CALDERA:CSSA-2004-007.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt Reference: SCO:SCOSA-2004.1 Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt Reference: BID:6111 Reference: URL:http://www.securityfocus.com/bid/6111 Reference: XF:safe-pm-bypass-restrictions(10574) Reference: URL:http://www.iss.net/security_center/static/10574.php Reference: OSVDB:2183 Reference: URL:http://www.osvdb.org/2183 Reference: OSVDB:3814 Reference: URL:http://www.osvdb.org/3814 Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls. Modifications: 20040804 ADDREF SGI:20030606-01-A 20040804 ADDREF REDHAT:RHSA-2003:256 20040804 ADDREF CALDERA:CSSA-2004-007.0 20040804 ADDREF SCO:SCOSA-2004.1 20040818 ADDREF REDHAT:RHSA-2003:257 20040818 ADDREF OSVDB:2183 20040818 ADDREF OSVDB:3814 INFERRED ACTION: CAN-2002-1323 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Cox, Cole, Armstrong NOOP(1) Christey Voter Comments: Green> ACKNOWLEDGED BY PERL.ORG Christey> SGI:20030606-01-A URL:ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A Christey> REDHAT:RHSA-2003:256 Christey> CALDERA:CSSA-2004-007.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt Christey> SCO:SCOSA-2004.1 URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt ====================================================== Candidate: CAN-2002-1325 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1325 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20030317 Assigned: 20021126 Category: SF Reference: MS:MS02-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp Reference: BID:6380 Reference: URL:http://online.securityfocus.com/bid/6380 Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability." INFERRED ACTION: CAN-2002-1325 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Wall NOOP(2) Cox, Cole ====================================================== Candidate: CAN-2002-1327 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1327 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021126 Category: SF Reference: BUGTRAQ:20021219 Foundstone Research Labs Advisory - Exploitable Windows XP Media Files Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104025849109384&w=2 Reference: MS:MS02-072 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-072.asp Reference: CERT:CA-2002-37 Reference: URL:http://www.cert.org/advisories/CA-2002-37.html Reference: CERT-VN:VU#591890 Reference: URL:http://www.kb.cert.org/vuls/id/591890 Reference: XF:winxp-windows-shell-bo(10892) Reference: URL:http://xforce.iss.net/xforce/xfdb/10892 Reference: BID:6427 Reference: URL:http://www.securityfocus.com/bid/6427 Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise." Modifications: 20040804 ADDREF XF:winxp-windows-shell-bo(10892) 20040804 ADDREF BID:6427 INFERRED ACTION: CAN-2002-1327 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Wall, Cole MODIFY(1) Frech NOOP(1) Cox Voter Comments: Frech> XF:winxp-windows-shell-bo(10892) ====================================================== Candidate: CAN-2002-1336 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1336 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021202 Category: SF Reference: BUGTRAQ:20020724 VNC authentication weakness Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102753170201524&w=2 Reference: BUGTRAQ:20020726 RE: VNC authentication weakness Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102769183913594&w=2 Reference: CONFIRM:http://www.tightvnc.com/WhatsNew.txt Reference: CONECTIVA:CLA-2003:640 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640 Reference: MANDRAKE:MDKSA-2003:022 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022 Reference: REDHAT:RHSA-2002:287 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-287.html Reference: REDHAT:RHSA-2003:041 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-041.html Reference: BID:5296 Reference: URL:http://online.securityfocus.com/bid/5296 Reference: XF:vnc-weak-authentication(5992) Reference: URL:http://xforce.iss.net/xforce/xfdb/5992 TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users. Modifications: 20040804 ADDREF REDHAT:RHSA-2002:287 20040804 ADDREF REDHAT:RHSA-2003:041 20040804 ADDREF CONECTIVA:CLA-2003:640 20040804 ADDREF XF:vnc-weak-authentication(5992) INFERRED ACTION: CAN-2002-1336 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: RHSA-2002:287 Addref: RHSA-2003:041 Christey> CONECTIVA:CLA-2003:640 ====================================================== Candidate: CAN-2002-1337 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021203 Category: SF Reference: ISS:20030303 Remote Sendmail Header Processing Vulnerability Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 Reference: CONFIRM:http://www.sendmail.org/8.12.8.html Reference: BUGTRAQ:20030303 sendmail 8.12.8 available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104673778105192&w=2 Reference: BUGTRAQ:20030304 [LSD] Technical analysis of the remote sendmail vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678739608479&w=2 Reference: CERT:CA-2003-07 Reference: URL:http://www.cert.org/advisories/CA-2003-07.html Reference: FREEBSD:FreeBSD-SA-03:04 Reference: REDHAT:RHSA-2003:073 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-073.html Reference: REDHAT:RHSA-2003:074 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-074.html Reference: REDHAT:RHSA-2003:227 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-227.html Reference: SGI:20030301-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P Reference: AIXAPAR:IY40500 Reference: AIXAPAR:IY40501 Reference: AIXAPAR:IY40502 Reference: SUSE:SuSE-SA:2003:013 Reference: MANDRAKE:MDKSA-2003:028 Reference: NETBSD:NetBSD-SA2003-002 Reference: CONECTIVA:CLA-2003:571 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 Reference: DEBIAN:DSA-257 Reference: URL:http://www.debian.org/security/2003/dsa-257 Reference: HP:HPSBUX0302-246 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104679411316818&w=2 Reference: CALDERA:CSSA-2003-SCO.6 Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 Reference: CALDERA:CSSA-2003-SCO.5 Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 Reference: BUGTRAQ:20030304 GLSA: sendmail (200303-4) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678862409849&w=2 Reference: BUGTRAQ:20030303 Fwd: APPLE-SA-2003-03-03 sendmail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678862109841&w=2 Reference: CERT-VN:VU#398025 Reference: URL:http://www.kb.cert.org/vuls/id/398025 Reference: BID:6991 Reference: URL:http://www.securityfocus.com/bid/6991 Reference: XF:sendmail-header-processing-bo(10748) Reference: URL:http://www.iss.net/security_center/static/10748.php Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:074 20040804 ADDREF BID:6991 20040818 ADDREF REDHAT:RHSA-2003:227 INFERRED ACTION: CAN-2002-1337 FINAL (Final Decision 20040901) Current Votes: ACCEPT(5) Baker, Bollinger, Frech, Wall, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2003:074 ====================================================== Candidate: CAN-2002-1348 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1348 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021210 Category: SF Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=126233 Reference: DEBIAN:DSA-249 Reference: URL:http://www.debian.org/security/2003/dsa-249 Reference: DEBIAN:DSA-250 Reference: URL:http://www.debian.org/security/2003/dsa-250 Reference: DEBIAN:DSA-251 Reference: URL:http://www.debian.org/security/2003/dsa-251 Reference: REDHAT:RHSA-2003:044 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-044.html Reference: REDHAT:RHSA-2003:045 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-045.html Reference: BUGTRAQ:20030217 GLSA: w3m Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104552193927323&w=2 Reference: BID:6794 Reference: URL:http://www.securityfocus.com/bid/6794 Reference: XF:w3m-img-alt-xss(11266) Reference: URL:http://www.iss.net/security_center/static/11266.php w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:045 20040804 ADDREF BID:6794 20040804 ADDREF DEBIAN:DSA-250 20040804 ADDREF DEBIAN:DSA-251 20040818 ADDREF DEBIAN:DSA-249 INFERRED ACTION: CAN-2002-1348 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2003:045 ====================================================== Candidate: CAN-2002-1349 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1349 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021210 Category: SF Reference: BUGTRAQ:20021210 Unchecked buffer in PC-cillin Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103953822705917&w=2 Reference: MISC:http://www.texonet.com/advisories/TEXONET-20021210.txt Reference: CONFIRM:http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982 Reference: CERT-VN:VU#157961 Reference: URL:http://www.kb.cert.org/vuls/id/157961 Reference: BID:6350 Reference: URL:http://www.securityfocus.com/bid/6350 Reference: XF:pccillin-pop3trap-bo(10814) Reference: URL:http://xforce.iss.net/xforce/xfdb/10814 Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3). Modifications: 20040804 ADDREF XF:pccillin-pop3trap-bo(10814) 20040804 ADDREF CERT-VN:VU#157961 20040804 ADDREF BID:6350 INFERRED ACTION: CAN-2002-1349 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1350 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1350 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021213 Category: SF Reference: DEBIAN:DSA-206 Reference: URL:http://www.debian.org/security/2002/dsa-206 Reference: MANDRAKE:MDKSA-2003:027 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027 Reference: REDHAT:RHSA-2003:032 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html Reference: REDHAT:RHSA-2003:033 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-033.html Reference: REDHAT:RHSA-2003:214 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html Reference: BUGTRAQ:20021219 TSLSA-2002-0084 - tcpdump Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032975103398&w=2 Reference: MLIST:[tcpdump-workers] 20011015 Bug in print-bgp.c? Reference: URL:http://www.tcpdump.org/lists/workers/2001/10/msg00101.html Reference: BID:6213 Reference: URL:http://www.securityfocus.com/bid/6213 Reference: XF:tcpdump-sizeof-memory-corruption(10695) Reference: URL:http://xforce.iss.net/xforce/xfdb/10695 The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash). Modifications: 20040804 [desc] fix affected versions 20040804 ADDREF REDHAT:RHSA-2003:032 20040804 ADDREF REDHAT:RHSA-2003:033 20040804 ADDREF MANDRAKE:MDKSA-2003:027 20040804 ADDREF MLIST:[tcpdump-workers] 20011015 Bug in print-bgp.c? 20040804 ADDREF XF:tcpdump-sizeof-memory-corruption(10695) 20040804 ADDREF BID:6213 20040818 ADDREF REDHAT:RHSA-2003:214 INFERRED ACTION: CAN-2002-1350 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Note that the -2.2 implies a Debian package version where they have backported a security fix to their 3.6.2-2.2 packages. Upstream tcpdump 3.6.* was vulnerable to this issue, it was fixed in 3.7 Addref: RHSA-2003:033 Christey> REDHAT:RHSA-2003:032 URL:http://www.redhat.com/support/errata/RHSA-2003-032.html Christey> MANDRAKE:MDKSA-2003:027 (as suggested by Vincent Danen of Mandrake) Cox> ADDREF: http://www.tcpdump.org/lists/workers/2001/10/msg00101.html This issue is a safety check that is triggered because of a bug; therefore this is soley a Denial of Service vulnerability and would not be able to result in arbitrary code execution. ====================================================== Candidate: CAN-2002-1361 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1361 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040804 Proposed: 20030317 Assigned: 20021214 Category: SF Reference: BUGTRAQ:20021205 Cobalt RaQ4 Remote root exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103912513522807&w=2 Reference: SUNALERT:49377 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/49377 Reference: CERT:CA-2002-35 Reference: URL:http://www.cert.org/advisories/CA-2002-35.html Reference: CERT-VN:VU#810921 Reference: URL:http://www.kb.cert.org/vuls/id/810921 Reference: CIAC:N-025 Reference: URL:http://www.ciac.org/ciac/bulletins/n-025.shtml Reference: BID:6326 Reference: URL:http://www.securityfocus.com/bid/6326 Reference: XF:cobalt-shp-overflow-privileges(10776) Reference: URL:http://xforce.iss.net/xforce/xfdb/10776 overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter. Modifications: 20040804 ADDREF XF:cobalt-shp-overflow-privileges(10776) 20040804 ADDREF BID:6326 20040804 ADDREF CIAC:N-025 20040804 [refs] normalize SUNALERT INFERRED ACTION: CAN-2002-1361 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Cox, Wall Voter Comments: Frech> XF:cobalt-shp-overflow-privileges(10776) ====================================================== Candidate: CAN-2002-1362 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1362 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021214 Category: SF Reference: DEBIAN:DSA-211 Reference: URL:http://www.debian.org/security/2002/dsa-211 Reference: REDHAT:RHSA-2003:118 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-118.html Reference: XF:micq-0xfe-dos(10872) Reference: URL:http://xforce.iss.net/xforce/xfdb/10872 Reference: BID:6392 Reference: URL:http://www.securityfocus.com/bid/6392 mICQ 0.4.9 and earlier allows remote attackers to cause a denial of service (crash) via malformed ICQ message types without a 0xFE separator character. Modifications: 20040804 ADDREF REDHAT:RHSA-2003:118 20040804 ADDREF XF:micq-0xfe-dos(10872) 20040804 ADDREF BID:6392 INFERRED ACTION: CAN-2002-1362 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Christey> REDHAT:RHSA-2003:118 ====================================================== Candidate: CAN-2002-1363 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021214 Category: SF Reference: DEBIAN:DSA-213 Reference: URL:http://www.debian.org/security/2002/dsa-213 Reference: MANDRAKE:MDKSA-2004:063 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063 Reference: REDHAT:RHSA-2003:006 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-006.html Reference: REDHAT:RHSA-2003:007 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-007.html Reference: REDHAT:RHSA-2003:119 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-119.html Reference: REDHAT:RHSA-2003:157 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-157.html Reference: REDHAT:RHSA-2004:249 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-249.html Reference: REDHAT:RHSA-2004:402 Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-402.html Reference: SUSE:SUSE-SA:2003:0004 Reference: URL:http://www.suse.com/de/security/2003_004_libpng.html Reference: XF:libpng-file-offset-bo(10925) Reference: URL:http://xforce.iss.net/xforce/xfdb/10925 Reference: BID:6431 Reference: URL:http://www.securityfocus.com/bid/6431 Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers. Modifications: 20040810 desc - modify affected versions 20040810 ADDREF GENTOO:GLSA-200407-06 20040810 ADDREF MANDRAKE:MDKSA-2004:063 20040810 ADDREF REDHAT:RHSA-2003:007 20040810 ADDREF REDHAT:RHSA-2003:119 20040810 ADDREF REDHAT:RHSA-2004:249 20040810 ADDREF XF:libpng-file-offset-bo(10925) 20040810 ADDREF BID:6431 20040818 ADDREF REDHAT:RHSA-2003:157 20040818 ADDREF REDHAT:RHSA-2004:402 INFERRED ACTION: CAN-2002-1363 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: REDHAT:RHSA-2003:007 Cox> ADDREF REDHAT:RHSA-2003:119 Cox> There is only one upstream version of libpng, and so the description should be "Portable Network Graphics (PNG) libraries libpng 1.2.5 and earlier does not correctly calculate offsets" Christey> REDHAT:RHSA-2004:249 URL:http://www.redhat.com/support/errata/RHSA-2004-249.html Christey> MANDRAKE:MDKSA-2004:063 URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063 Christey> GENTOO:GLSA-200407-06 URL:http://www.gentoo.org/security/en/glsa/glsa-200407-06.xml Christey> Consider REDHAT:RHSA-2004:402, although that advisory may in fact be addressing a variant. Christey> APPLE:APPLE-SA-2004-09-09 URL:http://lists.apple.com/mhonarc/security-announce/msg00056.html ====================================================== Candidate: CAN-2002-1364 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1364 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: DEBIAN:DSA-254 Reference: URL:http://www.debian.org/security/2003/dsa-254 Reference: SUSE:SuSE-SA:2002:043 Reference: URL:http://www.suse.de/de/security/2002_043_traceroute_nanog_nkitb.html Reference: BUGTRAQ:20021129 Exploit for traceroute-nanog overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103858895600963&w=2 Reference: BID:6166 Reference: URL:http://www.securityfocus.com/bid/6166 Reference: XF:traceroute-nanog-getorigin-bo(10778) Reference: URL:http://xforce.iss.net/xforce/xfdb/10778 Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses. Modifications: 20040810 ADDREF XF:traceroute-nanog-getorigin-bo(10778) 20040818 ADDREF DEBIAN:DSA-254 INFERRED ACTION: CAN-2002-1364 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cole, Armstrong NOOP(1) Cox ====================================================== Candidate: CAN-2002-1365 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1365 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021213 Advisory 05/2002: Another Fetchmail Remote Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103979751818638&w=2 Reference: MISC:http://security.e-matters.de/advisories/052002.html Reference: BUGTRAQ:20021215 GLSA: fetchmail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004858802000&w=2 Reference: CALDERA:CSSA-2003-001.0 Reference: CONECTIVA:CLA-2002:554 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000554 Reference: DEBIAN:DSA-216 Reference: URL:http://www.debian.org/security/2002/dsa-216 Reference: ENGARDE:ESA-20030127-002 Reference: IMMUNIX:IMNX-2003-7+-023-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106674887826149&w=2 Reference: MANDRAKE:MDKSA-2003:011 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:011 Reference: REDHAT:RHSA-2002:293 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-293.html Reference: REDHAT:RHSA-2002:294 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-294.html Reference: REDHAT:RHSA-2003:155 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-155.html Reference: SUSE:SuSE-SA:2003:001 Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses. Modifications: 20040810 ADDREF REDHAT:RHSA-2002:294 20040810 ADDREF IMMUNIX:IMNX-2003-7+-023-01 20040818 ADDREF REDHAT:RHSA-2003:155 20040818 ADDREF DEBIAN:DSA-216 INFERRED ACTION: CAN-2002-1365 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: REDHAT:RHSA-2002:294 Christey> BUGTRAQ:20031020 Immunix Secured OS 7+ fetchmail update URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106674887826149&w=2 ====================================================== Candidate: CAN-2002-1366 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1366 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: SUSE:SuSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: XF:cups-certs-race-condition(10907) Reference: URL:http://xforce.iss.net/xforce/xfdb/10907 Reference: BID:6435 Reference: URL:http://www.securityfocus.com/bid/6435 Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream. Modifications: 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF SUSE:SuSE-SA:2003:002 20040810 ADDREF XF:cups-certs-race-condition(10907) 20040810 ADDREF BID:6435 INFERRED ACTION: CAN-2002-1366 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Cox> Is it usual to name some arbitrary exploit in CVE descriptions? Christey> MANDRAKE:MDKSA-2003:001 Christey> CVE rarely mentions exploits or other malware by name, except where a vulnerability is often referred to by that exploit name, or if there is some evidence that it would be used in a keyword search. This makes it easier for people to be certain that they have found the correct CVE identifier for a particular issue. In this case, there was a large number of CUPS vulnerabilities reported all at once, so the "ice-cream" keyword would be useful to clarify which bug is being discussed. ====================================================== Candidate: CAN-2002-1367 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1367 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt Reference: CONECTIVA:CLSA-2003:702 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: SUSE:SuSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: XF:cups-udp-add-printers(10908) Reference: URL:http://xforce.iss.net/xforce/xfdb/10908 Reference: BID:6436 Reference: URL:http://www.securityfocus.com/bid/6436 Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke. Modifications: 20040810 ADDREF CONECTIVA:CLSA-2003:702 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF SUSE:SuSE-SA:2003:002 20040810 ADDREF XF:cups-udp-add-printers(10908) 20040810 ADDREF BID:6436 INFERRED ACTION: CAN-2002-1367 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Cox> Is it usual to name some arbitrary exploit in CVE descriptions? Christey> MANDRAKE:MDKSA-2003:001 ====================================================== Candidate: CAN-2002-1369 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1369 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt Reference: CONECTIVA:CLSA-2003:702 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: SUSE:SuSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: BID:6438 Reference: URL:http://www.securityfocus.com/bid/6438 Reference: XF:cups-strncat-options-bo(10910) Reference: URL:http://xforce.iss.net/xforce/xfdb/10910 jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack. Modifications: 20040810 ADDREF CONECTIVA:CLSA-2003:702 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF SUSE:SuSE-SA:2003:002 20040810 ADDREF BID:6438 20040810 ADDREF XF:cups-strncat-options-bo(10910) INFERRED ACTION: CAN-2002-1369 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Christey> MANDRAKE:MDKSA-2003:001 ====================================================== Candidate: CAN-2002-1371 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1371 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt Reference: CONECTIVA:CLSA-2003:702 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: SUSE:SuSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: BID:6439 Reference: URL:http://www.securityfocus.com/bid/6439 Reference: XF:cups-zero-width-images(10911) Reference: URL:http://xforce.iss.net/xforce/xfdb/10911 filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif. Modifications: 20040810 ADDREF CONECTIVA:CLSA-2003:702 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF SUSE:SuSE-SA:2003:002 20040810 ADDREF BID:6439 20040810 ADDREF XF:cups-zero-width-images(10911) INFERRED ACTION: CAN-2002-1371 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Cox> Is it usual to name some arbitrary exploit in CVE descriptions? Christey> MANDRAKE:MDKSA-2003:001 ====================================================== Candidate: CAN-2002-1372 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1372 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2 Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt Reference: CONECTIVA:CLSA-2003:702 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702 Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: SUSE:SuSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: BID:6440 Reference: URL:http://www.securityfocus.com/bid/6440 Reference: XF:cups-file-descriptor-dos(10912) Reference: URL:http://xforce.iss.net/xforce/xfdb/10912 Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta. Modifications: 20040810 ADDREF CONECTIVA:CLSA-2003:702 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF SUSE:SuSE-SA:2003:002 20040810 ADDREF BID:6440 20040810 ADDREF XF:cups-file-descriptor-dos(10912) INFERRED ACTION: CAN-2002-1372 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Cox, Cole NOOP(1) Christey Voter Comments: Cox> Is it usual to name some arbitrary exploit in CVE descriptions? Christey> MANDRAKE:MDKSA-2003:001 ====================================================== Candidate: CAN-2002-1373 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1373 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2 Reference: MISC:http://security.e-matters.de/advisories/042002.html Reference: DEBIAN:DSA-212 Reference: URL:http://www.debian.org/security/2002/dsa-212 Reference: ENGARDE:ESA-20030127-001 Reference: GENTOO:200212-2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2 Reference: IMMUNIX:IMNX-2003-7+-008-01 Reference: URL:http://www.securityfocus.com/advisories/5269 Reference: REDHAT:RHSA-2002:288 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html Reference: REDHAT:RHSA-2002:289 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-289.html Reference: REDHAT:RHSA-2003:166 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html Reference: SUSE:SUSE-SA:2003:003 Reference: URL:http://www.suse.com/de/security/2003_003_mysql.html Reference: TRUSTIX:2002-0086 Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt Reference: BID:6368 Reference: URL:http://www.securityfocus.com/bid/6368 Reference: XF:mysql-comtabledump-dos(10846) Reference: URL:http://xforce.iss.net/xforce/xfdb/10846 Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. Modifications: 20040810 ADDREF DEBIAN:DSA-212 20040810 ADDREF IMMUNIX:IMNX-2003-7+-008-01 20040810 ADDREF MANDRAKE:MDKSA-2002:087 20040810 ADDREF SUSE:SUSE-SA:2003:003 20040810 ADDREF REDHAT:RHSA-2002:289 20040810 ADDREF BID:6368 20040810 ADDREF XF:mysql-comtabledump-dos(10846) 20040810 [ref] normalize TRUSTIX 20040810 [ref] normalize GENTOO 20040818 ADDREF REDHAT:RHSA-2003:166 INFERRED ACTION: CAN-2002-1373 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2002:289 ====================================================== Candidate: CAN-2002-1374 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1374 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2 Reference: MISC:http://security.e-matters.de/advisories/042002.html Reference: DEBIAN:DSA-212 Reference: URL:http://www.debian.org/security/2002/dsa-212 Reference: ENGARDE:ESA-20021213-033 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html Reference: GENTOO:GLSA-200212-2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2 Reference: IMMUNIX:IMNX-2003-7+-008-01 Reference: URL:http://www.securityfocus.com/advisories/5269 Reference: REDHAT:RHSA-2002:288 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html Reference: REDHAT:RHSA-2002:289 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-289.html Reference: REDHAT:RHSA-2003:166 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html Reference: SUSE:SUSE-SA:2003:003 Reference: URL:http://www.suse.com/de/security/2003_003_mysql.html Reference: TRUSTIX:2002-0086 Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005886114500&w=2 Reference: BID:6373 Reference: URL:http://www.securityfocus.com/bid/6373 Reference: XF:mysql-comchangeuser-password-bypass(10847) Reference: URL:http://xforce.iss.net/xforce/xfdb/10847 The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. Modifications: 20040810 ADDREF DEBIAN:DSA-212 20040810 ADDREF IMMUNIX:IMNX-2003-7+-008-01 20040810 ADDREF MANDRAKE:MDKSA-2002:087 20040810 ADDREF SUSE:SUSE-SA:2003:003 20040810 ADDREF REDHAT:RHSA-2002:289 20040810 ADDREF BID:6373 20040810 ADDREF XF:mysql-comchangeuser-password-bypass(10847) 20040810 [ref] normalize TRUSTIX 20040810 [ref] normalize GENTOO 20040818 ADDREF REDHAT:RHSA-2003:166 INFERRED ACTION: CAN-2002-1374 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2002:289 Green> ACKNOWLEDGED IN THE RED HAT ERRATA ====================================================== Candidate: CAN-2002-1375 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1375 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2 Reference: MISC:http://security.e-matters.de/advisories/042002.html Reference: DEBIAN:DSA-212 Reference: URL:http://www.debian.org/security/2002/dsa-212 Reference: ENGARDE:ESA-20021213-033 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html Reference: GENTOO:GLSA-200212-2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2 Reference: IMMUNIX:IMNX-2003-7+-008-01 Reference: URL:http://www.securityfocus.com/advisories/5269 Reference: REDHAT:RHSA-2002:288 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html Reference: REDHAT:RHSA-2002:289 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-289.html Reference: REDHAT:RHSA-2003:166 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html Reference: SUSE:SUSE-SA:2003:003 Reference: URL:http://www.suse.com/de/security/2003_003_mysql.html Reference: TRUSTIX:2002-0086 Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005886114500&w=2 Reference: BID:6375 Reference: URL:http://www.securityfocus.com/bid/6375 Reference: XF:mysql-comchangeuser-password-bo(10848) Reference: URL:http://xforce.iss.net/xforce/xfdb/10848 The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. Modifications: 20040810 ADDREF DEBIAN:DSA-212 20040810 ADDREF IMMUNIX:IMNX-2003-7+-008-01 20040810 ADDREF MANDRAKE:MDKSA-2002:087 20040810 ADDREF SUSE:SUSE-SA:2003:003 20040810 ADDREF REDHAT:RHSA-2002:289 20040810 ADDREF BID:6375 20040810 ADDREF XF:mysql-comchangeuser-password-bo(10848) 20040810 [ref] normalize TRUSTIX 20040810 [ref] normalize GENTOO 20040818 ADDREF REDHAT:RHSA-2003:166 INFERRED ACTION: CAN-2002-1375 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox Voter Comments: Cox> Addref: REDHAT:RHSA-2002:289 Green> ACKNOWLEDGED IN THE RED HAT ERRATA ====================================================== Candidate: CAN-2002-1377 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1377 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: FULLDISC:20021213 Some vim problems, yet still vim much better than windows Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2002-December/002948.html Reference: MISC:http://www.guninski.com/vim1.html Reference: BUGTRAQ:20040331 OpenLinux: vim arbitrary commands execution through modelines Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108077992208690&w=2 Reference: CONECTIVA:CLA-2004:812 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812 Reference: MANDRAKE:MDKSA-2003:012 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:012 Reference: REDHAT:RHSA-2002:297 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-297.html Reference: REDHAT:RHSA-2002:302 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-302.html Reference: SUNALERT:55700 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55700 Reference: BID:6384 Reference: URL:http://www.securityfocus.com/bid/6384 Reference: XF:vim-modeline-command-execution(10835) Reference: URL:http://xforce.iss.net/xforce/xfdb/10835 vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. Modifications: 20040810 ADDREF CONECTIVA:CLA-2004:812 20040810 ADDREF SUNALERT:55700 20040810 ADDREF BID:6384 20040810 ADDREF XF:vim-modeline-command-execution(10835) 20040810 ADDREF BUGTRAQ:20040331 OpenLinux: vim arbitrary commands execution through modelines 20040810 [refs] normalize FULLDISC 20040810 [desc] clarify 20040818 ADDREF REDHAT:RHSA-2002:302 INFERRED ACTION: CAN-2002-1377 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> The mention of mutt in the original advisory is used to give one indication of a possible attack vector. It should be 'but may be executed when vim is used to edit a malicious file' Addref: REDHAT:RHSA-2002:302 Green> ACKNOWLEDGED IN REDHAT ERRATA Christey> CONECTIVA:CLA-2004:812 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812 Christey> BUGTRAQ:20040331 OpenLinux: vim arbitrary commands execution through modelines URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108077992208690&w=2 ====================================================== Candidate: CAN-2002-1380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1380 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: VULNWATCH:20021217 RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability Reference: DEBIAN:DSA-336 Reference: URL:http://www.debian.org/security/2003/dsa-336 Reference: ENGARDE:ESA-20030318-009 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html Reference: MANDRAKE:MDKSA-2003:039 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:039 Reference: REDHAT:RHSA-2003:088 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-088.html Reference: TRUSTIX:2002-0083 Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0083-kernel.asc.txt Reference: BID:6420 Reference: URL:http://www.securityfocus.com/bid/6420 Reference: XF:linux-protread-mmap-dos(10884) Reference: URL:http://xforce.iss.net/xforce/xfdb/10884 Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. Modifications: 20040810 ADDREF DEBIAN:DSA-336 20040810 ADDREF ENGARDE:ESA-20030318-009 20040810 ADDREF MANDRAKE:MDKSA-2003:039 20040810 ADDREF REDHAT:RHSA-2003:088 20040810 ADDREF BID:6420 20040810 ADDREF XF:linux-protread-mmap-dos(10884) 20040810 [refs] normalize TRUSTIX INFERRED ACTION: CAN-2002-1380 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Baker MODIFY(1) Cox NOOP(2) Christey, Cole REVIEWING(2) Green, Wall Voter Comments: Christey> ENGARDE:ESA-20030318-009 URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html CHANGE> [Cox changed vote from ACCEPT to MODIFY] Cox> Addref: RHSA-2003:088 Christey> MANDRAKE:MDKSA-2003:039 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:039 Christey> DEBIAN:DSA-336 URL:http://www.debian.org/security/2003/dsa-336 ====================================================== Candidate: CAN-2002-1381 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1381 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021204 Local root vulnerability found in exim 4.x (and 3.x) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103903403527788&w=2 Reference: CONFIRM:http://groups.yahoo.com/group/exim-users/message/42358 Reference: GENTOO:GLSA-200212-5 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104006219018664&w=2 Reference: BID:6314 Reference: URL:http://www.securityfocus.com/bid/6314 Reference: XF:exim-daemonc-format-string(10761) Reference: URL:http://xforce.iss.net/xforce/xfdb/10761 Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value. Modifications: 20040810 ADDREF BID:6314 20040810 ADDREF XF:exim-daemonc-format-string(10761) 20040810 [refs] normalize GENTOO INFERRED ACTION: CAN-2002-1381 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Cox, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2002-1382 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1382 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021217 Category: SF Reference: BUGTRAQ:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104014220727109&w=2 Reference: VULNWATCH:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2 Reference: URL:http://marc.theaimsgroup.com/?l=vulnwatch&m=104013370116670 Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23569 Reference: BID:6383 Reference: URL:http://www.securityfocus.com/bid/6383 Reference: XF:flash-swf-bo(10861) Reference: URL:http://xforce.iss.net/xforce/xfdb/10861 Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846. Modifications: 20040810 ADDREF BID:6383 20040810 ADDREF XF:flash-swf-bo(10861) INFERRED ACTION: CAN-2002-1382 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Wall, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1384 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1384 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20021218 Category: SF Reference: VULNWATCH:20021223 iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops Reference: MISC:http://www.idefense.com/advisory/12.23.02.txt Reference: DEBIAN:DSA-222 Reference: URL:http://www.debian.org/security/2003/dsa-222 Reference: DEBIAN:DSA-226 Reference: URL:http://www.debian.org/security/2003/dsa-226 Reference: DEBIAN:DSA-232 Reference: URL:http://www.debian.org/security/2003/dsa-232 Reference: GENTOO:GLSA-200301-1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104152282309980&w=2 Reference: MANDRAKE:MDKSA-2003:001 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001 Reference: MANDRAKE:MDKSA-2003:002 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:002 Reference: REDHAT:RHSA-2002:295 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html Reference: REDHAT:RHSA-2002:307 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-307.html Reference: REDHAT:RHSA-2003:037 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-037.html Reference: REDHAT:RHSA-2003:216 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-216.html Reference: SUSE:SUSE-SA:2003:002 Reference: URL:http://www.suse.com/de/security/2003_002_cups.html Reference: BID:6475 Reference: URL:http://www.securityfocus.com/bid/6475 Reference: XF:pdftops-integer-overflow(10937) Reference: URL:http://xforce.iss.net/xforce/xfdb/10937 Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf. Modifications: 20040810 ADDREF DEBIAN:DSA-232 20040810 ADDREF MANDRAKE:MDKSA-2003:001 20040810 ADDREF MANDRAKE:MDKSA-2003:002 20040810 ADDREF REDHAT:RHSA-2002:307 20040810 ADDREF SUSE:SUSE-SA:2003:002 20040810 ADDREF XF:pdftops-integer-overflow(10937) 20040810 ADDREF BID:6475 20040810 [refs] normalize GENTOO 20040818 ADDREF REDHAT:RHSA-2003:216 INFERRED ACTION: CAN-2002-1384 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Cole MODIFY(1) Cox NOOP(1) Christey Voter Comments: Cox> Addref: REDHAT:RHSA-2002:307 Christey> MANDRAKE:MDKSA-2003:001 MANDRAKE:MDKSA-2003:002 ====================================================== Candidate: CAN-2002-1385 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1385 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021219 Category: SF Reference: BUGTRAQ:20021218 Openwebmail 1.71 remote root compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104031696120743&w=2 Reference: BUGTRAQ:20021219 [Fix] Openwebmail 1.71 remote root compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032263328026&w=2 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435 Reference: BID:6425 Reference: URL:http://www.securityfocus.com/bid/6425 Reference: XF:open-webmail-command-execution(10904) Reference: URL:http://xforce.iss.net/xforce/xfdb/10904 openwebmail_init in Open WebMail 1.81 and earlier allows local users attackers to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed. Modifications: 20040810 ADDREF BID:6425 20040810 ADDREF XF:open-webmail-command-execution(10904) INFERRED ACTION: CAN-2002-1385 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Cox, Wall ====================================================== Candidate: CAN-2002-1388 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1388 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021230 Category: SF Reference: CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200212220120.gBM1K8502180@mcguire.earlhood.com Reference: DEBIAN:DSA-221 Reference: URL:http://www.debian.org/security/2002/dsa-221 Reference: XF:mhonarc-m2htexthtml-filter-xss(10950) Reference: URL:http://xforce.iss.net/xforce/xfdb/10950 Reference: BID:6479 Reference: URL:http://www.securityfocus.com/bid/6479 Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages. Modifications: 20040810 ADDREF XF:mhonarc-m2htexthtml-filter-xss(10950) 20040810 ADDREF BID:6479 INFERRED ACTION: CAN-2002-1388 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1389 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1389 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20021230 Category: SF Reference: DEBIAN:DSA-217 Reference: URL:http://www.debian.org/security/2002/dsa-217 Reference: BID:6485 Reference: URL:http://www.securityfocus.com/bid/6485 Reference: XF:typespeed-command-line-bo(10936) Reference: URL:http://xforce.iss.net/xforce/xfdb/10936 Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input. Modifications: 20040810 BID:6485 20040810 XF:typespeed-command-line-bo(10936) INFERRED ACTION: CAN-2002-1389 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Cole NOOP(1) Cox ====================================================== Candidate: CAN-2002-1390 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1390 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20030106 Category: SF Reference: CONFIRM:http://cristal.inria.fr/~ddr/GeneWeb/en/version/4.09.html Reference: DEBIAN:DSA-223 Reference: URL:http://www.debian.org/security/2003/dsa-223 Reference: BID:6549 Reference: URL:http://www.securityfocus.com/bid/6549 Reference: XF:geneweb-absolute-information-disclosure(11021) Reference: URL:http://xforce.iss.net/xforce/xfdb/11021 The daemon for GeneWeb before 4.09 does not properly handle requested paths, which allows remote attackers to read arbitrary files via a crafted URL. Modifications: 20040810 ADDREF BID:6549 20040810 ADDREF XF:geneweb-absolute-information-disclosure(11021) INFERRED ACTION: CAN-2002-1390 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Cole NOOP(2) Christey, Cox Voter Comments: Christey> BID:6549 URL:http://www.securityfocus.com/bid/6549 XF:geneweb-absolute-information-disclosure(11021) URL:http://www.iss.net/security_center/static/11021.php ====================================================== Candidate: CAN-2002-1391 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1391 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20030106 Category: SF Reference: CONFIRM:http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty Reference: CALDERA:CSSA-2003-021.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt Reference: GENTOO:GLSA-200304-09 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154413326136&w=2 Reference: REDHAT:RHSA-2003:008 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-008.html Reference: REDHAT:RHSA-2003:036 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-036.html Reference: BID:7303 Reference: URL:http://www.securityfocus.com/bid/7303 Reference: XF:mgetty-cndprogram-callername-bo(11072) Reference: URL:http://xforce.iss.net/xforce/xfdb/11072 Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument. Modifications: 20040810 ADDREF CALDERA:CSSA-2003-021.0 20040810 ADDREF GENTOO:GLSA-200304-09 20040810 ADDREF REDHAT:RHSA-2003:008 20040810 ADDREF REDHAT:RHSA-2003:036 20040810 ADDREF BID:7303 20040810 ADDREF XF:mgetty-cndprogram-callername-bo(11072) INFERRED ACTION: CAN-2002-1391 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Cole MODIFY(1) Cox NOOP(2) Christey, Wall Voter Comments: Cox> ADDREF: RHSA-2003:0008 Christey> BUGTRAQ:20030428 GLSA: mgetty (200304-09) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154413326136&w=2 Christey> CALDERA:CSSA-2003-021.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt ====================================================== Candidate: CAN-2002-1392 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1392 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040810 Proposed: 20030317 Assigned: 20030106 Category: CF Reference: CONFIRM:http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty Reference: CALDERA:CSSA-2003-021.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt Reference: GENTOO:GLSA-200304-09 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154413326136&w=2 Reference: REDHAT:RHSA-2003:008 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-008.html Reference: REDHAT:RHSA-2003:036 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-036.html Reference: BID:7302 Reference: URL:http://www.securityfocus.com/bid/7302 Reference: XF:mgetty-faxspool-worldwritable-directory(11070) Reference: URL:http://xforce.iss.net/xforce/xfdb/11070 faxspool in mgetty before 1.1.29 use | ||||