[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-85 - 43 candidates



I am proposing cluster RECENT-85 for review and voting by the
Editorial Board.

Name: RECENT-85
Description: Candidates announced between 1/5/2002 and 2/5/2002
Size: 43

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve





Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0196
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0196
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020122 (Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory)
Reference: URL:http://online.securityfocus.com/archive/1/251699
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=144966
Reference: BID:3924
Reference: URL:http://online.securityfocus.com/bid/3924
Reference: XF:cwpapi-getrelativepath-view-files(7981)
Reference: URL:http://www.iss.net/security_center/static/7981.php

GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the
server root is somewhere within the path, which could allow remote
attackers to read or write files outside of the web root, in other
directories whose path includes the web root.

Analysis
----------------
ED_PRI CAN-2002-0196 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0211
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0211
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020126 Vulnerability report for Tarantella Enterprise 3.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101208650722179&w=2
Reference: BUGTRAQ:20020404 Exploit for Tarantella Enterprise 3 installation (BID 3966)
Reference: URL:http://online.securityfocus.com/archive/1/265845
Reference: CONFIRM:http://www.tarantella.com/security/bulletin-04.html
Reference: BID:3966
Reference: URL:http://online.securityfocus.com/bid/3966
Reference: XF:tarantella-gunzip-tmp-race(7996)
Reference: URL:http://www.iss.net/security_center/static/7996.php

Race condition in the installation script for Tarantella Enterprise 3
3.01 through 3.20 creates a world-writeable temporary "gunzip" program
before executing it, which could allow local users to execute
arbitrary commands by modifying the program before it is executed.

Analysis
----------------
ED_PRI CAN-2002-0211 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0226
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0226
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020201 Vulnerability in all versions of DCForum from dcscripts.com
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101258311519504&w=2
Reference: CONFIRM:http://www.dcscripts.com/bugtrac/DCForumID7/3.html
Reference: BID:4014
Reference: URL:http://www.securityfocus.com/bid/4014
Reference: XF:dcforum-cgi-recover-passwords(8044)
Reference: URL:http://www.iss.net/security_center/static/8044.php

retrieve_password.pl in DCForum 6.x and 2000 generates predictable new
passwords based on a sessionID, which allows remote attackers to
request a new password on behalf of another user and use the sessionID
to calculate the new password for that user.

Analysis
----------------
ED_PRI CAN-2002-0226 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0230
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0230
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020204 [SUPERPETZ ADVISORY #002- Faq-O-Matic Cross-Site Scripting Vulnerability]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101285834018701&w=2
Reference: BUGTRAQ:20020205 Faq-O-Matic Cross-Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101293973111873&w=2
Reference: CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=464940&forum_id=6367
Reference: DEBIAN:DSA-109
Reference: URL:http://www.debian.org/security/2002/dsa-109

Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712
allows remote attackers to execute arbitrary Javascript on other
clients via the cmd parameter, which causes the script to be inserted
into an error message.

Analysis
----------------
ED_PRI CAN-2002-0230 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: an an email archive for the faqomatic-users list, the
vendor states "The fix for the cmd=<script> CSS bug is now in CVS."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0237
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0237
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020209 ALERT: ISS BlackICE Kernel Overflow Exploitable
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101321744807452&w=2
Reference: BUGTRAQ:20020204 Vulnerability in Black ICE Defender
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101286393404301&w=2
Reference: NTBUGTRAQ:20020209 ALERT: ISS BlackICE Kernel Overflow Exploitable
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101353165915171&w=2
Reference: BUGTRAQ:20020206 Black ICE Ping Vulnerability Side Note
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101302424803268&w=2
Reference: ISS:20020204 DoS and Potential Overflow Vulnerability in BlackICE Products
Reference: URL:http://www.iss.net/security_center/alerts/advise109.php
Reference: BID:4025
Reference: URL:http://online.securityfocus.com/bid/4025
Reference: XF:blackice-ping-flood-dos(8058)
Reference: URL:http://www.iss.net/security_center/static/8058.php

Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE
Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 allow
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via a flood of large ICMP ping packets.

Analysis
----------------
ED_PRI CAN-2002-0237 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0197
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0197
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020122 psyBNC 2.3 Beta - encrypted text "spoofable" in others' irc terminals
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101173478806580&w=2
Reference: BUGTRAQ:20020122 psyBNC2.3 Beta - encrypted text spoofable in others irc terminal
Reference: URL:http://online.securityfocus.com/archive/1/251832
Reference: XF:psybnc-view-encrypted-messages(7985)
Reference: URL:http://www.iss.net/security_center/static/7985.php
Reference: BID:3931
Reference: URL:http://www.securityfocus.com/bid/3931

psyBNC 2.3 beta and earlier allows remote attackers to spoof
encrypted, trusted messages by sending lines that begin with the "[B]"
sequence, which makes the message appear legitimate.

Analysis
----------------
ED_PRI CAN-2002-0197 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0207
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0207
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: VULN-DEV:20020105 RealPlayer Buffer Problem
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html
Reference: BUGTRAQ:20020124 Potential RealPlayer 8 Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/252414
Reference: BUGTRAQ:20020124 RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01]
Reference: URL:http://online.securityfocus.com/archive/1/252425
Reference: MISC:http://sentinelchicken.com/advisories/realplayer/
Reference: BID:3809
Reference: URL:http://online.securityfocus.com/bid/3809
Reference: XF:realplayer-file-header-bo(7839)
Reference: URL:http://www.iss.net/security_center/static/7839.php

Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows
remote attackers to execute arbitrary code via a header length value
that exceeds the actual length of the header.

Analysis
----------------
ED_PRI CAN-2002-0207 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0209
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0209
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020125 Alteon ACEdirector signature/security bug
Reference: URL:http://online.securityfocus.com/archive/1/252455
Reference: BUGTRAQ:20020312 Re: Alteon ACEdirector signature/security bug
Reference: URL:http://online.securityfocus.com/archive/1/261548
Reference: BID:3964
Reference: URL:http://online.securityfocus.com/bid/3964
Reference: XF:acedirector-http-reveal-ip(8010)
Reference: URL:http://www.iss.net/security_center/static/8010.php

Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing
(SLB) and Cookie-Based Persistence features enabled, allows remote
attackers to determine the real IP address of a web server with a
half-closed session, which causes ACEdirector to send packets from the
server without changing the address to the virtual IP address.

Analysis
----------------
ED_PRI CAN-2002-0209 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0198
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0198
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020122 pldaniels - ripMime 1.2.6 and lower?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101182636812381&w=2
Reference: CONFIRM:http://pldaniels.org/ripmime/CHANGELOG
Reference: BID:3941
Reference: URL:http://online.securityfocus.com/bid/3941
Reference: XF:ripmime-long-filename-bo(7983)
Reference: URL:http://www.iss.net/security_center/static/7983.php

Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in
other programs such as xamime and inflex, allows remote attackers to
execute arbitrary code via an attachment in a long filename.

Analysis
----------------
ED_PRI CAN-2002-0198 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-CODEBASE

ACKNOWLEDGEMENT: In the changelog, an item dated "Thu Nov 15 2001"
says "Corrected buffer overrun with MIME_headers."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0199
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0199
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020119 Shoutcast server 1.8.3 win32
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101167484012724&w=2
Reference: BID:3934
Reference: URL:http://online.securityfocus.com/bid/3934

Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3
allows remote attackers to cause a denial of service and possibly
execute arbitrary code via an argument with a large number of
backslashes.

Analysis
----------------
ED_PRI CAN-2002-0199 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0200
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0200
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020122 CyberStop-Server-DoS-remote-attacks
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101174569103289&w=2
Reference: BID:3929
Reference: URL:http://online.securityfocus.com/bid/3929
Reference: XF:cyberstop-device-name-dos(7959)
Reference: URL:http://www.iss.net/security_center/static/7959.php

Cyberstop Web Server for Windows 0.1 allows remote attackers to cause
a denial of service via an HTTP request for an MS-DOS device name

Analysis
----------------
ED_PRI CAN-2002-0200 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0201
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0201
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020122 CyberStop-Server-DoS-remote-attacks
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101174569103289&w=2
Reference: BID:3930
Reference: URL:http://online.securityfocus.com/bid/3930
Reference: XF:cyberstop-long-request-dos(7960)
Reference: URL:http://www.iss.net/security_center/static/7960.php

Cyberstop Web Server for Windows 0.1 allows remote attackers to cause
a denial of service (crash) and possibly execute arbitrary code via a
long HTTP GET request, possibly triggering a buffer overflow.

Analysis
----------------
ED_PRI CAN-2002-0201 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0202
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0202
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20020123 Vulnerabilty in PaintBBS v1.2
Reference: URL:http://online.securityfocus.com/archive/1/251985
Reference: BID:3948
Reference: URL:http://online.securityfocus.com/bid/3948
Reference: XF:paintbbs-insecure-permissions(7982)
Reference: URL:http://www.iss.net/security_center/static/7982.php

PaintBBS 1.2 installs certain files and directories with insecure
permissions, which allows local users to (1) obtain the encrypted
server password via the world-readable oekakibbs.conf file, or (2)
modify the server configuration via the world-writeable /oekaki/
folder.

Analysis
----------------
ED_PRI CAN-2002-0202 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0203
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0203
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020124 ISSTW Security Advisory Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101190195430376&w=2
Reference: CONFIRM:http://www.tarantella.com/security/bulletin-03.html

ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and
Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers
to view directory contents via an empty pg parameter.

Analysis
----------------
ED_PRI CAN-2002-0203 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: A followup was posted that claimed that this issue was
"mostly resolved" via BID:2890, which is CVE-2001-0805.  However, (1)
CVE-2001-0805 described a directory traversal issue and this one does
not, and (2) CVE-2001-0805 was fixed after version 3.01, and this
issue affects many more versions.  Since different problem types and
different versions are involved, CD:SF-LOC clearly indicates that the
two problems should be SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0204
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0204
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020124 gnuchess buffer overflow vulnerabilty
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101189688815514&w=2
Reference: BID:3949
Reference: URL:http://online.securityfocus.com/bid/3949
Reference: XF:gnu-chess-bo(7991)
Reference: URL:http://www.iss.net/security_center/static/7991.php

Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified
or used in a networked capacity contrary to its own design as a
single-user application, may allow local or remote attackers to
execute arbitrary code via a long command.

Analysis
----------------
ED_PRI CAN-2002-0204 3
Vendor Acknowledgement: no disputed
Content Decisions: DEFINITION

INCLUSION: The original post includes a quote from the vendor, which
states: "The GNU chess 5 code base was not written with security as a
prime goal as it is intended to be run locally on the users own
computer and does not provide a network interface... GNUchess has no
Internet interface built-in."  So, the discloser is trying to use the
software in a way other than designed, and the software as provided
has no vulnerabilities that an attacker could use to cause damage or
gain privileges.
Therefore, this report does not satisfy the CVE definition of a
vulnerability or exposure, and probably should not be included in CVE,
despite the fact that the vendor fixed the issue in 5.03.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0205
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0205
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: VULN-DEV:20020104 Cross-Site Scripting in PlumTree?
Reference: URL:http://online.securityfocus.com/archive/82/248396
Reference: BUGTRAQ:20020124 Plumtree Corporate Portal Cross-Site Scripting (Patch Available)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101189911121808&w=2
Reference: BID:3799
Reference: URL:http://online.securityfocus.com/bid/3799
Reference: XF:plumtree-css-error(7817)
Reference: URL:http://www.iss.net/security_center/static/7817.php

Cross-site scripting (CSS) vulnerability in error.asp for Plumtree
Corporate Portal 3.5 through 4.5 allows remote attackers to execute
arbitrary script on other clients via the "Description" parameter.

Analysis
----------------
ED_PRI CAN-2002-0205 3
Vendor Acknowledgement: unknown discloser-claimed

ACKNOWLEDGEMENT: the discloser says that the problem was resolved by
the vendor in "supportnet article number #11012".  However, the
vendor's web page requires registration, so it could not be accessed.
Therefore, there is insufficient information to be certain that the
problem has been resolved.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0206
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0206
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020116 PHP-Nuke allows Command Execution & Much more
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101121913914205&w=2
Reference: BID:3889
Reference: URL:http://online.securityfocus.com/bid/3889

index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier allows remote
attackers to execute arbitrary PHP code by specifying a URL to the
malicious code in the file parameter.

Analysis
----------------
ED_PRI CAN-2002-0206 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0208
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0208
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020125 Identifying PGP Corporate Desktop 7.1 with PGPfire Personal Desktop Firewall installed (no need to be enabled) on Microsoft Windows Based OSs
Reference: URL:http://online.securityfocus.com/archive/1/252407
Reference: BID:3961
Reference: URL:http://online.securityfocus.com/bid/3961
Reference: XF:pgpfire-icmp-fingerprint(8008)
Reference: URL:http://www.iss.net/security_center/static/8008.php

PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack
and modifies packets in ICMP error messages in a way that allows
remote attackers to determine that the system is running PGPfire.

Analysis
----------------
ED_PRI CAN-2002-0208 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0210
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0210
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020126 bru backup program
Reference: URL:http://online.securityfocus.com/archive/1/252614
Reference: BID:3970
Reference: URL:http://online.securityfocus.com/bid/3970
Reference: XF:bru-tmp-file-symlink(8003)
Reference: URL:http://www.iss.net/security_center/static/8003.php

setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0
allows local users to overwrite arbitrary files via a symlink attack
on the /tmp/brutest.$$ temporary file.

Analysis
----------------
ED_PRI CAN-2002-0210 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0212
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0212
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020126 [ARL02-A01] Vulnerability in Hosting Controller
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101224151705897&w=2
Reference: MISC:http://hostingcontroller.com/English/patches/ForAll/index.html
Reference: BID:3971
Reference: URL:http://online.securityfocus.com/bid/3971
Reference: XF:hosting-controller-brute-force(8006)
Reference: URL:http://www.iss.net/security_center/static/8006.php

The login for Hosting Controller 1.1 through 1.4.1 returns different
error messages when a valid or invalid user is provided, which allows
remote attackers to determine the existence of valid usernames and
makes it easier to conduct a brute force attack.

Analysis
----------------
ED_PRI CAN-2002-0212 3
Vendor Acknowledgement: unknown discloser-claimed

ACKNOWLEDGEMENT: The vendor web page has a patch labeled "Password
Security Hot Fix (03/05/2002)."  However, this is dated more than a
month after the discloser said a patch was available.  The readme in
the patch explicitly omits details, and the patched
"updateuserdesc.asp" file does not seem to be related.  Therefore, it
is most likely that the advertised patch does NOT fix the
vulnerability reported in this CVE item, and the vendor
acknowledgement is vague at best.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0213
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0213
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20020128 [ Hackerslab bug_paper ] Xkas application vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101223525118717&w=2
Reference: BID:3969
Reference: URL:http://online.securityfocus.com/bid/3969
Reference: XF:kashare-xkas-icon-symlink(8002)
Reference: URL:http://www.iss.net/security_center/static/8002.php

xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read
arbitrary files via a symlink attack on the VOLICON file, which copied
to the .HSicon file in a shared directory.

Analysis
----------------
ED_PRI CAN-2002-0213 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0214
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0214
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020128 Intel WLAN Driver storing 128bit WEP-Key in plain text!
Reference: URL:http://online.securityfocus.com/archive/1/252607
Reference: BID:3968
Reference: URL:http://online.securityfocus.com/bid/3968
Reference: XF:intel-wlan-wep-plaintext(8015)
Reference: URL:http://www.iss.net/security_center/static/8015.php

Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through
1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in
plaintext in a registry key with weak permissions, which allows local
users to decrypt network traffic by reading the WEP key from the
registry key.

Analysis
----------------
ED_PRI CAN-2002-0214 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0215
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0215
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020128 [SUPERPETZ ADVISORY #001 - agora.cgi Secret Path Disclosure Vulnerability]
Reference: URL:http://online.securityfocus.com/archive/1/252761
Reference: BID:3976
Reference: URL:http://online.securityfocus.com/bid/3976
Reference: XF:agora-cgi-revel-path(8011)
Reference: URL:http://www.iss.net/security_center/static/8011.php

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers
to determine the full pathname of the agora.cgi file by requesting a
non-existent .html file, which leaks the pathname in an error message.

Analysis
----------------
ED_PRI CAN-2002-0215 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0216
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0216
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020129 Xoops SQL fragment disclosure and SQL injection vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/252827
Reference: BID:3977
Reference: URL:http://online.securityfocus.com/bid/3977
Reference: XF:xoops-userinfo-information-disclosure(8028)
Reference: URL:http://www.iss.net/security_center/static/8028.php

userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain
sensitive information via a SQL injection attack in the "uid"
parameter.

Analysis
----------------
ED_PRI CAN-2002-0216 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0217
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0217
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020129 Xoops Private Message System Script injection
Reference: URL:http://online.securityfocus.com/archive/1/252828
Reference: BID:3978
Reference: URL:http://online.securityfocus.com/bid/3978
Reference: BID:3981
Reference: URL:http://online.securityfocus.com/bid/3981
Reference: XF:xoops-private-message-css(8025)
Reference: URL:http://www.iss.net/security_center/static/8025.php
Reference: XF:xoops-pmlite-image-css(8030)
Reference: URL:http://www.iss.net/security_center/static/8030.php

Cross-site scripting (CSS) vulnerabilities in the Private Message
System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript
on other web clients via (1) the Title field or a Private Message Box
or (2) the image field parameter in pmlite.php.

Analysis
----------------
ED_PRI CAN-2002-0217 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests combining problems of the same type,
that affect the same version, into a single item.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0218
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0218
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020129 sastcpd Buffer Overflow and Format String Vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/252891
Reference: BUGTRAQ:20020129 Re: [VulnWatch] sastcpd Buffer Overflow and Format String Vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/252847
Reference: MISC:http://www.sas.com/service/techsup/unotes/SN/004/004201.html
Reference: BID:3980
Reference: URL:http://online.securityfocus.com/bid/3980

Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or
(2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local
users to execute arbitrary code via format specifiers in a command
line argument.

Analysis
----------------
ED_PRI CAN-2002-0218 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC, SF-EXEC, VAGUE

ACKNOWLEDGEMENT: a followup post claims that the SAS advisory (listed
as a MISC reference here) "appears to [address]" this vulnerability.
However, that cannot be regarded as sufficient vendor acknowledgement
for CVE.  Reviewing the advisory indicates some evidence that the
vendor is fixing this issue, but the vendor is not clear enough to be
absolutely certain that the vendor is fixing *this* issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0219
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0219
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020129 sastcpd Buffer Overflow and Format String Vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/252891
Reference: BUGTRAQ:20020129 Re: [VulnWatch] sastcpd Buffer Overflow and Format String Vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/252847
Reference: MISC:http://www.sas.com/service/techsup/unotes/SN/004/004201.html
Reference: BID:3979
Reference: URL:http://online.securityfocus.com/bid/3979

Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn
in SAS/Integration Technologies 8.0 and 8.1 allows local users to
execute arbitrary code via large command line argument.

Analysis
----------------
ED_PRI CAN-2002-0219 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC, SF-EXEC, VAGUE

ACKNOWLEDGEMENT: a followup post claims that the SAS advisory (listed
as a MISC reference here) "appears to [address]" this vulnerability.
However, that cannot be regarded as sufficient vendor acknowledgement
for CVE.  Reviewing the advisory indicates some evidence that the
vendor is fixing this issue, but the vendor is not clear enough to be
absolutely certain that the vendor is fixing *this* issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0220
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0220
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020129 PhpSmsSend remote execute commands bug
Reference: URL:http://online.securityfocus.com/archive/1/252918
Reference: BID:3982
Reference: URL:http://online.securityfocus.com/bid/3982
Reference: XF:phpsmssend-command-execution(8019)
Reference: URL:http://www.iss.net/security_center/static/8019.php

phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute
arbitrary commands via an SMS message containing shell metacharacters.

Analysis
----------------
ED_PRI CAN-2002-0220 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0221
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0221
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020129 Vulnerabilities in EServ 2.97
Reference: URL:http://online.securityfocus.com/archive/1/252944
Reference: BID:3983
Reference: URL:http://online.securityfocus.com/bid/3983
Reference: XF:eserv-pasv-dos(8020)
Reference: URL:http://www.iss.net/security_center/static/8020.php

Etype Eserv 2.97 allows remote attackers to cause a denial of service
(resource exhaustion) via a large number of PASV commands that consume
ports 1024 through 5000, which prevents the server from accepting
valid PASV.

Analysis
----------------
ED_PRI CAN-2002-0221 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0222
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0222
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category:
Reference: BUGTRAQ:20020129 Vulnerabilities in EServ 2.97
Reference: URL:http://online.securityfocus.com/archive/1/252944
Reference: BID:3986
Reference: URL:http://online.securityfocus.com/bid/3986
Reference: XF:eserv-ftp-bounce(8021)
Reference: URL:http://www.iss.net/security_center/static/8021.php

Etype Eserv 2.97 allows remote attackers to to redirect traffic to
other sites (aka FTP bounce) via the PORT command.

Analysis
----------------
ED_PRI CAN-2002-0222 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0223
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0223
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020130 [ WWWThreads, UBBThreads ] Security Hole in upload system
Reference: URL:http://online.securityfocus.com/archive/1/253172
Reference: XF:ubbthreads-file-upload(8022)
Reference: URL:http://www.iss.net/security_center/static/8022.php
Reference: BID:3993
Reference: URL:http://online.securityfocus.com/bid/3993

Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0
through 5.0.9 allows remote attackers to upload arbitrary files by
using a filename that contains an accepted extension, but ends in a
different extension.

Analysis
----------------
ED_PRI CAN-2002-0223 3
Vendor Acknowledgement: unknown
Content Decisions: SF-CODEBASE

ABSTRACTION: The product was originally known as wwwthreads but was
bought by Infopop and they changed the name to UBBthreads.  By
CD:SF-CODEBASE, the two issues should be MERGED.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0224
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0224
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020131 msdtc on 3372
Reference: URL:http://online.securityfocus.com/archive/1/253360
Reference: BUGTRAQ:20020419 KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS
Reference: URL:http://online.securityfocus.com/archive/1/268593
Reference: BID:4006
Reference: URL:http://online.securityfocus.com/bid/4006

The MSDTC (Microsoft Distributed Transaction Service Coordinator) for
Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through
SQL 2000 0.0 allows remote attackers to cause a denial of service
(crash or hang) via malformed (random) input.

Analysis
----------------
ED_PRI CAN-2002-0224 3
Vendor Acknowledgement: unknown vague
Content Decisions: VAGUE

ACKNOWLEDGEMENT: It can not be conclusively proven whether Microsoft
has fixed this issue or not.  Peter Grundl, author of the April 19
post, says that Microsoft bulletin MS02-018 fixes the problem, but
Grundl says that MS02-018 "does not mention this vulnerability."
Since Grundl is already credited in MS02-018 with finding an "HTR
ISAPI extension" overflow (CAN-2002-0071), this issue is clearly
different than CAN-2002-0071.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0225
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0225
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20020130 tac_plus version F4.0.4.alpha on at least Solaris 8 sparc
Reference: URL:http://online.securityfocus.com/archive/1/253288
Reference: BID:4003
Reference: URL:http://www.securityfocus.com/bid/4003
Reference: XF:tacplus-insecure-accounting-files(8061)
Reference: URL:http://www.iss.net/security_center/static/8061.php

tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco,
creates files from the accounting directive with world-readable and
writable permissions, which allows local users to access and modify
sensitive files.

Analysis
----------------
ED_PRI CAN-2002-0225 3
Vendor Acknowledgement: unknown
Content Decisions: EX-BETA

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0227
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0227
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020201 KICQ 2.0.0b1 can be remotely crashed
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101266856410129&w=2
Reference: BID:4018
Reference: URL:http://online.securityfocus.com/bid/4018
Reference: XF:kicq-telnet-dos(8064)
Reference: URL:http://www.iss.net/security_center/static/8064.php

KICQ 2.0.0b1 allows remote attackers to cause a denial of service
(crash) via a malformed message.

Analysis
----------------
ED_PRI CAN-2002-0227 3
Vendor Acknowledgement: unknown
Content Decisions: EX-BETA, EX-CLIENT-DOS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0228
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0228
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)
Reference: URL:http://online.securityfocus.com/archive/1/254021
Reference: XF:msn-messenger-reveal-information(8084)
Reference: URL:http://www.iss.net/security_center/static/8084.php
Reference: BID:4028
Reference: URL:http://online.securityfocus.com/bid/4028

Microsoft MSN Messenger allows remote attackers to use Javascript that
references an ActiveX object to obtain sensitive information such as
display names and web site navigation, and possibly more when the user
is connected to certain Microsoft sites (or DNS-spoofed sites).

Analysis
----------------
ED_PRI CAN-2002-0228 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0229
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0229
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: NTBUGTRAQ:20020203 PHP Safe Mode Filesystem Circumvention Problem
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101285016125377&w=2
Reference: BUGTRAQ:20020203 PHP Safe Mode Filesystem Circumvention Problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101286577109716&w=2
Reference: NTBUGTRAQ:20020205 Re: PHP Safe Mode Filesystem Circumvention Problem
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101303065423534&w=2
Reference: BUGTRAQ:20020206 DW020203-PHP clarification
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101304702002321&w=2
Reference: NTBUGTRAQ:20020206 DW020203-PHP clarification
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101303819613337&w=2
Reference: BID:4026
Reference: URL:http://online.securityfocus.com/bid/4026
Reference: XF:php-mysql-safemode-bypass(8105)
Reference: URL:http://www.iss.net/security_center/static/8105.php

Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows
attackers with access to the MySQL database to bypass Safe Mode access
restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL"
SQL statements.

Analysis
----------------
ED_PRI CAN-2002-0229 3
Vendor Acknowledgement:

A followup post indicates that this type of vulnerability may only
exist in certain unsafe MySQL configurations, in which case

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0231
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0231
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020203 Buffer overflow in mIRC allowing arbitary code to be executed.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101286747013955&w=2
Reference: MISC:http://www.uuuppz.com/research/adv-001-mirc.htm
Reference: XF:mirc-nickname-bo(8083)
Reference: URL:http://www.iss.net/security_center/static/8083.php
Reference: BID:4027
Reference: URL:http://online.securityfocus.com/bid/4027

Buffer overflow in mIRC 5.91 and earlier allows a remote server to
execute arbitrary code on the client via a long nickname.

Analysis
----------------
ED_PRI CAN-2002-0231 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0232
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0232
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020202 new advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101266821909189&w=2
Reference: BID:4017
Reference: URL:http://www.securityfocus.com/bid/4017
Reference: XF:mrtg-cgi-view-files(8062)
Reference: URL:http://www.iss.net/security_center/static/8062.php

Directory traversal vulnerability in Multi Router Traffic Grapher
(MRTG) allows remote attackers to read portions of arbitrary files via
a .. (dot dot) in the cfg parameter for (1) 14all.cgi, (2)
14all-1.1.cgi, (3) traffic.cgi, or (4) mrtg.cgi.

Analysis
----------------
ED_PRI CAN-2002-0232 3
Vendor Acknowledgement:
Content Decisions: SF-EXEC

ABSTRACTION: CD:SF-EXEC suggests combining problems of the same type
in multiple executables of the the same version of the same package.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0233
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0233
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020205 Viewing arbitrary file from the file system using  Eshare Expressions 4 server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101292885809975&w=2
Reference: XF:expressions-dot-directory-traversal(8079)
Reference: URL:http://www.iss.net/security_center/static/8079.php
Reference: BID:4029
Reference: URL:http://www.securityfocus.com/bid/4029

Directory traversal vulnerability in eshare Expressions 4 Web server
allows remote attackers to read arbitrary files via a .. (dot dot) in
an HTTP request.

Analysis
----------------
ED_PRI CAN-2002-0233 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0234
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0234
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020205 NetScreen Response to ScreenOS Port Scan DoS Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/254268
Reference: BUGTRAQ:20020201 NetScreen ScreenOS 2.6 Subject to Trust Interface DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101258281818524&w=2
Reference: BUGTRAQ:20020201 RE: NetScreen ScreenOS 2.6 Subject to Trust Interface DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101258887105690&w=2
Reference: BID:4015
Reference: URL:http://www.securityfocus.com/bid/4015
Reference: XF:netscreen-screenos-scan-dos(8057)
Reference: URL:http://www.iss.net/security_center/static/8057.php

NetScreen ScreenOS before 2.6.1 does not support a maximum number of
concurrent sessions for a system, which allows an attacker on the
trusted network to cause a denial of service (resource exhaustion) via
a port scan to an external network, which consumes all available
connections.

Analysis
----------------
ED_PRI CAN-2002-0234 3
Vendor Acknowledgement: yes followup
Content Decisions: SECTOOL-DESIGN

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0235
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0235
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020205 Castelle Faxpress: Password used for NT Print queue can be discl osed in Plain Text
Reference: URL:http://online.securityfocus.com/archive/1/254168
Reference: BID:4030
Reference: URL:http://www.securityfocus.com/bid/4030
Reference: XF:faxpress-plaintext-password(8086)
Reference: URL:http://www.iss.net/security_center/static/8086.php

Castelle FaxPress, possibly 6.3 and other versions, when configured to
use the Network print queue, allows attackers to obtain the username
and password by submitting an incorrect login, which causes Faxpress
to leak the correct username and password in plaintext in an error
event.

Analysis
----------------
ED_PRI CAN-2002-0235 3
Vendor Acknowledgement: unknown discloser-claimed

ACKNOWLEDGEMENT: Castelle tech support is not accessible by email;
could not fill out support request form (registration code was
needed). Sent general online feedback inquiry to
http://www.castelle.com/feedback_form.htm on March 15, 2002.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0236
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0236
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020205 Published Report of Vulnerability in Lucent VitalSuite Software
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101294507827698&w=2
Reference: XF:vitalnet-unauth-access(7936)
Reference: URL:http://www.iss.net/security_center/static/7936.php
Reference: BID:3784
Reference: URL:http://www.securityfocus.com/bid/3784

Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and
VitalHelp/VitalAnalysis, allows remote attackers to bypass
authentication via a direct HTTP request to the VsSetCookie.exe
program, which returns a valid cookie for the desired user.

Analysis
----------------
ED_PRI CAN-2002-0236 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0238
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0238
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020203 Netgear RT311/RT314
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101286360203461&w=2
Reference: XF:netgear-web-interface-css(8082)
Reference: URL:http://www.iss.net/security_center/static/8082.php
Reference: BID:4024
Reference: URL:http://online.securityfocus.com/bid/4024

Cross-site scripting vulnerability in web administration interface for
NetGear RT314 and RT311 Gateway Routers allows remote attackers to
execute arbitrary script on another client via a URL that contains the
script.

Analysis
----------------
ED_PRI CAN-2002-0238 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007