[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-95 - 48 candidates



I am proposing cluster RECENT-95 for review and voting by the
Editorial Board.

Name: RECENT-95
Description: CANs announced between 2002/05/06 and 2002/05/31
Size: 48

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve







Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0703
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0703
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020716
Category: SF
Reference: REDHAT:RHSA-2002:081
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-081.html
Reference: MANDRAKE:MDKSA-2002:035
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-035.php
Reference: XF:linux-utf8-incorrect-md5(9051)
Reference: URL:http://www.iss.net/security_center/static/9051.php
Reference: BID:4716
Reference: URL:http://www.securityfocus.com/bid/4716

An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl
could produce incorrect MD5 checksums for UTF-8 data, which could
prevent a system from properly verifying the integrity of the data.

Analysis
----------------
ED_PRI CAN-2002-0703 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0704
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0704
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020716
Category: SF
Reference: BUGTRAQ:20020508 [CARTSA-20020402] Linux Netfilter NAT/ICMP code information leak
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102088521517722&w=2
Reference: REDHAT:RHSA-2002:086
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-086.html
Reference: MANDRAKE:MDKSA-2002:030
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-030.php
Reference: HP:HPSBTL0205-039
Reference: URL:http://online.securityfocus.com/advisories/4116
Reference: XF:linux-netfilter-information-leak(9043)
Reference: URL:http://www.iss.net/security_center/static/9043.php
Reference: BID:4699
Reference: URL:http://www.securityfocus.com/bid/4699

The Network Address Translation (NAT) capability for Netfilter
("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP
error messages.

Analysis
----------------
ED_PRI CAN-2002-0704 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0734
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0734
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020506 b2 php remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0027.html
Reference: CONFIRM:http://cafelog.com/
Reference: BID:4673
Reference: URL:http://www.securityfocus.com/bid/4673
Reference: XF:b2-b2inc-command-execution(9013)
Reference: URL:http://www.iss.net/security_center/static/9013.php

b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly
load the b2config.php file in some configurations, which allows remote
attackers to execute arbitrary PHP code via a URL that sets the $b2inc
variable to point to a Trojan horse program stored on a remote server.

Analysis
----------------
ED_PRI CAN-2002-0734 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: On the vendor's home page, an item dated "04.05.02"
(May 4, 2002) states "Someone recently told me about a security hole
in b2... The fix for the security hole is very simple: create a file
named b2config.php and upload it in your b2-include folder." While
this in itself doesn't include enough details to be certain that the
vendor is fixing *this* problem, it would fix the problem, and later
comments on the vendor's page would line up with the date of public
announcement of this problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0755
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0755
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:24
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc
Reference: BID:4777
Reference: URL:http://www.securityfocus.com/bid/4777
Reference: XF:freebsd-k5su-gain-privileges(9125)
Reference: URL:http://www.iss.net/security_center/static/9125.php

Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a
user is a member of the wheel group before granting superuser
privileges, which could allow unauthorized users to execute commands
as root.

Analysis
----------------
ED_PRI CAN-2002-0755 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0758
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0758
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: SUSE:SuSE-SA:2002:016
Reference: URL:http://www.suse.de/de/support/security/2002_016_sysconfig_txt.html
Reference: BID:4695
Reference: URL:http://www.securityfocus.com/bid/4695
Reference: XF:suse-sysconfig-command-execution(9040)
Reference: URL:http://www.iss.net/security_center/static/9040.php

ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote
attackers to execute arbitrary commands via spoofed DHCP responses,
which are stored and executed in a file.

Analysis
----------------
ED_PRI CAN-2002-0758 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0759
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0759
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:25
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
Reference: XF:bzip2-decompression-file-overwrite(9126)
Reference: URL:http://www.iss.net/security_center/static/9126.php
Reference: BID:4774
Reference: URL:http://www.securityfocus.com/bid/4774

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, and other operating
systems, does not use the O_EXCL flag to create files during
decompression and does not warn the user if an existing file would be
overwritten, which could allow attackers to overwrite files via a
bzip2 archive.

Analysis
----------------
ED_PRI CAN-2002-0759 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0760
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0760
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:25
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
Reference: BID:4775
Reference: URL:http://www.securityfocus.com/bid/4775
Reference: XF:bzip2-decompression-race-condition(9127)
Reference: URL:http://www.iss.net/security_center/static/9127.php

Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, and
other operating systems, decompresses files with world-readable
permissions before setting the permissions to what is specified in the
bzip2 archive, which could allow local users to read the files as they
are being decompressed.

Analysis
----------------
ED_PRI CAN-2002-0760 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0761
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0761
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:25
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
Reference: XF:bzip2-compression-symlink(9128)
Reference: URL:http://www.iss.net/security_center/static/9128.php
Reference: BID:4776
Reference: URL:http://www.securityfocus.com/bid/4776

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, and other operating
systems, uses the permissions of symbolic links instead of the actual
files when creating an archive, which could cause the files to be
extracted with less restrictive permissions than intended.

Analysis
----------------
ED_PRI CAN-2002-0761 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0762
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0762
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: SUSE:SuSE-SA:2002:017
Reference: URL:http://www.suse.de/de/support/security/2002_17_shadow.html
Reference: XF:suse-shadow-filesize-limits(9102)
Reference: URL:http://www.iss.net/security_center/static/9102.php
Reference: BID:4757
Reference: URL:http://www.securityfocus.com/bid/4757

shadow package in SuSE 8.0 allows local users to destroy the
/etc/passwd and /etc/shadow files or assign extra group privileges to
some users by changing filesize limits before calling programs that
modify the files.

Analysis
----------------
ED_PRI CAN-2002-0762 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0765
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0765
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020527 OpenSSH 3.2.3 released (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html
Reference: OPENBSD:20020522 004: SECURITY FIX: May 22, 2002
Reference: URL:http://www.openbsd.org/errata.html#sshbsdauth
Reference: BID:4803
Reference: URL:http://www.securityfocus.com/bid/4803
Reference: XF:bsd-sshd-authentication-error(9215)
Reference: URL:http://www.iss.net/security_center/static/9215.php

sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain
conditions, may allow users to successfully authenticate and log in
with another user's password.

Analysis
----------------
ED_PRI CAN-2002-0765 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0766
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0766
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: VULNWATCH:20020509 [VulnWatch] OpenBSD local DoS and root exploit
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0066.html
Reference: BUGTRAQ:20020509 OpenBSD local DoS and root exploit
Reference: URL:http://online.securityfocus.com/archive/1/271702
Reference: OPENBSD:20020508 003: SECURITY FIX: May 8, 2002
Reference: URL:http://www.openbsd.org/errata.html#fdalloc2
Reference: XF:openbsd-file-descriptor-dos(9048)
Reference: URL:http://www.iss.net/security_center/static/9048.php

OpenBSD 2.9 through 3.1 allows local users to cause a denial of
service (resource exhaustion) and gain root privileges by filling the
kernel's file descriptor table and closing file descriptors 0, 1, or 2
before executing a privileged process, which is not properly handled
when OpenBSD fails to open an alternate descriptor.

Analysis
----------------
ED_PRI CAN-2002-0766 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0768
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0768
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category:
Reference: SUSE:SuSE-SA:2002:018
Reference: URL:http://www.suse.com/de/support/security/2002_18_lukemftp.html
Reference: XF:lukemftp-pasv-bo(9130)
Reference: URL:http://www.iss.net/security_center/static/9130.php

Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and
possibly other operating systems, allows a malicious FTP server to
execute arbitrary code via a long PASV command.

Analysis
----------------
ED_PRI CAN-2002-0768 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0778
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0778
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: CF
Reference: CISCO:20020528 Transparent Cache Engine and Content Engine TCP Relay Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/transparentcache-tcp-relay-vuln-pub.shtml
Reference: XF:cisco-cache-content-tcp-forward(9082)
Reference: URL:http://www.iss.net/security_center/static/9082.php
Reference: BID:4751
Reference: URL:http://www.securityfocus.com/bid/4751

The default configuration of the proxy for Cisco Cache Engine and
Content Engine allows remote attackers to use HTTPS to make TCP
connections to allowed IP addresses while hiding the actual source IP.

Analysis
----------------
ED_PRI CAN-2002-0778 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0788
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0788
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020508 NTFS and PGP interact to expose EFS encrypted data
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0052.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt
Reference: XF:pgp-ntfs-reveal-data(9044)
Reference: URL:http://www.iss.net/security_center/static/9044.php
Reference: BID:4702
Reference: URL:http://www.securityfocus.com/bid/4702

An interaction between PGP 7.0.3 with the "wipe deleted files" option,
when used on Windows Encrypted File System (EFS), creates a cleartext
temporary files that cannot be wiped or deleted due to strong
permissions, which could allow certain local users or attackers with
physical access to obtain cleartext information.

Analysis
----------------
ED_PRI CAN-2002-0788 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: In the release notes for the hotfix, the vendor
states "There is a conflict between Microsoft's Encrypted File System
(EFS) on Windows 2000 and PGP’s file wiping feature. When you encrypt
a file using EFS, Windows 2000 creates a temporary file that contains
the cleartext of the encrypted file."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0789
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0789
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020511 Bug in mnogosearch-3.1.19
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0092.html
Reference: CONFIRM:http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz
Reference: MISC:http://www.mnogosearch.org/history.html#log31
Reference: BID:4724
Reference: URL:http://www.securityfocus.com/bid/4724
Reference: XF:mnogosearch-search-cgi-bo(9060)
Reference: URL:http://www.iss.net/security_center/static/9060.php

Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows
remote attackers to execute arbitrary code via a long query (q)
parameter.

Analysis
----------------
ED_PRI CAN-2002-0789 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: a vague comment in the product history page includes
an item for version 3.1.20 dated "27 Jun 2002," which states "Security
bug has been fixed." This is not sufficient proof that the vendor has
fixed *this* issue. HOWEVER, the ChangeLog in the source code for
3.1.20 includes an item dated 27 Jun 2002, which says "A security bug
(trap on too long queries) fixed," which *does* qualify as sufficient
proof.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0794
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0794
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:26
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2002-05/0349.html
Reference: BID:4879
Reference: URL:http://www.securityfocus.com/bid/4879
Reference: XF:freebsd-accept-filter-dos(9209)
Reference: URL:http://www.iss.net/security_center/static/9209.php

The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly
remove entries from the incomplete listen queue when adding a
syncache, which allows remote attackers to cause a denial of service
(network service availability) via a large number of connection
attempts, which fills the queue.

Analysis
----------------
ED_PRI CAN-2002-0794 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0795
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0795
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:27
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc
Reference: XF:freebsd-rc-delete-directories(9217)
Reference: URL:http://www.iss.net/security_center/static/9217.php
Reference: BID:4880
Reference: URL:http://www.securityfocus.com/bid/4880

The rc system startup script for FreeBSD 4 through 4.5 allows local
users to delete arbitrary files via a symlink attack on X Windows lock
files.

Analysis
----------------
ED_PRI CAN-2002-0795 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0801
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0801
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: VULNWATCH:20020529 [VulnWatch] FW: Macromedia JRUN Buffer overflow vulnerability (#NISR29052002)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0085.html
Reference: BUGTRAQ:20020529 Addendum to advisory #NISR29052002 (JRun buffer overflow)
Reference: URL:http://online.securityfocus.com/archive/1/274601
Reference: BUGTRAQ:20020529 Macromedia JRUN Buffer overflow vulnerability (#NISR29052002)
Reference: URL:http://online.securityfocus.com/archive/1/274528
Reference: CERT-VN:VU#703835
Reference: URL:http://www.kb.cert.org/vuls/id/703835
Reference: CERT:CA-2002-14
Reference: URL:http://www.cert.org/advisories/CA-2002-14.html
Reference: XF:jrun-isapi-host-bo(9194)
Reference: URL:http://www.iss.net/security_center/static/9194.php
Reference: BID:4873
Reference: URL:http://www.securityfocus.com/bid/4873

Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows
remote attackers to execute arbitrary code via a direct request to the
filter with a long HTTP host header field in a URL for a .jsp file.

Analysis
----------------
ED_PRI CAN-2002-0801 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0777
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0777
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020520 Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html
Reference: XF:imail-ldap-bo(9116)
Reference: URL:http://www.iss.net/security_center/static/9116.php
Reference: BID:4780
Reference: URL:http://www.securityfocus.com/bid/4780

Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and
earlier allows remote attackers to execute arbitrary code via a long
"bind DN" parameter.

Analysis
----------------
ED_PRI CAN-2002-0777 2
Vendor Acknowledgement: yes via-email

ACKNOWLEDGEMENT: the only apparent information by the vendor that MAY
be related to this issue is at
http://support.ipswitch.com/kb/IM-20020703-DM01.htm; there are two
comments related to overflows: "Removed a buffer overflow error in Web
Calendaring" and "ILDAP: Fixed a buffer overflow which could be used
for a DOS attack." While the latter phrase might be related to the
LDAP issue, it is in direct conflict with Foundstone's claim that the
problem is exploitable, which may indicate that this is not really the
same vulnerability. Inquiry posted to
http://www.ipswitch.com/cgi/askatech.pl?action=build on July 17, 2002.
Tracking number: T200207180016.  Vendor confirmed the issue via an
E-mail reply from evalhelp@ipswitch.com on July 18: "Yes, this has
been repaired...  The conclusive evidence is in the knowledge base
article."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0790
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0790
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: AIXAPAR:IY24556
Reference: URL:http://techsupport.services.ibm.com/server/aix.uhuic_getrec?args=DVsteamboat.boulder.ibm.com+DBAIX2+DA6854+STIY24556+USbin

clchkspuser and clpasswdremote in AIX expose an encrypted password in
the cspoc.log file, which could allow local users to gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0790 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0702
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0702
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020716
Category: SF
Reference: BUGTRAQ:20020508 [NGSEC-2002-2] ISC DHCPDv3, remote root compromise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102089498828206&w=2
Reference: VULNWATCH:20020508 [VulnWatch] [NGSEC-2002-2] ISC DHCPDv3, remote root compromise
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0063.html
Reference: CERT-VN:VU#854315
Reference: URL:http://www.kb.cert.org/vuls/id/854315
Reference: CERT:CA-2002-12
Reference: URL:http://www.cert.org/advisories/CA-2002-12.html
Reference: CALDERA:CSSA-2002-028.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-028.0.txt
Reference: MANDRAKE:MDKSA-2002:037
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-037.php
Reference: SUSE:SuSE-SA:2002:019
Reference: URL:http://www.suse.de/de/support/security/2002_19_dhcp.html
Reference: CONECTIVA:CLA-2002:483
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000483
Reference: XF:dhcpd-nsupdate-format-string(9039)
Reference: URL:http://www.iss.net/security_center/static/9039.php
Reference: BID:4701
Reference: URL:http://www.securityfocus.com/bid/4701

Format string vulnerabilities in the logging routines for dynamic DNS
code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the
NSUPDATE option enabled, allow remote malicious DNS servers to execute
arbitrary code via format strings in a DNS server response.

Analysis
----------------
ED_PRI CAN-2002-0702 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0735
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0735
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: VULN-DEV:20020506 ldap vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102070267500932&w=2
Reference: VULNWATCH:20020506 [VulnWatch] ldap vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html
Reference: BUGTRAQ:20020506 ldap vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/271173
Reference: BID:4679
Reference: URL:http://www.securityfocus.com/bid/4679
Reference: XF:squidauthldap-logging-format-string(9019)
Reference: URL:http://www.iss.net/security_center/static/9019.php

Format string vulnerability in the logging() function in C-Note Squid
LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows
remote attackers to cause a denial of service and possibly execute
arbitrary code by triggering log messages.

Analysis
----------------
ED_PRI CAN-2002-0735 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0756
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0756
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html
Reference: BID:4694
Reference: URL:http://www.securityfocus.com/bid/4694
Reference: XF:webmin-usermin-authpage-css(9036)
Reference: URL:http://www.iss.net/security_center/static/9036.php

Cross-site scripting vulnerability in the authentication page for (1)
Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert
script into an error page and possibly steal cookies.

Analysis
----------------
ED_PRI CAN-2002-0756 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0757
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0757
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/271466
Reference: MANDRAKE:MDKSA-2002:033
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php
Reference: XF:webmin-usermin-sessionid-spoof(9037)
Reference: URL:http://www.iss.net/security_center/static/9037.php
Reference: BID:4700
Reference: URL:http://www.securityfocus.com/bid/4700

(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled
allow local and possibly remote attackers to bypass authentication and
gain privileges via certain control characters in the authentication
information, which can force Webmin or Usermin to accept arbitrary
username/session ID combinations.

Analysis
----------------
ED_PRI CAN-2002-0757 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0763
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0763
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: HP:HPSBUX0205-193
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q2/0037.html
Reference: XF:hp-virtualvault-admin-access(9038)
Reference: URL:http://www.iss.net/security_center/static/9038.php
Reference: BID:4690
Reference: URL:http://www.securityfocus.com/bid/4690

Vulnerability in administration server for HP VirtualVault 4.5 on
HP-UX 11.04 allows remote web servers or privileged external processes
to bypass access restrictions and establish connections to the server.

Analysis
----------------
ED_PRI CAN-2002-0763 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0764
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0764
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020517 Phorum 3.3.2a remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0147.html
Reference: BUGTRAQ:20020518 Phorum 3.3.2a has another bug for remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0153.html
Reference: CONFIRM:http://www.phorum.org/
Reference: XF:phorum-php-command-execution(9107)
Reference: URL:http://www.iss.net/security_center/static/9107.php
Reference: BID:4763
Reference: URL:http://www.securityfocus.com/bid/4763

Phorum 3.3.2a allows remote attackers to execute arbitrary commands
via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php
that modifies the PHORUM[settings_dir] variable to point to a
directory that contains a PHP file with the commands.

Analysis
----------------
ED_PRI CAN-2002-0764 3
Vendor Acknowledgement: yes
Content Decisions: SF-EXEC

ACKNOWLEDGEMENT: On the vendor's front page, there is a statement on
Phorum 3.3.2b3 dated May 16, 2002, which says "This [fix] addresses a
security issue where some included scripts could be called directly
and allow foreign code to be run."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0767
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0767
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020613 simpleinit root exploit - file descriptor left open
Reference: URL:http://online.securityfocus.com/archive/1/276739
Reference: BID:5001
Reference: URL:http://www.securityfocus.com/bid/5001
Reference: XF:simpleinit-file-descriptor-open(9357)
Reference: URL:http://www.iss.net/security_center/static/9357.php

simpleinit on Linux systems does not close a read/write FIFO file
descriptor before creating a child process, which allows the child
process to cause simpleinit to execute arbitrary programs with root
privileges.

Analysis
----------------
ED_PRI CAN-2002-0767 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0769
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0769
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020509 Cisco ATA-186 admin password can be trivially circumvented
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0083.html
Reference: CISCO:20020523 ATA-186 Password Disclosure Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml
Reference: XF:cisco-ata-bypass-auth(9057)
Reference: URL:http://www.iss.net/security_center/static/9057.php
Reference: XF:cisco-ata-reveal-info(9056)
Reference: URL:http://www.iss.net/security_center/static/9056.php
Reference: BID:4711
Reference: URL:http://www.securityfocus.com/bid/4711
Reference: BID:4712
Reference: URL:http://www.securityfocus.com/bid/4712

The web-based configuration interface for the Cisco ATA 186 Analog
Telephone Adaptor allows remote attackers to bypass authentication via
an HTTP POST request with a single byte, which allows the attackers to
(1) obtain the password from the login screen, or (2) reconfigure the
adaptor by modifying certain request parameters.

Analysis
----------------
ED_PRI CAN-2002-0769 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0770
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0770
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020514 Remote quake 2 3.2x server cvar leak
Reference: URL:http://online.securityfocus.com/archive/1/272548
Reference: MISC:http://www.quakesrc.org/forum/topicDisplay.php?topicID=160
Reference: XF:quake2-unexpanded-var-disclosure(9095)
Reference: URL:http://www.iss.net/security_center/static/9095.php
Reference: BID:4744
Reference: URL:http://www.securityfocus.com/bid/4744

Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain
sensitive server cvar variables, obtain directory listings, and
execute Q2 server admin commands via a client that does not expand "$"
macros, which causes the server to expand the macros and leak the
information.

Analysis
----------------
ED_PRI CAN-2002-0770 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0771
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0771
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020518 cross-site scripting bug of ViewCVS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0161.html
Reference: URL:http://online.securityfocus.com/archive/1/273102
Reference: XF:viewcvs-css(9112)
Reference: URL:http://www.iss.net/security_center/static/9112.php
Reference: BID:4818
Reference: URL:http://www.securityfocus.com/bid/4818

Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2
allows remote attackers to inject script and steal cookies via the (1)
cvsroot or (2) sortby parameters.

Analysis
----------------
ED_PRI CAN-2002-0771 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0772
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0772
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020517 Hosting Controller still have dangerous bugs!
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0142.html
Reference: BID:4759
Reference: URL:http://www.securityfocus.com/bid/4759
Reference: XF:hosting-controller-dsnmanager-traversal(9104)
Reference: URL:http://www.iss.net/security_center/static/9104.php

Directory traversal vulnerability in dsnmanager.asp for Hosting
Controller allows remote attackers to read arbitrary files and
directories via a .. (dot dot) in the RootName parameter.

Analysis
----------------
ED_PRI CAN-2002-0772 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0773
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0773
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020517 Hosting Controller still have dangerous bugs!
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0142.html
Reference: BID:4761
Reference: URL:http://www.securityfocus.com/bid/4761
Reference: XF:hosting-controller-improotdir-commands(9105)
Reference: URL:http://www.iss.net/security_center/static/9105.php

imp_rootdir.asp for Hosting Controller allows remote attackers to copy
or delete arbitrary files and directories via a direct request to
imp_rootdir.asp and modifying parameters such as (1) ftp, (2)
owwwPath, and (3) oftpPath.

Analysis
----------------
ED_PRI CAN-2002-0773 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0774
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0774
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: CF
Reference: BUGTRAQ:20020519 Another vulnerability in hosting controller
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0168.html
Reference: BID:4779
Reference: URL:http://www.securityfocus.com/bid/4779
Reference: XF:hosting-controller-default-account(9131)
Reference: URL:http://www.iss.net/security_center/static/9131.php

Hosting Controller creates a default user AdvWebadmin with a default
password, which could allow remote attackers to gain privileges if the
password is not changed.

Analysis
----------------
ED_PRI CAN-2002-0774 3
Vendor Acknowledgement:
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0775
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0775
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: CF
Reference: BUGTRAQ:20020519 Another vulnerability in hosting controller
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0168.html
Reference: CONFIRM:http://www.hostingcontroller.com/english/patches/ForAll/download/drivebrowse.zip
Reference: CONFIRM:http://hostingcontroller.com/english/logs/sp2log.html

browse.asp in Hosting Controller allows remote attackers to view
arbitrary directories by specifying the target pathname in the
FilePath parameter.

Analysis
----------------
ED_PRI CAN-2002-0775 3
Vendor Acknowledgement: yes advisory
Content Decisions: CF-PASS

ACKNOWLEDGEMENT: The "Readme" file in the "Drive Browse Bug Patch"
released on May 21, 2002, says "This patch will fix the security bug
where attacker may view the drive listing by direct URL insertion,"
and modifies browse.asp.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0779
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0779
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: VULNWATCH:20020508 [VulnWatch] cqure.net.20020412.bordermanager_36_mv1.a
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0060.html
Reference: BUGTRAQ:20020508 cqure.net.20020412.bordermanager_36_mv1.a
Reference: URL:http://online.securityfocus.com/archive/1/271475
Reference: BID:4696
Reference: URL:http://www.securityfocus.com/bid/4696
Reference: XF:novell-bordermanager-ftp-dos(9031)
Reference: URL:http://www.iss.net/security_center/static/9031.php

FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote
attackers to cause a denial of service (network connectivity loss) via
a connection to port 21 with a large amount of random data.

Analysis
----------------
ED_PRI CAN-2002-0779 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0780
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0780
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: VULNWATCH:20020508 [VulnWatch] cqure.net.20020412.bordermanager_36_mv1.a
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0060.html
Reference: BUGTRAQ:20020508 cqure.net.20020412.bordermanager_36_mv1.a
Reference: URL:http://online.securityfocus.com/archive/1/271475
Reference: BID:4697
Reference: URL:http://www.securityfocus.com/bid/4697
Reference: XF:novell-bordermanager-ipipx-dos(9032)
Reference: URL:http://www.iss.net/security_center/static/9032.php

IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote
attackers to cause a denial of service via a connection to port 8225
with a large amount of random data, which causes ipipxgw.nlm to ABEND.

Analysis
----------------
ED_PRI CAN-2002-0780 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0781
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0781
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: VULNWATCH:20020508 [VulnWatch] cqure.net.20020412.bordermanager_36_mv1.a
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0060.html
Reference: BUGTRAQ:20020508 cqure.net.20020412.bordermanager_36_mv1.a
Reference: URL:http://online.securityfocus.com/archive/1/271475
Reference: BID:4698
Reference: URL:http://www.securityfocus.com/bid/4698
Reference: XF:novell-bordermanager-rtsp-dos(9033)
Reference: URL:http://www.iss.net/security_center/static/9033.php

RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers
to cause a denial of service via a GET request to port 9090 followed
by a series of carriage returns, which causes proxy.nlm to ABEND.

Analysis
----------------
ED_PRI CAN-2002-0781 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0782
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0782
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020510 Re: cqure.net.20020412.bordermanager_36_mv1.a
Reference: URL:http://online.securityfocus.com/archive/1/271957
Reference: BID:4726
Reference: URL:http://www.securityfocus.com/bid/4726
Reference: XF:novell-bordermanager-conntable-dos(9062)
Reference: URL:http://www.iss.net/security_center/static/9062.php

Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled
allows remote attackers to cause a denial of service by filling the
connection table with a large number of connection requests to hosts
that do not have a specific route, which may be forwarded to the
public interface.

Analysis
----------------
ED_PRI CAN-2002-0782 3
Vendor Acknowledgement:
Content Decisions: INCLUSION

INCLUSION: any product is going to have some hard limits that simply
can't be overcome ("Law of Physics" vulnerabilities). There does not
seem to be any impact to this issue (server crash, misdirected
packets, etc.) beyond the fact that the connection table is filled.
The discloser does not say that these connections are eventually
dropped; if they *aren't* eventually dropped, then maybe that is
sufficient to include this issue in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0783
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0783
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020515 Opera javascript protocoll vulnerability [Sandblad advisory #6]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0117.html
Reference: XF:opera-sameoriginpolicy-bypass(9096)
Reference: URL:http://www.iss.net/security_center/static/9096.php
Reference: BID:4745
Reference: URL:http://www.securityfocus.com/bid/4745

Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary
JavaScript in the security context of other sites by setting the
location of a frame or iframe to a Javascript: URL.

Analysis
----------------
ED_PRI CAN-2002-0783 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0784
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0784
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020507 Lysias Lidik Webserver suffers from a Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0039.html
Reference: CONFIRM:http://www.lysias.de/send/news/index.php?page=3
Reference: XF:lidek-webserver-directory-traversal(9028)
Reference: URL:http://www.iss.net/security_center/static/9028.php
Reference: BID:4691
Reference: URL:http://www.securityfocus.com/bid/4691

Directory traversal vulnerability in Lysias Lidik web server 0.7b
allows remote attackers to list directories via an HTTP request with a
... (modified dot dot).

Analysis
----------------
ED_PRI CAN-2002-0784 3
Vendor Acknowledgement: yes advisory
Content Decisions: EX-BETA

ACKNOWLEDGEMENT: In a statement dated "08.05.2002" (May 8), the vendor
appears to acknowledge the problem in German. A Google translation to
English states: "The side IT Checkpoint.net announces today a Security
[issue] in the program LYSIAS Lidik written by us. The Web server
contains a substantial safety gap, user should [avoid] the beta
version ... for the time being." INCLUSION: CD:EX-BETA suggests that
an issue in beta software should not be included in CVE. As implied by
the vendor's acknowledgement, this issue only appears to be in beta
software, so maybe it should not be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0785
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0785
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020508 Hole in AOL Instant Messenger
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0086.html
Reference: XF:aim-addbuddy-bo(9058)
Reference: URL:http://www.iss.net/security_center/static/9058.php
Reference: BID:4709
Reference: URL:http://www.securityfocus.com/bid/4709

AOL Instant Messenger (AIM) allows remote attackers to cause a denial
of service (crash) via an "AddBuddy" link with the ScreenName
parameter set to a large number of comma-separated values, possibly
triggering a buffer overflow.

Analysis
----------------
ED_PRI CAN-2002-0785 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0786
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0786
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: VULNWATCH:20020510 [VulnWatch] Two (2) Critical Path inJoin V4.0 Directory Server Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0068.html
Reference: BID:4718
Reference: URL:http://www.securityfocus.com/bid/4718
Reference: XF:injoin-admin-interface-view-files(9054)
Reference: URL:http://www.iss.net/security_center/static/9054.php

iCon administrative web server for Critical Path inJoin Directory
Server 4.0 allows authenticated inJoin administrators to read
arbitrary files by specifying the target file in the LOG parameter.

Analysis
----------------
ED_PRI CAN-2002-0786 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0787
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0787
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: VULNWATCH:20020510 [VulnWatch] Two (2) Critical Path inJoin V4.0 Directory Server Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0068.html
Reference: XF:injoin-admin-interface-css(9053)
Reference: URL:http://www.iss.net/security_center/static/9053.php
Reference: BID:4717
Reference: URL:http://www.securityfocus.com/bid/4717

Cross-site scripting vulnerabilities in iCon administrative web server
for Critical Path inJoin Directory Server 4.0 allow remote attackers
to execute script as the administrator via administrator URLs with
modified (1) LOCID or (2) OC parameters.

Analysis
----------------
ED_PRI CAN-2002-0787 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0791
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0791
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020508 Re: cqure.net.20020408.netware_nwftpd.a
Reference: URL:http://online.securityfocus.com/archive/1/271589
Reference: VULNWATCH:20020508 [VulnWatch] cqure.net.20020408.netware_nwftpd.a
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0059.html
Reference: MISC:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2962252.htm
Reference: XF:netware-ftp-dos(9034)
Reference: URL:http://www.iss.net/security_center/static/9034.php
Reference: BID:4693
Reference: URL:http://www.securityfocus.com/bid/4693

Novell Netware FTP server NWFTPD before 5.02r allows remote attackers
to cause a denial of service (CPU consumption) via a connection to the
server followed by a carriage return, and possibly other invalid
commands with improper syntax or length.

Analysis
----------------
ED_PRI CAN-2002-0791 3
Vendor Acknowledgement: unknown vague
Content Decisions: VAGUE

ACKNOWLEDGEMENT: KB article TID2962252, which had been modified on
20020508 (the day of release), is too vague to be certain that it is
addressing this vulnerability. It says that it "Eliminated
high-utilization problems that could occur when invalid commands
(improper syntax or length) were sent to the FTP server," but an
invalid command could be "User" with no arguments, or "AHLNF:," or any
number of different malformed inputs. There are no credits or
cross-references to be certain that it is addressing this issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0792
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0792
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: CISCO:20020515 Content Service Switch Web Management HTTP Processing Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/css-http-post-pub.shtml
Reference: BID:4747
Reference: URL:http://www.securityfocus.com/bid/4747
Reference: BID:4748
Reference: URL:http://www.securityfocus.com/bid/4748
Reference: XF:cisco-css-http-dos(9083)
Reference: URL:http://www.iss.net/security_center/static/9083.php

The web management interface for Cisco Content Service Switch (CSS)
11000 switches allows remote attackers to cause a denial of service
(soft reset) via (1) an HTTPS POST request, or (2) malformed XML data.

Analysis
----------------
ED_PRI CAN-2002-0792 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, VAGUE

ABSTRACTION: The "HTTPS POST" requests and "XML data" requests seem
like they may be different types of vulnerabilities, which would
suggest that they be SPLIT due to CD:SF-LOC; however, Cisco has
confirmed via email that these are two separate attack vectors for the
same underlying parsing problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0793
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0793
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020531 Multiple vulnerabilities in QNX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0292.html
Reference: BID:4902
Reference: URL:http://www.securityfocus.com/bid/4902
Reference: XF:qnx-rtos-monitor-f(9231)
Reference: URL:http://www.iss.net/security_center/static/9231.php

Hard link and possibly symbolic link following vulnerabilities in QNX
RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files
via (1) the -f argument to the monitor utility, (2) the -d argument to
dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample
utility.

Analysis
----------------
ED_PRI CAN-2002-0793 3
Vendor Acknowledgement:
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0798
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0798
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: HP:HPSBUX0205-194
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q2/0059.html
Reference: XF:hpux-sd-view-files(9207)
Reference: URL:http://www.iss.net/security_center/static/9207.php
Reference: BID:4886
Reference: URL:http://www.securityfocus.com/bid/4886

Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local
users to view obtain data views for files that cannot be directly read
by the user, which reportedly can be used to cause a denial of
service.

Analysis
----------------
ED_PRI CAN-2002-0798 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

ACCURACY: the HP advisory is too vague to understand how a problem
that allows data views for files allows a DoS instead of being able to
read sensitive information.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0799
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0799
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020521 YoungZSoft CMailServer overflow, PATCH + WAREZ!@#!
Reference: URL:http://online.securityfocus.com/archive/1/273512
Reference: BID:4789
Reference: URL:http://www.securityfocus.com/bid/4789
Reference: XF:cmailserver-user-bo(9132)
Reference: URL:http://www.iss.net/security_center/static/9132.php

Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers
to execute arbitrary code via a long USER argument.

Analysis
----------------
ED_PRI CAN-2002-0799 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007