[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-97 - 36 candidates



I am proposing cluster RECENT-97 for review and voting by the
Editorial Board.

Name: RECENT-97
Description: CANs announced between 2002/07/03 and 2002/07/25
Size: 36

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve







Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0642
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0642
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020628
Category: CF
Reference: MS:MS02-034
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-034.asp

The registry key containing the SQL Server service account information
in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop
Engine (MSDE) 2000, has insecure permissions, which allows local users
to gain privileges, aka "Incorrect Permission on SQL Server Service
Account Registry Key."

Analysis
----------------
ED_PRI CAN-2002-0642 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0644
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0644
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020628
Category: SF
Reference: MS:MS02-038
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-038.asp

Buffer overflow in several Database Consistency Checkers (DBCCs) for
Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000
allows members of the db_owner and db_ddladmin roles to execute
arbitrary code.

Analysis
----------------
ED_PRI CAN-2002-0644 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0650
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0650
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020628
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102760196931518&w=2
Reference: NTBUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102760479902411&w=2
Reference: MS:MS02-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-039.asp

The keep-alive mechanism for Microsoft SQL Server 2000 allows remote
attackers to cause a denial of service (bandwidth consumption) via a
"ping" style packet to the Resolution Service (UDP port 1434) with a
spoofed IP address of another SQL Server system, which causes the two
servers to exchange packets in an infinite loop.

Analysis
----------------
ED_PRI CAN-2002-0650 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0668
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0668
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020709
Category: SF/CF/MP/SA/AN/unknown
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp

The web interface for Pingtel xpressa SIP-based voice-over-IP phone
1.2.5 through 1.2.7.4 allows authenticated users to modify the Call
Forwarding settings and hijack calls.

Analysis
----------------
ED_PRI CAN-2002-0668 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0671
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0671
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020709
Category: SF/CF/MP/SA/AN/unknown
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4
downloads phone applications from a web site but can not verify the
integrity of the applications, which could allow remote attackers to
install Trojan horse applications via DNS spoofing.

Analysis
----------------
ED_PRI CAN-2002-0671 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0672
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0672
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020709
Category: SF
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4
allows attackers with physical access to restore the phone to factory
defaults without authentication via a menu option, which sets the
administrator password to null.

Analysis
----------------
ED_PRI CAN-2002-0672 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0673
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0673
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020709
Category: SF/CF/MP/SA/AN/unknown
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp

The enrollment process for Pingtel xpressa SIP-based voice-over-IP
phone 1.2.5 through 1.2.7.4 allows attackers with physical access to
the phone to log out the current user and re-register the phone using
MyPingtel Sign-In to gain remote access and perform unauthorized
actions.

Analysis
----------------
ED_PRI CAN-2002-0673 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0674
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0674
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020709
Category: SF/CF/MP/SA/AN/unknown
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4
does not "time out" an inactive administrator session, which could
allow other users to perform administrator actions if the
administrator does not explicitly end the authentication.

Analysis
----------------
ED_PRI CAN-2002-0674 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0678
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0678
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020709
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20020710 [CORE-20020528] Multiple vulnerabilities in ToolTalk Database server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102635906423617&w=2
Reference: CERT:CA-2002-20
Reference: URL:http://www.cert.org/advisories/CA-2002-20.html
Reference: CERT-VN:VU#299816
Reference: URL:http://www.kb.cert.org/vuls/id/299816
Reference: CALDERA:CSSA-2002-SCO.28
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.28/CSSA-2002-SCO.28.txt

CDE ToolTalk database server (ttdbserver) allows local users to
overwrite arbitrary files via a symlink attack on the transaction log
file used by the _TT_TRANSACTION RPC procedure.

Analysis
----------------
ED_PRI CAN-2002-0678 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0685
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0685
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020711
Category: SF
Reference: BUGTRAQ:20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102634756815773&w=2
Reference: NTBUGTRAQ:20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102639521518942&w=2
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.04/hotfix/ReadMe.txt

Buffer overflow in the message decoding functionality for PGP Outlook
Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4,
Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers
to modify the heap and gain privileges via a large, malformed mail
message.

Analysis
----------------
ED_PRI CAN-2002-0685 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0697
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0697
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020712
Category: SF
Reference: MS:MS02-036
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-036.asp

Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to
bypass authentication and modify sensitive data by using an LDAP
client to directly connect to MMS and bypass the checks for MMS
credentials.

Analysis
----------------
ED_PRI CAN-2002-0697 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0698
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0698
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020712
Category: SF
Reference: ISS:20020724 Remote Buffer Overflow Vulnerability in Microsoft Exchange Server
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20759
Reference: MSKB:Q326322
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q326322
Reference: MS:MS02-037
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-037.asp

Buffer overflow in Internet Mail Connector (IMC) for Microsoft
Exchange Server 5.5 allows remote attackers to execute arbitrary code
via an EHLO request from a system with a long name as obtained through
a reverse DNS lookup, which triggers the overflow in IMC's hello
response.

Analysis
----------------
ED_PRI CAN-2002-0698 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0714
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0714
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020720
Category: SF
Reference: REDHAT:RHSA-2002:130
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-130.html
Reference: SUSE:SuSE-SA:2002:025
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
Reference: CONECTIVA:CLA-2002:506
Reference: MANDRAKE:MDKSA-2002:044
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php
Reference: BUGTRAQ:20020715 TSLSA-2002-0062 - squid
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102674543407606&w=2

FTP proxy in Squid before 2.4.STABLE6 does not compare the IP
addresses of control and data connections with the FTP server, which
allows remote attackers to bypass firewall rules or spoof FTP server
responses.

Analysis
----------------
ED_PRI CAN-2002-0714 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0728
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0728
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020723
Category: SF
Reference: CONFIRM:ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207

Buffer overflow in the progressive reader for libpng 1.2.4 and 1.0.14
allows attackers to cause a denial of service (crash) via a PNG data
stream that has more IDAT data than indicated by the IHDR chunk.

Analysis
----------------
ED_PRI CAN-2002-0728 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0776
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0776
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020713 Hosting Controller Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/282129
Reference: CONFIRM:http://hostingcontroller.com/english/logs/sp2log.html

getuserdesc.asp in Hosting Controller 2002 allows remote attackers to
change the passwords of arbitrary users and gain privileges by
modifying the username parameter, as addressed by the "UpdateUser" hot
fix.

Analysis
----------------
ED_PRI CAN-2002-0776 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0663
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0663
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020702
Category: SF
Reference: ATSTAKE:A071502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071502-1.txt
Reference: VULNWATCH:20020715 Re: [VulnWatch] Advisory Name: Norton Personal Internet Firewall HTTP Proxy Vulnerability

Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet
Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a large outgoing HTTP request.

Analysis
----------------
ED_PRI CAN-2002-0663 2
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0675
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0675
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020709
Category: SF/CF/MP/SA/AN/unknown
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: MISC:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4
does not require administrative privileges to perform a firmware
upgrade, which allows unauthorized users to upgrade the phone.

Analysis
----------------
ED_PRI CAN-2002-0675 2
Vendor Acknowledgement: no disputed

ACKNOWLEDGEMENT: the vendor appears to dispute these claims in a
point-by-point response to the @stake advisory: "The firmware can be
upgraded in either of two ways. One way is through a phone's web
browser user interface; only an authenticated 'admin' user is allowed
to access the interface for upgrading a phone. The second way is
through Pingtel's VersionCheck mechanism. While the second way does
not require administrator privileges, this should not be an issue
since the administrator controls which firmware upgrades are made
available to an xpressa phone."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0676
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0676
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020709
Category: SF
Reference: BUGTRAQ:20020706 MacOS X SoftwareUpdate Vulnerability
Reference: MISC:http://www.cunap.com/~hardingr/projects/osx/exploit.html

SoftwareUpdate for MacOS 10.1.x does not use authentication when
downloading a software update, which could allow remote attackers to
execute arbitrary code by posing as the Apple update server via
techniques such as DNS spoofing or cache poisoning, and supplying
Trojan Horse updates.

Analysis
----------------
ED_PRI CAN-2002-0676 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0624
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0624
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: MS:MS02-034
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-034.asp

Buffer overflow in the password encryption function of Microsoft SQL
Server 2000, including Microsoft SQL Server Desktop Engine (MSDE)
2000, allows remote attackers to gain control of the database and
execute arbitrary code via SQL Server Authentication, aka "Unchecked
Buffer in Password Encryption Procedure."

Analysis
----------------
ED_PRI CAN-2002-0624 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0637
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0637
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020625
Category: SF/CF/MP/SA/AN/unknown
Reference: MISC:http://www.securiteam.com/securitynews/5KP000A7QE.html

InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass
virus protection via e-mail messages with headers that violate RFC
specifications by having (or missing) space characters in unexpected
places (aka "space gap"), such as (1) Content-Type :", (2)
"Content-Transfer-Encoding :", (3) no space before a boundary
declaration, or (4) "boundary= ", which is processed by Outlook
Express.

Analysis
----------------
ED_PRI CAN-2002-0637 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0641
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0641
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020628
Category: SF
Reference: MS:MS02-034
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-034.asp
Reference: BUGTRAQ:20020711 Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102639885223746&w=2

Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000,
including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows
attackers with database administration privileges to execute arbitrary
code via a long filename in the BULK INSERT query.

Analysis
----------------
ED_PRI CAN-2002-0641 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0643
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0643
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020628
Category: SF
Reference: BUGTRAQ:20020711 SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102640092826731&w=2
Reference: VULN-DEV:20020711 SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102640394131103&w=2
Reference: MS:MS02-035
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-035.asp

The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and
Microsoft SQL Server 2000 creates setup.iss files with insecure
permissions and does not delete them after installation, which allows
local users to obtain sensitive data, including weakly encrypted
passwords, to gain privileges, aka "SQL Server Installation Process
May Leave Passwords on System."

Analysis
----------------
ED_PRI CAN-2002-0643 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: it might be argued that there are 2 different types of
issues here that deserve separate CVE identifiers, or maybe 3: bad
permissions, weak encryption, and not deleting installation files.  In
this case, the problems are all so closely inter-related, it is
difficult to separate them cleanly.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0645
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0645
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020628
Category: SF
Reference: MS:MS02-038
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-038.asp

SQL injection vulnerability in stored procedures for Microsoft SQL
Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow
authenticated users to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2002-0645 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0649
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0649
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020628
Category: SF
Reference: BUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102760196931518&w=2
Reference: NTBUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102760479902411&w=2
Reference: MS:MS02-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-039.asp

Multiple buffer overflows in SQL Server 2000 Resolution Service allow
remote attackers to cause a denial of service or execute arbitrary
code via UDP packets to port 1434 in which (1) a 0x04 byte causes the
SQL Monitor thread to generate a long registry key name, or (2) a 0x08
byte with a long string causes heap corruption.

Analysis
----------------
ED_PRI CAN-2002-0649 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0667
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0667
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020709
Category: CF
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4
has a default null administrator password, which could allow remote
attackers to gain access to the phone.

Analysis
----------------
ED_PRI CAN-2002-0667 3
Vendor Acknowledgement: unknown
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0670
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0670
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020709
Category: SF/CF/MP/SA/AN/unknown
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp

The web interface for Pingtel xpressa SIP-based voice-over-IP phone
1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for
HTTP basic authentication, which allows remote attackers to steal and
easily decode the passwords via sniffing.

Analysis
----------------
ED_PRI CAN-2002-0670 3
Vendor Acknowledgement: unknown
Content Decisions: INCLUSION, ABSTRACTION

INCLUSION/ABSTRACTION: while the choice of base64 encoding in HTTP
basic authentication does pose a security risk, this type of problem
is reflective of a general class of issue of authentication
information going over the network in plaintext or near-plaintext.
Should every application that makes this choice get its own CAN?  What
about if it's implementing a standard protocol?

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0677
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0677
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020709
Category: SF
Reference: BUGTRAQ:20020710 [CORE-20020528] Multiple vulnerabilities in ToolTalk Database server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102635906423617&w=2
Reference: CERT:CA-2002-20
Reference: URL:http://www.cert.org/advisories/CA-2002-20.html
Reference: CERT-VN:VU#975403
Reference: URL:http://www.kb.cert.org/vuls/id/975403
Reference: CALDERA:CSSA-2002-SCO.28
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.28/CSSA-2002-SCO.28.txt

CDE ToolTalk database server (ttdbserver) allows remote attackers to
overwrite arbitrary memory locations with a zero, and possibly gain
privileges, via a file descriptor argument in an AUTH_UNIX procedure
call, which is used as a table index by the _TT_ISCLOSE procedure.

Analysis
----------------
ED_PRI CAN-2002-0677 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0680
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0680
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020710
Category: SF
Reference: BUGTRAQ:20020710 wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102631742711795&w=2
Reference: VULNWATCH:20020710 [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.html
Reference: BUGTRAQ:20020719 Re: [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102709382714597&w=2

Directory traversal vulnerability in GoAhead Web Server 2.1 allows
remote attackers to read arbitrary files via a URL with an encoded /
(%5C) in a .. (dot dot) sequence.  NOTE: it is highly likely that this
candidate will be REJECTED because it has been reported to be a
duplicate of CAN-2001-0228.

Analysis
----------------
ED_PRI CAN-2002-0680 3
Vendor Acknowledgement: unknown
Content Decisions: INCLUSION

INCLUSION: Maybe this item should not be included in CVE.  It was
reported in CAN-2001-0228 that a "clean" (unencoded) .. affected the
2.1 server.  If that is true, then this encoded version could be
regarded as an alternate attack of the same underlying issue, and
perhaps this item should be rejected.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0681
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0681
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020710
Category: SF
Reference: BUGTRAQ:20020710 wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102631742711795&w=2
Reference: VULNWATCH:20020710 [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.html

Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows
remote attackers to execute script as other web users via script in a
URL that generates a "404 not found" message, which does not quote the
script.

Analysis
----------------
ED_PRI CAN-2002-0681 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0682
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0682
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020710
Category: SF
Reference: BUGTRAQ:20020710 wp-02-0008: Apache Tomcat Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102631703811297&w=2
Reference: VULNWATCH:20020710 [VulnWatch] wp-02-0008: Apache Tomcat Cross Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0014.html

Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows
remote attackers to execute script as other web users via script in a
URL with the /servlet/ mapping, which does not filter the script when
an exception is thrown by the servlet.

Analysis
----------------
ED_PRI CAN-2002-0682 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0683
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0683
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020710
Category: SF
Reference: BUGTRAQ:20020710 wp-02-0012: Carello 1.3 Remote File Execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102631808212876&w=2
Reference: VULNWATCH:20020710 [VulnWatch] wp-02-0012: Carello 1.3 Remote File Execution
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0015.html

Directory traversal vulnerability in Carello 1.3 allows remote
attackers to execute programs on the server via a .. (dot dot) in the
VBEXE parameter.

Analysis
----------------
ED_PRI CAN-2002-0683 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0686
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0686
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020712
Category: SF
Reference: BUGTRAQ:20020709 Sun iPlanet Web Server Buffer Overflow (#NISR09072002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102622220416889&w=2

Buffer overflow in the search component for iPlanet Web Server (iWS)
4.1 and 6.0 allows remote attackers to execute arbitrary code via a
long argument to the NS-rel-doc-name parameter.

Analysis
----------------
ED_PRI CAN-2002-0686 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0713
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0713
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020720
Category: SF
Reference: REDHAT:RHSA-2002:130
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-130.html
Reference: SUSE:SuSE-SA:2002:025
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
Reference: CONECTIVA:CLA-2002:506
Reference: MANDRAKE:MDKSA-2002:044
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php
Reference: BUGTRAQ:20020715 TSLSA-2002-0062 - squid
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102674543407606&w=2

Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code
(1) via the MSNT auth helper (msnt_auth) when using denyusers or
allowusers files, (2) via the gopher client, or (3) via the FTP server
directory listing parser when HTML output is generated.

Analysis
----------------
ED_PRI CAN-2002-0713 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0715
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0715
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020720
Category: SF
Reference: REDHAT:RHSA-2002:130
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-130.html
Reference: SUSE:SuSE-SA:2002:025
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
Reference: CONECTIVA:CLA-2002:506
Reference: MANDRAKE:MDKSA-2002:044
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php
Reference: BUGTRAQ:20020715 TSLSA-2002-0062 - squid
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102674543407606&w=2

Vulnerability in Squid before 2.4.STABLE6 related to proxy
authentication credentials may allow remote web sites to obtain the
user's proxy login and password.

Analysis
----------------
ED_PRI CAN-2002-0715 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0717
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0717
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020722
Category: SF
Reference: BUGTRAQ:20020722 PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102734515923277&w=2
Reference: BUGTRAQ:20020722 Advisory 02/2002: PHP remote vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102734516023281&w=2
Reference: CERT:CA-2002-21
Reference: URL:http://www.cert.org/advisories/CA-2002-21.html
Reference: CERT-VN:VU#929115
Reference: URL:http://www.kb.cert.org/vuls/id/929115
Reference: XF:php-multipart-handler-bo(9635)
Reference: URL:http://www.iss.net/security_center/static/9635.php

PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of
service and possibly execute arbitrary code via an HTTP POST request
with certain arguments in a multipart/form-data form, which generates
an error condition that is not properly handled and causes improper
memory to be freed.

Analysis
----------------
ED_PRI CAN-2002-0717 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0729
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0729
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102760196931518&w=2
Reference: NTBUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102760479902411&w=2

Microsoft SQL Server 2000 allows remote attackers to cause a denial of
service via a malformed 0x08 packet that is missing a colon separator.

Analysis
----------------
ED_PRI CAN-2002-0729 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007