[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-101 - 53 candidates



I am proposing cluster RECENT-101 for review and voting by the
Editorial Board.

Name: RECENT-101
Description: CANs announced between 2002/07/01 and 2002/07/17
Size: 53

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve







Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0819
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0819
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020801
Category: SF
Reference: BUGTRAQ:20020706 LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102607688730228&w=2
Reference: VULN-DEV:20020613 Re: LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102614898620164&w=2
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=kde-multimedia&m=102607939232023&w=2

Format string vulnerability in artsd, when called by artswrapper,
allows local users to gain privileges via format strings in the -a
argument, which results in an error message that is not properly
handled in a call to the arts_fatal function.

Analysis
----------------
ED_PRI CAN-2002-0819 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0855
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0855
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020813
Category: SF
Reference: BUGTRAQ:20020724 cross-site scripting bug of Mailman
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0268.html
Reference: CONFIRM:http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html
Reference: REDHAT:RHSA-2002:176
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-176.html
Reference: REDHAT:RHSA-2002:177
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-177.html
Reference: REDHAT:RHSA-2002:178
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-178.html

Cross-site scripting vulnerability in Mailman before 2.0.12 allows
remote attackers to execute script as other users via a subscriber's
list subscription options.

Analysis
----------------
ED_PRI CAN-2002-0855 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0995
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0995
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020702 PHPAuction bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0014.html
Reference: CONFIRM:http://www.phpauction.org/viewnew.php?id=5
Reference: XF:phpauction-admin-account-creation(9462)
Reference: URL:http://www.iss.net/security_center/static/9462.php
Reference: BID:5141
Reference: URL:http://www.securityfocus.com/bid/5141

login.php for PHPAuction allows remote attackers to gain privileges
via a direct call to login.php with the action parameter set to
"insert," which adds the provided username to the adminUsers table.

Analysis
----------------
ED_PRI CAN-2002-0995 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: the vendor's web site includes an advisory dated the
day after the initial Bugtraq post, which states "This fix addresses
the admin/login.php file and the possible security breach that could
occur without this change. It now has certain security checks added
for a safer admin back-end."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1004
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1004
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020703 Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0029.html
Reference: CONFIRM:http://www.argosoft.com/applications/mailserver/changelist.asp
Reference: BID:5144
Reference: URL:http://www.securityfocus.com/bid/5144
Reference: XF:argosoft-dotdot-directory-traversal(9477)
Reference: URL:http://www.iss.net/security_center/static/9477.php

Directory traversal vulnerability in webmail feature of ArGoSoft Mail
Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read
arbitrary files via .. (dot dot) sequences in a URL.

Analysis
----------------
ED_PRI CAN-2002-1004 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the vendor's change log includes an entry for 1.8.1.6
dated July 03, 2002, which states "Fixed security problem with the
Webmail Reverse Directory Traversal, discovered by team n. finity [the
discloser]."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1006
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1006
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020701 PTL-2002-03 Betsie XSS Vuln
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0002.html
Reference: CONFIRM:http://www.bbc.co.uk/education/betsie/parser.pl.txt
Reference: BID:5135
Reference: URL:http://www.securityfocus.com/bid/5135
Reference: XF:betsie-parserl-xss(9468)
Reference: URL:http://www.iss.net/security_center/static/9468.php

Cross-site scripting vulnerability in BBC Education Text to Speech
Internet Enhancer (Betsie) 1.5.11 and earlier allows remote attackers
to execute arbitrary web script via parserl.pl.

Analysis
----------------
ED_PRI CAN-2002-1006 1
Vendor Acknowledgement: yes patch

ACKNOWLEDGEMENT: the comments inside the parserl.pl script itself
(version 1.5.12 on August 18, 2002) include a statement to "Beat
cross-site scripting vulnerability," and the original Bugtraq poster
is thanked at the top of the page.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1013
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1013
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020702 CORE-20020620: Inktomi Traffic Server Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0023.html
Reference: CONFIRM:http://support.inktomi.com/kb/070202-003.html
Reference: BID:5098
Reference: URL:http://www.securityfocus.com/bid/5098
Reference: XF:inktomi-trafficserver-manager-bo(9465)
Reference: URL:http://www.iss.net/security_center/static/9465.php

Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18
through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4
allows local users to gain root privileges via a long -path argument.

Analysis
----------------
ED_PRI CAN-2002-1013 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1014
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1014
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020712 [SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html
Reference: CONFIRM:http://service.real.com/help/faq/security/bufferoverrun07092002.html
Reference: XF:realplayer-rjs-controlnimage-bo(9538)
Reference: URL:http://www.iss.net/security_center/static/9538.php
Reference: BID:5217
Reference: URL:http://www.securityfocus.com/bid/5217

Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne
Player Gold 6.0.10.505, allows remote attackers to execute arbitrary
code via an RFS skin file whose skin.ini contains a long value in a
CONTROLnImage argument, such as CONTROL1Image.

Analysis
----------------
ED_PRI CAN-2002-1014 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1015
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1015
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020712 [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html
Reference: CONFIRM:http://service.real.com/help/faq/security/bufferoverrun07092002.html
Reference: XF:realplayer-rjs-file-download(9539)
Reference: URL:http://www.iss.net/security_center/static/9539.php
Reference: BID:5210
Reference: URL:http://www.securityfocus.com/bid/5210

RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold
6.0.10.505, allows remote attackers to execute arbitrary script in the
Local computer zone by inserting the script into the skin.ini file of
an RJS archive, then referencing skin.ini from a web page after it has
been extracted, which is parsed as HTML by Internet Explorer or other
Microsoft-based web readers.

Analysis
----------------
ED_PRI CAN-2002-1015 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1025
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1025
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020701 [VulnWatch] KPMG-2002026: Jrun sourcecode Disclosure
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.html
Reference: BUGTRAQ:20020701 KPMG-2002026: Jrun sourcecode Disclosure
Reference: URL:http://online.securityfocus.com/archive/1/280062
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
Reference: BID:5134
Reference: URL:http://www.securityfocus.com/bid/5134
Reference: XF:jrun-null-view-source(9459)
Reference: URL:http://www.iss.net/security_center/static/9459.php

JRun 3.0 through 4.0 allows remote attackers to read JSP source code
via an encoded null byte in an HTTP GET request, which causes the
server to send the .JSP file unparsed.

Analysis
----------------
ED_PRI CAN-2002-1025 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1030
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1030
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020708 [VulnWatch] KPMG-2002029: Bea Weblogic Performance Pack Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html
Reference: BUGTRAQ:20020708 KPMG-2002029: Bea Weblogic Performance Pack Denial of Service
Reference: URL:http://online.securityfocus.com/archive/1/281046
Reference: CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm
Reference: BID:5159
Reference: URL:http://www.securityfocus.com/bid/5159
Reference: XF:weblogic-race-condition-dos(9486)
Reference: URL:http://www.iss.net/security_center/static/9486.php

Race condition in Performance Pack in BEA WebLogic Server and Express
5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial
of service (crash) via a flood of data and connections.

Analysis
----------------
ED_PRI CAN-2002-1030 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: the advisory credits KPMG (the discloser) for
discovering the issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1031
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1031
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020707 KF Web Server version 1.0.2 shows file and directory content
Reference: URL:http://online.securityfocus.com/archive/1/281102
Reference: VULNWATCH:20020707 [VulnWatch] KF Web Server version 1.0.2 shows file and directory content
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0007.html
Reference: CONFIRM:http://www.keyfocus.net/kfws/support/
Reference: BID:5177
Reference: URL:http://www.securityfocus.com/bid/5177
Reference: XF:kfwebserver-null-view-dir(9500)
Reference: URL:http://www.iss.net/security_center/static/9500.php

KeyFocus (KF) web server 1.0.2 allows remote attackers to list
directories and read restricted files via an HTTP request containing a
%00 (null) character.

Analysis
----------------
ED_PRI CAN-2002-1031 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the vendor's change log for 1.0.3, dated July 4,
2002, states: "Security vulnerability - %00. If the requested URL
contains a %00 after a directory name, then the server used to
generate an index of the files in the directory."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1039
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1039
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html
Reference: BUGTRAQ:20020714 Double Choco Latte multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102668783632589&w=2
Reference: CONFIRM:http://dcl.sourceforge.net/index.php
Reference: XF:dcl-dotdot-directory-traversal(9743)
Reference: URL:http://www.iss.net/security_center/static/9743.php

Directory traversal vulnerability in Double Choco Latte (DCL) before
20020706 allows remote attackers to read arbitrary files via .. (dot
dot) sequences when downloading files from the Projects: Attachments
feature.

Analysis
----------------
ED_PRI CAN-2002-1039 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the vendor's changelog, dated July 6, 2002, states:
"Fix to prevent file download spoofing."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1035
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1035
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020701 BufferOverflow in OmniHTTPd 2.09
Reference: URL:http://online.securityfocus.com/archive/1/280132
Reference: XF:omnihttpd-http-version-bo(9457)
Reference: URL:http://www.iss.net/security_center/static/9457.php
Reference: BID:5136
Reference: URL:http://www.securityfocus.com/bid/5136

Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of
service (crash) via an HTTP request with a long, malformed HTTP
1version number.

Analysis
----------------
ED_PRI CAN-2002-1035 2
Vendor Acknowledgement: yes via-email

ACKNOWLEDGEMENT: an email inquiry was sent to support@omnicron.ca on
August 22, 2002, and the vendor replied on August 24 that the
vulnerability was fixed in version 2.10.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0093
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0093
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020313
Category: SF
Reference: COMPAQ:SSRT0794
Reference: URL:http://archives.neohapsis.com/archives/compaq/2002-q3/0009.html
Reference: XF:tru64-ipcs-bo(9613)
Reference: URL:http://www.iss.net/security_center/static/9613.php
Reference: BID:5241
Reference: URL:http://www.securityfocus.com/bid/5241

Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow
attackers to execute arbitrary code, a different vulnerability than
CAN-2001-0423.

Analysis
----------------
ED_PRI CAN-2002-0093 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, INCLUSION

INCLUSION: The advisory is too vague to tell whether it is addressing
the same issue as CAN-2001-0423.  However, Rich Boren confirmed via
email that the problems are different.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0992
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0992
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: HP:HPSBUX0207-196
Reference: URL:http://online.securityfocus.com/advisories/4258
Reference: XF:hp-ipv6-dce-dos(9475)
Reference: URL:http://www.iss.net/security_center/static/9475.php
Reference: BID:5143
Reference: URL:http://www.securityfocus.com/bid/5143

Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced
or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of
service (crash) via an attack that modifies internal data.

Analysis
----------------
ED_PRI CAN-2002-0992 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, SF-EXEC

INCLUSION: the advisory is too vague to understand the nature of the
vulnerability. In addition, it does not say whether a local or remote
attacker can actually cause the crash to happen. If the crash can't be
forced, then this would not qualify for inclusion in CVE; we simply
don't have enough information to know one way or another.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0994
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0994
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020703 SunPCi II VNC weak authentication scheme vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0003.html
Reference: BID:5146
Reference: URL:http://www.securityfocus.com/bid/5146
Reference: XF:sunpci-vnc-weak-authentication(9476)
Reference: URL:http://www.iss.net/security_center/static/9476.php

SunPCi II VNC uses a weak authentication scheme, which allows remote
attackers to obtain the VNC password by sniffing the random byte
challenge, which is used as the key for encrypted communications.

Analysis
----------------
ED_PRI CAN-2002-0994 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0996
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0996
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020715 pwc.20020630.nims_modweb.b
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0153.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963051
Reference: BID:5231
Reference: URL:http://www.securityfocus.com/bid/5231
Reference: XF:netmail-web-interface-bo(9560)
Reference: URL:http://www.iss.net/security_center/static/9560.php
Reference: BID:5230
Reference: URL:http://www.securityfocus.com/bid/5230

Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C
allows remote attackers to cause a denial of service and possibly
execute arbitrary code via (1) WebAdmin or (2) ModWeb.

Analysis
----------------
ED_PRI CAN-2002-0996 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC, SF-LOC

ABSTRACTION: a review of the Novell TID documents for NIMS 3.0.3c
versus 3.0.3a indicates that 3.0.3a included an imapd which did not
change in 3.0.3c; however, 3.0.3a did not include the WebAdmin or the
ModWeb binaries. Therefore the WebAdmin/ModWeb vulnerabilities
appeared in a different version than the imapd problem, so
WebAdmin/ModWeb should be SPLIT from imapd per CD:SF-EXEC; but
WebAdmin/ModWeb should be MERGED together since they appear in the
same version and have the same type of bug.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0997
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0997
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020715 pwc.20020630.nims_3.0.3_imapd.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0152.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2962974
Reference: BID:5232
Reference: URL:http://www.securityfocus.com/bid/5232
Reference: XF:netmail-imap-dos(9559)
Reference: URL:http://www.iss.net/security_center/static/9559.php

Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3
before 3.0.3A allows remote attackers to cause a denial of service.

Analysis
----------------
ED_PRI CAN-2002-0997 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC, SF-LOC

ABSTRACTION: a review of the Novell TID documents for NIMS 3.0.3c
versus 3.0.3a indicates that 3.0.3a included an imapd which did not
change in 3.0.3c; however, 3.0.3a did not include the WebAdmin or the
ModWeb binaries. Therefore the WebAdmin/ModWeb vulnerabilities
appeared in a different version than the imapd problem, so
WebAdmin/ModWeb should be SPLIT from imapd per CD:SF-EXEC.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0998
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0998
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020712 Several problems in CARE 2002
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0128.html
Reference: CONFIRM:http://www.care2x.com/modul.php?thispage=headlines&m_titel=NEWS&m_item=Headlines&lang=en
Reference: BID:5218
Reference: URL:http://www.securityfocus.com/bid/5218
Reference: XF:care2002-include-read-files(9552)
Reference: URL:http://www.iss.net/security_center/static/9552.php

Directory traversal vulnerability in cafenews.php for CARE 2002 before
beta 1.0.02 allows remote attackers to read arbitrary files via ..
(dot dot) sequences and null characters in the lang parameter, which
is processed by a call to the include function.

Analysis
----------------
ED_PRI CAN-2002-0998 3
Vendor Acknowledgement: yes advisory
Content Decisions: EX-BETA

ACKNOWLEDGEMENT: the front web page for CARE 2002 states that "A
possible major vulnerability as pointed out by avart(at)gmx.de is now
patched," and includes a reference that ultimately leads to the
Bugtraq post.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0999
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0999
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020712 Several problems in CARE 2002
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0128.html
Reference: CONFIRM:http://www.care2x.com/modul.php?thispage=headlines&m_titel=NEWS&m_item=Headlines&lang=en
Reference: BID:5219
Reference: URL:http://www.securityfocus.com/bid/5219
Reference: XF:care2002-sql-injection(9553)
Reference: URL:http://www.iss.net/security_center/static/9553.php

Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02
allow remote attackers to perform unautheorized database operations.

Analysis
----------------
ED_PRI CAN-2002-0999 3
Vendor Acknowledgement: yes advisory
Content Decisions: EX-BETA, SF-LOC

ACKNOWLEDGEMENT: the front web page for CARE 2002 states that "A
possible major vulnerability as pointed out by avart(at)gmx.de is now
patched," and includes a reference that ultimately leads to the
Bugtraq post.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1001
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1001
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020701 Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0006.html
Reference: CONFIRM:http://www.analogx.com/contents/download/network/proxy.htm
Reference: XF:analogx-proxy-http-bo(9455)
Reference: URL:http://www.iss.net/security_center/static/9455.php
Reference: XF:analogx-proxy-socks4a-bo(9456)
Reference: URL:http://www.iss.net/security_center/static/9456.php
Reference: BID:5138
Reference: URL:http://www.securityfocus.com/bid/5138
Reference: BID:5139
Reference: URL:http://www.securityfocus.com/bid/5139

Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers
to cause a denial of service and possibly execute arbitrary code via
(1) a long HTTP request to TCP port 6588 or (2) a SOCKS 4A request to
TCP port 1080 with a long DNS hostname.

Analysis
----------------
ED_PRI CAN-2002-1001 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC, SF-EXEC

ACKNOWLEDGEMENT: the changelog on the vendor web site includes an
entry for version 4.12 that "Fixed DNS caching bug reported by
Foundstone [the discloser]."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1003
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1003
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020708 Foundstone Advisory - Buffer Overflow in MyWebServer (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0073.html
Reference: XF:mywebserver-long-url-bo(9501)
Reference: URL:http://www.iss.net/security_center/static/9501.php
Reference: BID:5184
Reference: URL:http://www.securityfocus.com/bid/5184

Buffer overflow in MyWebServer 1.02 and earlier allows remote
attackers to execute arbitrary code via a long HTTP GET request.

Analysis
----------------
ED_PRI CAN-2002-1003 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1007
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1007
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020701 CSS in blackboard
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0005.html
Reference: XF:blackboard-login-xss(9467)
Reference: URL:http://www.iss.net/security_center/static/9467.php
Reference: BID:5137
Reference: URL:http://www.securityfocus.com/bid/5137

Cross-site scripting vulnerabilities in Blackboard 5 allow remote
attackers to execute arbitrary web script via (1) the course_id
parameter in a link to login.pl, (2) the CTID parameter in
ProcessInfo.cgi, or (3) the Message parameter in index.cgi.

Analysis
----------------
ED_PRI CAN-2002-1007 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1009
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1009
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020711 Lil'HTTP Pbcgi.cgi XSS Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0112.html
Reference: BID:5211
Reference: URL:http://www.securityfocus.com/bid/5211
Reference: XF:lilhttp-pbcgi-xss(9548)
Reference: URL:http://www.iss.net/security_center/static/9548.php

Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as
included in Lil' HTTP web server, allows remote attackers to execute
arbitrary web script in other web browsers via the (1) "Name" or (2)
"E-mail" parameters.

Analysis
----------------
ED_PRI CAN-2002-1009 3
Vendor Acknowledgement:
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1010
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1010
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020703 [VulnWatch] Lotus Domino R4 File Retrieval Vulnerability...
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0001.html

Lotus Domino R4 allows remote attackers to bypass access restrictions
for files in the web root via an HTTP request appended with a "?"
character, which is treated as a wildcard character and bypasses the
web handlers.

Analysis
----------------
ED_PRI CAN-2002-1010 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1011
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1011
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020715 Tivoli TMF Endpoint Buffer Overflow
Reference: URL:http://online.securityfocus.com/archive/1/282292
Reference: VULNWATCH:20020715 Tivoli TMF Endpoint Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0023.html
Reference: MISC:http://www.tivoli.com/secure/support/documents/security/mgt-fwk-http-vul.html
Reference: XF:tivoli-tmr-endpoint-bo(9555)
Reference: URL:http://www.iss.net/security_center/static/9555.php
Reference: BID:5235
Reference: URL:http://www.securityfocus.com/bid/5235

Buffer overflow in web server for Tivoli Management Framework (TMF)
Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote
attackers to cause a denial of service or execute arbitrary code via a
long HTTP GET request.

Analysis
----------------
ED_PRI CAN-2002-1011 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC, SF-EXEC

ABSTRACTION: The Endpoint problem is addressed by Fixpack 2 or
3.7.1-TMF-0066, but the ManagedNodes problem will not be addressed
until 4.1, according to the discloser. Therefore CD:SF-LOC/SF-EXEC
suggests a SPLIT between these items, since the vulnerabilities appear
in different versions. ACKNOWLEDGEMENT: the discloser provides a URL
to a security advisory, but that advisory requires user registration
(and possibly a maintenance contract) to access, so vendor
acknowledgement could not be determined.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1012
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1012
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020715 Tivoli TMF ManagedNode Buffer Overflow
Reference: URL:http://online.securityfocus.com/archive/1/282283
Reference: VULNWATCH:20020715 Tivoli TMF ManagedNode Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0024.html
Reference: MISC:http://www.tivoli.com/secure/support/documents/security/mgt-fwk-http-vul.html
Reference: BID:5233
Reference: URL:http://www.securityfocus.com/bid/5233
Reference: XF:tivoli-tmr-managednode-bo(9556)
Reference: URL:http://www.iss.net/security_center/static/9556.php

Buffer overflow in web server for Tivoli Management Framework (TMF)
ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a
denial of service or execute arbitrary code via a long HTTP GET
request.

Analysis
----------------
ED_PRI CAN-2002-1012 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC, SF-EXEC

ABSTRACTION: The Endpoint problem is addressed by Fixpack 2 or
3.7.1-TMF-0066, but the ManagedNodes problem will not be addressed
until 4.1, according to the discloser. Therefore CD:SF-LOC/SF-EXEC
suggests a SPLIT between these items, since the vulnerabilities appear
in different versions. ACKNOWLEDGEMENT: the discloser provides a URL
to a security advisory, but that advisory requires user registration
(and possibly a maintenance contract) to access, so vendor
acknowledgement could not be determined.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1018
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1018
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020712 [VulnWatch] Vulnerability found: The Adobe eBook Library (fwd)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html
Reference: VULN-DEV:20020712 Vulnerability found: The Adobe eBook Library
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102649215618643&w=2
Reference: BUGTRAQ:20020712 Vulnerability found: The Adobe eBook Library
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102650064028760&w=2

The library feature for Adobe Content Server 3.0 does not verify if a
customer has already checked out an eBook, which allows remote
attackers to cause a denial of service (resource exhaustion) by
checking out the same book multiple times.

Analysis
----------------
ED_PRI CAN-2002-1018 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1019
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1019
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020712 [VulnWatch] Vulnerability found: The Adobe eBook Library (fwd)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html
Reference: VULN-DEV:20020712 Vulnerability found: The Adobe eBook Library
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102649215618643&w=2
Reference: BUGTRAQ:20020712 Vulnerability found: The Adobe eBook Library
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102650064028760&w=2

The library feature for Adobe Content Server 3.0 allows a remote
attacker to check out an eBook for an arbitrary length of time via a
modified loanMin parameter to download.asp.

Analysis
----------------
ED_PRI CAN-2002-1019 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1020
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1020
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020712 [VulnWatch] Vulnerability found: The Adobe eBook Library (fwd)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html
Reference: VULN-DEV:20020712 Vulnerability found: The Adobe eBook Library
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102649215618643&w=2
Reference: BUGTRAQ:20020712 Vulnerability found: The Adobe eBook Library
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102650064028760&w=2

The library feature for Adobe Content Server 3.0 allows a remote
attacker to check out an eBook even when the maximum number of loans
is exceeded by accessing the "Add to bookbag" feature when the server
reports that no more copies are available.

Analysis
----------------
ED_PRI CAN-2002-1020 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1021
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1021
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020712 Three BadBlue Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html
Reference: BID:5226
Reference: URL:http://www.securityfocus.com/bid/5226
Reference: XF:badblue-null-file-disclosure(9557)
Reference: URL:http://www.iss.net/security_center/static/9557.php

BadBlue server allows remote attackers to read restricted files, such
as EXT.INI, via an HTTP request that contains a hex-encoded null byte.

Analysis
----------------
ED_PRI CAN-2002-1021 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1022
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1022
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020712 Three BadBlue Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html
Reference: XF:badblue-plaintext-passwords(9558)
Reference: URL:http://www.iss.net/security_center/static/9558.php
Reference: BID:5228
Reference: URL:http://www.securityfocus.com/bid/5228

BadBlue server stores passwords in plaintext in the ext.ini file,
which could allow local nad possibly remote attackers to gain
privileges.

Analysis
----------------
ED_PRI CAN-2002-1022 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1023
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1023
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020712 Three BadBlue Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html
Reference: XF:badblue-get-dos(9528)
Reference: URL:http://www.iss.net/security_center/static/9528.php
Reference: BID:5187
Reference: URL:http://www.securityfocus.com/bid/5187

BadBlue server allows remote attackers to cause a denial of service
(crash) via an HTTP GET request without a URI.

Analysis
----------------
ED_PRI CAN-2002-1023 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1026
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1026
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020701 KPMG-2002028: Sitespring Server Denial of Service
Reference: URL:http://online.securityfocus.com/archive/1/280079
Reference: VULNWATCH:20020701 [VulnWatch] KPMG-2002028: Sitespring Server Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0140.html
Reference: XF:sitespring-sybase-dos(9458)
Reference: URL:http://www.iss.net/security_center/static/9458.php
Reference: BID:5132
Reference: URL:http://www.securityfocus.com/bid/5132

Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine
7.0.2.1480 allows remote attackers to cause a denial of service
(crash) via a long malformed request to TCP port 2500, possibly
triggering a buffer overflow.

Analysis
----------------
ED_PRI CAN-2002-1026 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1027
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1027
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020717 KPMG-2002032: Macromedia Sitespring Cross Site Scripting
Reference: URL:http://online.securityfocus.com/archive/1/282742
Reference: VULNWATCH:20020717 [VulnWatch] KPMG-2002032: Macromedia Sitespring Cross Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0029.html
Reference: BID:5249
Reference: URL:http://www.securityfocus.com/bid/5249
Reference: XF:sitespring-500error-xss(9588)
Reference: URL:http://www.iss.net/security_center/static/9588.php

Cross-site scripting vulnerability in the default HTTP 500 error
script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows
remote attackers to execute arbitrary web script via a link to
500error.jsp with the script in 1the et parameter.

Analysis
----------------
ED_PRI CAN-2002-1027 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1028
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1028
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020716 Outpost24 Advisory: Oddsock PlaylistGenerator Multiple BufferOverlow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0175.html
Reference: MISC:http://www.oddsock.org/tools/gen_songrequester/#Release%202.2%20Notes%20:
Reference: BID:5248
Reference: URL:http://www.securityfocus.com/bid/5248
Reference: XF:oddsock-song-requester-dos(9585)
Reference: URL:http://www.iss.net/security_center/static/9585.php

Multiple buffer overflows in the CGI programs for Oddsock Song
Requester WinAmp plugin 2.1 allow remote attackers to cause a denial
of service (crash) via long arguments.

Analysis
----------------
ED_PRI CAN-2002-1028 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC, SF-EXEC

ACKNOWLEDGEMENT: vendor ack is not absolutely certain. While the
changelog indicates that version 2.2 fixed a buffer overflow, it's not
clear whether it fixes *this* buffer overflow.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1029
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1029
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020704 Worldspan DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0048.html
Reference: XF:worldspan-res-manager-dos(9490)
Reference: URL:http://www.iss.net/security_center/static/9490.php
Reference: BID:5169
Reference: URL:http://www.securityfocus.com/bid/5169

Res Manager in Worldspan for Windows Gateway 4.1 allows remote
attackers to cause a denial of service (crash) via a malformed request
to TCP port 17990.

Analysis
----------------
ED_PRI CAN-2002-1029 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1033
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1033
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020711 Portcullis Security Advisory - Directory Traversal Vulnerability in SunPS iRunbook 2.5.2
Reference: URL:http://online.securityfocus.com/archive/1/281786
Reference: BID:5209
Reference: URL:http://www.securityfocus.com/bid/5209
Reference: XF:sun-irunbook-information-disclosure(9549)
Reference: URL:http://www.iss.net/security_center/static/9549.php

Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2
allows remote attackers to read arbitrary files via a "..:" sequence
(dot-dot variant) in the argument.

Analysis
----------------
ED_PRI CAN-2002-1033 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ABSTRACTION: while ".." and "/full/path" issues are closely related,
they are different types of issues, which suggests a SPLIT by
CD:SF-LOC.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1034
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1034
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020711 Portcullis Security Advisory - Directory Traversal Vulnerability in SunPS iRunbook 2.5.2
Reference: URL:http://online.securityfocus.com/archive/1/281786
Reference: BID:5209
Reference: URL:http://www.securityfocus.com/bid/5209
Reference: XF:sun-irunbook-information-disclosure(9549)
Reference: URL:http://www.iss.net/security_center/static/9549.php

none.php for SunPS iRunbook 2.5.2 allows remote attackers to read
arbitrary files via an absolute pathname in the argument.

Analysis
----------------
ED_PRI CAN-2002-1034 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ABSTRACTION: while ".." and "/full/path" issues are closely related,
they are different types of issues, which suggests a SPLIT by
CD:SF-LOC.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1036
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1036
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020710 XSS Hole in Fluid Dynamics search Engine
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0096.html
Reference: BUGTRAQ:20020710 RE: XSS Hole in Fluid Dynamics Search engine
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0094.html
Reference: CONFIRM:http://www.xav.com/scripts/search/changes.htm#4
Reference: BID:5199
Reference: URL:http://www.securityfocus.com/bid/5199
Reference: XF:fd-search-xss(9533)
Reference: URL:http://www.iss.net/security_center/static/9533.php

Cross-site scripting vulnerability in search.pl for Fluid Dynamics
Search Engine (FDSE) before 2.0.0.0055 allows remote attackers to
execute web script via the (1) Rank or (2) Match parameters.

Analysis
----------------
ED_PRI CAN-2002-1036 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-LOC

ACCURACY: the "Match" parameter was mentioned by the vendor in the
changelog for v2.0.0.0055.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1037
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1037
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html
Reference: BUGTRAQ:20020714 Double Choco Latte multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102668783632589&w=2
Reference: CONFIRM:http://dcl.sourceforge.net/index.php
Reference: BID:5182
Reference: URL:http://www.securityfocus.com/bid/5182
Reference: XF:dcl-html-injection(9532)
Reference: URL:http://www.iss.net/security_center/static/9532.php

Cross-site scripting vulnerability in Double Choco Latte (DCL) before
20020706 allows remote attackers to inject arbitrary HTML, including
script, into web pages via the (1) Ticket# Find, (2) Priorities, (3)
Severities, (4) Projects, (5) WO# Find, (6) Departments and (7) Users
features.

Analysis
----------------
ED_PRI CAN-2002-1037 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: the vendor's changelog, dated July 6, 2002, states:
"Escaping of html in data displayed from entry to avoid exploits."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1038
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1038
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html
Reference: BUGTRAQ:20020714 Double Choco Latte multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102668783632589&w=2
Reference: CONFIRM:http://dcl.sourceforge.net/index.php
Reference: XF:dcl-file-upload(9742)
Reference: URL:http://www.iss.net/security_center/static/9742.php

Double Choco Latte (DCL) before 20020706 does not properly verify if a
file was uploaded, which allows remote attackers to conduct certain
operations on arbitrary files via the (1) Projects: Upload File
Attachment or (2) Work Orders: Import features.

Analysis
----------------
ED_PRI CAN-2002-1038 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: the vendor's changelog, dated July 6, 2002, states:
"File upload verification to prevent spoofing."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1040
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: AIXAPAR:IY29749
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0000.html

Unknown vulnerability in the WebSecure (DFSWeb) configuration
utilities in AIX 4.x, possibly related to relative pathnames.

Analysis
----------------
ED_PRI CAN-2002-1040 3
Vendor Acknowledgement: yes patch
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1041
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1041
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: AIXAPAR:IY23359
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0000.html
Reference: AIXAPAR:IY29579
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0000.html

Unknown vulnerability in DCE (1) SMIT panels and (2) configuration
commands, possibly related to relative pathnames.

Analysis
----------------
ED_PRI CAN-2002-1041 3
Vendor Acknowledgement: yes patch
Content Decisions: SF-LOC, VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1042
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1042
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020709 iPlanet Remote File Viewing
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html
Reference: BID:5191
Reference: URL:http://www.securityfocus.com/bid/5191
Reference: XF:iplanet-search-view-files(9517)
Reference: URL:http://www.iss.net/security_center/static/9517.php

Directory traversal vulnerability in search engine for iPlanet web
server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when
running on Windows platforms, allows remote attackers to read
arbitrary files via ..\ (dot-dot backslash) sequences in the
NS-query-pat parameter.

Analysis
----------------
ED_PRI CAN-2002-1042 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1043
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1043
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020711 Popcorn vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html
Reference: XF:popcorn-mail-dos(9547)
Reference: URL:http://www.iss.net/security_center/static/9547.php
Reference: BID:5212
Reference: URL:http://www.securityfocus.com/bid/5212

Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of
service (crash) via a malformed Subject ("\t\t").

Analysis
----------------
ED_PRI CAN-2002-1043 3
Vendor Acknowledgement: no unsupported
Content Decisions: EX-CLIENT-DOS, SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1044
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1044
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020711 Popcorn vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html
Reference: XF:popcorn-mail-dos(9547)
Reference: URL:http://www.iss.net/security_center/static/9547.php
Reference: BID:5212
Reference: URL:http://www.securityfocus.com/bid/5212

Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code
via a long Subject field.

Analysis
----------------
ED_PRI CAN-2002-1044 3
Vendor Acknowledgement: no unsupported
Content Decisions: EX-CLIENT-DOS, SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1045
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1045
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020711 Popcorn vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html
Reference: XF:popcorn-mail-dos(9547)
Reference: URL:http://www.iss.net/security_center/static/9547.php
Reference: BID:5212
Reference: URL:http://www.securityfocus.com/bid/5212

Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of
service (crash) via a malformed Date field that is converted into a
year greater than 2037.

Analysis
----------------
ED_PRI CAN-2002-1045 3
Vendor Acknowledgement: no unsupported
Content Decisions: EX-CLIENT-DOS, SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1046
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1046
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020709 [VulnWatch] KPMG-2002030: Watchguard Firebox Dynamic VPN Configuration Protocol DoS
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0012.html
Reference: BID:5186
Reference: URL:http://www.securityfocus.com/bid/5186
Reference: XF:firebox-dvcp-dos(9509)
Reference: URL:http://www.iss.net/security_center/static/9509.php

Dynamic VPN Configuration Protocol service (DVCP) in Watchguard
Firebox firmware 5.x.x allows remote attackers to cause a denial of
service (crash) via a malformed packet containing tab characters to
TCP port 4110.

Analysis
----------------
ED_PRI CAN-2002-1046 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1047
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1047
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: VULNWATCH:20020701 [VulnWatch] KPMG-2002027: Watchguard Soho FTP authentication flaw
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0139.html
Reference: XF:firebox-soho-ftp-insecure(9511)
Reference: URL:http://www.iss.net/security_center/static/9511.php

The FTP service in Watchguard Soho Firewall 5.0.35a allows remote
attackers to gain privileges with a correct password but an incorrect
user name.

Analysis
----------------
ED_PRI CAN-2002-1047 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1052
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1052
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020717 KPMG-2002031: Jigsaw Webserver Path Disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102691753204392&w=2
Reference: VULNWATCH:20020717 [VulnWatch] KPMG-2002031: Jigsaw Webserver Path Disclosure
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0028.html
Reference: VULNWATCH:20020717 [VulnWatch] KPMG-2002034: Jigsaw Webserver DOS device DoS
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0031.html
Reference: BUGTRAQ:20020717 KPMG-2002034: Jigsaw Webserver DOS device DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102692936820193&w=2
Reference: BID:5258
Reference: URL:http://www.securityfocus.com/bid/5258
Reference: XF:jigsaw-dos-device-dos(9587)
Reference: URL:http://www.iss.net/security_center/static/9587.php
Reference: XF:jigsaw-aux-path-disclosure(9586)
Reference: URL:http://www.iss.net/security_center/static/9586.php
Reference: BID:5251
Reference: URL:http://www.securityfocus.com/bid/5251

Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS
device names in HTTP requests to (1) cause a denial of service using
the "con" device, or (2) obtain the physical path of the server using
two requests to the "aux" device.

Analysis
----------------
ED_PRI CAN-2002-1052 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests combining problems of the same types
that affect the same versions. While the results of accessing the
"con" device are different than that for the "aux" device, both are
instances of the same vulnerability type - "doesn't filter MSDOS
device names." Therefore these problems are combined.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1070
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1070
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020716 Wiki module postnuke Cross Site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0190.html
Reference: XF:phpwiki-xss(9627)
Reference: URL:http://www.iss.net/security_center/static/9627.php
Reference: BID:5254
Reference: URL:http://www.securityfocus.com/bid/5254

Cross-site scripting vulnerability in PHPWiki Postnuke wiki module
allows remote attackers to execute script as other PHPWiki users via
the pagename parameter.

Analysis
----------------
ED_PRI CAN-2002-1070 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1089
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1089
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: CF
Reference: BUGTRAQ:20020717 [AP] Oracle Reports Server Information Disclosure Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0203.html

rwcgi60 CGI program in Oracle Reports Server, by design, provides
sensitive information such as the full pathname, which could enable
remote attackers to use the information in additional attacks.

Analysis
----------------
ED_PRI CAN-2002-1089 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007