[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-103 - 41 candidates



I am proposing cluster RECENT-103 for review and voting by the
Editorial Board.

Name: RECENT-103
Description: CANs announced between 2002/08/01 and 2002/08/15
Size: 41

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve







Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0632
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0632
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020621
Category: SF
Reference: SGI:20020804-01-P

Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier
allows clients to read arbitrary files on a BDS server.

Analysis
----------------
ED_PRI CAN-2002-0632 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0679
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0679
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020709
Category: SF
Reference: BUGTRAQ:20020812 ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Database
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102917002523536&w=2
Reference: CERT:CA-2002-26
Reference: URL:http://www.cert.org/advisories/CA-2002-26.html
Reference: CERT-VN:VU#387387
Reference: URL:http://www.kb.cert.org/vuls/id/387387
Reference: CALDERA:CSSA-2002-SCO.28.1
Reference: COMPAQ:SSRT2274
Reference: AIXAPAR:IY32792
Reference: AIXAPAR:IY32793

Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC
database server (rpc.ttdbserverd) allows remote attackers to execute
arbitrary code via an argument to the _TT_CREATE_FILE procedure.

Analysis
----------------
ED_PRI CAN-2002-0679 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0700
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0700
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020712
Category: SF
Reference: MS:MS02-041
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-041.asp

Buffer overflow in a system function that performs user authentication
for Microsoft Content Management Server (MCMS) 2001 allows attackers
to execute code in the Local System context by authenticating to a web
page that calls the function, aka "Unchecked Buffer in MDAC Function
Could Enable SQL Server Compromise."

Analysis
----------------
ED_PRI CAN-2002-0700 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0718
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0718
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: MS:MS02-041
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-041.asp

Web authoring command in Microsoft Content Management Server (MCMS)
2001 allows attackers to authenticate and upload executable content,
by modifying the upload location, aka "Program Execution via MCMS
Authoring Function."

Analysis
----------------
ED_PRI CAN-2002-0718 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0719
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0719
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: MS:MS02-041
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-041.asp

SQL injection vulnerability in the function that services for
Microsoft Content Management Server (MCMS) 2001 allows remote
attackers to execute arbitrary commands via an MCMS resource request
for image files or other files.

Analysis
----------------
ED_PRI CAN-2002-0719 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0720
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0720
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: MS:MS02-042
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-042.asp

A handler routine for the Network Connection Manager (NCM) allows
local users to gain privileges via a complex attack that causes the
handler to run in the LocalSystem context with user-specified code.

Analysis
----------------
ED_PRI CAN-2002-0720 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0721
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0721
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: BUGTRAQ:20020816  Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102950473002959&w=2
Reference: NTBUGTRAQ:20020816  Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102950792606475&w=2
Reference: MS:MS02-043
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-043.asp

Microsoft SQL Server 7.0 and 2000 installs with weak permissions for
extended stored procedures that are associated with helper functions,
which could allow unprivileged users, and possibly remote attackers,
to run stored procedures with administrator privileges via (1)
xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.

Analysis
----------------
ED_PRI CAN-2002-0721 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0818
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0818
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020801
Category: SF
Reference: BUGTRAQ:20020718 wwwoffle-2.7b and prior segfaults with negative Content-Length value
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0194.html
Reference: SUSE:SuSE-SA:2002:029
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102821890317683&w=2
Reference: DEBIAN:DSA-144
Reference: URL:http://www.debian.org/security/2002/dsa-144
Reference: XF:wwwoffle-neg-length-bo(9619)
Reference: URL:http://www.iss.net/security_center/static/9619.php
Reference: BID:5260
Reference: URL:http://www.securityfocus.com/bid/5260

wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a negative Content-Length value.

Analysis
----------------
ED_PRI CAN-2002-0818 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0823
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0823
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020802
Category: SF
Reference: BUGTRAQ:20020801 Winhelp32 Remote Buffer Overrun
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102822806329440&w=2
Reference: NTBUGTRAQ:20020801 Winhlp32.exe Remote BufferOverrun
Reference: MSKB:Q293338
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;en-us;q293338

Buffer overflow in Winhlp32.exe allows remote attackers to execute
arbitrary code via an HTML document that calls the HTML Help ActiveX
control (HHCtrl.ocx) with a long pathname in the Item parameter.

Analysis
----------------
ED_PRI CAN-2002-0823 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0826
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0826
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020806
Category: SF
Reference: ATSTAKE:A080802-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a080802-1.txt
Reference: CONFIRM:http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html

Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated
users to execute arbitrary code via a long SITE CPWD command.

Analysis
----------------
ED_PRI CAN-2002-0826 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the vendor's patches/upgrades page includes an item
for 3.1.2 that "corrects a security issue relating to the processing
of the SITE CPWD command...  Fixed buffer overrun in CPWD command"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0829
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0829
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020806
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:35.ffs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865404413458&w=2

Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD
4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary
file contents within FFS to gain privileges by creating a file that is
larger than allowed by the virtual memory system.

Analysis
----------------
ED_PRI CAN-2002-0829 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0830
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0830
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020806
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:36.nfs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865517214722&w=2

Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, and
possibly other operating systems, allows remote attackers to cause a
denial of service (hang) via an RPC message with a zero length
payload, which causes NFS to reference a previous payload and enter an
infinite loop.

Analysis
----------------
ED_PRI CAN-2002-0830 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0831
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0831
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020806
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:37.kqueue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865142610126&w=2

The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local
users to cause a denial of service (kernel panic) via a pipe call in
which one end is terminated and an EVFILT_WRITE filter is registered
for the other end.

Analysis
----------------
ED_PRI CAN-2002-0831 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0845
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0845
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020809
Category: SF
Reference: BUGTRAQ:20020808 EEYE: Sun(TM) ONE / iPlanet Web Server 4.1 and 6.0 Remote Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102890933623192&w=2
Reference: CONFIRM:http://www.sun.com/service/support/software/iplanet/alerts/transferencodingalert-23july2002.html
Reference: XF:iplanet-chunked-encoding-bo(9799)
Reference: URL:http://www.iss.net/security_center/static/9799.php
Reference: BID:5433
Reference: URL:http://www.securityfocus.com/bid/5433

Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows
remote attackers to execute arbitrary code via an HTTP request using
chunked transfer encoding.

Analysis
----------------
ED_PRI CAN-2002-0845 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0846
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0846
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020809
Category: SF
Reference: BUGTRAQ:20020808 EEYE: Macromedia Shockwave Flash Malformed Header Overflow
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23293

The decoder for Macromedia Shockwave Flash allows remote attackers to
execute arbitrary code via a malformed SWF header that contains more
data than the specified length.

Analysis
----------------
ED_PRI CAN-2002-0846 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0847
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0847
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020809
Category: SF
Reference: DEBIAN:DSA-145
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102874450402924&w=2
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=88790
Reference: XF:tinyproxy-memory-corruption(9079)
Reference: URL:http://www.iss.net/security_center/static/9079.php
Reference: BID:4731
Reference: URL:http://www.securityfocus.com/bid/4731

tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers
to execute arbitrary code via memory that is freed twice
(double-free).

Analysis
----------------
ED_PRI CAN-2002-0847 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: the vendor's changelog for 1.5.0 states: "Fixed a
bunch of memory leaks, and situations where memory was being freed
twice (a potential security problem.)"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0848
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0848
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020809
Category: SF
Reference: CISCO:20020807 Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml

Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier,
and 5.2.23.0003 and earlier, when using RADIUS with a challenge type
of Password Authentication Protocol (PAP) or Challenge, sends the user
password in cleartext in a validation retry request, which could allow
remote attackers to steal passwords via sniffing.

Analysis
----------------
ED_PRI CAN-2002-0848 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0851
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0851
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020810
Category: SF
Reference: VULNWATCH:20020809 Local Root Exploit
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0068.html
Reference: SUSE:SuSE-SA:2002:030
Reference: XF:isdn4linux-ipppd-format-string(9811)
Reference: URL:http://www.iss.net/security_center/static/9811.php
Reference: BID:5437
Reference: URL:http://www.securityfocus.com/bid/5437

Format string vulnerability in ISDN Point to Point Protocol (PPP)
daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to
gain root privileges via format strings in the device name command
line argument, which is not properly handled in a call to syslog.

Analysis
----------------
ED_PRI CAN-2002-0851 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0852
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0852
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020812
Category: SF
Reference: CISCO:20020812 Cisco VPN Client Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml

Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4
and earlier allows remote attackers to cause a denial of service via
(1) an Internet Key Exchange (IKE) with a large Security Parameter
Index (SPI) payload, or (2) an IKE packet with a large number of valid
payloads.

Analysis
----------------
ED_PRI CAN-2002-0852 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0853
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0853
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020812
Category: SF
Reference: CISCO:20020812 Cisco VPN Client Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml

Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows
remote attackers to cause a denial of service (CPU consumption) via a
packet with a zero-length payload.

Analysis
----------------
ED_PRI CAN-2002-0853 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0856
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0856
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020813
Category: SF
Reference: ISS:20020813 Remote Denial of Service Vulnerability in Oracle9i SQL*NET
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf
Reference: XF:oracle-listener-debug-dos(9237)
Reference: URL:http://www.iss.net/security_center/static/9237.php

SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote
attackers to cause a denial of service (crash) via certain debug
requests that are not properly handled by the debugging feature.

Analysis
----------------
ED_PRI CAN-2002-0856 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0871
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0871
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: DEBIAN:DSA-151
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102927065426172&w=2
Reference: BUGTRAQ:20020814 GLSA: xinetd
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102935383506155&w=2

xinetd 2.3.4 leaks file descriptors for the signal pipe to services
that are launched by xinetd, which could allow those services cause a
denial of service via the pipe.

Analysis
----------------
ED_PRI CAN-2002-0871 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0872
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0872
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: DEBIAN:DSA-152
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102927221427782&w=2

l2tpd 0.67 does not initialize the random number generator, which
allows remote attackers to hijack sessions.

Analysis
----------------
ED_PRI CAN-2002-0872 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0873
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0873
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020813 New l2tpd release 0.68
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102925612907148&w=2
Reference: DEBIAN:DSA-152
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102927221427782&w=2

Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the
vendor field via a long value in an attribute/value pair, possibly via
a buffer overflow.

Analysis
----------------
ED_PRI CAN-2002-0873 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0970
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0970
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020821
Category: SF
Reference: BUGTRAQ:20020812 Re: IE SSL Vulnerability (Konqueror affected too)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918241005893&w=2
Reference: DEBIAN:DSA-155
Reference: URL:http://www.debian.org/security/2002/dsa-155

The SSL capability for Konqueror in KDE 3.0.2 and earlier does not
verify the Basic Constraints for an intermediate CA-signed
certificate, which allows remote attackers to spoof the certificates
of trusted sites via a man-in-the-middle attack.

Analysis
----------------
ED_PRI CAN-2002-0970 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0660
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0660
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020702
Category: SF
Reference: DEBIAN:DSA-140
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102858558321355&w=2
Reference: REDHAT:RHSA-2002:151
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-151.html
Reference: REDHAT:RHSA-2002:152
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-152.html

Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3
1.2.1-1.1.woody.2 on Debian Linux 3.0, and other operating systems,
may allow attackers to cause a denial of service and possibly execute
arbitrary code, a different vulnerability than CAN-2002-0728.

Analysis
----------------
ED_PRI CAN-2002-0660 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0661
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0661
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020702
Category: SF
Reference: BUGTRAQ:20020809 Apache 2.0 vulnerability affects non-Unix platforms
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102892744011436&w=2
Reference: BUGTRAQ:20020816 Apache 2.0.39 directory traversal and path disclosure bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102951160411052&w=2
Reference: CONFIRM:http://httpd.apache.org/info/security_bulletin_20020908a.txt

Directory traversal vulnerability in Apache 2.0 through 2.0.39 on
Windows, OS2, and Netware allows remote attackers to read arbitrary
files and execute commands via .. (dot dot) sequences containing \
(backslash) characters.

Analysis
----------------
ED_PRI CAN-2002-0661 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0812
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0812
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020730
Category: SF
Reference: VULNWATCH:20020809 [VulnWatch] Foundstone Labs Advisory - Information Leakage in Orinoco and Compaq Access Points

Information leak in Compaq WL310, and the Orinoco Residential Gateway
access point it is based on, uses a system identification string as a
default SNMP read/write community string, which allows remote
attackers to obtain and modify sensitive configuration information by
querying for the identification string.

Analysis
----------------
ED_PRI CAN-2002-0812 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0828
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0828
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020806
Category: SF
Reference: BUGTRAQ:20020805 IE SSL Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102866120821995&w=2
Reference: BUGTRAQ:20020812 IE SSL Exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918200405308&w=2

The SSL capability for Internet Explorer 5, 5.5, and 6 does not verify
the Basic Constraints for an intermediate CA-signed certificate, which
allows remote attackers to spoof the certificates of trusted sites via
a man-in-the-middle attack.

Analysis
----------------
ED_PRI CAN-2002-0828 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0832
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0832
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020806
Category: SF
Reference: BUGTRAQ:20020804 Bypassing cookie restrictions in IE 5+6
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102864890006745&w=2

Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass
cookie privacy settings and store information across browser sessions
via the userData (storeuserData) feature.

Analysis
----------------
ED_PRI CAN-2002-0832 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0833
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0833
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020806
Category: SF
Reference: BUGTRAQ:20020805 [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102858453720304&w=2
Reference: BUGTRAQ:20020808 [SNS Advisory No.55 rev.2] Eudora 5.x for Windows Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102883538924494&w=2

Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly
other versions, allows remote attackers to execute arbitrary code via
a multi-part message with a long boundary string.

Analysis
----------------
ED_PRI CAN-2002-0833 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0849
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0849
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020809
Category: SF
Reference: BUGTRAQ:20020808 iDEFENSE Security Advisory: iSCSI Default Configuration File Settings
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102882056105806&w=2
Reference: BUGTRAQ:20020808 Re: [VulnWatch] iDEFENSE Security Advisory: iSCSI Default Configuration File Settings
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102891036424424&w=2

Linux-iSCSI iSCSI implementation installs the iscsi.conf file with
world-readable permissions on some operating systems, including Red
Hat Linux Limbo Beta #1, which could allow local users to gain
privileges by reading the cleartext CHAP password.

Analysis
----------------
ED_PRI CAN-2002-0849 3
Vendor Acknowledgement: unknown
Content Decisions: EX-BETA

INCLUSION: some vendors, including Cisco and SuSE, have said that they
are not vulnerable to this issue.  If the only vulnerable system is a
beta product, then CD:EX-BETA suggests excluding it from CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0854
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0854
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020812
Category: SF
Reference: SUSE:SuSE-SA:2002:030

Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd)
in the i4l package on SuSE 7.3, 8.0, and possibly other operating
systems, may allow local users to gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0854 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0857
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0857
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020815
Category: SF
Reference: BUGTRAQ:20020814 Oracle Listener Control Format String Vulnerabilities (#NISR14082002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102933735716634&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf

Format string vulnerabilities in Oracle Listener Control utility
(lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote
attackers to execute arbitrary code on the Oracle DBA system by
placing format strings into certain entries in the listener.ora
configuration file.

Analysis
----------------
ED_PRI CAN-2002-0857 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0858
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0858
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020815
Category: SF
Reference: BUGTRAQ:20020812 Vulnerability in Oracle
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918005402808&w=2

catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a
default dbsnmp password, which allows attackers to perform restricted
database operations and possibly gain other privileges.

Analysis
----------------
ED_PRI CAN-2002-0858 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0870
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0870
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: CISCO:20020814 Cisco Content Service Switch 11000 Series Web Management Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml

The original patch for the Cisco Content Service Switch 11000 Series
authentication bypass vulnerability (CVE-2001-0622) was incomplete,
which still allows remote attackers to gain additional privileges by
directly requesting the web management URL instead of navigating
through the interface, possibly via a variant of the original attack,
as identified by Cisco bug ID CSCdw08549.

Analysis
----------------
ED_PRI CAN-2002-0870 3
Vendor Acknowledgement: yes advisory
Content Decisions: BADPATCH, VAGUE, SF-LOC

INCLUSION/ABSTRACTION: CD:SF-LOC suggests that if an issue appears in
a version that does not exhibit another issue, then those two issues
should be SPLIT.  While the advisory is vague as to whether there were
2 separate failure points, the presence of a new Cisco bug ID suggests
that there is; in addition, admins who fixed their systems with
respect to CVE-2001-0622, would still be vulnerable, which further
suggests a SPLIT (per the newly-formed CD:BADPATCH).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0874
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0874
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: DEBIAN:DSA-150
Reference: URL:http://www.debian.org/security/2002/dsa-150

Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when
running in INET mode, allows remote attackers to read arbitrary files.

Analysis
----------------
ED_PRI CAN-2002-0874 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0974
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0974
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020821
Category: SF
Reference: BUGTRAQ:20020815 Delete arbitrary files using Help and Support Center [MSRC 1198dg]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102942549832077&w=2

Help and Support Center for Windows XP allows remote attackers to
delete arbitrary files via a link to the hcp: protocol that accesses
uplddrvinfo.htm.

Analysis
----------------
ED_PRI CAN-2002-0974 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0980
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0980
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020821
Category: SF
Reference: BUGTRAQ:20020815 SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102942234427691&w=2
Reference: VULN-DEV:20020815 SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102943486811091&w=2
Reference: NTBUGTRAQ:20020815 SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102937705527922&w=2

The Web Folder component for Internet Explorer 5.5 and 6.0 writes an
error message to a known location in the temporary folder, which
allows remote attackers to execute arbitrary code by injecting it into
the error message, then referring to the error message file via a
mhtml: URL.

Analysis
----------------
ED_PRI CAN-2002-0980 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1005
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1005
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020804 Advisory: ArGoSoft Mail Server Pro 1.8.1.7 DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0515.html
Reference: BID:5395
Reference: URL:http://www.securityfocus.com/bid/5395
Reference: XF:argosoft-autoresponse-dos(9759)
Reference: URL:http://www.iss.net/security_center/static/9759.php

ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to
cause a denial of service (CPU consumption) by forwarding the email to
the user while autoresponse is enabled, which creates an inifinite
loop.

Analysis
----------------
ED_PRI CAN-2002-1005 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1032
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1032
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: CONFIRM:http://www.keyfocus.net/kfws/support/

Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows
remote attackers to cause a denial of service and possibly execute
arbitrary code via a malformed HTTP header.

Analysis
----------------
ED_PRI CAN-2002-1032 3
Vendor Acknowledgement: yes changelog
Content Decisions: VAGUE

ACKNOWLEDGEMENT: the vendor's change log for 1.0.6, dated August 2,
2002, states: "Security vulnerability - malformed header. A security
vulnerability exists in all previous versions where a hacker using a
special malformed http header could cause a buffer overflow."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007