[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-104 - 37 candidates



I am proposing cluster RECENT-104 for review and voting by the
Editorial Board.

Name: RECENT-104
Description: CANs announced between 2002/08/16 and 2002/08/29
Size: 37

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve







Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0647
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0647
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020628
Category: SF
Reference: MS:MS02-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp

Buffer overflow in a legacy ActiveX control used to display specially
formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0
allows remote attackers to execute arbitrary code, aka "Buffer Overrun
in Legacy Text Formatting ActiveX Control".

Analysis
----------------
ED_PRI CAN-2002-0647 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0648
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0648
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020628
Category: SF
Reference: BUGTRAQ:20020823 Accessing remote/local content in IE (GM#009-IE)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011639524314&w=2
Reference: MS:MS02-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp

The legacy <script> data-island capability for XML in Microsoft
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read
arbitrary XML files, and portions of other files, via a URL whose
"src" attribute redirects to a local file.

Analysis
----------------
ED_PRI CAN-2002-0648 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0691
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0691
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020712
Category: SF
Reference: MS:MS02-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp

Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to
execute scripts in the Local Computer zone via a URL that references a
local HTML resource file, a variant of "Cross-Site Scripting in Local
HTML Resource"as identified by CAN-2002-0189.

Analysis
----------------
ED_PRI CAN-2002-0691 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0722
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0722
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: BUGTRAQ:20020828 Origin of downloaded files can be spoofed in MSIE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103054692223380&w=2
Reference: MS:MS02-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp

Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers
to misrepresent the source of a file in the File Download dialogue box
to trick users into thinking that the file type is safe to download,
aka "File Origin Spoofing."

Analysis
----------------
ED_PRI CAN-2002-0722 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0723
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0723
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: MS:MS02-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp

Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the
domain of a frame within a browser window, which allows remote
attackers to read client files or invoke executable objects via the
Object tag, aka "Cross Domain Verification in Object Tag."

Analysis
----------------
ED_PRI CAN-2002-0723 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0724
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0724
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: BUGTRAQ:20020822 CORE-20020618: Vulnerabilities in Windows SMB (DoS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011556323184&w=2
Reference: MS:MS02-045
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-045.asp
Reference: CERT-VN:VU#311619
Reference: URL:http://www.kb.cert.org/vuls/id/311619
Reference: CERT-VN:VU#342243
Reference: URL:http://www.kb.cert.org/vuls/id/342243
Reference: CERT-VN:VU#250635
Reference: URL:http://www.kb.cert.org/vuls/id/250635

Buffer overflow in SMB (Server Message Block) protocol in Microsoft
Windows NT, Windows 2000, and Windows XP allows attackers to cause a
denial of service (crash) via a SMB_COM_TRANSACTION packet with a
request for the (1) NetShareEnum, (2) NetServerEnum2, or (3)
NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can
Lead to Denial of Service".

Analysis
----------------
ED_PRI CAN-2002-0724 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0726
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0726
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: ATSTAKE:A082802-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a082802-1.txt
Reference: MS:MS02-046
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-046.asp

Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC)
ActiveX control allows remote attackers to execute arbitrary code via
a long server name field.

Analysis
----------------
ED_PRI CAN-2002-0726 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0727
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0727
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: MS:MS02-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-044.asp
Reference: BUGTRAQ:20020408 Scripting for the scriptless with OWC in IE (GM#005-IE)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101829645415486&w=2
Reference: XF:owc-spreadsheet-host-script-execution (8777)
Reference: URL:http://www.iss.net/security_center/static/8777.php
Reference: BID:4449
Reference: URL:http://online.securityfocus.com/bid/4449

The Host function in Microsoft Office Web Components (OWC) 2000 and
2002 is exposed in components that are marked as safe for scripting,
which allows remote attackers to execute arbitrary commands via the
setTimeout method.

Analysis
----------------
ED_PRI CAN-2002-0727 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0860
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0860
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020815
Category: SF
Reference: MS:MS02-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-044.asp
Reference: BUGTRAQ:20020408 Reading local files with OWC in IE (GM#006-IE)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101829911018463&w=2
Reference: XF:owc-spreadsheet-loadtext-read-files (8778)
Reference: URL:http://www.iss.net/security_center/static/8778.php
Reference: BID:4453
Reference: URL:http://online.securityfocus.com/bid/4453

The LoadText method in the spreadsheet component in Microsoft Office
Web Components (OWC) 2000 and 2002 allows remote attackers to read
arbitrary files through Internet Explorer via a URL that redirects to
the target file.

Analysis
----------------
ED_PRI CAN-2002-0860 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0861
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0861
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020815
Category: SF
Reference: MS:MS02-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-044.asp
Reference: BUGTRAQ:20020408 Controlling the clipboard with OWC in IE (GM#007-IE)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101829726516346&w=2
Reference: XF:owc-spreadsheet-clipboard-access (8779)
Reference: URL:http://www.iss.net/security_center/static/8779.php
Reference: BID:4457
Reference: URL:http://online.securityfocus.com/bid/4457

Microsoft Office Web Components (OWC) 2000 and 2002 allows remote
attackers to bypass the "Allow paste operations via script" setting,
even when it is disabled, via the (1) Copy method of the Cell object
or (2) the Paste method of the Range object.

Analysis
----------------
ED_PRI CAN-2002-0861 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0875
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0875
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: DEBIAN:DSA-154
Reference: URL:http://www.debian.org/security/2002/dsa-154

Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows
unprivileged users to obtain the names of files whose access is
restricted to the root group.

Analysis
----------------
ED_PRI CAN-2002-0875 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0973
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0973
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020821
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:38.signed-error
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102976839728706&w=2

Integer signedness error in several system calls for FreeBSD 4.6.1
RELEASE-p10 and earlier may allow attackers to access sensitive kernel
memory via large negative values to the (1) accept, (2) getsockname,
and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE
ioctl.

Analysis
----------------
ED_PRI CAN-2002-0973 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0981
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0981
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020822
Category: SF
Reference: CALDERA:CSSA-2002-SCO.36
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.36/CSSA-2002-SCO.36.txt

Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX
8.0.0 allows local users to execute arbitrary code via a long command
line.

Analysis
----------------
ED_PRI CAN-2002-0981 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0984
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0984
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020823
Category: SF
Reference: DEBIAN:DSA-156
Reference: URL:http://www.debian.org/security/2002/dsa-156

The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x
before 2.8pre10, running EPIC allows remote attackers to execute
arbitrary code if the user joins a channel whose topic includes EPIC4
code.

Analysis
----------------
ED_PRI CAN-2002-0984 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0987
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0987
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020826
Category: SF
Reference: CALDERA:CSSA-2002-SCO.38
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38

X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop
privileges before calling programs such as xkbcomp using popen, which
could allow local users to gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0987 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0988
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0988
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020826
Category: SF
Reference: CALDERA:CSSA-2002-SCO.38
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38

Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare
7.1.1, possibly related to XBM/xkbcomp capabilities.

Analysis
----------------
ED_PRI CAN-2002-0988 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0989
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0989
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: CONFIRM:http://gaim.sourceforge.net/ChangeLog
Reference: DEBIAN:DSA-158
Reference: URL:http://www.debian.org/security/2002/dsa-158
Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=72728
Reference: BUGTRAQ:20020827 GLSA: gaim
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103046442403404&w=2

The URL handler in the manual browser option for Gaim before 0.59.1
allows remote attackers to execute arbitrary script via shell
metacharacters in a link.

Analysis
----------------
ED_PRI CAN-2002-0989 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1053
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1053
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020817 W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0190.html
Reference: CONFIRM:http://www.w3.org/Jigsaw/RelNotes.html#2.2.1
Reference: BID:5506
Reference: URL:http://www.securityfocus.com/bid/5506
Reference: XF:jigsaw-http-proxy-xss(9914)
Reference: URL:http://www.iss.net/security_center/static/9914.php

Cross-site scripting vulnerability in W3C Jigsaw Proxy Server before
2.2.1 allows remote attackers to execute arbitrary script via a URL
that contains a reference to a nonexistent host followed by the
script, which is included in the resulting error message.

Analysis
----------------
ED_PRI CAN-2002-1053 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the vendor's changelog for 2.2.1 says "Added a flag
to remove the URI from default error pages as well as the proxy module
(SECURITY FIX: avoiding cross scripting attacks)."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1079
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1079
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020822 Abyss 1.0.3 directory traversal and administration bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html
Reference: CONFIRM:http://www.aprelium.com/news/patch1033.html
Reference: XF:abyss-get-directory-traversal(9941)
Reference: URL:http://www.iss.net/security_center/static/9941.php
Reference: XF:abyss-http-directory-traversal(9940)
Reference: URL:http://www.iss.net/security_center/static/9940.php

Directory traversal vulnerability in Abyss Web Server 1.0.3 allows
remote attackers to read arbitrary files via ..\ (dot-dot backslash)
sequences in an HTTP GET request.

Analysis
----------------
ED_PRI CAN-2002-1079 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: the vendor includes a statement dated August 19,
2002, of a patch for 1.03 regarding "two bugs related to URLs decoding
(thanks to Auriemma Luigi)," the original discloser.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1081
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1081
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020822 Abyss 1.0.3 directory traversal and administration bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html
Reference: CONFIRM:http://www.aprelium.com/news/patch1033.html
Reference: XF:abyss-plus-file-disclosure(9956)
Reference: URL:http://www.iss.net/security_center/static/9956.php

The Administration console for Abyss Web Server 1.0.3 allows remote
attackers to read files without providing login credentials via an
HTTP request to a target file that ends in a "+" character.

Analysis
----------------
ED_PRI CAN-2002-1081 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: the vendor includes a statement dated August 19,
2002, of a patch for 1.03 regarding "two bugs related to URLs decoding
(thanks to Auriemma Luigi)," the original discloser.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0725
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0725
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020722
Category: SF
Reference: ATSTAKE:A081602-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a081602-1.txt

NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local
attackers to hide file usage activities via a hard link to the target
file, which causes the link to be recorded in the audit trail instead
of the target file.

Analysis
----------------
ED_PRI CAN-2002-0725 2
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0654
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0654
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020702
Category: SF
Reference: BUGTRAQ:20020816 Apache 2.0.39 directory traversal and path disclosure bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102951160411052&w=2
Reference: CONFIRM:http://www.apache.org/dist/httpd/CHANGES_2.0

Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote
attackers to determine the full pathname of the server via (1) a
request for a .var file, which leaks the pathname in the resulting
error message, or (2) via an error message that occurs when a script
(child process) cannot be invoked.

Analysis
----------------
ED_PRI CAN-2002-0654 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0699
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0699
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020712
Category: SF
Reference: MS:MS02-048
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-048.asp

Unknown vulnerability in the Certificate Enrollment ActiveX Control in
Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium,
Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to
delete digital certificates on a user's system via HTML.

Analysis
----------------
ED_PRI CAN-2002-0699 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0834
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0834
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020808
Category: SF
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00006.html
Reference: REDHAT:RHSA-2002:169

Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier
allows remote attackers to cause a denial of service or execute
arbitrary code via malformed packets.

Analysis
----------------
ED_PRI CAN-2002-0834 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0971
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0971
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020821
Category: SF
Reference: BUGTRAQ:20020821 Win32 API 'shatter' vulnerability found in VNC-based products
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102994289123085&w=2

Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to
execute arbitrary code as LocalSystem by using the Win32 Messaging
System to bypass the VNC GUI and access the "Add new clients" dialogue
box.

Analysis
----------------
ED_PRI CAN-2002-0971 3
Vendor Acknowledgement: unknown
Content Decisions: SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0972
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0972
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020821
Category: SF
Reference: BUGTRAQ:20020820 @(#)Mordred Labs advisory 0x0004: Multiple buffer overflows in PostgreSQL.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102987608300785&w=2

Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial
of service and possibly execute arbitrary code via long arguments to
the functions (1) lpad or (2) rpad.

Analysis
----------------
ED_PRI CAN-2002-0972 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0975
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0975
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020821
Category: SF
Reference: BUGTRAQ:20020816 Repost: Buffer overflow in Microsoft DirectX Files Viewer xweb.ocx (<2,0,16,15) ActiveX sample
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102953851705859&w=2

Buffer overflow in Microsoft DirectX Files Viewer ActiveX control
(xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute
arbitrary via a long File parameter.

Analysis
----------------
ED_PRI CAN-2002-0975 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0976
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0976
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020821
Category: SF
Reference: BUGTRAQ:20020817 Internet explorer can read local files
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102960731805373&w=2

Internet Explorer 4.0 and later allows remote attackers to read
arbitrary files via a web page that accesses a legacy XML Datasource
applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to
point to the local system, which is trusted by the applet.

Analysis
----------------
ED_PRI CAN-2002-0976 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0977
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0977
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020821
Category: SF
Reference: BUGTRAQ:20020817 Multiple security vulnerabilities inside Microsoft File Transfer Manager ActiveX control (<4.0) [buffer overflow, arbitrary file upload/download]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0189.html

Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX
control before 4.0 allows remote attackers to execute arbitrary code
via a long TS value.

Analysis
----------------
ED_PRI CAN-2002-0977 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0978
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0978
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020821
Category: SF
Reference: BUGTRAQ:20020817 Multiple security vulnerabilities inside Microsoft File Transfer Manager ActiveX control (<4.0) [buffer overflow, arbitrary file upload/download]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0189.html

Microsoft File Transfer Manager (FTM) ActiveX control before 4.0
allows remote attackers to upload or download arbitrary files to
arbitrary locations via a man-in-the-middle attack with modified TGT
and TGN parameters in a call to the "Persist" function.

Analysis
----------------
ED_PRI CAN-2002-0978 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0979
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0979
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020821
Category: SF
Reference: BUGTRAQ:20020817 Enableing java logging in MSIE is dangerous
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102961031107261&w=2

The Java logging feature for the Java Virtual Machine in Internet
Explorer writes output from functions such as System.out.println to a
known pathname, which can be used to execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2002-0979 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0982
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0982
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020822
Category: SF
Reference: BUGTRAQ:20020822 Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103004505027360&w=2

Microsoft SQL Server 2000 SP2, when configured as a distributor,
allows attackers to execute arbitrary code via the @scriptfile
parameter to the sp_MScopyscript stored procedure.

Analysis
----------------
ED_PRI CAN-2002-0982 3
Vendor Acknowledgement: unknown vague

ACCURACY: the disclosers suggested that MS:MS02-043 may address this
issue, however it does not specifically mention this problem, so there
is insufficient information to know for sure.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0983
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0983
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020823
Category: SF
Reference: DEBIAN:DSA-157
Reference: URL:http://www.debian.org/security/2002/dsa-157
Reference: BID:5055
Reference: URL:http://www.securityfocus.com/bid/5055

IRC client irssi in irssi-text before 0.8.4 allows remote attackers to
cause a denial of service (crash) via an IRC channel that has a long
topic followed by a certain string, possibly triggering a buffer
overflow.

Analysis
----------------
ED_PRI CAN-2002-0983 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0985
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0985
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020823
Category: SF
Reference: BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2

The mail function in PHP 4.x to 4.2.2 may allow remote attackers to
bypass safe mode restrictions and modify command line arguments to the
MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA
behavior and possibly executing commands.

Analysis
----------------
ED_PRI CAN-2002-0985 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0986
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0986
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020823
Category: SF
Reference: BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy."

Analysis
----------------
ED_PRI CAN-2002-0986 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1069
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1069
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020822 Re: possible exploit: D-Link DI-804 unauthorized DHCP release
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103004834131542&w=2
Reference: BUGTRAQ:20020822 possible exploit: D-Link DI-804 unauthorized DHCP release from WAN
Reference: URL:http://online.securityfocus.com/archive/1/288584
Reference: XF:dlink-admin-dhcp-release(9967)
Reference: URL:http://www.iss.net/security_center/static/9967.php
Reference: XF:dlink-admin-device-information(9969)
Reference: URL:http://www.iss.net/security_center/static/9969.php
Reference: BID:5544
Reference: URL:http://www.securityfocus.com/bid/5544
Reference: BID:5553
Reference: URL:http://www.securityfocus.com/bid/5553

The remote administration capability for the D-Link DI-804 router 4.68
allows remote attackers to bypass authentication and release DHCP
addresses or obtain sensitive information via a direct web request to
the pages (1) release.htm, (2) Device Status, or (3) Device
Information.

Analysis
----------------
ED_PRI CAN-2002-1069 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1080
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020822 Abyss 1.0.3 directory traversal and administration bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html
Reference: XF:abyss-admin-console-access(9957)
Reference: URL:http://www.iss.net/security_center/static/9957.php
Reference: BID:5548
Reference: URL:http://www.securityfocus.com/bid/5548

The Administration console for Abyss Web Server 1.0.3 before Patch 2
allows remote attackers to gain privileges and modify server
configuration via direct requests to CHL files such as (1)
srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl,
and (5) advanced.chl.

Analysis
----------------
ED_PRI CAN-2002-1080 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007