[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster CONFIRM-2002b - 59 candidates



I am proposing cluster CONFIRM-2002b for review and voting by the
Editorial Board.

Name: CONFIRM-2002b
Description: CANs with clear vendor ack. from Oct 2002 to Dec 2002
Size: 59

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0969
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0969
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020820
Category: SF
Reference: VULNWATCH:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html
Reference: BUGTRAQ:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103358628011935&w=2
Reference: MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt
Reference: CONFIRM:http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x
Reference: XF:mysql-myini-datadir-bo(10243)
Reference: URL:http://www.iss.net/security_center/static/10243.php
Reference: BID:5853
Reference: URL:http://www.securityfocus.com/bid/5853

Buffer overflow in MySQL before 3.23.50, and 4.0 beta before 4.02, and
possibly other platforms, allows local users to execute arbitrary code
via a long "datadir" parameter in the my.ini initialization file,
whose permissions on Windows allow Full Control to the Everyone group.

Analysis
----------------
ED_PRI CAN-2002-0969 1
Vendor Acknowledgement: unknown

ACKNOWLEDGEMENT: The changelog for "Changes in release 3.23.50 (21 Apr
2002)" says: "Fixed buffer overflow problem if someone specified a too
long datadir parameter to mysqld."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0990
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0990
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20021014 Multiple Symantec Firewall Secure Webserver timeout DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103463869503124&w=2
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html
Reference: BID:5958
Reference: URL:http://www.securityfocus.com/bid/5958
Reference: XF:simple-webserver-url-dos(10364)
Reference: URL:http://www.iss.net/security_center/static/10364.php

The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2
through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec
Gateway Security allow remote attackers to cause a denial of service
(connection resource exhaustion) via multiple connection requests to
domains whose DNS server is unresponsive or does not exist, which
generates a long timeout.

Analysis
----------------
ED_PRI CAN-2002-0990 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1118
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1118
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020909
Category: SF
Reference: VULNWATCH:20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf
Reference: XF:oracle-net-services-dos(10283)
Reference: URL:http://www.iss.net/security_center/static/10283.php

TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and
Oracle 8i 8.1.x, allows remote attackers to cause a denial of service
(hang or crash) via a SERVICE_CURLOAD command.

Analysis
----------------
ED_PRI CAN-2002-1118 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1178
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1178
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021003
Category: SF
Reference: BUGTRAQ:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103358725813039&w=2
Reference: VULNWATCH:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution
Reference: MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt
Reference: CONFIRM:http://groups.yahoo.com/group/jetty-announce/message/45
Reference: XF:jetty-cgiservlet-directory-traversal(10246)
Reference: URL:http://www.iss.net/security_center/static/10246.php
Reference: BID:5852
Reference: URL:http://www.securityfocus.com/bid/5852

Directory traversal vulnerability in the CGIServlet for Jetty HTTP
server before 4.1.0 allows remote attackers to execute arbitrary
commands via ..\ (dot-dot backslash) sequences in an HTTP request to
the cgi-bin directory.

Analysis
----------------
ED_PRI CAN-2002-1178 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1197
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1197
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021009
Category: SF
Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=163024
Reference: XF:bugzilla-emailappend-command-injection(10234)
Reference: URL:http://www.iss.net/security_center/static/10234.php

bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x
before 2.16.1, allows remote attackers to execute arbitrary code via
shell metacharacters in a system call to processmail.

Analysis
----------------
ED_PRI CAN-2002-1197 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1198
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1198
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021009
Category: SF
Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=165221
Reference: XF:bugzilla-email-sql-injection(10235)
Reference: URL:http://www.iss.net/security_center/static/10235.php

Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes
from an email address during account creation, which allows remote
attackers to execute arbitrary SQL via a SQL injection attack.

Analysis
----------------
ED_PRI CAN-2002-1198 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1244
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1244
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103642642802889&w=2
Reference: VULNWATCH:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0057.html
Reference: CONFIRM:http://www.pablovandermeer.nl/ftpserver.zip
Reference: XF:pablo-ftp-username-dos(10532)
Reference: URL:http://www.iss.net/security_center/static/10532.php
Reference: BID:6099
Reference: URL:http://www.securityfocus.com/bid/6099
Reference: XF:pablo-ftp-username-dos(10532)
Reference: URL:http://www.iss.net/security_center/static/10532.php

Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly
other versions, allows remote attackers to cause a denial of service
and possibly execute arbitrary code via format strings in the USER
command.

Analysis
----------------
ED_PRI CAN-2002-1244 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the "whatsnew.txt" file includes an item for version
1.51, dated 11/01/2002, which says "Fixed security vulnerability:
sending %n%n%n (and other c-formating strings) c rashed the system
(thanks to www.idefense.com) [the discloser]."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1264
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1264
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: BUGTRAQ:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103643298712284&w=2
Reference: VULNWATCH:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html
Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf
Reference: XF:oracle-isqlplus-userid-bo(10524)
Reference: URL:http://www.iss.net/security_center/static/10524.php
Reference: BID:6085
Reference: URL:http://www.securityfocus.com/bid/6085

Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9
database server allows remote attackers to execute arbitrary code via
a long USERID parameter in the isqlplus URL.

Analysis
----------------
ED_PRI CAN-2002-1264 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1266
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1266
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html

Mac OS X 10.2.2 allows local users to gain privileges by mounting a
disk image file that was created on another system, aka "Local User
Privilege Elevation via Disk Image File."

Analysis
----------------
ED_PRI CAN-2002-1266 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1267
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1267
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html

Mac OS X 10.2.2 allows remote attackers to cause a denial of service
by accessing the CUPS Printing Web Administration utility, aka "CUPS
Printing Web Administration is Remotely Accessible."

Analysis
----------------
ED_PRI CAN-2002-1267 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1268
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1268
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html

Mac OS X 10.2.2 allows local users to gain privileges via a mounted
ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600
CD."

Analysis
----------------
ED_PRI CAN-2002-1268 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1270
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1270
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html

Mac OS X 10.2.2 allows local users to read files that only allow write
access via the map_fd() Mach system call.

Analysis
----------------
ED_PRI CAN-2002-1270 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1283
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1283
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021112
Category: SF
Reference: BUGTRAQ:20021111 NOVL-2002-2963651 - iManager (eMFrame) Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103703760321408&w=2
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963651
Reference: BID:6154
Reference: URL:http://www.securityfocus.com/bid/6154

Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote
attackers to cause a denial of service via an authentication request
with a long Distinguished Name (DN) attribute.

Analysis
----------------
ED_PRI CAN-2002-1283 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1284
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1284
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021112
Category: SF
Reference: BUGTRAQ:20021110 GLSA: kgpg
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103702926611286&w=2
Reference: CONFIRM:http://devel-home.kde.org/~kgpg/bug.html

The wizard in KGPG 0.6 through 0.8.2 does not properly provide the
passphrase to gpg when creating new keys, which causes secret keys to
be created with an empty passphrase and allows local attackers to
steal the keys if they can be read.

Analysis
----------------
ED_PRI CAN-2002-1284 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1349
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1349
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021210
Category: SF
Reference: BUGTRAQ:20021210 Unchecked buffer in PC-cillin
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103953822705917&w=2
Reference: MISC:http://www.texonet.com/advisories/TEXONET-20021210.txt
Reference: CONFIRM:http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982

Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003
allows local users to execute arbitrary code via a long input string
to TCP port 110 (POP3).

Analysis
----------------
ED_PRI CAN-2002-1349 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1381
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1381
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021204 Local root vulnerability found in exim 4.x (and 3.x)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103903403527788&w=2
Reference: CONFIRM:http://groups.yahoo.com/group/exim-users/message/42358
Reference: BUGTRAQ:20021216 GLSA: exim
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104006219018664&w=2

Format string vulnerability in daemon.c for Exim 4.x through 4.10, and
3.x through 3.36, allows exim administrative users to execute
arbitrary code by modifying the pid_file_path value.

Analysis
----------------
ED_PRI CAN-2002-1381 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1382
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1382
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021217
Category: SF
Reference: BUGTRAQ:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104014220727109&w=2
Reference: VULNWATCH:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2
Reference: URL:http://marc.theaimsgroup.com/?l=vulnwatch&m=104013370116670
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23569

Macromedia Flash Player before 6.0.65.0 allows remote attackers to
execute arbitrary code via certain malformed data headers in Shockwave
Flash file format (SWF) files, a different issue than CAN-2002-0846.

Analysis
----------------
ED_PRI CAN-2002-1382 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1385
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1385
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021219
Category: SF
Reference: BUGTRAQ:20021218 Openwebmail 1.71 remote root compromise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104031696120743&w=2
Reference: BUGTRAQ:20021219 [Fix] Openwebmail 1.71 remote root compromise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032263328026&w=2
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435

openwebmail_init in Open WebMail 1.81 and earlier allows local users
attackers to execute arbitrary code via .. (dot dot) sequences in a
login name, such as the name provided in the sessionid parameter for
openwebmail-abook.pl, which is used to find a configuration file that
specifies additional code to be executed.

Analysis
----------------
ED_PRI CAN-2002-1385 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: the announce page for Open WebMail includes an item
"Security Advisory 20021219," which describes the problem and credits
the Bugtraq poster.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1391
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1391
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030106
Category: SF
Reference: CONFIRM:http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty

Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a Caller ID string with a long CallerName argument.

Analysis
----------------
ED_PRI CAN-2002-1391 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1392
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1392
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030106
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty

faxspool in mgetty before 1.1.29 uses a world-writable spool directory
for outgoing faxes, which allows local users to modify fax
transmission privileges.

Analysis
----------------
ED_PRI CAN-2002-1392 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1523
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1523
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20021013 Directory traversal in Daniel Arenz' Mini Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0181.html
Reference: CONFIRM:http://www.da-home.de/miniserver/update.html
Reference: XF:mini-server-directory-traversal(10366)
Reference: URL:http://www.iss.net/security_center/static/10366.php

Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6
allows remote attackers to read arbitrary files via (1) ../ (dot-dot
slash) or (2) ..\ (dot-dot backslash) sequences.

Analysis
----------------
ED_PRI CAN-2002-1523 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the changelog includes an item dated October 14,
2002, which says (in German) "Sicherheits Update: Es ist nicht mehr
möglich hinter den Root Ordner zu gelangen." Google translates this to
"Security update: It is not to be arrived any longer possible behind
the root file," which indicates that a directory traversal
vulnerability is being addressed.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1547
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1547
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: BUGTRAQ:20021101 Netscreen SSH1 CRC32 Compensation Denial of service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0443.html
Reference: VULNWATCH:20021101 Netscreen SSH1 CRC32 Compensation Denial of service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0053.html
Reference: VULNWATCH:20021101 (Correction) Netscreen SSH1 CRC32 Compensation Denial of service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0054.html
Reference: BUGTRAQ:20021101 (Correction) Netscreen SSH1 CRC32 Compensation Denial of service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0446.html
Reference: CONFIRM:http://www.netscreen.com/support/alerts/11_06_02.html
Reference: XF:netscreen-ssh-dos(10528)
Reference: URL:http://www.iss.net/security_center/static/10528.php

Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers
to cause a denial of service via a malformed SSH packet to the Secure
Command Shell (SCS) management interface, as demonstrated via certain
CRC32 exploits, a different vulnerability than CVE-2001-0144.

Analysis
----------------
ED_PRI CAN-2002-1547 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: The advisory by Netscreen says "NetScreen has
confirmed a customer report that an SSHv1 CRC32 Attack can compromise
the ability to manage the NetScreen device and/or force the device to
reboot"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1540
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1540
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: BUGTRAQ:20021024 DH team: Norton Antivirus Corporate Edition Privilege Escalation
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html
Reference: BUGTRAQ:20021025 RE:  DH team: Norton Antivirus Corporate Edition Privilege Escalation, http://online.securityfocus.com/archive/1/296979/2002-10-22/2002-10-28/0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html
Reference: XF:nav-winhlp32-gain-privileges(10475)
Reference: URL:http://www.iss.net/security_center/static/10475.php

The client for Symantec Norton AntiVirus Corporate Edition 7.5.x
before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32
with raised privileges, which allows local users to gain privileges by
using certain features of winhlp32.

Analysis
----------------
ED_PRI CAN-2002-1540 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1552
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1552
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: BUGTRAQ:20021112 NOVL-2002-2963827 - Remote Manager Security Issue - NW5.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712790808781&w=2
Reference: BUGTRAQ:20021112 NOVL-2002-2963767 - Remote Manager Security Issue - eDir 8.6.2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712498905027&w=2

Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users
with expired passwords to gain inappropriate permissions when logging
in from Remote Manager.

Analysis
----------------
ED_PRI CAN-2002-1552 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0386
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0386
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020522
Category: SF
Reference: ATSTAKE:A102802-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a102802-1.txt
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert43rev1.pdf

The administration module for Oracle Web Cache in Oracle9iAS (9i
Application Suite) 9.0.2 allows remote attackers to cause a denial of
service (crash) via (1) an HTTP GET request containing a ".." (dot
dot) sequence, or (2) a malformed HTTP GET request with a chunked
Transfer-Encoding with missing data.

Analysis
----------------
ED_PRI CAN-2002-0386 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0705
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0705
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020718
Category: SF
Reference: BUGTRAQ:20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359690824103&w=2

The Web Reports Server for SurfControl SuperScout WebFilter stores the
"scwebusers" username and password file in a web-accessible directory,
which allows remote attackers to obtain valid usernames and crack the
passwords.

Analysis
----------------
ED_PRI CAN-2002-0705 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0706
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0706
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020718
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359690824103&w=2

UserManager.js in the Web Reports Server for SurfControl SuperScout
WebFilter uses weak encryption for administrator functions, which
allows remote attackers to decrypt the administrative password using a
hard-coded key in a Javascript function.

Analysis
----------------
ED_PRI CAN-2002-0706 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0707
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0707
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020718
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359690824103&w=2

The Web Reports Server for SurfControl SuperScout WebFilter allows
remote attackers to cause a denial of service (CPU consumption) via
large GET requests, possibly due to a buffer overflow.

Analysis
----------------
ED_PRI CAN-2002-0707 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0708
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0708
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020718
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359690824103&w=2

Directory traversal vulnerability in the Web Reports Server for
SurfControl SuperScout WebFilter allows remote attackers to read
arbitrary files via an HTTP request containing ... (triple dot)
sequences.

Analysis
----------------
ED_PRI CAN-2002-0708 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0709
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0709
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020718
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359690824103&w=2

SQL injection vulnerabilities in the Web Reports Server for
SurfControl SuperScout WebFilter allow remote attackers to execute
arbitrary SQL queries via the RunReport option to SimpleBar.dll, and
possibly other DLLs.

Analysis
----------------
ED_PRI CAN-2002-0709 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1191
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1191
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021008
Category: SF
Reference: BUGTRAQ:20021016 iDEFENSE Security Advisory 10.16.02: Denial of Service in Sabre Desktop Reservation Client for Windows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103478372603106&w=2
Reference: MISC:http://www.idefense.com/advisory/10.16.02.txt
Reference: XF:sabre-sabserv-client-dos(10378)
Reference: URL:http://www.iss.net/security_center/static/10378.php

The Sabserv client component in Sabre Desktop Reservation Software 4.2
through 4.4 allows remote attackers to cause a denial of service via
malformed input to TCP port 1001.

Analysis
----------------
ED_PRI CAN-2002-1191 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1209
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1209
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021014
Category: SF
Reference: VULNWATCH:20021024 iDEFENSE Security Advisory 10.24.02: Directory Traversal in SolarWinds TFTP Server
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0044.html
Reference: MISC:http://www.idefense.com/advisory/10.24.02.txt

Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55,
and possibly earlier, allows remote attackers to read arbitrary files
via "..\" (dot-dot backslash) sequences in a GET request.

Analysis
----------------
ED_PRI CAN-2002-1209 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1210
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1210
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021014
Category: SF
Reference: VULNWATCH:20021119 iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0079.html
Reference: MISC:http://www.idefense.com/advisory/11.19.02b.txt

Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email
attachments in a predictable location, which allows remote attackers
to read arbitrary files via a link that loads an attachment with
malicious script into a frame, which then executes the script in the
local browser context.

Analysis
----------------
ED_PRI CAN-2002-1210 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1211
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1211
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021014
Category: SF
Reference: MISC:http://www.idefense.com/advisory/10.31.02b.txt
Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616306403031&w=2
Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0050.html
Reference: XF:prometheus-php-file-include(10515)
Reference: URL:http://www.iss.net/security_center/static/10515.php
Reference: BID:6087
Reference: URL:http://www.securityfocus.com/bid/6087

Prometheus 6.0 and earlier allows remote attackers to execute
arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points
to code stored on a remote server, which is then used in (1)
index.php, (2) install.php, or (3) various test_*.php scripts.

Analysis
----------------
ED_PRI CAN-2002-1211 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1217
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1217
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021015
Category: SF
Reference: BUGTRAQ:20021015 Internet Explorer : The D-Day
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103470310417576&w=2
Reference: NTBUGTRAQ:20021015 Internet Explorer : The D-Day
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103470202010570&w=2
Reference: VULNWATCH:20021015 Internet Explorer : The D-Day
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0024.html
Reference: MISC:http://security.greymagic.com/adv/gm011-ie/
Reference: XF:ie-iframe-document-script-execution(10371)
Reference: URL:http://www.iss.net/security_center/static/10371.php

Cross-Frame scripting vulnerability in the WebBrowser control as used
in Internet Explorer 5.5 and 6.0 allows remote attackers to execute
arbitrary code, read arbitrary files, or conduct other unauthorized
activities via script that accesses the Document property, which
bypasses <frame> and <iframe> domain restrictions.

Analysis
----------------
ED_PRI CAN-2002-1217 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1228
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1228
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021020
Category: SF
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F47815&zone_32=category%3Asecurity
Reference: BUGTRAQ:20021017 NFS Denial of Service advisory from Sun
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103487058823193&w=2
Reference: XF:solaris-nfs-lockd-dos(10394)
Reference: URL:http://www.iss.net/security_center/static/10394.php

Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows
an NFS client to cause a denial of service by killing the lockd
daemon.

Analysis
----------------
ED_PRI CAN-2002-1228 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

ABSTRACTION: The advisory is too vague to know whether this is the
same issue as CVE-2000-0508.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1229
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1229
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021020
Category: SF
Reference: CONFIRM:http://support.avaya.com/japple/css/japple?PAGE=avaya.css.OpenPage&temp.template.name=Avaya_P580_P882_Undocumented
Reference: BUGTRAQ:20021015 Undocumented account vulnerability in Avaya P550R/P580/P880/P882
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103470243012971&w=2
Reference: XF:avaya-cajun-default-passwords(10374)
Reference: URL:http://www.iss.net/security_center/static/10374.php

Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier
contain undocumented accounts (1) manuf and (2) diag with default
passwords, which allows remote attackers to gain privileges.

Analysis
----------------
ED_PRI CAN-2002-1229 3
Vendor Acknowledgement: yes advisory
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1236
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1236
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021024
Category: SF
Reference: MISC:http://www.idefense.com/advisory/10.31.02a.txt
Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616324103171&w=2
Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0049.html
Reference: XF:linksys-etherfast-gozila-dos(10514)
Reference: URL:http://www.iss.net/security_center/static/10514.php
Reference: BID:6086
Reference: URL:http://www.securityfocus.com/bid/6086

The remote management web server for Linksys BEFSR41 EtherFast
Cable/DSL Router before firmware 1.42.7 allows remote attackers to
cause a denial of service (crash) via an HTTP request to Gozila.cgi
without any arguments.

Analysis
----------------
ED_PRI CAN-2002-1236 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1239
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1239
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: BUGTRAQ:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103679043232178&w=2
Reference: VULNWATCH:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0066.html
Reference: MISC:http://www.idefense.com/advisory/11.08.02b.txt
Reference: XF:qnx-rtos-gain-privileges(10564)
Reference: URL:http://www.iss.net/security_center/static/10564.php
Reference: BID:6146
Reference: URL:http://www.securityfocus.com/bid/6146

QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and
execute the cp program while operating at raised privileges, which
allows local users to gain privileges by modifying the PATH to point
to a malicious cp program.

Analysis
----------------
ED_PRI CAN-2002-1239 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1248
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1248
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103642597302308&w=2
Reference: MISC:http://www.idefense.com/advisory/11.04.02b.txt
Reference: XF:xeneo-php-dos(10534)
Reference: URL:http://www.iss.net/security_center/static/10534.php
Reference: BID:6098
Reference: URL:http://www.securityfocus.com/bid/6098

Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other
versions before 2.1.5 allows remote attackers to cause a denial of
service (crash) via a GET request for a "%" URI.

Analysis
----------------
ED_PRI CAN-2002-1248 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1269
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1269
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html

Unknown vulnerability in NetInfo Manager application in Mac OS X
10.2.2 allows local users to access restricted parts of a filesystem.

Analysis
----------------
ED_PRI CAN-2002-1269 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1286
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1286
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021113
Category: SF
Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2
Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2

The Microsoft Java implementation, as used in Internet Explorer,
allows remote attackers to steal cookies and execute script in a
different security context via a URL that contains a colon in the
domain portion, which is not properly parsed and loads an applet from
a malicious site within the security context of the site that is being
visited by the user.

Analysis
----------------
ED_PRI CAN-2002-1286 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1287
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1287
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021113
Category: SF
Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2
Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2

Stack-based buffer overflow in the Microsoft Java implementation, as
used in Internet Explorer, allows remote attackers to cause a denial
of service via a long class name through (1) Class.forName or (2)
ClassLoader.loadClass.

Analysis
----------------
ED_PRI CAN-2002-1287 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1288
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1288
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021113
Category: SF
Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2
Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2

The Microsoft Java implementation, as used in Internet Explorer,
allows remote attackers to determine the current directory of the
Internet Explorer process via the getAbsolutePath() method in a File()
call.

Analysis
----------------
ED_PRI CAN-2002-1288 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1289
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1289
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021113
Category: SF
Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2
Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2

The Microsoft Java implementation, as used in Internet Explorer,
allows remote attackers to read restricted process memory, cause a
denial of service (crash), and possibly execute arbitrary code via the
getNativeServices function, which creates an instance of the
com.ms.awt.peer.INativeServices (INativeServices) class, whose methods
do not verify the memory addresses that are passed as parameters.

Analysis
----------------
ED_PRI CAN-2002-1289 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: It is possible that CAN-2002-1289 and CAN-2002-1290
should be combined, as the underlying issue may be that
INativeServices exposes methods to untrusted entities.  However,
without any public commentary by Microsoft as of 2002/11/12, it is
unclear whether these should be regarded as being the same.  Since
CAN-2002-1289 deals with memory addresses and possibly bypassing the
Java sandbox model itself, it seems reasonable to separate it from
CAN-2002-1290.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1290
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1290
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021113
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2
Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2

The Microsoft Java implementation, as used in Internet Explorer,
allows remote attackers to read and modify the contents of the
Clipboard via an applet that accesses the (1) ClipBoardGetText and (2)
ClipBoardSetText methods of the INativeServices class.

Analysis
----------------
ED_PRI CAN-2002-1290 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: It is possible that CAN-2002-1289 and CAN-2002-1290
should be combined, as the underlying issue may be that
INativeServices exposes methods to untrusted entities.  However,
without any public commentary by Microsoft as of 2002/11/12, it is
unclear whether these should be regarded as being the same.  Since
CAN-2002-1289 deals with memory addresses and possibly bypassing the
Java sandbox model itself, it seems reasonable to separate it from
CAN-2002-1290.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1291
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1291
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021113
Category: SF
Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2
Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2

The Microsoft Java implementation, as used in Internet Explorer,
allows remote attackers to read arbitrary local files and network
shares via an applet tag with a codebase set to a "file://%00" (null
character) URL.

Analysis
----------------
ED_PRI CAN-2002-1291 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1293
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1293
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021113
Category: SF
Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2
Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2

The Microsoft Java implementation, as used in Internet Explorer,
provides a public load0() method for the CabCracker class
(com.ms.vm.loader.CabCracker), which allows remote attackers to bypass
the security checks that are performed by the load() method.

Analysis
----------------
ED_PRI CAN-2002-1293 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1294
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1294
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021113
Category: SF
Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2
Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2

The Microsoft Java implementation, as used in Internet Explorer, can
provide HTML object references to applets via Javascript, which allows
remote attackers to cause a denial of service (crash due to illegal
memory accesses) and possibly conduct other unauthorized activities
via an applet that uses those references to access proprietary
Microsoft methods.

Analysis
----------------
ED_PRI CAN-2002-1294 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1308
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1308
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021115
Category: SF
Reference: BUGTRAQ:20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103730181813075&w=2
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=157646

Heap-based buffer overflow in Netscape and Mozilla allows remote
attackers to execute arbitrary code via a jar: URL that references a
malformed .jar file, which overflows a buffer during decompression.

Analysis
----------------
ED_PRI CAN-2002-1308 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1315
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1315
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021120
Category: SF
Reference: VULNWATCH:20021118 iPlanet WebServer, remote root compromise
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html
Reference: BUGTRAQ:20021119 iPlanet WebServer, remote root compromise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103772308030269&w=2
Reference: MISC:http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt

Cross-site scripting (XSS) vulnerability in the Admin Server for
iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute
web script or HTML as the iPlanet administrator by injecting the
desired script into error logs, and possibly escalating privileges by
using the XSS vulnerability in conjunction with another issue
(CAN-2002-1316).

Analysis
----------------
ED_PRI CAN-2002-1315 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1316
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1316
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021120
Category: SF/CF/MP/SA/AN/unknown
Reference: VULNWATCH:20021118 iPlanet WebServer, remote root compromise
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html
Reference: BUGTRAQ:20021119 iPlanet WebServer, remote root compromise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103772308030269&w=2
Reference: MISC:http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt

importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11,
allows the web administrator to execute arbitrary commands via shell
metacharacters in the dir paramater, and possibly allows remote
attackers to exploit this vulnerability via a separate XSS issue
(CAN-2002-1315).

Analysis
----------------
ED_PRI CAN-2002-1316 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1321
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1321
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021126
Category: SF
Reference: BUGTRAQ:20021122 Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103808645120764&w=2
Reference: CONFIRM:http://service.real.com/help/faq/security/bufferoverrun_player.html

Multiple buffer overflows in RealOne and RealPlayer allow remote
attackers to execute arbitrary code via (1) a Synchronized Multimedia
Integration Language (SMIL) file with a long parameter, (2) a long
long filename in a rtsp:// request, e.g. from a .m3u file, or (3)
certain "Now Playing" options on a downloaded file with a long
filename.

Analysis
----------------
ED_PRI CAN-2002-1321 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1322
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1322
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021126
Category: SF
Reference: BUGTRAQ:20021122 ClearCase DoS vulnerabilty
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103808239618238&w=2

Rational ClearCase 4.1, 2002.05, and possibly other versions allows
remote attackers to cause a denial of service (crash) via certain
packets to port 371, e.g. via nmap.

Analysis
----------------
ED_PRI CAN-2002-1322 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1334
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1334
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021127
Category: SF
Reference: MISC:http://www.securitytracker.com/alerts/2002/Nov/1005681.html

Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01
and earlier allows remote attackers to execute arbitrary web script as
other users via (1) the direct parameter in imageFolio.cgi, or (2)
nph-build.cgi.

Analysis
----------------
ED_PRI CAN-2002-1334 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1380
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1380
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: VULNWATCH:20021217 RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability
Reference: BUGTRAQ:20021219 TSLSA-2002-0083 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104033054204316&w=2

Linux kernel 2.2.x allows local users to cause a denial of service
(crash) by using the mmap() function with a PROT_READ parameter to
access non-readable memory pages through the /proc/pid/mem interface.

Analysis
----------------
ED_PRI CAN-2002-1380 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1386
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1386
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021223
Category: SF
Reference: BUGTRAQ:20021128 TracerouteNG - never ending story
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103849968732634&w=2

Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow
local users to execute arbitrary code via a long hostname argument.

Analysis
----------------
ED_PRI CAN-2002-1386 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1387
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1387
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021223
Category: SF
Reference: BUGTRAQ:20021128 TracerouteNG - never ending story
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103849968732634&w=2

The spray mode in traceroute-nanog (aka traceroute-ng) may allow local
users to overwrite arbitrary memory locations via an array index
overflow using the nprobes (number of probes) argument.

Analysis
----------------
ED_PRI CAN-2002-1387 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1515
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1515
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20021012 CoolForum v 0.5 beta shows content of PHP files
Reference: URL:http://online.securityfocus.com/archive/1/295358
Reference: VULNWATCH:20021001 [VulnWatch] CoolForum v 0.5 beta shows content of PHP files
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0001.html
Reference: CONFIRM:http://www.coolforum.net/index.php?p=dlcoolforum
Reference: XF:coolforum-avatar-view-php(10237)
Reference: URL:http://www.iss.net/security_center/static/10237.php
Reference: BID:5973
Reference: URL:http://www.securityfocus.com/bid/5973

Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta
allows remote attackers to read arbitrary files via .. (dot dot)
sequences in the img parameter.

Analysis
----------------
ED_PRI CAN-2002-1515 3
Vendor Acknowledgement: yes changelog
Content Decisions: EX-BETA

ACKNOWLEDGEMENT/ACCURACY: an examination of diff's between 0.5 beta
and 0.5.1 beta suggests that the developer attempted to fix the issue
by checking that the file being accessed was a JPG or GIF. While this
fix is incomplete (potentially allowing access to JPG's/GIF's that
were not expected to be public), this is sufficient demonstration that
the vendor was aware of the problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007