[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster CONFIRM-2003a - 51 candidates



I am proposing cluster CONFIRM-2003a for review and voting by the
Editorial Board.

Name: CONFIRM-2003a
Description: CANs with clear vendor ack. from Jan 2003 to Mar 2003
Size: 51

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2003-0016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0016
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=104313442901017&w=2

Apache before 2.0.44, when running on unpatched Windows 9x and Me
operating systems, allows remote attackers to cause a denial of
service or execute arbitrary code via an HTTP request containing
MS-DOS device names.

Analysis
----------------
ED_PRI CAN-2003-0016 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0017
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0017
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=104313442901017&w=2

Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers
to obtain certain files via an HTTP request that ends in certain
illegal characters such as ">", which causes a different filename to
be processed and served.

Analysis
----------------
ED_PRI CAN-2003-0017 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0022
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0022
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: REDHAT:RHSA-2003:054
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-054.html
Reference: XF:terminal-emulator-screen-dump(11413)
Reference: URL:http://www.iss.net/security_center/static/11413.php

The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite
arbitrary files via a certain character escape sequence when it is
echoed to a user's terminal, e.g. when the user views a file
containing the malicious sequence.

Analysis
----------------
ED_PRI CAN-2003-0022 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0023
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0023
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: REDHAT:RHSA-2003:054
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-054.html
Reference: XF:terminal-emulator-menu-modification(11416)
Reference: URL:http://www.iss.net/security_center/static/11416.php

The menuBar feature in rxvt 2.7.8 allows attackers to modify menu
options and execute arbitrary commands via a certain character escape
sequence that inserts the commands into the menu.

Analysis
----------------
ED_PRI CAN-2003-0023 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0038
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0038
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030127
Category: SF
Reference: BUGTRAQ:20030124 Mailman: cross-site scripting bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104342745916111
Reference: CONFIRM:http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1
allows remote attackers to inject script or HTML into web pages via
the (1) email or (2) language parameters.

Analysis
----------------
ED_PRI CAN-2003-0038 1
Vendor Acknowledgement: yes patch

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0045
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0045
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030127
Category: SF
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt

Jakarta Tomcat before 3.3.1a on certain Windows systems may allow
remote attackers to cause a denial of service (thread hang and
resource consumption) via a request for a JSP page containing an
MS-DOS device name, such as aux.jsp.

Analysis
----------------
ED_PRI CAN-2003-0045 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0049
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0049
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: XF:macos-afp-unauthorized-access(11333)
Reference: URL:http://www.iss.net/security_center/static/11333.php

AFP in Mac OS X before 10.2.4 allows administrators to log in as other
users by using the administrator password.

Analysis
----------------
ED_PRI CAN-2003-0049 1
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0050
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0050
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: XF:quicktime-darwin-command-execution(11401)
Reference: URL:http://www.iss.net/security_center/static/11401.php

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2
and QuickTime Streaming Server 4.1.1 allows remote attackers to
execute arbitrary code via shell metacharacters.

Analysis
----------------
ED_PRI CAN-2003-0050 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0051
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0051
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: XF:quicktime-darwin-path-disclosure(11402)
Reference: URL:http://www.iss.net/security_center/static/11402.php

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2
and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain
the physical path of the server's installation path via a NULL file
parameter.

Analysis
----------------
ED_PRI CAN-2003-0051 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0052
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0052
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: XF:quicktime-darwin-directory-disclosure(11403)
Reference: URL:http://www.iss.net/security_center/static/11403.php

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2
and QuickTime Streaming Server 4.1.1 allows remote attackers to list
arbitrary directories.

Analysis
----------------
ED_PRI CAN-2003-0052 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0053
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0053
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: XF:quicktime-darwin-parsexml-xss(11404)
Reference: URL:http://www.iss.net/security_center/static/11404.php

Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple
Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming
Server 4.1.1 allows remote attackers to insert arbitrary script via
the filename parameter, which is inserted into an error message.

Analysis
----------------
ED_PRI CAN-2003-0053 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0054
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: XF:quicktime-darwin-describe-xss(11405)
Reference: URL:http://www.iss.net/security_center/static/11405.php

Apple Darwin Streaming Administration Server 4.1.2 and QuickTime
Streaming Server 4.1.1 allows remote attackers to execute certain code
via a request to port 7070 with the script in an argument to the rtsp
DESCRIBE method, which is inserted into a log file and executed when
the log is viewed using a browser.

Analysis
----------------
ED_PRI CAN-2003-0054 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0055
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0055
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: XF:quicktime-darwin-mp3-bo(11406)
Reference: URL:http://www.iss.net/security_center/static/11406.php

Buffer overflow in the MP3 broadcasting module of Apple Darwin
Streaming Administration Server 4.1.2 and QuickTime Streaming Server
4.1.1 allows remote attackers to execute arbitrary code via a long
filename.

Analysis
----------------
ED_PRI CAN-2003-0055 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0066
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0066
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: REDHAT:RHSA-2003:054
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-054.html
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

The rxvt terminal emulator 2.7.8 allows attackers to modify the window
title via a certain character escape sequence and then insert it back
to the command line in the user's terminal, e.g. when the user views a
file containing the malicious sequence, which could allow the attacker
to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2003-0066 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0088
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0088
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030210
Category: SF
Reference: ATSTAKE:A021403-1
Reference: URL:http://www.atstake.com/research/advisories/2003/a021403-1.txt
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: XF:macos-trublueenvironment-gain-privileges(11332)
Reference: URL:http://www.iss.net/security_center/static/11332.php

TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to
overwrite or create arbitrary files and gain root privileges by
setting a certain environment variable that is used to write debugging
information.

Analysis
----------------
ED_PRI CAN-2003-0088 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0097
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0097
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030218
Category: SF
Reference: BUGTRAQ:20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550977011668&w=2
Reference: VULNWATCH:20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0
Reference: BUGTRAQ:20030219 GLSA:  mod_php (200302-09.1)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104567137502557&w=2
Reference: BUGTRAQ:20030219 GLSA:  mod_php php
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104567042700840&w=2
Reference: CONFIRM:http://www.slackware.com/changelog/current.php?cpu=i386
Reference: XF:php-cgi-sapi-access(11343)
Reference: URL:http://www.iss.net/security_center/static/11343.php

Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to
access arbitrary files as the PHP user, and possibly execute PHP code,
by bypassing the CGI force redirect settings (cgi.force_redirect or
--enable-force-cgi-redirect).

Analysis
----------------
ED_PRI CAN-2003-0097 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0103
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0103
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: ATSTAKE:A022503-1
Reference: XF:nokia-6210-vcard-dos(11421)
Reference: URL:http://www.iss.net/security_center/static/11421.php

Format string vulnerability in Nokia 6210 handset allows remote
attackers to cause a denial of service (crash, lockup, or restart) via
a Multi-Part vCard with fields containing a large number of format
string specifiers.

Analysis
----------------
ED_PRI CAN-2003-0103 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0122
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0122
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030310
Category: SF
Reference: BUGTRAQ:20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104757319829443&w=2
Reference: VULNWATCH:20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html
Reference: MISC:http://www.rapid7.com/advisories/R7-0010.html
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101
Reference: BID:7037

Buffer overflow in Notes server before Lotus Notes R4, R5 before
5.0.11, and early R6 allows remote attackers to execute arbitrary code
via a long distinguished name (DN) during NotesRPC authentication and
an outer field length that is less than that of the DN field.

Analysis
----------------
ED_PRI CAN-2003-0122 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0123
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0123
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030310
Category: SF
Reference: BUGTRAQ:20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104757545500368&w=2
Reference: MISC:http://www.rapid7.com/advisories/R7-0011.html
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060
Reference: BID:7038

Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5
through R6 allows remote malicious web servers to cause a denial of
service (crash) via a long HTTP status line.

Analysis
----------------
ED_PRI CAN-2003-0123 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0125
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0125
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030312
Category: SF
Reference: MISC:http://www.krusesecurity.dk/advisories/routefind550bof.txt
Reference: VULNWATCH:20030311 SOHO Routefinder 550 VPN, DoS and Buffer Overflow
Reference: CONFIRM:ftp://ftp.multitech.com/Routers/RF550VPN.TXT

Buffer overflow in the web interface for SOHO Routefinder 550 before
firmware 4.63 allows remote attackers to cause a denial of service
(reboot) and execute arbitrary code via a long GET /OPTIONS value.

Analysis
----------------
ED_PRI CAN-2003-0125 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0145
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0145
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030314
Category: SF
Reference: CONFIRM:http://www.tcpdump.org/tcpdump-changes.txt

Unknown vulnerability in tcpdump before 3.7.2 related to an inability
to "Handle unknown RADIUS attributes properly," allows remote
attackers to cause a denial of service (infinite loop), a different
vulnerability than CAN-2003-0093.

Analysis
----------------
ED_PRI CAN-2003-0145 1
Vendor Acknowledgement: yes changelog

ACCURACY: Via email on March 14, 2003, Martin Schulze confirmed that
this is a different issue than CAN-2003-0093.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0387
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0387
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020522
Category: SF
Reference: ATSTAKE:A031303-1
Reference: URL:http://www.atstake.com/research/advisories/2003/a031303-1.txt

Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module
for Sun ONE Application Server before 6.5 allows remote attackers to
execute arbitrary code via a long HTTP request URL.

Analysis
----------------
ED_PRI CAN-2002-0387 2
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1252
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1252
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: ISS:20030120 PeopleSoft XML External Entities Vulnerability
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811
Reference: XF:peoplesoft-xxe-read-files(10520)
Reference: URL:http://www.iss.net/security_center/static/10520.php

The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as
used in various PeopleSoft products, allows remote attackers to read
arbitrary files via certain XML External Entities (XXE) fields in an
HTTP POST request that is processed by the SimpleFileHandler handler.

Analysis
----------------
ED_PRI CAN-2002-1252 2
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0021
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0021
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: BUGTRAQ:20030303 GLSA:  eterm (200303-1)
Reference: XF:terminal-emulator-screen-dump(11413)
Reference: URL:http://www.iss.net/security_center/static/11413.php

The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers
to overwrite arbitrary files via a certain character escape sequence
when it is echoed to a user's terminal, e.g. when the user views a
file containing the malicious sequence.

Analysis
----------------
ED_PRI CAN-2003-0021 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0074
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0074
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20030129 Local root vuln in SuSE 8.0 plptools package
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104385772908969&w=2
Reference: BUGTRAQ:20030129 Re: Local root vuln in SuSE 8.0 plptools package
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104386699725019&w=2
Reference: XF:plptools-plpnsfd-format-string(11193)
Reference: URL:http://www.iss.net/security_center/static/11193.php

Format string vulnerability in mpmain.c for plpnfsd of the plptools
package allows remote attackers to execute arbitrary code via the
functions (1) debuglog, (2) errorlog, and (3) infolog.

Analysis
----------------
ED_PRI CAN-2003-0074 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0075
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0075
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20030202 Bladeenc 0.94.2 code execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104428700106672&w=2
Reference: MISC:http://www.pivx.com/luigi/adv/blade942-adv.txt
Reference: BUGTRAQ:20030205 GLSA:  bladeenc
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104446346127432&w=2
Reference: XF:bladeenc-myfseek-code-execution(11227)
Reference: URL:http://www.iss.net/security_center/static/11227.php

Integer signedness error in myFseek function of samplein.c for Blade
encoder 0.94.2 and earlier allows remote attackers to execute
arbitrary code via a negative offset value following a "fmt" wave
chunk.

Analysis
----------------
ED_PRI CAN-2003-0075 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0100
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0100
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030224
Category: SF
Reference: BUGTRAQ:20030220 Cisco IOS OSPF exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104576100719090&w=2
Reference: BUGTRAQ:20030221 Re: Cisco IOS OSPF exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104587206702715&w=2
Reference: XF:cisco-ios-ospf-bo(11373)
Reference: URL:http://www.iss.net/security_center/static/11373.php

Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers
to cause a denial of service and possibly execute commands via a large
number of OSPF neighbor announcements.

Analysis
----------------
ED_PRI CAN-2003-0100 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0104
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0104
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: ISS:20030310 PeopleSoft PeopleTools Remote Command Execution Vulnerability
Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999
Reference: XF:peoplesoft-schedulertransfer-create-files(10962)
Reference: URL:http://www.iss.net/security_center/static/10962.php

Directory traversal vulnerability in PeopleTools 8.10 through 8.18,
8.40, and 8.41 allows remote attackers to overwrite arbitrary files
via the SchedulerTransfer servlet.

Analysis
----------------
ED_PRI CAN-2003-0104 2
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0137
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0137
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030313
Category: SF
Reference: ATSTAKE:A031303-2
Reference: URL:http://www.atstake.com/research/advisories/2003/a031303-2.txt

SNMP daemon in the DX200 based network element for Nokia Serving GPRS
support node (SGSN) allows remote attackers to read SNMP options via
arbitrary community strings.

Analysis
----------------
ED_PRI CAN-2003-0137 2
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0147
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0147
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030314
Category: SF
Reference: BUGTRAQ:20030313 Vulnerability in OpenSSL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104766550528628&w=2
Reference: VULNWATCH:20030313 OpenSSL Private Key Disclosure
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html
Reference: BUGTRAQ:20030317 [ADVISORY] Timing Attack on OpenSSL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792570615648&w=2
Reference: MISC:http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf

OpenSSL does not use RSA blinding by default, which allows local and
remote attackers to obtain the server's private key by determining
factors using timing differences on (1) the number of extra reductions
during Montgomery reduction, and (2) the use of different integer
multiplication algorithms ("Karatsuba" and normal).

Analysis
----------------
ED_PRI CAN-2003-0147 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0020
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: XF:apache-esc-seq-injection(11412)
Reference: URL:http://www.iss.net/security_center/static/11412.php

Apache does not filter terminal escape sequences from its error logs,
which could make it easier for attackers to insert those sequences
into terminal emulators containing vulnerabilities related to escape
sequences.

Analysis
----------------
ED_PRI CAN-2003-0020 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0024
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0024
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: XF:terminal-emulator-menu-modification(11416)
Reference: URL:http://www.iss.net/security_center/static/11416.php

The menuBar feature in aterm 0.42 allows attackers to modify menu
options and execute arbitrary commands via a certain character escape
sequence that inserts the commands into the menu.

Analysis
----------------
ED_PRI CAN-2003-0024 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0046
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0046
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: BUGTRAQ:20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104386492422014&w=2
Reference: MISC:http://www.idefense.com/advisory/01.28.03.txt
Reference: CONFIRM:http://www.celestialsoftware.net/telnet/beta_software.html

AbsoluteTelnet SSH2 client does not clear logon credentials from
memory, including plaintext passwords, which could allow attackers
with access to memory to steal the SSH credentials.

Analysis
----------------
ED_PRI CAN-2003-0046 3
Vendor Acknowledgement: unknown
Content Decisions: INCLUSION, DESIGN-WEAK-ENCRYPTION

ACKNOWLEDGEMENT: The beta announcement for 2.12 RC9 includes "Fixes to
keep the password from appearing in memory in plaintext."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0047
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0047
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: BUGTRAQ:20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104386492422014&w=2
Reference: MISC:http://www.idefense.com/advisory/01.28.03.txt

SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX
2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear
logon credentials from memory, including plaintext passwords, which
could allow attackers with access to memory to steal the SSH
credentials.

Analysis
----------------
ED_PRI CAN-2003-0047 3
Vendor Acknowledgement: unknown
Content Decisions: INCLUSION, DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0048
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0048
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: BUGTRAQ:20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104386492422014&w=2
Reference: MISC:http://www.idefense.com/advisory/01.28.03.txt

PuTTY 0.53b and earlier does not clear logon credentials from memory,
including plaintext passwords, which could allow attackers with access
to memory to steal the SSH credentials.

Analysis
----------------
ED_PRI CAN-2003-0048 3
Vendor Acknowledgement: unknown
Content Decisions: INCLUSION, DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0057
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0057
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030130
Category: SF
Reference: BUGTRAQ:20030127 Hypermail buffer overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104369136703903&w=2

Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote
attackers to cause a denial of service and possibly execute arbitrary
code (1) via a long attachment filename that is not properly handled
by the hypermail executable, or (2) by connecting to the mail CGI
program from an IP address that reverse-resolves to a long hostname.

Analysis
----------------
ED_PRI CAN-2003-0057 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0062
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0062
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: BUGTRAQ:20030210 iDEFENSE Security Advisory 02.10.03: Buffer Overflow In NOD32 Antivirus Software for Unix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104490777824360&w=2
Reference: MISC:http://www.idefense.com/advisory/02.10.03.txt
Reference: XF:nod32-pathname-bo(11282)
Reference: URL:http://www.iss.net/security_center/static/11282.php

Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows
local users to execute arbitrary code via a long path name.

Analysis
----------------
ED_PRI CAN-2003-0062 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0063
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

The xterm terminal emulator in XFree86 4.2.0 allows attackers to
modify the window title via a certain character escape sequence and
then insert it back to the command line in the user's terminal,
e.g. when the user views a file containing the malicious sequence,
which could allow the attacker to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2003-0063 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0064
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0064
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

The dtterm terminal emulator allows attackers to modify the window
title via a certain character escape sequence and then insert it back
to the command line in the user's terminal, e.g. when the user views a
file containing the malicious sequence, which could allow the attacker
to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2003-0064 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0065
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0065
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

The uxterm terminal emulator allows attackers to modify the window
title via a certain character escape sequence and then insert it back
to the command line in the user's terminal, e.g. when the user views a
file containing the malicious sequence, which could allow the attacker
to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2003-0065 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0067
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0067
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

The aterm terminal emulator 0.42 allows attackers to modify the window
title via a certain character escape sequence and then insert it back
to the command line in the user's terminal, e.g. when the user views a
file containing the malicious sequence, which could allow the attacker
to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2003-0067 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0068
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0068
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: BUGTRAQ:20030303 GLSA:  eterm (200303-1)
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

The Eterm terminal emulator 0.9.1 and earlier allows attackers to
modify the window title via a certain character escape sequence and
then insert it back to the command line in the user's terminal,
e.g. when the user views a file containing the malicious sequence,
which could allow the attacker to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2003-0068 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0069
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0069
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

The PuTTY terminal emulator 0.53 allows attackers to modify the window
title via a certain character escape sequence and then insert it back
to the command line in the user's terminal, e.g. when the user views a
file containing the malicious sequence, which could allow the attacker
to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2003-0069 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0071
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0071
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: XF:terminal-emulator-dec-udk(11415)
Reference: URL:http://www.iss.net/security_center/static/11415.php

The DEC UDK processing feature in the xterm terminal emulator in
XFree86 4.2.99.4 and earlier allows attackers to cause a denial of
service via a certain character escape sequence that causes the
terminal to enter a tight loop.

Analysis
----------------
ED_PRI CAN-2003-0071 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0076
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0076
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: CONFIRM:http://dc.ketelhot.de/pipermail/dc/2003-January/000094.html
Reference: BUGTRAQ:20030204 GLSA:  qt-dcgui
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104437720116243&w=2
Reference: XF:qtdcgui-directory-download-files(11246)
Reference: URL:http://www.iss.net/security_center/static/11246.php

Unknown vulnerability in the directory parser for Direct Connect 4
Linux (dcgui) before 0.2.2 allows remote attackers to read files
outside the sharelist.

Analysis
----------------
ED_PRI CAN-2003-0076 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0077
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0077
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030210
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

The hanterm (hanterm-xf) terminal emulator before 2.0.5 allows
attackers to modify the window title via a certain character escape
sequence and then insert it back to the command line in the user's
terminal, e.g. when the user views a file containing the malicious
sequence, which could allow the attacker to execute arbitrary
commands.

Analysis
----------------
ED_PRI CAN-2003-0077 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0079
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0079
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030210
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: XF:terminal-emulator-dec-udk(11415)
Reference: URL:http://www.iss.net/security_center/static/11415.php

The DEC UDK processing feature in the hanterm (hanterm-xf) terminal
emulator before 2.0.5 allows attackers to cause a denial of service
via a certain character escape sequence that causes the terminal to
enter a tight loop.

Analysis
----------------
ED_PRI CAN-2003-0079 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0107
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0107
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030226
Category: SF
Reference: BUGTRAQ:20030222 buffer overrun in zlib 1.1.4
Reference: URL:http://online.securityfocus.com/archive/1/312869
Reference: BUGTRAQ:20030223 poc zlib sploit just for fun :)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610337726297&w=2
Reference: BUGTRAQ:20030224 Re: buffer overrun in zlib 1.1.4
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610536129508&w=2
Reference: BUGTRAQ:20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104620610427210&w=2
Reference: BID:6913
Reference: URL:http://online.securityfocus.com/bid/6913
Reference: XF:zlib-gzprintf-bo(11381)
Reference: URL:http://www.iss.net/security_center/static/11381.php

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is
compiled without vsnprintf or when long inputs are truncated using
vsnprintf, allows attackers to cause a denial of service or possibly
execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2003-0107 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0124
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0124
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030312
Category: SF
Reference: BUGTRAQ:20030311 Vulnerability in man < 1.5l
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104740927915154&w=2

man before 1.51 allows attackers to execute arbitrary code via a
malformed man file with improper quotes, which causes the my_xsprintf
function to return a string with the value "unsafe," which is then
executed as a program via a system call.

Analysis
----------------
ED_PRI CAN-2003-0124 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0126
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0126
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030312
Category: SF
Reference: MISC:http://www.krusesecurity.dk/advisories/routefind550bof.txt
Reference: VULNWATCH:20030311 SOHO Routefinder 550 VPN, DoS and Buffer Overflow

The web interface for SOHO Routefinder 550 firmware 4.63 and earlier,
and possibly later versions, has a default "admin" account with a
blank password, which could allow attackers on the LAN side to conduct
unauthorized activities.

Analysis
----------------
ED_PRI CAN-2003-0126 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0146
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0146
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030314
Category: SF
Reference: BUGTRAQ:20030228 NetPBM, multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104644687816522&w=2
Reference: DEBIAN:DSA-263
Reference: URL:http://www.debian.org/security/2003/dsa-263

Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly
other versions, may allow remote attackers to cause a denial of
service or execute arbitrary code via "maths overflow errors" such as
(1) integer signedness errors or (2) integer overflows.

Analysis
----------------
ED_PRI CAN-2003-0146 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007