[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster UNIX-2002b - 58 candidates



I am proposing cluster UNIX-2002b for review and voting by the
Editorial Board.

Name: UNIX-2002b
Description: CANs in Linux advisories from Oct 2002 to Nov 2002
Size: 58

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-1157
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1157
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020926
Category: SF
Reference: DEBIAN:DSA-181
Reference: URL:http://www.debian.org/security/2002/dsa-181
Reference: MANDRAKE:MDKSA-2002:072
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php
Reference: ENGARDE:ESA-20021029-027
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2512.html
Reference: CONECTIVA:CLA-2002:541
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541
Reference: BUGTRAQ:20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache)
Reference: URL:http://online.securityfocus.com/archive/1/296753
Reference: BUGTRAQ:20021026 GLSA: mod_ssl
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html
Reference: BID:6029
Reference: URL:http://www.securityfocus.com/bid/6029
Reference: XF:apache-modssl-host-xss(10457)
Reference: URL:http://www.iss.net/security_center/static/10457.php

Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9
and earlier, when UseCanonicalName is off and wildcard DNS is enabled,
allows remote attackers to execute script as other web site visitors,
via the server name in an HTTPS response on the SSL port, which is
used in a self-referencing URL, a different vulnerability than
CAN-2002-0840.

Analysis
----------------
ED_PRI CAN-2002-1157 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1170
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1170
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020930
Category: SF
Reference: BUGTRAQ:20021002 iDEFENSE Security Advisory 10.02.2002: Net-SNMP DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359362020365&w=2
Reference: BUGTRAQ:20021014 GLSA: net-snmp
Reference: MISC:http://www.idefense.com/advisory/10.02.02.txt
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=216532
Reference: REDHAT:RHSA-2002:228
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-228.html

The handle_var_requests function in snmp_agent.c for the SNMP daemon
in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows
remote attackers to cause a denial of service (crash) via a NULL
dereference.

Analysis
----------------
ED_PRI CAN-2002-1170 1
Vendor Acknowledgement: unknown

ACCURACY: While the initial iDEFENSE report said that 5.0.5 was fixed,
a followup consultation with the developer indicated that the fix was
incorrect, and 5.0.6 is the first fixed version.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1193
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1193
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021008
Category: SF
Reference: DEBIAN:DSA-172
Reference: URL:http://www.debian.org/security/2002/dsa-172
Reference: XF:tkmail-tmp-file-symlink(10307)
Reference: URL:http://www.iss.net/security_center/static/10307.php
Reference: BID:5911
Reference: URL:http://www.securityfocus.com/bid/5911

tkmail before 4.0beta9-8.1 allows local users to create or overwrite
files as users via a symlink attack on temporary files.

Analysis
----------------
ED_PRI CAN-2002-1193 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1195
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1195
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021009
Category: SF
Reference: BUGTRAQ:20020912 ht://Check XSS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184269605160&w=2
Reference: DEBIAN:DSA-169
Reference: URL:http://www.debian.org/security/2002/dsa-169
Reference: XF:htcheck-server-header-xss(10089)
Reference: URL:http://www.iss.net/security_center/static/10089.php

Cross-site scripting vulnerability (XSS) in the PHP interface for
ht://Check 1.1 allows remote web servers to insert arbitrary HTML,
including script, via a web page.

Analysis
----------------
ED_PRI CAN-2002-1195 1
Vendor Acknowledgement: yes advisory

ACCURACY: The "DSA-169" number was inadvertently published for two
separate issues.  Debian confirmed via email that DSA-169 is intended
for the htcheck issue (CAN-2002-1195), and DSA-170 is intended for the
Tomcat issue (CAN-2002-1148).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1196
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1196
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021009
Category: SF
Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12
Reference: DEBIAN:DSA-173
Reference: URL:http://www.debian.org/security/2002/dsa-173
Reference: XF:bugzilla-usebuggroups-permissions-leak(10233)
Reference: URL:http://www.iss.net/security_center/static/10233.php

editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before
2.16.1, when the "usebuggroups" feature is enabled and more than 47
groups are specified, does not properly calculate bit values for large
numbers, which grants extra permissions to users via known features of
Perl math that set multiple bits.

Analysis
----------------
ED_PRI CAN-2002-1196 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1200
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1200
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021011
Category: SF
Reference: CONFIRM:http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt
Reference: BUGTRAQ:20021010 syslog-ng buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103426595021928&w=2
Reference: DEBIAN:DSA-175
Reference: URL:http://www.debian.org/security/2002/dsa-175
Reference: ENGARDE:ESA-20021016-025
Reference: ENGARDE:ESA-20021029-028
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2513.html
Reference: CONECTIVA:CLA-2002:547
Reference: SUSE:SuSE-SA:2002:039
Reference: URL:http://www.suse.com/de/security/2002_039_syslog_ng.html
Reference: BID:5934
Reference: URL:http://www.securityfocus.com/bid/5934
Reference: XF:syslogng-macro-expansion-bo(10339)
Reference: URL:http://www.iss.net/security_center/static/10339.php

Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when
using template filenames or output, does not properly track the size
of a buffer when constant characters are encountered during macro
expansion, which allows remote attackers to cause a denial of service
and possibly execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2002-1200 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1223
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1223
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021017
Category: SF
Reference: BUGTRAQ:20021009 KDE Security Advisory: KGhostview Arbitary Code Execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0163.html
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-1.txt
Reference: REDHAT:RHSA-2002:220
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html
Reference: MANDRAKE:MDKSA-2002:071
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:071
Reference: XF:gsview-dsc-ps-bo(11319)
Reference: URL:http://www.iss.net/security_center/static/11319.php

Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView
in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of
service or execute arbitrary code via a modified .ps (PostScript)
input file.

Analysis
----------------
ED_PRI CAN-2002-1223 1
Vendor Acknowledgement: yes advisory

ABSTRACTION: CAN-2002-0838 and CAN-2002-1223 are different overflows
that stem from different packages.  The KDE security advisory makes
this clear.  Therefore CD:SF-LOC suggests keeping them SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1224
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1224
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021017
Category: SF
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-2.txt
Reference: REDHAT:RHSA-2002:220
Reference: BUGTRAQ:20021009 KDE Security Advisory: kpf Directory traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0164.html
Reference: BUGTRAQ:20021011 Security hole in kpf - KDE personal fileserver.
Reference: URL:http://online.securityfocus.com/archive/1/294991
Reference: XF:kpf-icon-view-files(10347)
Reference: URL:http://www.iss.net/security_center/static/10347.php
Reference: BID:5951
Reference: URL:http://www.securityfocus.com/bid/5951

Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE
3.0.3a allows remote attackers to read arbitrary files as the kpf user
via a URL with a modified icon parameter.

Analysis
----------------
ED_PRI CAN-2002-1224 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1227
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1227
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021017
Category: SF
Reference: DEBIAN:DSA-177
Reference: URL:http://www.debian.org/security/2002/dsa-177
Reference: XF:pam-disabled-bypass-authentication(10405)
Reference: URL:http://www.iss.net/security_center/static/10405.php
Reference: BID:5994
Reference: URL:http://www.securityfocus.com/bid/5994

PAM 0.76 treats a disabled password as if it were an empty (null)
password, which allows local and remote attackers to gain privileges
as disabled users.

Analysis
----------------
ED_PRI CAN-2002-1227 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1231
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1231
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021021
Category: SF
Reference: CALDERA:CSSA-2002-SCO.41
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.41
Reference: XF:openunix-unixware-rcp-dos(10425)
Reference: URL:http://www.iss.net/security_center/static/10425.php
Reference: BID:6025
Reference: URL:http://www.securityfocus.com/bid/6025

SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a
denial of service via an rcp call on /proc.

Analysis
----------------
ED_PRI CAN-2002-1231 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1232
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1232
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021022
Category: SF
Reference: DEBIAN:DSA-180
Reference: URL:http://www.debian.org/security/2002/dsa-180
Reference: REDHAT:RHSA-2002:223
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-223.html
Reference: CONECTIVA:CLA-2002:539
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539
Reference: MANDRAKE:MDKSA-2002:078
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php
Reference: CALDERA:CSSA-2002-054.0
Reference: HP:HPSBTL0210-074
Reference: URL:http://online.securityfocus.com/advisories/4605
Reference: BUGTRAQ:20021028 GLSA: ypserv
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103582692228894&w=2
Reference: BID:6016
Reference: URL:http://www.securityfocus.com/bid/6016
Reference: XF:ypserv-map-memory-leak(10423)
Reference: URL:http://www.iss.net/security_center/static/10423.php

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS
package 3.9 and earlier allows remote attackers to cause a denial of
service (memory consumption) via a large number of requests for a map
that does not exist.

Analysis
----------------
ED_PRI CAN-2002-1232 1
Vendor Acknowledgement: yes advisory

ACCURACY: Via email, Thorsten Kukuk (the developer) clarified that
this is a basic memory leak, and not an information leak of old
domain/map names, which was suggested in some vendor advisories.

ACCURACY: an early version of MANDRAKE:MDKSA-2002:078 included a
description that discussed the ypserv issue, but its references were
for other problems.  Mandrake has confirmed that MDKSA-2002:078 is
intended for CAN-2002-1232 only.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1245
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1245
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: MISC:http://www.idefense.com/advisory/11.06.02.txt
Reference: BUGTRAQ:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103660334009855&w=2
Reference: VULNWATCH:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0062.html
Reference: DEBIAN:DSA-189
Reference: URL:http://www.debian.org/security/2002/dsa-189
Reference: XF:luxman-maped-read-memory(10549)
Reference: URL:http://www.iss.net/security_center/static/10549.php
Reference: BID:6113
Reference: URL:http://www.securityfocus.com/bid/6113

Maped in LuxMan 0.41 uses the user-provided search path to find and
execute the gzip program, which allows local users to modify /dev/mem
and gain privileges via a modified PATH environment variable that
points to a Trojan horse gzip program.

Analysis
----------------
ED_PRI CAN-2002-1245 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1251
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1251
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: DEBIAN:DSA-186
Reference: URL:http://www.debian.org/security/2002/dsa-186
Reference: XF:log2mail-log-file-bo(10527)
Reference: URL:http://www.iss.net/security_center/static/10527.php
Reference: BID:6089
Reference: URL:http://www.securityfocus.com/bid/6089

Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to
execute arbitrary code via a long log message.

Analysis
----------------
ED_PRI CAN-2002-1251 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1271
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1271
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021105
Category: SF
Reference: SUSE:SuSE-SA:2002:041
Reference: URL:http://www.suse.de/de/security/2002_041_perl_mailtools.html
Reference: BUGTRAQ:20021106 GLSA: MailTools
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103659723101369&w=2
Reference: MANDRAKE:MDKSA-2002:076
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php
Reference: BUGTRAQ:20021108 [Security Announce] Re: MDKSA-2002:076 - perl-MailTools update
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103679569705086&w=2
Reference: XF:mail-mailer-command-execution(10548)
Reference: URL:http://www.iss.net/security_center/static/10548.php
Reference: BID:6104
Reference: URL:http://www.securityfocus.com/bid/6104

The Mail::Mailer Perl module in the perl-MailTools package 1.47 and
earlier uses mailx as the default mailer, which allows remote
attackers to execute arbitrary commands by inserting them into the
mail body, which is then processed by mailx.

Analysis
----------------
ED_PRI CAN-2002-1271 1
Vendor Acknowledgement: yes advisory

Note: Debian has stated that they are not vulnerable.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1277
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1277
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021108
Category: SF
Reference: DEBIAN:DSA-190
Reference: URL:http://www.debian.org/security/2002/dsa-190
Reference: CONECTIVA:CLA-2002:548
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548
Reference: MANDRAKE:MDKSA-2002:085
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-085.php
Reference: REDHAT:RHSA-2003:009
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-009.html
Reference: REDHAT:RHSA-2003:043
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-043.html
Reference: XF:window-maker-image-bo(10560)
Reference: URL:http://www.iss.net/security_center/static/10560.php
Reference: BID:6119
Reference: URL:http://www.securityfocus.com/bid/6119

Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow
remote attackers to execute arbitrary code via a certain image file
that is not properly handled when Window Maker uses width and height
information to allocate a buffer.

Analysis
----------------
ED_PRI CAN-2002-1277 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1278
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1278
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021108
Category: CF
Reference: CONECTIVA:CLA-2002:544
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000544
Reference: XF:linuxconf-sendmail-mail-relay(10554)
Reference: URL:http://www.iss.net/security_center/static/10554.php
Reference: BID:6118
Reference: URL:http://www.securityfocus.com/bid/6118

The mailconf module in Linuxconf 1.24 on Conectiva Linux 6.0 through 8
generates the Sendmail configuration file (sendmail.cf) in a way that
configures Sendmail to run as an open mail relay, which allows remote
attackers to send Spam email.

Analysis
----------------
ED_PRI CAN-2002-1278 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1285
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1285
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021112
Category: SF
Reference: SUSE:SuSE-SA:2002:040
Reference: URL:http://www.suse.de/de/security/2002_040_lprng_html2ps.html
Reference: XF:lprng-runlpr-gain-privileges(10525)
Reference: URL:http://www.iss.net/security_center/static/10525.php
Reference: BID:6077
Reference: URL:http://www.securityfocus.com/bid/6077

runlpr in the LPRng package allows the local lp user to gain root
privileges via certain command line arguments.

Analysis
----------------
ED_PRI CAN-2002-1285 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1307
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1307
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021115
Category: SF
Reference: DEBIAN:DSA-199
Reference: URL:http://www.debian.org/security/2002/dsa-199
Reference: CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200210211713.g9LHDXE02256@mcguire.earlhood.com
Reference: BID:6204
Reference: URL:http://online.securityfocus.com/bid/6204

Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier
allows remote attackers to insert script or HTML via an email message
with the script in a MIME header name.

Analysis
----------------
ED_PRI CAN-2002-1307 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: an email posted by the author to the mhonarc-users
mailing list on October 21, 2002 indicates acknowledgement.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1311
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1311
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021116
Category: SF
Reference: DEBIAN:DSA-197
Reference: URL:http://www.debian.org/security/2002/dsa-197

Courier sqwebmail before 0.40.0 does not quickly drop privileges after
startup in certain cases, which could allow local users to read
arbitrary files.

Analysis
----------------
ED_PRI CAN-2002-1311 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1313
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1313
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021118
Category: SF
Reference: DEBIAN:DSA-198
Reference: URL:http://www.debian.org/security/2002/dsa-198

nullmailer 1.00RC5 and earlier allows local users to cause a denial of
service via an email to a local user that does not exist, which
generates an error that causes nullmailer to stop sending mail to all
users.

Analysis
----------------
ED_PRI CAN-2002-1313 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1318
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1318
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021125
Category: SF
Reference: CONFIRM:http://us1.samba.org/samba/whatsnew/samba-2.2.7.html
Reference: REDHAT:RHSA-2002:266
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-266.html
Reference: CONECTIVA:CLA-2002:550
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000550
Reference: TURBO:TSLSA-2002-0080
Reference: SUSE:SuSE-SA:2002:045
Reference: URL:http://www.suse.de/de/security/2002_045_samba.html
Reference: MANDRAKE:MDKSA-2002:081
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-081.php
Reference: DEBIAN:DSA-200
Reference: URL:http://www.debian.org/security/2002/dsa-200
Reference: SGI:20021204-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021204-01-I
Reference: BUGTRAQ:20021121 GLSA: samba
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103801986818076&w=2
Reference: BUGTRAQ:20021129 [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103859045302448&w=2

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers
to cause a denial of service and possibly execute arbitrary code via
an encrypted password that causes the overflow during decryption in
which a DOS codepage string is converted to a little-endian UCS2
unicode string.

Analysis
----------------
ED_PRI CAN-2002-1318 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1319
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1319
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021125
Category: SF
Reference: BUGTRAQ:20021111 i386 Linux kernel DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103714004623587&w=2
Reference: BUGTRAQ:20021114 Re: i386 Linux kernel DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103737292709297&w=2
Reference: REDHAT:RHSA-2002:262
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-262.html
Reference: REDHAT:RHSA-2002:264
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-264.html
Reference: CONECTIVA:CLA-2002:553
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000553

The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86
systems, allows local users to cause a denial of service (hang) via
the emulation mode, which does not properly clear TF and NT EFLAGs.

Analysis
----------------
ED_PRI CAN-2002-1319 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1320
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1320
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021125
Category: SF
Reference: BUGTRAQ:20021107 Remote pine Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103668430620531&w=2
Reference: SUSE:SuSE-SA:2002:046
Reference: URL:http://www.suse.de/de/security/2002_046_pine.html
Reference: ENGARDE:ESA-20021127-032
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html
Reference: MANDRAKE:MDKSA-2002:084
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-084.php
Reference: CONECTIVA:CLA-2002:551
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000551
Reference: REDHAT:RHSA-2002:270
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-270.html
Reference: BUGTRAQ:20021202 GLSA: pine
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103884988306241&w=2
Reference: XF:pine-from-header-dos(10555)
Reference: URL:http://www.iss.net/security_center/static/10555.php
Reference: BID:6120
Reference: URL:http://www.securityfocus.com/bid/6120

Pine 4.44 and earlier allows remote attackers to cause a denial of
service (core dump and failed restart) via an email message with a
>From header that contains a large number of quotation marks (").

Analysis
----------------
ED_PRI CAN-2002-1320 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1323
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021126
Category: SF
Reference: CONFIRM:http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744
Reference: CONFIRM:http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
Reference: DEBIAN:DSA-208
Reference: URL:http://www.debian.org/security/2002/dsa-208
Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005919814869&w=2
Reference: BUGTRAQ:20021219 TSLSA-2002-0087 - perl
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104033126305252&w=2
Reference: BUGTRAQ:20021220 GLSA: perl
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104040175522502&w=2
Reference: VULNWATCH:20021105 [VulnWatch] Perl Safe.pm compartment reuse vuln
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html
Reference: BID:6111
Reference: URL:http://www.securityfocus.com/bid/6111
Reference: XF:safe-pm-bypass-restrictions(10574)
Reference: URL:http://www.iss.net/security_center/static/10574.php

Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may
allow attackers to break out of safe compartments in (1) Safe::reval
or (2) Safe::rdo using a redefined @_ variable, which is not reset
between successive calls.

Analysis
----------------
ED_PRI CAN-2002-1323 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1335
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1335
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021202
Category: SF
Reference: CONFIRM:http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev-en/200211.month/838.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=124484
Reference: REDHAT:RHSA-2003:044
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-044.html
Reference: DEBIAN:DSA-250
Reference: URL:http://www.debian.org/security/2003/dsa-250
Reference: DEBIAN:DSA-251
Reference: URL:http://www.debian.org/security/2003/dsa-251

w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote
attackers to access files or cookies.

Analysis
----------------
ED_PRI CAN-2002-1335 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1364
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1364
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: SUSE:SuSE-SA:2002:043
Reference: URL:http://www.suse.de/de/security/2002_043_traceroute_nanog_nkitb.html
Reference: BUGTRAQ:20021129 Exploit for traceroute-nanog overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103858895600963&w=2
Reference: BID:6166
Reference: URL:http://www.securityfocus.com/bid/6166

Buffer overflow in the get_origin function in traceroute-nanog allows
attackers to execute arbitrary code via long WHOIS responses.

Analysis
----------------
ED_PRI CAN-2002-1364 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1394
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1394
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030106
Category: SF
Reference: BUGTRAQ:20021015 GLSA: tomcat
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103470282514938&w=2
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=tomcat-dev&m=103417249325526&w=2
Reference: CONFIRM:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13365
Reference: DEBIAN:DSA-225
Reference: URL:http://www.debian.org/security/2003/dsa-225

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet
and the default servlet, allows remote attackers to read source code
for server files or bypass certain protections, a variant of
CAN-2002-1148.

Analysis
----------------
ED_PRI CAN-2002-1394 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1403
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1403
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030110
Category: SF
Reference: CONECTIVA:CLA-2002:549
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000549
Reference: DEBIAN:DSA-219
Reference: URL:http://www.debian.org/security/2002/dsa-219
Reference: BUGTRAQ:20030105 GLSA:  dhcpcd
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104189546709447&w=2
Reference: MANDRAKE:MDKSA-2003:003
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:003
Reference: BID:6200
Reference: URL:http://online.securityfocus.com/bid/6200

dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to
execute arbitrary code via shell metacharacters that are fed from a
dhcpd .info script into a .exe script.

Analysis
----------------
ED_PRI CAN-2002-1403 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1510
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1510
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030219
Category: SF
Reference: CONECTIVA:CLA-2002:533
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533
Reference: MISC:http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG
Reference: XF:xfree86-xdm-unauth-access(11389)
Reference: URL:http://www.iss.net/security_center/static/11389.php

xdm, with the authComplain variable set to false, allows arbitrary
attackers to connect to the X server if the xdm auth directory does
not exist.

Analysis
----------------
ED_PRI CAN-2002-1510 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1511
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1511
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030219
Category: SF
Reference: REDHAT:RHSA-2003:041
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-041.html
Reference: CONFIRM:http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog
Reference: MANDRAKE:MDKSA-2003:022
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:022
Reference: XF:vnc-rand-weak-cookie(11384)
Reference: URL:http://www.iss.net/security_center/static/11384.php

The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand()
function instead of srand(), which causes vncserver to generate weak
cookies.

Analysis
----------------
ED_PRI CAN-2002-1511 1
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1516
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1516
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: CIAC:N-004
Reference: URL:http://www.ciac.org/ciac/bulletins/n-004.shtml
Reference: SGI:20020903-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P
Reference: XF:irix-rpcbind-w-symlink(10272)
Reference: URL:http://www.iss.net/security_center/static/10272.php
Reference: BID:5889
Reference: URL:http://online.securityfocus.com/bid/5889

rpcbind in SGI IRIX, when using the -w command line switch, allows
local users to overwrite arbitrary files via a symlink attack.

Analysis
----------------
ED_PRI CAN-2002-1516 1
Vendor Acknowledgement: yes advisory

ABSTRACTION: this is most likely a different vulnerability than
CVE-1999-0190 because CVE-1999-0190 is remotely exploitable, and
symlink issues are, by there nature, only locally exploitable.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1517
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1517
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: CIAC:N-004
Reference: URL:http://www.ciac.org/ciac/bulletins/n-004.shtml
Reference: SGI:20020903-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P
Reference: XF:irix-fsr-efs-symlink(10275)
Reference: URL:http://www.iss.net/security_center/static/10275.php
Reference: BID:5897
Reference: URL:http://www.securityfocus.com/bid/5897

fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file
activities via a symlink attack, possibly via the .fsrlast file.

Analysis
----------------
ED_PRI CAN-2002-1517 1
Vendor Acknowledgement: yes advisory

ACCURACY: the only source that specifically mentions the ".fsrlast"
file is SecurityFocus, and it is not clear where that knowledge came
from.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1518
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1518
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: CIAC:N-004
Reference: URL:http://www.ciac.org/ciac/bulletins/n-004.shtml
Reference: SGI:20020903-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P
Reference: BID:5893
Reference: URL:http://www.securityfocus.com/bid/5893
Reference: XF:irix-mv-directory-insecure(10276)
Reference: URL:http://www.iss.net/security_center/static/10276.php

mv in IRIX 6.5 creates a directory with world-writable permissions
while moving a directory, which could allow local users to modify
files and directories.

Analysis
----------------
ED_PRI CAN-2002-1518 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1543
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1543
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: NETBSD:NetBSD-SA2002-025
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-025.txt.asc
Reference: XF:trek-keyboard-input-bo(10458)
Reference: URL:http://www.iss.net/security_center/static/10458.php
Reference: BID:6036
Reference: URL:http://www.securityfocus.com/bid/6036

Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users
to gain privileges via long keyboard input.

Analysis
----------------
ED_PRI CAN-2002-1543 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1548
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1548
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: AIXAPAR:IY31934
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html

Unknown vulnerability in autofs, when using executable maps, allows
attackers to execute arbitrary commands as root, possibly related to
improper "string handling."

Analysis
----------------
ED_PRI CAN-2002-1548 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1550
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1550
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: AIXAPAR:IY34617
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html

dump_smutil.sh in IBM AIX allows local users to perform unauthorized
file operations via a symlink attack on temporary files.

Analysis
----------------
ED_PRI CAN-2002-1550 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1551
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1551
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: AIXAPAR:IY34670
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html

Buffer overflow in nslookup in IBM AIX may allow attackers to cause a
denial of service or execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2002-1551 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0711
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0711
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020719
Category: unknown
Reference: COMPAQ:SSRT2265
Reference: URL:http://www.securityfocus.com/advisories/4633
Reference: XF:hp-trucluster-interconnect-dos(10551)
Reference: URL:http://www.iss.net/security_center/static/10551.php
Reference: BUGTRAQ:20021105 RE: [security bulletin] SSRT2265 HP TruCluster Server Interconnect
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103651974926272&w=2
Reference: BID:6102
Reference: URL:http://www.securityfocus.com/bid/6102

Unknown vulnerability in Cluster Interconnect for HP TruCluster Server
5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a
denial of service.

Analysis
----------------
ED_PRI CAN-2002-0711 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0839
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020808
Category: SF
Reference: VULNWATCH:20021003 iDEFENSE Security Advisory 10.03.2002: Apache 1.3.x shared memory scoreboard vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html
Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2
Reference: CONECTIVA:CLA-2002:530
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Reference: ENGARDE:ESA-20021007-024
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Reference: MANDRAKE:MDKSA-2002:068
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Reference: DEBIAN:DSA-187
Reference: URL:http://www.debian.org/security/2002/dsa-187
Reference: DEBIAN:DSA-188
Reference: URL:http://www.debian.org/security/2002/dsa-188
Reference: DEBIAN:DSA-195
Reference: URL:http://www.debian.org/security/2002/dsa-195
Reference: BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103376585508776&w=2
Reference: SGI:20021105-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
Reference: HP:HPSBUX0210-224
Reference: URL:http://online.securityfocus.com/advisories/4617
Reference: BUGTRAQ:20021015 GLSA: apache
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html
Reference: BUGTRAQ:20021017 TSLSA-2002-0069-apache
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Reference: BID:5884
Reference: URL:http://www.securityfocus.com/bid/5884
Reference: XF:apache-scorecard-memory-overwrite(10280)
Reference: URL:http://www.iss.net/security_center/static/10280.php

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x
before 1.3.27 allows any user running as the Apache UID to send a
SIGUSR1 signal to any process as root, resulting in a denial of
service (process kill) or possibly other behaviors that would not
normally be allowed, by modifying the parent[].pid and
parent[].last_rtime segments in the scoreboard.

Analysis
----------------
ED_PRI CAN-2002-0839 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0843
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0843
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020808
Category: SF
Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2
Reference: CONECTIVA:CLA-2002:530
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Reference: ENGARDE:ESA-20021007-024
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Reference: MANDRAKE:MDKSA-2002:068
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Reference: DEBIAN:DSA-187
Reference: URL:http://www.debian.org/security/2002/dsa-187
Reference: DEBIAN:DSA-188
Reference: URL:http://www.debian.org/security/2002/dsa-188
Reference: DEBIAN:DSA-195
Reference: URL:http://www.debian.org/security/2002/dsa-195
Reference: HP:HPSBUX0210-224
Reference: URL:http://online.securityfocus.com/advisories/4617
Reference: SGI:20021105-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
Reference: BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103376585508776&w=2
Reference: BUGTRAQ:20021017 TSLSA-2002-0069-apache
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html

Buffer overflows in the ApacheBench benchmark support program (ab.c)
in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a
malicious web server to cause a denial of service and possibly execute
arbitrary code via a long response.

Analysis
----------------
ED_PRI CAN-2002-0843 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

INCLUSION: While the exploit scenario for this issue may be very rare,
the overflow nonetheless crosses privilege boundaries.  This is
therefore a vulnerability and should be included in CVE (pending
supporting votes from Board members).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1165
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1165
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020927
Category: SF
Reference: BUGTRAQ:20021001 iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103350914307274&w=2
Reference: CONFIRM:http://www.sendmail.org/smrsh.adv.txt
Reference: NETBSD:NetBSD-SA2002-023
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-023.txt.asc
Reference: CONECTIVA:CLA-2002:532
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000532
Reference: FREEBSD:FreeBSD-SA-02:41
Reference: CALDERA:CSSA-2002-052.0
Reference: MANDRAKE:MDKSA-2002:083
Reference: SGI:20030101-01-P
Reference: REDHAT:RHSA-2003:073
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-073.html
Reference: XF:sendmail-forward-bypass-smrsh(10232)
Reference: URL:http://www.iss.net/security_center/static/10232.php
Reference: BID:5845
Reference: URL:http://www.securityfocus.com/bid/5845

Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6,
8.11.6-15, and possibly other versions after 8.11 from 5/19/1998,
allows attackers to bypass the intended restrictions of smrsh by
inserting additional commands after (1) "||" sequences or (2) "/"
characters, which are not properly filtered or verified.

Analysis
----------------
ED_PRI CAN-2002-1165 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1167
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1167
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020927
Category: SF
Reference: VULNWATCH:20021023 R7-0008: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Issues
Reference: AIXAPAR:IY24527
Reference: BID:6000
Reference: URL:http://online.securityfocus.com/bid/6000
Reference: XF:ibm-wte-html-xss(10453)
Reference: URL:http://www.iss.net/security_center/static/10453.php

Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express
Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote
attackers to execute script as other users via an HTTP GET request.

Analysis
----------------
ED_PRI CAN-2002-1167 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: The Location: header CSS is separated from the "standard"
XSS because the Location: header issue has another component - CRLF
injection.  These are therefore very similar, but slightly different
types of issues, and CD:SF-LOC suggests that they be SPLIT into
multiple items.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1168
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1168
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020927
Category: SF
Reference: VULNWATCH:20021023 R7-0008: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Issues
Reference: AIXAPAR:IY35139
Reference: BID:6001
Reference: URL:http://online.securityfocus.com/bid/6001
Reference: XF:ibm-wte-header-injection(10454)
Reference: URL:http://www.iss.net/security_center/static/10454.php

Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express
Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote
attackers to execute script as other users via an HTTP request that
contains an Location: header with a "%0a%0d" (CRLF) sequence, which
echoes the Location as an HTTP header in the server response.

Analysis
----------------
ED_PRI CAN-2002-1168 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: The Location: header CSS is separated from the "standard"
XSS because the Location: header issue has another component - CRLF
injection.  These are therefore very similar, but slightly different
types of issues, and CD:SF-LOC suggests that they be SPLIT into
multiple items.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1169
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1169
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020927
Category: SF
Reference: MISC:http://www.rapid7.com/advisories/R7-0007.txt
Reference: VULNWATCH:20021023 R7-0007: IBM WebSphere Edge Server Caching Proxy Denial of Service
Reference: AIXAPAR:IY35970
Reference: BID:6002
Reference: URL:http://online.securityfocus.com/bid/6002
Reference: XF:ibm-wte-helpout-dos(10452)
Reference: URL:http://www.iss.net/security_center/static/10452.php

IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before
4.0.1.26 allows remote attackers to cause a denial of service (crash)
via an HTTP request to helpout.exe with a missing HTTP version number,
which causes ibmproxy.exe to crash.

Analysis
----------------
ED_PRI CAN-2002-1169 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1192
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1192
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021008
Category: SF
Reference: BUGTRAQ:20020928 local exploitable overflow in rogue/FreeBSD
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103342413220529&w=2
Reference: NETBSD:NetBSD-SA2002-021
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-021.txt.asc
Reference: XF:freebsd-rogue-bo(10261)
Reference: URL:http://www.iss.net/security_center/static/10261.php
Reference: BID:5837
Reference: URL:http://www.securityfocus.com/bid/5837

Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD
4.6, and possibly other operating systems, allows local users to gain
"games" group privileges via malformed entries in a game save file.

Analysis
----------------
ED_PRI CAN-2002-1192 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1194
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1194
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021008
Category: SF
Reference: NETBSD:NetBSD-SA2002-019
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-019.txt.asc
Reference: XF:netbsd-talkd-bo(10303)
Reference: URL:http://www.iss.net/security_center/static/10303.php
Reference: BID:5910
Reference: URL:http://www.securityfocus.com/bid/5910

Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other
operating systems, may allow remote attackers to execute arbitrary
code via a long inbound message.

Analysis
----------------
ED_PRI CAN-2002-1194 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1202
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1202
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021011
Category: SF
Reference: COMPAQ:SSRT2208
Reference: URL:http://archives.neohapsis.com/archives/tru64/2002-q4/0002.html
Reference: XF:tru64-routed-file-access(10316)
Reference: URL:http://www.iss.net/security_center/static/10316.php
Reference: BID:5913
Reference: URL:http://www.securityfocus.com/bid/5913

Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A
allows local and remote attackers to read arbitrary files.

Analysis
----------------
ED_PRI CAN-2002-1202 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1215
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1215
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021015
Category: SF
Reference: CONFIRM:http://linux-ha.org/security/sec01.txt
Reference: SUSE:SuSE-SA:2002:037
Reference: URL:http://www.suse.de/de/security/2002_037_heartbeat.html
Reference: DEBIAN:DSA-174
Reference: URL:http://www.debian.org/security/2002/dsa-174
Reference: CONECTIVA:CLA-2002:540
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000540
Reference: XF:linuxha-heartbeat-bo(10357)
Reference: URL:http://www.iss.net/security_center/static/10357.php
Reference: BID:5955
Reference: URL:http://www.securityfocus.com/bid/5955

Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier
(claimed as buffer overflows in some sources) allow remote attackers
to execute arbitrary code via certain packets to UDP port 694
(incorrectly claimed as TCP in some sources).

Analysis
----------------
ED_PRI CAN-2002-1215 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ACCURACY: Debian confirmed via email that DEBIAN:DSA-174 is addressing
the same issue as SuSE.  The original release of the Debian advisory
said that hearbeat mentioned "buffer overflows," but Debian confirmed
that they really meant "buffer overflows as exploited through format
strings" - i.e. format string vulnerabilities.  In addition, Debian's
mention of TCP was a typo.  So, the Debian and SuSE advisories are
discussing the same issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1225
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1225
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021017
Category: SF
Reference: SUSE:SuSE-SA:2002:034
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103341355708817&w=2
Reference: BUGTRAQ:20021014 GLSA: heimdal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103462479621246&w=2
Reference: DEBIAN:DSA-178
Reference: URL:http://www.debian.org/security/2002/dsa-178
Reference: XF:heimdal-kf-kfd-bo(10116)
Reference: URL:http://www.iss.net/security_center/static/10116.php
Reference: BID:5729
Reference: URL:http://www.securityfocus.com/bid/5729

Multiple buffer overflows in Heimdal before 0.5, possibly in both the
(1) kadmind and (2) kdc servers, may allow remote attackers to gain
root access.

Analysis
----------------
ED_PRI CAN-2002-1225 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1233
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1233
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021022
Category: SF
Reference: BUGTRAQ:20021016 Apache 1.3.26
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103480856102007&w=2
Reference: DEBIAN:DSA-187
Reference: URL:http://www.debian.org/security/2002/dsa-187
Reference: DEBIAN:DSA-188
Reference: URL:http://www.debian.org/security/2002/dsa-188
Reference: DEBIAN:DSA-195
Reference: URL:http://www.debian.org/security/2002/dsa-195
Reference: XF:apache-htdigest-tmpfile-race(10413)
Reference: URL:http://www.iss.net/security_center/static/10413.php

A regression error in the Debian distributions of the apache-ssl
package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0),
for Apache 1.3.27 and earlier, allows local users to read or modify
the Apache password file via a symlink attack on temporary files when
the administrator runs (1) htpasswd or (2) htdigest, a re-introduction
of a vulnerability that was originally identified and addressed by
CAN-2001-0131.

Analysis
----------------
ED_PRI CAN-2002-1233 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, REGRESSION

ABSRACTION: This is a Debian-specific regression error for
CAN-2001-0131; they had released a fix, but the fix did not make it
into upstream versions.  Mark Cox noted that this problem had never
been fixed by the Apache group; rather, various distributions had
fixed it when it first came out.  Should there be a separate candidate
for this regression error?

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1247
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1247
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: BUGTRAQ:20021111 iDEFENSE Security Advisory 11.11.02: Buffer Overflow in KDE resLISa
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103704823501757&w=2
Reference: VULNWATCH:20021111 iDEFENSE Security Advisory 11.11.02: Buffer Overflow in KDE resLISa
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0068.html
Reference: BUGTRAQ:20021112 KDE Security Advisory: resLISa / LISa Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712329102632&w=2
Reference: MISC:http://www.idefense.com/advisory/11.11.02.txt
Reference: DEBIAN:DSA-193
Reference: URL:http://www.debian.org/security/2002/dsa-193
Reference: REDHAT:RHSA-2002:220
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html
Reference: MANDRAKE:MDKSA-2002:080
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:080
Reference: CIAC:N-020
Reference: URL:http://www.ciac.org/ciac/bulletins/n-020.shtml
Reference: BUGTRAQ:20021114 GLSA: kdelibs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103728981029342&w=2
Reference: BID:6157
Reference: URL:http://www.securityfocus.com/bid/6157
Reference: XF:kde-kdenetwork-reslisa-bo(10592)
Reference: URL:http://www.iss.net/security_center/static/10592.php

Buffer overflow in LISa allows local users to gain access to a raw
socket via a long LOGNAME environment variable for the resLISa daemon.

Analysis
----------------
ED_PRI CAN-2002-1247 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CAN-2002-1247 (resLISA/LOGNAME overflow) is kept distinct
from CAN-2002-1306 (lisa daemon overflow, lan:// overflow) because
there is some evidence that these two candidates are being treated
separately, and thus some LISa packages may have fixed one issue but
not the other.  Therefore these issues should remain SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1275
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1275
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021108
Category: SF
Reference: SUSE:SuSE-SA:2002:040
Reference: URL:http://www.suse.de/de/security/2002_040_lprng_html2ps.html
Reference: DEBIAN:DSA-192
Reference: URL:http://www.debian.org/security/2002/dsa-192
Reference: XF:lprng-html2ps-command-execution(10526)
Reference: URL:http://www.iss.net/security_center/static/10526.php
Reference: BID:6079
Reference: URL:http://www.securityfocus.com/bid/6079

Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when
used within LPRng, allows remote attackers to execute arbitrary code
via "unsanitized input."

Analysis
----------------
ED_PRI CAN-2002-1275 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1276
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1276
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021108
Category: SF
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471
Reference: DEBIAN:DSA-191
Reference: URL:http://www.debian.org/security/2002/dsa-191
Reference: REDHAT:RHSA-2003:042
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-042.html

An incomplete fix for a cross-site scripting (XSS) vulnerability in
SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value
but does not save the result back to that variable, leaving it open to
cross-site scripting attacks.

Analysis
----------------
ED_PRI CAN-2002-1276 3
Vendor Acknowledgement: yes advisory
Content Decisions: INCLUSION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1279
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1279
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021112
Category: SF
Reference: DEBIAN:DSA-194
Reference: URL:http://www.debian.org/security/2002/dsa-194
Reference: CONFIRM:http://lists.masqmail.cx/pipermail/masqmail/2002-November/000040.html
Reference: CONFIRM:http://lists.masqmail.cx/pipermail/masqmail/2002-November/000041.html
Reference: XF:masqmail-bo(10605)
Reference: URL:http://www.iss.net/security_center/static/10605.php
Reference: BID:6164
Reference: URL:http://www.securityfocus.com/bid/6164

Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17,
and 0.2.x before 0.2.15, allow local users to gain privileges via
certain entries in the configuration file (-C option).

Analysis
----------------
ED_PRI CAN-2002-1279 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1281
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1281
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021112
Category: SF
Reference: BUGTRAQ:20021112 KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712550205730&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021111-1.txt
Reference: MANDRAKE:MDKSA-2002:079
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-079.php
Reference: REDHAT:RHSA-2002:220
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html
Reference: DEBIAN:DSA-204
Reference: URL:http://www.debian.org/security/2002/dsa-204
Reference: BUGTRAQ:20021114 GLSA: kdelibs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103728981029342&w=2
Reference: XF:kde-rlogin-command-execution(10602)
Reference: URL:http://www.iss.net/security_center/static/10602.php
Reference: BID:6182
Reference: URL:http://www.securityfocus.com/bid/6182

Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of
KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and
remote attackers to execute arbitrary code via a certain URL.

Analysis
----------------
ED_PRI CAN-2002-1281 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, SF-LOC

ABSTRACTION: Since the telnet.protocol problem only appears in KDE
2.x, but the rlogin.protocol problem appears in 2.x *and* 3.x,
CD:SF-LOC suggests creating separate identifiers because the
rlogin.protocol problem appears in a different version than
telnet.protocol.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1282
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1282
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021112
Category: SF
Reference: BUGTRAQ:20021112 KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712550205730&w=2
Reference: MANDRAKE:MDKSA-2002:079
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-079.php
Reference: REDHAT:RHSA-2002:220
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html
Reference: DEBIAN:DSA-204
Reference: URL:http://www.debian.org/security/2002/dsa-204
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021111-1.txt
Reference: BUGTRAQ:20021114 GLSA: kdelibs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103728981029342&w=2
Reference: XF:kde-telnet-command-execution(10603)
Reference: URL:http://www.iss.net/security_center/static/10603.php
Reference: BID:6182
Reference: URL:http://www.securityfocus.com/bid/6182

Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of
KDE 2.x 2.1 and later allows local and remote attackers to execute
arbitrary code via a certain URL.

Analysis
----------------
ED_PRI CAN-2002-1282 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, SF-LOC

ABSTRACTION: Since the telnet.protocol problem only appears in KDE
2.x, but the rlogin.protocol problem appears in 2.x *and* 3.x,
CD:SF-LOC suggests creating separate identifiers because the
rlogin.protocol problem appears in a different version than
telnet.protocol.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1306
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1306
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021114
Category: SF
Reference: BUGTRAQ:20021112 KDE Security Advisory: resLISa / LISa Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712329102632&w=2
Reference: SUSE:SuSE-SA:2002:042
Reference: URL:http://www.suse.de/de/security/2002_042_kdenetwork.html
Reference: MANDRAKE:MDKSA-2002:080
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-080.php
Reference: REDHAT:RHSA-2002:220
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021111-2.txt
Reference: DEBIAN:DSA-214
Reference: URL:http://www.debian.org/security/2002/dsa-214
Reference: BUGTRAQ:20021114 GLSA: kdelibs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103728981029342&w=2
Reference: CIAC:N-020
Reference: URL:http://www.ciac.org/ciac/bulletins/n-020.shtml
Reference: XF:kde-kdenetwork-lisa-bo(10597)
Reference: URL:http://www.iss.net/security_center/static/10597.php
Reference: XF:kde-kdenetwork-lan-bo(10598)
Reference: URL:http://www.iss.net/security_center/static/10598.php

Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and
KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to
execute arbitrary code via the "lisa" daemon, and (2) remote attackers
to execute arbitrary code via a certain "lan://" URL.

Analysis
----------------
ED_PRI CAN-2002-1306 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CAN-2002-1247 (resLISA/LOGNAME overflow) is kept distinct
from CAN-2002-1306 (lisa daemon overflow, lan:// overflow) because
there is some evidence that these two candidates are being treated
separately, and thus some LISa packages may have fixed one issue but
not the other.  Therefore these issues should remain SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1402
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1402
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: BUGTRAQ:20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103021186622725&w=2
Reference: CONFIRM:http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
Reference: SUSE:SuSE-SA:2002:038
Reference: CONFIRM:http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
Reference: CONECTIVA:CLA-2002:524
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524
Reference: MANDRAKE:MDKSA-2002:062
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:062
Reference: BUGTRAQ:20020826 GLSA: PostgreSQL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103036987114437&w=2

Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment
variables for PostgreSQL 7.2.1 and earlier allow local users to cause
a denial of service and possibly execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2002-1402 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: A large number of buffer overflows and other issues were
discovered in PostgreSQL 7.2.x during August 2002.  The process of
sorting out these different issues was quite arduous.  While CD:SF-LOC
might suggest combining most of the overflows into a single item, some
security advisories are vague enough that it seems appropriate to
create separate candidates for the separate reports, so that vendors
may clarify to their customers which problems they did (or did not)
fix.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007