[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster 2004-01-A - 37 candidates



I am proposing cluster 2004-01-A for review and voting by the
Editorial Board.

Name: 2004-01-A
Description: CANs announced between 2004/01/02 and 2004/01/12
Size: 37

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2003-0969
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0969
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20031201
Category: SF
Reference: DEBIAN:DSA-411
Reference: URL:http://www.debian.org/security/2004/dsa-411
Reference: XF:mpg321-mp3-format-string(14148)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14148

mpg321 0.2.10 allows remote attackers to overwrite memory and possibly
execute arbitrary code via an mp3 file that passes certain strings to
the printf function, possibly triggering a format string
vulnerability.

Analysis
----------------
ED_PRI CAN-2003-0969 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0985
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20031216
Category: SF
Reference: BUGTRAQ:20040105 Linux kernel mremap vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107332782121916&w=2
Reference: MISC:http://isec.pl/vulnerabilities/isec-0013-mremap.txt
Reference: BUGTRAQ:20040105 Linux kernel do_mremap() proof-of-concept exploit code
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340358402129&w=2
Reference: BUGTRAQ:20040106 Linux mremap bug correction
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340814409017&w=2
Reference: SUSE:SuSE-SA:2004:001
Reference: SUSE:SuSE-SA:2004:003
Reference: URL:http://www.suse.com/de/security/2004_03_linux_kernel.html
Reference: CONECTIVA:CLA-2004:799
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799
Reference: ENGARDE:ESA-20040105-001
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
Reference: REDHAT:RHSA-2003:416
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-416.html
Reference: REDHAT:RHSA-2003:417
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-417.html
Reference: REDHAT:RHSA-2003:419
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-419.html
Reference: DEBIAN:DSA-413
Reference: URL:http://www.debian.org/security/2004/dsa-413
Reference: DEBIAN:DSA-417
Reference: URL:http://www.debian.org/security/2004/dsa-417
Reference: DEBIAN:DSA-427
Reference: URL:http://www.debian.org/security/2004/dsa-427
Reference: DEBIAN:DSA-439
Reference: URL:http://www.debian.org/security/2004/dsa-439
Reference: DEBIAN:DSA-440
Reference: URL:http://www.debian.org/security/2004/dsa-440
Reference: DEBIAN:DSA-442
Reference: URL:http://www.debian.org/security/2004/dsa-442
Reference: IMMUNIX:IMNX-2004-73-001-01
Reference: MANDRAKE:MDKSA-2004:001
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:001
Reference: SGI:20040102-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040102-01-U
Reference: BUGTRAQ:20040105 TSLSA-2004-01 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107332754521495&w=2
Reference: BUGTRAQ:20040107 [slackware-security]  Kernel security update  (SSA:2004-006-01)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107350348418373&w=2
Reference: BUGTRAQ:20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-01/0070.html
Reference: BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2
Reference: XF:linux-domremap-gain-privileges(14135)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14135

The mremap system call (do_mremap) in Linux kernel 2.4 and 2.6 does
not properly perform bounds checks, which allows local users to cause
a denial of service and possibly gain privileges by causing a
remapping of a virtual memory area (VMA) to create a zero length VMA,
a different vulnerability than CAN-2004-0077.

Analysis
----------------
ED_PRI CAN-2003-0985 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-1022
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1022
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20031219
Category: SF
Reference: DEBIAN:DSA-416
Reference: URL:http://www.debian.org/security/2004/dsa-416
Reference: CIAC:O-048
Reference: URL:http://www.ciac.org/ciac/bulletins/o-048.shtml
Reference: XF:fspsuite-dot-directory-traversal(14154)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14154
Reference: BID:9377
Reference: URL:http://www.securityfocus.com/bid/9377

Directory traversal vulnerability in fsp before 2.81.b18 allows remote
users to access files outside the FSP root directory.

Analysis
----------------
ED_PRI CAN-2003-1022 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0011
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0011
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: DEBIAN:DSA-416
Reference: URL:http://www.debian.org/security/2003/dsa-416
Reference: CIAC:O-048
Reference: URL:http://www.ciac.org/ciac/bulletins/o-048.shtml
Reference: BID:9377
Reference: URL:http://www.securityfocus.com/bid/9377
Reference: XF:fsp-boundry-error-bo(14155)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14155

Buffer overflow in fsp before 2.81.b18 allows remote users to execute
arbitrary code.

Analysis
----------------
ED_PRI CAN-2004-0011 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0013
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0013
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: DEBIAN:DSA-414
Reference: URL:http://www.debian.org/security/2004/dsa-414
Reference: MANDRAKE:MDKSA-2004:005
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:005

jabber 1.4.3, 1.4.2a, and possibly other versions does not properly
handle SSL connections, which allows remote attackers to cause a
denial of service (crash).

Analysis
----------------
ED_PRI CAN-2004-0013 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0015
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0015
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: DEBIAN:DSA-418
Reference: URL:http://www.debian.org/security/2004/dsa-418

vbox3 0.1.8 and earlier does not properly drop privileges before
executing a user-provided TCL script, which allows local users to gain
privileges.

Analysis
----------------
ED_PRI CAN-2004-0015 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0016
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: DEBIAN:DSA-419
Reference: URL:http://www.debian.org/security/2004/dsa-419

The calendar module for phpgroupware 0.9.14 does not enforce the "save
extension" feature for holiday files, which allows remote attackers to
create and execute PHP files.

Analysis
----------------
ED_PRI CAN-2004-0016 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0028
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0028
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040106
Category: SF
Reference: DEBIAN:DSA-420
Reference: URL:http://www.debian.org/security/2004/dsa-420

jitterbug 1.6.2 does not properly sanitize inputs, which allows remote
authenticated users to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2004-0028 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0044
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0044
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040112
Category: SF
Reference: CISCO:20040108 Cisco Personal Assistant User Password Bypass Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml

Cisco Personal Assistant 1.4(1) and 1.4(2) disables password
authentication when "Allow Only Cisco CallManager Users" is enabled
and the Corporate Directory settings refer to the directory service
being used by Cisco CallManager, which allows remote attackers to gain
access with a valid username.

Analysis
----------------
ED_PRI CAN-2004-0044 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0049
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0049
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: CONFIRM:http://service.real.com/help/faq/security/040112_dos/

Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote
attackers to cause a denial of service via certain HTTP POST messages
to the Administration System port.

Analysis
----------------
ED_PRI CAN-2004-0049 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0070
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0070
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040115
Category: SF
Reference: BUGTRAQ:20040110 Remote Code Execution in ezContents
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107392588915627&w=2
Reference: CONFIRM:http://www.ezcontents.org/forum/viewtopic.php?t=361

PHP remote code injection vulnerability in module.php for ezContents
allows remote attackers to execute arbitrary PHP code by modifying the
link parameter to reference a URL on a remote web server that contains
the code.

Analysis
----------------
ED_PRI CAN-2004-0070 1
Vendor Acknowledgement: unknown

ACKNOWLEDGEMENT: the vendor's web site includes an item "Wed Feb 04,
2004 9:48 am" which explicitly lists CAN-2004-0070.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0994
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0994
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20031216
Category: SF
Reference: FULLDISC:20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-January/015510.html
Reference: BUGTRAQ:20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-January/015510.html
Reference: BUGTRAQ:20040112 Re:   SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107393473928245&w=2
Reference: MISC:http://www.secnetops.biz/research/SRT2004-01-09-1022.txt

The GUI functionality for an interactive session in Symantec
LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security
2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and
Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0,
allows local users to gain SYSTEM privileges.

Analysis
----------------
ED_PRI CAN-2003-0994 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0035
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0035
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040107
Category: SF
Reference: BUGTRAQ:20040105 Multiple Vulnerabilities in Phorum 3.4.5
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340481804110&w=2
Reference: XF:phorum-register-sql-injection(14146)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14146

SQL injection vulnerability in register.php for Phorum 3.4.5 and
earlier allows remote attackers to execute arbitrary SQL commands via
the hide_email parameter.

Analysis
----------------
ED_PRI CAN-2004-0035 2
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: The Phorum home page includes a news item for Phorum
3.4.6 that says it fixed some "cross sight scripting issues that were
found by Calum Power [the Bugtraq poster]... [including]
register.php."  While the Phorum announcement implies it's an XSS
issue, the coincidence with Power's post is sufficient enough to
reasonably assume that Phorum's statement is erroneous with respect to
implying that it's XSS instead of SQL injection.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0045
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0045
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040112
Category: SF
Reference: BUGTRAQ:20040107 [SECURITY] INN: Buffer overflow in control message handling
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-01/0063.html
Reference: BUGTRAQ:20040108 [OpenPKG-SA-2004.001] OpenPKG Security Advisory (inn)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-01/0064.html

Buffer overflow in the control message handling code for INN 2.4.0 may
allow remote attackers to execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2004-0045 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0002
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0002
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: CONFIRM:http://lists.freebsd.org/pipermail/cvs-src/2004-January/016271.html

The TCP MSS (maximum segment size) functionality in netinet allows
remote attackers to cause a denial of service (resource exhaustion)
via (1) a low MTU, which causes a large number of small packets to be
produced, or (2) via a large number of packets with a small TCP
payload, which cause a large number of calls to the resource-intensive
sowakeup function.

Analysis
----------------
ED_PRI CAN-2004-0002 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0014
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0014
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: DEBIAN:DSA-412
Reference: URL:http://www.debian.org/security/2004/dsa-412
Reference: XF:nd-long-string-bo(14141)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14141

Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier
allows remote web servers to execute arbitrary code via certain long
strings.

Analysis
----------------
ED_PRI CAN-2004-0014 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0017
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0017
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: DEBIAN:DSA-419
Reference: URL:http://www.debian.org/security/2004/dsa-419

Multiple SQL injection vulnerabilities in the (1) calendar and (2)
infolog modules for phpgroupware 0.9.14 allow remote attackers to
perform unauthorized database operations.

Analysis
----------------
ED_PRI CAN-2004-0017 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0029
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0029
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040106
Category: SF
Reference: BUGTRAQ:20040106 Lotus Notes Domino 6.0.2 (linux) faulty default permissions
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340897710308&w=2
Reference: XF:lotus-notes-insecure-permissions(14153)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14153

Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration
file with world-writable permissions, which allows local users to
modify the Notes configuration and gain privileges.

Analysis
----------------
ED_PRI CAN-2004-0029 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0030
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0030
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040106
Category: SF
Reference: BUGTRAQ:20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340840209453&w=2
Reference: XF:phpgedview-pgvbasedirectory-file-include(14159)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14159

PHP remote code injection vulnerability in (1) functions.php, (2)
authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW
2.61 allows remote attackers to execute arbitrary PHP code by
modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a
remote web server that contains the code.

Analysis
----------------
ED_PRI CAN-2004-0030 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0031
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0031
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040106
Category: SF
Reference: BUGTRAQ:20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340840209453&w=2
Reference: XF:phpgedview-modify-admin-password(14161)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14161

PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and
change the administrator password via a direct HTTP request to
editconfig.php.

Analysis
----------------
ED_PRI CAN-2004-0031 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0032
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0032
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040106
Category: SF
Reference: BUGTRAQ:20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340840209453&w=2
Reference: XF:phpgedview-search-xss(14160)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14160

Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW
2.61 allows remote attackers to inject arbitrary HTML and web script
via the firstname parameter.

Analysis
----------------
ED_PRI CAN-2004-0032 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0033
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0033
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040106
Category: SF
Reference: BUGTRAQ:20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340840209453&w=2
Reference: XF:phpgedview-admin-info-disclosure(14162)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14162

admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain
sensitive information via an action parameter with a phpinfo command.

Analysis
----------------
ED_PRI CAN-2004-0033 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0034
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0034
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040107
Category: SF
Reference: BUGTRAQ:20040105 Multiple Vulnerabilities in Phorum 3.4.5
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340481804110&w=2
Reference: CONFIRM:http://phorum.org/
Reference: XF:phorum-common-xss(14145)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14145

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5
and earlier allow remote attackers to inject arbitrary HTML or web
script via (1) the phorum_check_xss function in common.php, (2) the
EditError variable in profile.php, and (3) the Error variable in
login.php.

Analysis
----------------
ED_PRI CAN-2004-0034 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

ACKNOWLEDGEMENT: The Phorum home page includes a news item for Phorum
3.4.6 that says it fixed some "cross sight scripting issues that were
found by Calum Power [the Bugtraq poster]."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0036
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0036
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040107
Category: SF
Reference: BUGTRAQ:20040105 vBulletin Forum 2.3.xx calendar.php SQL Injection
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340358202123&w=2
Reference: XF:vbulletin-calendar-sql-injection(14144)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14144

SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x
allows remote attackers to steal sensitive information via the eventid
parameter.

Analysis
----------------
ED_PRI CAN-2004-0036 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0037
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0037
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040107
Category: SF
Reference: BUGTRAQ:20040105 FirstClass Client 7.1: Command Execution via Email Web Link
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340950611167&w=2
Reference: XF:firstclassclient-execute-code(14151)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14151
Reference: BID:9370
Reference: URL:http://www.securityfocus.com/bid/9370

FirstClass Desktop Client 7.1 allows remote attackers to execute
arbitrary commands via hyperlinks in FirstClass RTF messages.

Analysis
----------------
ED_PRI CAN-2004-0037 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0042
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0042
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040108
Category: SF
Reference: MISC:http://www.securitytracker.com/alerts/2004/Jan/1008628.html

vsftpd 1.1.3 generates different error messages depending on whether
or not a valid username exists, which allows remote attackers to
identify valid usernames.

Analysis
----------------
ED_PRI CAN-2004-0042 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0043
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0043
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040108
Category: SF
Reference: BUGTRAQ:20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107357996802255&w=2
Reference: FULLDISC:20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-January/015334.html

Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier
allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a long filename in the download
feature.

Analysis
----------------
ED_PRI CAN-2004-0043 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0046
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0046
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040112
Category: SF
Reference: BUGTRAQ:20040106 SnapStream PVS LITE Cross Site Scripting Vulnerabillity
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107350313917867&w=2

Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows
remote attackers to inject arbitrary web script or HTML via a GET
request containing a '"' (double quote) character.

Analysis
----------------
ED_PRI CAN-2004-0046 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0055
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: MISC:http://marc.theaimsgroup.com/?l=tcpdump-workers&m=107325073018070&w=2
Reference: REDHAT:RHSA-2004:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-008.html
Reference: DEBIAN:DSA-425
Reference: URL:http://www.debian.org/security/2004/dsa-425
Reference: MANDRAKE:MDKSA-2004:008
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:008
Reference: SGI:20040103-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html
Reference: BUGTRAQ:20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107577418225627&w=2
Reference: CERT-VN:VU#955526
Reference: URL:http://www.kb.cert.org/vuls/id/955526

The print_attr_string function in print-radius.c for tcpdump 3.8.1 and
earlier allows remote attackers to cause a denial of service
(segmentation fault) via a RADIUS attribute with a large length value.

Analysis
----------------
ED_PRI CAN-2004-0055 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0065
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0065
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: BUGTRAQ:20040112 More phpGedView Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394912715478&w=2

Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow
remote attackers to execute arbitrary SQL via (1) timeline.php and (2)
placelist.php.

Analysis
----------------
ED_PRI CAN-2004-0065 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0066
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0066
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: BUGTRAQ:20040112 More phpGedView Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394912715478&w=2

phpGedView before 2.65 allows remote attackers to obtain the absolute
path of the web server via malformed parameters to (1) indilist.php,
(2) famlist.php, (3) placelist.php, (4) imageview.php, (5)
timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php.

Analysis
----------------
ED_PRI CAN-2004-0066 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0067
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0067
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: BUGTRAQ:20040112 More phpGedView Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394912715478&w=2

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView
before 2.65 allow remote attackers to inject arbitrary HTML or web
script via (1) descendancy.php, (2) index.php, (3) individual.php, (4)
login.php, (5) relationship.php, (6) source.php, (7) imageview.php,
(8) calendar.php, (9) gedrecord.php, (10) login.php, and (11)
gdbi_interface.php.

Analysis
----------------
ED_PRI CAN-2004-0067 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0069
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0069
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040115
Category: SF
Reference: BUGTRAQ:20040108 Windows FTP Server Format String Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107367110805273&w=2
Reference: BUGTRAQ:20040113 exploit for HD Soft Windows FTP Server 1.6
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107401398014761&w=2

Format string vulnerability in HD Soft Windows FTP Server 1.6 and
earlier allows remote attackers to execute arbitrary code via format
string specifiers in the username, which is processed by the wscanf
function.

Analysis
----------------
ED_PRI CAN-2004-0069 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0071
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0071
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040115
Category: SF
Reference: BUGTRAQ:20040110 PHP Manpage lookup directory transversal / file disclosing
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107392764118403&w=2

Directory traversal vulnerability in buildManPage in
class.manpagelookup.php for PHP Man Page Lookup allows remote
attackers to read arbitrary files via the command parameter ($cmd
variable) to index.php.

Analysis
----------------
ED_PRI CAN-2004-0071 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0072
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0072
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040115
Category: SF
Reference: BUGTRAQ:20040109 Directory Traversal in Accipiter Direct Server 6.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107392576215418&w=2
Reference: FULLDISC:20040109 Directory Traversal in Accipiter Direct Server 6.0
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0274.html
Reference: XF:accipterdirectserver-directory-traversal(14198)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14198
Reference: BID:9389
Reference: URL:http://www.securityfocus.com/bid/9389

Directory traversal vulnerability in Accipiter Direct Server 6.0
allows remote attackers to read arbitrary files via encoded
\.. (backslash .., "%5c%2e%2e") sequences in an HTTP request.

Analysis
----------------
ED_PRI CAN-2004-0072 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0073
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0073
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040115
Category: SF
Reference: BUGTRAQ:20040102 include() vuln in EasyDynamicPages v.2.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107307457327707&w=2

PHP remote code injection vulnerability in config.php for
EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP
code by modifying the edp_relative_path parameter to reference a URL
on a remote web server that contains a malicious serverdata.php
script.

Analysis
----------------
ED_PRI CAN-2004-0073 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0074
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0074
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040115
Category: SF
Reference: BUGTRAQ:20040102 xsok local games exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107307407027259&w=2
Reference: BUGTRAQ:20040103 xsok local games exploit (2)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107332542918529&w=2
Reference: BID:9352
Reference: URL:http://www.securityfocus.com/bid/9352
Reference: BID:9341
Reference: URL:http://www.securityfocus.com/bid/9341
Reference: XF:xsok-lang-bo(14910)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14910
Reference: XF:xsok-long-xsokdir-bo(14906)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14906

Multiple buffer overflows in xsok 1.02 allows local users to gain
privileges via (1) a long LANG environment variable, or (2) a long
-xsokdir command line argument, a different vulnerability than
CAN-2003-0949.

Analysis
----------------
ED_PRI CAN-2004-0074 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: since both overflows affect the same version and were
reported at the same time, they are MERGED per CD:SF-LOC.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007