[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster 2004-03-A - 36 candidates



I am proposing cluster 2004-03-A for review and voting by the
Editorial Board.

Name: 2004-03-A
Description: CANs announced between 2004/03/01 and 2004/03/11
Size: 36

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2003-0592
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0592
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20030718
Category: SF
Reference: FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018475.html
Reference: VULNWATCH:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html
Reference: REDHAT:RHSA-2004:074
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-074.html
Reference: DEBIAN:DSA-459
Reference: URL:http://www.debian.org/security/2004/dsa-459
Reference: MANDRAKE:MDKSA-2004:022
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:022

Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers
to bypass intended cookie access restrictions on a web application via
"%2e%2e" (encoded dot dot) directory traversal sequences in a URL,
which causes Konqueror to send the cookie outside the specified URL
subsets, e.g. to a vulnerable application that runs on the same server
as the target application.

Analysis
----------------
ED_PRI CAN-2003-0592 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0594
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0594
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20030718
Category: SF
Reference: FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018475.html
Reference: VULNWATCH:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html
Reference: MANDRAKE:MDKSA-2004:021
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:021

Mozilla allows remote attackers to bypass intended cookie access
restrictions on a web application via "%2e%2e" (encoded dot dot)
directory traversal sequences in a URL, which causes Mozilla to send
the cookie outside the specified URL subsets, e.g. to a vulnerable
application that runs on the same server as the target application.

Analysis
----------------
ED_PRI CAN-2003-0594 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0905
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0905
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20031104
Category: SF
Reference: MS:MS04-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-008.asp

Unknown vulnerability in Windows Media Station Service and Windows
Media Monitor Service components of Windows Media Services 4.1 allows
remote attackers to cause a denial of service (disallowing new
connections) via a certain sequence of TCP/IP packets.

Analysis
----------------
ED_PRI CAN-2003-0905 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0993
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20031216
Category: SF
Reference: CONFIRM:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850
Reference: MLIST:[apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c
Reference: URL:http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722
Reference: CONFIRM:http://www.apacheweek.com/features/security-13
Reference: XF:apache-modaccess-obtain-information(15422)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15422
Reference: BID:9829
Reference: URL:http://www.securityfocus.com/bid/9829

mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit
platforms, does not properly parse Allow/Deny rules using IP addresses
without a netmask, which could allow remote attackers to bypass
intended access restrictions.

Analysis
----------------
ED_PRI CAN-2003-0993 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0108
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0108
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040202
Category: SF
Reference: REDHAT:RHSA-2004:053
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-053.html
Reference: DEBIAN:DSA-460
Reference: URL:http://www.debian.org/security/2004/dsa-460
Reference: SGI:20040302-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc

The isag utility, which processes sysstat data, allows local users to
overwrite arbitrary files via a symlink attack on temporary files, a
different vulnerability than CAN-2004-0107.

Analysis
----------------
ED_PRI CAN-2004-0108 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0111
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040202
Category: SF
Reference: REDHAT:RHSA-2004:103
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-103.html
Reference: MANDRAKE:MDKSA-2004:020
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:020

gdk-pixbuf before 0.20 allows attackers to cause a denial of service
(crash) via a malformed bitmap (BMP) file.

Analysis
----------------
ED_PRI CAN-2004-0111 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0113
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040202
Category: SF
Reference: MISC:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27106
Reference: MLIST:[apache-cvs] 20040307 cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c
Reference: URL:http://marc.theaimsgroup.com/?l=apache-cvs&m=107869699329638
Reference: CONFIRM:http://www.apacheweek.com/features/security-20
Reference: XF:apache-modssl-plain-dos(15419)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15419
Reference: BID:9826
Reference: URL:http://www.securityfocus.com/bid/9826

Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49
allows remote attackers to cause a denial of service (memory
consumption) via plain HTTP requests to the SSL port of an SSL-enabled
server.

Analysis
----------------
ED_PRI CAN-2004-0113 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0121
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0121
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040203
Category: SF
Reference: BUGTRAQ:20040310 Outlook mailto: URL argument injection vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107893704602842&w=2
Reference: MISC:http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities
Reference: MS:MS04-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-009.asp

Microsoft Outlook 2002 does not sufficiently filter parameters of
mailto: URLs when using them as arguments when calling OUTLOOK.EXE,
which allows remote attackers to use script code in the Local Machine
zone and execute arbitrary programs.

Analysis
----------------
ED_PRI CAN-2004-0121 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0122
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0122
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040203
Category: SF
Reference: MS:MS04-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-010.asp

Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain
requests, which allows remote attackers to read arbitrary files.

Analysis
----------------
ED_PRI CAN-2004-0122 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0148
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0148
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040213
Category: SF
Reference: DEBIAN:DSA-457
Reference: URL:http://www.debian.org/security/2004/dsa-457
Reference: REDHAT:RHSA-2004:096
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-096.html

wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled,
allows local users to bypass access restrictions by changing the
permissions to prevent access to their home directory, which causes
wu-ftpd to use the root directory instead.

Analysis
----------------
ED_PRI CAN-2004-0148 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0150
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0150
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040213
Category: SF
Reference: DEBIAN:DSA-458
Reference: URL:http://www.debian.org/security/2004/dsa-458
Reference: MANDRAKE:MDKSA-2004:019
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:019

Buffer overflow in the getaddrinfo in Python 2.2 allows remote
attackers to executer arbitrary code via an IPv6 address that is
obtained using DNS.

Analysis
----------------
ED_PRI CAN-2004-0150 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0171
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0171
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040219
Category: SF
Reference: FULLDISC:20040302 iDEFENSE Security Advisory 03.02.04: FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018133.html
Reference: MISC:http://www.idefense.com/application/poi/display?id=78&type=vulnerabilities
Reference: FREEBSD:FreeBSD-SA-04:04
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc
Reference: XF:freebsd-mbuf-dos(15369)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15369

FreeBSD 5.1 and earlier allows remote attackers to cause a denial of
service (resource exhaustion of memory buffers) via a large number of
out-of-sequence TCP packets, which prevents FreeBSD from creating new
connections.

Analysis
----------------
ED_PRI CAN-2004-0171 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0352
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0352
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: CISCO:20040304 Cisco CSS 11000 Series Content Services Switches Malformed UDP Packet Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040304-css.shtml
Reference: CERT-VN:VU#363374
Reference: URL:http://xforce.iss.net/xforce/xfdb/15388
Reference: XF:cisco-css-udp-dos(15388)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15388
Reference: BID:9806
Reference: URL:http://www.securityfocus.com/bid/9806

Cisco 11000 Series Content Services Switches (CSS) running WebNS
5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow
remote attackers to cause a denial of service (device reset) via a
malformed packet to UDP port 5002.

Analysis
----------------
ED_PRI CAN-2004-0352 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0356
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0356
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040305 SLMail Pro Supervisor Report Center Buffer Overflow (#NISR05022004a)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107850488326232&w=2
Reference: CONFIRM:http://216.26.170.92/Download/webfiles/Patches/SLMPPatch-2.0.14.pdf
Reference: MISC:http://www.nextgenss.com/advisories/slmailsrc.txt
Reference: XF:slmail-src-stack-bo(15398)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15398
Reference: BID:9809
Reference: URL:http://www.securityfocus.com/bid/9809

Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro
2.0.9 and earlier allows remote attackers to execute arbitrary code
via an HTTP request with a long HTTP sub-version.

Analysis
----------------
ED_PRI CAN-2004-0356 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: the patch document for SL Mail 2.0.14 includes the
item: "Security Issues: SL Supervisor buffer overflow"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0347
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0347
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107826362024112&w=2
Reference: BUGTRAQ:20040304 NetScreen Advisory 58412: XSS Bug in NetScreen-SA SSL VPN
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107850564102190&w=2

Cross-site scripting (XSS) vulnerability in delhomepage.cgi in
NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797)
allows remote authenticated users to execute arbitrary script as other
users via the row parameter.

Analysis
----------------
ED_PRI CAN-2004-0347 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0513
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0513
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20030707
Category: SF
Reference: FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018475.html
Reference: VULNWATCH:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html

Microsoft Internet Explorer allows remote attackers to bypass intended
cookie access restrictions on a web application via "%2e%2e" (encoded
dot dot) directory traversal sequences in a URL, which causes Internet
Explorer to send the cookie outside the specified URL subsets, e.g. to
a vulnerable application that runs on the same server as the target
application.

Analysis
----------------
ED_PRI CAN-2003-0513 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0514
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0514
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20030707
Category: SF
Reference: FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018475.html
Reference: VULNWATCH:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html

Apple Safari allows remote attackers to bypass intended cookie access
restrictions on a web application via "%2e%2e" (encoded dot dot)
directory traversal sequences in a URL, which causes Safari to send
the cookie outside the specified URL subsets, e.g. to a vulnerable
application that runs on the same server as the target application.

Analysis
----------------
ED_PRI CAN-2003-0514 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0593
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0593
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20030718
Category: SF
Reference: FULLDISC:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018475.html
Reference: VULNWATCH:20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html

Opera allows remote attackers to bypass intended cookie access
restrictions on a web application via "%2e%2e" (encoded dot dot)
directory traversal sequences in a URL, which causes Opera to send the
cookie outside the specified URL subsets, e.g. to a vulnerable
application that runs on the same server as the target application.

Analysis
----------------
ED_PRI CAN-2003-0593 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0107
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0107
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040202
Category: SF
Reference: REDHAT:RHSA-2004:053
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-053.html
Reference: REDHAT:RHSA-2004:093
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-093.html
Reference: SGI:20040302-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc

The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier
allow local users to overwrite arbitrary files via symlink attacks on
temporary files, a different vulnerability than CAN-2004-0108.

Analysis
----------------
ED_PRI CAN-2004-0107 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0194
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0194
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040304
Category: SF
Reference: BUGTRAQ:20040303 Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107842545022724&w=2
Reference: FULLDISC:20040303 Adobe Acrobat Reader XML Forms Data Format Buffer Overflow
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018227.html
Reference: MISC:http://www.nextgenss.com/advisories/adobexfdf.txt
Reference: XF:acrobatreader-xfdf-bo(15384)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15384

Stack-based buffer overflow in the OutputDebugString function for
Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary
code via a PDF document with XML Forms Data Format (XFDF) data.

Analysis
----------------
ED_PRI CAN-2004-0194 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0224
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0224
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040315
Category: SF
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=5767
Reference: MISC:http://secunia.com/advisories/11087/
Reference: BID:9845
Reference: URL:http://www.securityfocus.com/bid/9845

Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for
Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before
4.0.0 may allow remote attackers to execute arbitrary code "when
Unicode character is out of BMP range."

Analysis
----------------
ED_PRI CAN-2004-0224 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0343
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0343
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040301 YabbSE  (3 on 1)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107816202813083&w=2
Reference: XF:yabb-multiple-sql-injection(15354)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15354
Reference: BID:9774
Reference: URL:http://www.securityfocus.com/bid/9774

Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b
allow remote attackers to execute arbitrary SQL via (1) the msg
parameter in ModifyMessage.php or (2) the postid parameter in
ModifyMessage.php.

Analysis
----------------
ED_PRI CAN-2004-0343 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0344
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0344
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040301 YabbSE  (3 on 1)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107816202813083&w=2
Reference: BID:9774
Reference: URL:http://www.securityfocus.com/bid/9774

Directory traversal vulnerability in ModifyMessage.php in YaBB SE
1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files
via a .. (dot dot) in the attachOld parameter.

Analysis
----------------
ED_PRI CAN-2004-0344 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0345
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0345
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040301 Clients broadcast buffer overflow in Red Faction <= 1.20
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107816217901923&w=2
Reference: XF:redfaction-bo(15353)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15353
Reference: BID:9775
Reference: URL:http://www.securityfocus.com/bid/9775

Buffer overflow in Red Faction client 1.20 and earlier allows remote
servers to execute arbitrary code via a long server name.

Analysis
----------------
ED_PRI CAN-2004-0345 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0346
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0346
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040302 The Cult of a Cardinal Number
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107824679817240&w=2
Reference: XF:proftpd-offbyone-bo(15387)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15387
Reference: BID:9782
Reference: URL:http://www.securityfocus.com/bid/9782

Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7
through 1.2.9rc2p allows local users to gain privileges via a
1024 byte RETR command.

Analysis
----------------
ED_PRI CAN-2004-0346 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0348
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0348
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040303 Spider Sales shopping cart software multiple security vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107833097705486&w=2
Reference: MISC:http://www.s-quadra.com/advisories/Adv-20040303.txt
Reference: XF:spidersales-userid-sql-injection(15371)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15371
Reference: BID:9799
Reference: URL:http://www.securityfocus.com/bid/9799

SQL injection vulnerability in viewCart.asp in SpiderSales shopping
cart software allows remote attackers to execute arbitrary SQL via the
userId parameter.

Analysis
----------------
ED_PRI CAN-2004-0348 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0349
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0349
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040303 directory traversal in GWeb 0.6
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107833161617397&w=2
Reference: XF:gweb-dotdot-directory-traversal(15381)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15381
Reference: BID:9742
Reference: URL:http://www.securityfocus.com/bid/9742

Directory traversal vulnerability in GWeb HTTP Server 0.6 allows
remote attackers to view arbitrary files via a .. (dot dot) in the
URL.

Analysis
----------------
ED_PRI CAN-2004-0349 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0350
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0350
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040303 Spider Sales shopping cart software multiple security vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107833097705486&w=2
Reference: FULLDISC:20040303 Spider Sales shopping cart software multiple security vulnerabilities
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018177.html
Reference: MISC:http://www.s-quadra.com/advisories/Adv-20040303.txt
Reference: XF:spidersales-weak-encryption(15370)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15370
Reference: BID:9799
Reference: URL:http://www.securityfocus.com/bid/9799

SpiderSales shopping cart does not enforce a minimum length for the
private key, which can make it easier for local users to obtain the
private key by factoring.

Analysis
----------------
ED_PRI CAN-2004-0350 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0351
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0351
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040303 Spider Sales shopping cart software multiple security vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107833097705486&w=2
Reference: FULLDISC:20040303 Spider Sales shopping cart software multiple security vulnerabilities
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018177.html
Reference: XF:spidersales-weak-encryption(15370)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15370
Reference: BID:9799
Reference: URL:http://www.securityfocus.com/bid/9799

Spider Sales shopping cart stores the private key in the same database
and table as the public key, which allows local users with access to
the database to decrypt data.

Analysis
----------------
ED_PRI CAN-2004-0351 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0353
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0353
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040304 GNU Anubis buffer overflows and format string bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107843915424588&w=2
Reference: MLIST:[bug-anubis] 20040228 Important security update
Reference: URL:http://mail.gnu.org/archive/html/bug-anubis/2004-02/msg00000.html
Reference: BUGTRAQ:20040310 GNU Anubis 3.6.2 remote root exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107894315012081&w=2
Reference: BID:9772
Reference: URL:http://www.securityfocus.com/bid/9772
Reference: XF:anubis-ident-bo(15345)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15345

Multiple buffer overflows in auth_ident() function in auth.c for GNU
Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers
to gain privileges via a long string.

Analysis
----------------
ED_PRI CAN-2004-0353 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0354
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0354
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040304 GNU Anubis buffer overflows and format string bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107843915424588&w=2
Reference: MLIST:[bug-anubis] 20040228 Important security update
Reference: URL:http://mail.gnu.org/archive/html/bug-anubis/2004-02/msg00000.html
Reference: BID:9772
Reference: URL:http://www.securityfocus.com/bid/9772
Reference: XF:anubis-format-string(15346)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15346

Multiple format string vulnerabilities in GNU Anubis 3.6.0 through
3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary
code via format string specifiers in strings passed to (1) the info
function in log.c, (2) the anubis_error function in errs.c, or (3) the
ssl_error function in ssl.c.

Analysis
----------------
ED_PRI CAN-2004-0354 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0355
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0355
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040305 Invision Power Board 1.3 Final Path Disclosure Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107850510428567&w=2
Reference: XF:invision-invalid-path-disclosure(15400)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15400
Reference: BID:9810
Reference: URL:http://www.securityfocus.com/bid/9810

Invision Power Board 1.3 Final allows remote attackers to gain
sensitive information by selecting a file for "Personal Photo" that is
not an image file, which displays the installation path in an error
message.

Analysis
----------------
ED_PRI CAN-2004-0355 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0357
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0357
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040305 SLWebMail Multiple Buffer Overflow Vulnerabilities (#NISR05022004b)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107850432827699&w=2
Reference: CONFIRM:http://216.26.170.92/Download/webfiles/Patches/SLMPPatch-2.0.14.pdf
Reference: MISC:http://www.nextgenss.com/advisories/slmailwm.txt
Reference: XF:slmail-slwebmail-bo(15399)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15399
Reference: BID:9808
Reference: URL:http://www.securityfocus.com/bid/9808

Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote
attackers to execute arbitrary code via (1) user.dll, (2)
loadpageadmin.dll or (3) loadpageuser.dll.

Analysis
----------------
ED_PRI CAN-2004-0357 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: the patch document for SL Mail 2.0.14 includes the
item: "Security Issues: Webmail buffer overrun"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0358
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0358
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040305 VirtuaNews Admin Panel 1.0.3 Pro Cross Site Scripting Vulnerabillity
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107851556116088&w=2
Reference: BUGTRAQ:20040307 RE: VirtuaNews Admin Panel 1.0.3 Pro Cross Site Scripting Vulnerabillity
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-03/0069.html
Reference: XF:virtuanews-multiple-xss(15402)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15402
Reference: BID:9812
Reference: URL:http://www.securityfocus.com/bid/9812
Reference: BID:9819
Reference: URL:http://www.securityfocus.com/bid/9819

Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro
1.0.3 allows remote attackers to execute arbitrary script as other
users via (1) the mainnews parameter in admin.php, (2) the expand
parameter in admin.php, (3) the id parameter in admin.php, (4) the
catid parameter in admin.php, or (5) an unnamed parameter during the
newslogo_upload action in admin.php.

Analysis
----------------
ED_PRI CAN-2004-0358 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ACCURACY: other attack vectors were claimed in the original post, but
a followup claimed some cut-and-paste and similar errors in the
original post.  The followup post is being used.  It does not appear
to add any new issues.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0359
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0359
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040305 Invision Power Board v1.3 Final Cross Site Scripting Vulnerabillity
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107851589701916&w=2
Reference: BID:9768
Reference: URL:http://www.securityfocus.com/bid/9768
Reference: XF:invision-xss(15403)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15403

Cross-site scripting (XSS) vulnerability in index.php for Invision
Power Board 1.3 final allows remote attackers to execute arbitrary
script as other users via the (1) c, (2) f, (3) showtopic, (4)
showuser, or (5) username parameters.

Analysis
----------------
ED_PRI CAN-2004-0359 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2004-0361
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0361
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040306 Safari javascript array overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107861828510106&w=2
Reference: MISC:http://www.insecure.ws/article.php?story=2004021918172533
Reference: BID:9815
Reference: URL:http://www.securityfocus.com/bid/9815
Reference: XF:safari-array-dos(15413)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15413

The Javascript engine in Safari 1.2 and earlier allows remote
attackers to cause a denial of service (segmentation fault) by
creating a new Array object with a large size value, then writing into
that array.

Analysis
----------------
ED_PRI CAN-2004-0361 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007