[
Date Prev][Date Next][
Thread Prev][Thread Next][
Date Index][
Thread Index]
[INTERIM] ACCEPT 480 candidates (Final Decision September 1)
I have made an Interim Decision to ACCEPT the following 480
candidates.
I will make a Final Decision on September 1.
The candidates came from the following clusters:
1 RECENT-48
2 RECENT-49
1 MISC-99
1 RECENT-60
1 RECENT-61
1 RECENT-62
1 RECENT-65
1 RECENT-66
1 RECENT-67
1 LEGACY-UNIX-ADV
1 LEGACY-MISC-1997
1 LEGACY-MISC-1998-A
1 LEGACY-MISC-1998-B
3 LEGACY-MISC-1999-A
3 LEGACY-MISC-1999-B
1 LEGACY-MISC-1999-C
2 RECENT-69
1 RECENT-72
1 RECENT-73
3 RECENT-75
2 RECENT-76
2 RECENT-77
3 RECENT-78
1 RECENT-79
1 RECENT-80
1 RECENT-81
2 RECENT-82
1 RECENT-84
2 MISC-2001-001
3 MISC-2001-002
1 RECENT-86
1 RECENT-87
1 RECENT-88
4 MISC-2001-004
2 RECENT-89
1 RECENT-90
1 RECENT-91
10 RECENT-93
2 RECENT-96
6 RECENT-97
3 MISC-2001-005
2 RECENT-98
2 RECENT-103
2 RECENT-104
24 CERT-2003a
17 CISCO-2003a
27 UNIX-2002a
35 UNIX-2002b
22 UNIX-2002c
21 UNIX-2003a
36 MS-2002a
31 CONFIRM-2002a
28 CONFIRM-2002b
39 CONFIRM-2003a
23 MISC-2002b
1 RECENT-14
3 RECENT-31
1 RECENT-32
Voters:
Renaud NOOP(1)
Ziese ACCEPT(2) NOOP(6) REVIEWING(6)
Dik ACCEPT(2)
Levy ACCEPT(3) REVIEWING(2)
Green ACCEPT(253) MODIFY(1) NOOP(5) REVIEWING(3)
Magdych NOOP(1)
Frech ACCEPT(36) MODIFY(76)
Cole ACCEPT(418) NOOP(62)
Alderson ACCEPT(6) REVIEWING(1)
Jones ACCEPT(27) MODIFY(6) NOOP(2) REVIEWING(5)
Stracener ACCEPT(6) NOOP(1)
Balinsky ACCEPT(13) MODIFY(2) NOOP(4)
Foat ACCEPT(33) MODIFY(1) NOOP(43)
Bollinger ACCEPT(8)
Cox ACCEPT(89) MODIFY(55) NOOP(290) REVIEWING(1)
Williams ACCEPT(16) MODIFY(4) NOOP(1) REVIEWING(2)
Baker ACCEPT(294) MODIFY(1)
Bishop ACCEPT(1) NOOP(2)
Christey MODIFY(4) NOOP(155)
Armstrong ACCEPT(212) NOOP(24)
Wall ACCEPT(116) NOOP(206) REVIEWING(30)
======================================================
Candidate: CAN-1999-0718
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0718
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20010214
Assigned: 19991125
Category: unknown
Reference: NTBUGTRAQ:19990823 IBM Gina security warning
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=&S=&P=5534
Reference: BID:608
Reference: URL:http://www.securityfocus.com/bid/608
Reference: XF:ibm-gina-group-add
Reference: URL:http://xforce.iss.net/static/3166.php
IBM GINA, when used for OS/2 domain authentication of Windows NT
users, allows local users to gain administrator privileges by changing
the GroupMapping registry key.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-1999-0718 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Frech, Cole
Voter Comments:
Frech> XF:ibm-gina-group-add
======================================================
Candidate: CAN-1999-1189
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1189
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991124 Netscape Communicator 4.7 - Navigator Overflows
Reference: URL:http://www.securityfocus.com/archive/1/36306
Reference: BUGTRAQ:19991127 Netscape Communicator 4.7 - Navigator Overflows
Reference: URL:http://www.securityfocus.com/archive/1/36608
Reference: BID:822
Reference: URL:http://www.securityfocus.com/bid/822
Reference: XF:netscape-long-argument-bo(7884)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7884
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95
and Windows 98 allows remote attackers to cause a denial of service,
and possibly execute arbitrary commands, via a long argument after the
? character in a URL that references an .asp, .cgi, .html, or .pl
file.
Modifications:
20040723 ADDREF XF:netscape-long-argument-bo(7884)
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-1999-1189 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Wall, Cole
MODIFY(1) Frech
NOOP(1) Foat
Voter Comments:
Frech> XF:netscape-long-argument-bo(7884)
======================================================
Candidate: CAN-1999-1199
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1199
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980807 YA Apache DoS attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90252779826784&w=2
Reference: BUGTRAQ:19980808 Debian Apache Security Update
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90276683825862&w=2
Reference: BUGTRAQ:19980810 Apache DoS Attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90286768232093&w=2
Reference: BUGTRAQ:19980811 Apache 'sioux' DOS fix for TurboLinux
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90280517007869&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#apache
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a
denial of service (resource exhaustion) via a large number of MIME
headers with the same name, aka the "sioux" vulnerability.
Modifications:
20040723 ADDREF CONFIRM
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-1999-1199 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cox, Cole
NOOP(3) Christey, Wall, Foat
Voter Comments:
Christey> CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#apache
======================================================
Candidate: CAN-1999-1201
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1201
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990206 New Windows 9x Bug: TCP Chorusing
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91849617221319&w=2
Reference: BID:225
Reference: URL:http://www.securityfocus.com/bid/225
Reference: XF:win-multiple-ip-dos(7542)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7542
Windows 95 and Windows 98 systems, when configured with multiple
TCP/IP stacks bound to the same MAC address, allow remote attackers to
cause a denial of service (traffic amplification) via a certain ICMP
echo (ping) packet, which causes all stacks to send a ping response,
aka TCP Chorusing.
Modifications:
20040723 ADDREF XF:win-multiple-ip-dos(7542)
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-1999-1201 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Wall, Cole
MODIFY(1) Frech
NOOP(1) Foat
Voter Comments:
Frech> XF:win-multiple-ip-dos(7542)
======================================================
Candidate: CAN-1999-1217
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1217
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19970725 Re: NT security - why bother?
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319435&w=2
Reference: NTBUGTRAQ:19970723 NT security - why bother?
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319426&w=2
Reference: XF:nt-path(526)
Reference: URL:http://xforce.iss.net/static/526.php
The PATH in Windows NT includes the current working directory (.),
which could allow local users to gain privileges by placing Trojan
horse programs with the same name as commonly used system programs
into certain directories.
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-1999-1217 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Foat, Cole
Voter Comments:
CHANGE> [Foat changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-1999-1365
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1365
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990628 NT runs Explorer.exe, Taskmgr.exe etc. from wrong location
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93069418400856&w=2
Reference: NTBUGTRAQ:19990630 Update: NT runs explorer.exe, etc...
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93127894731200&w=2
Reference: XF:nt-login-default-folder(2336)
Reference: URL:http://xforce.iss.net/xforce/xfdb/2336
Reference: BID:0515
Reference: URL:http://www.securityfocus.com/bid/0515
Windows NT searches a user's home directory (%systemroot% by default)
before other directories to find critical programs such as
NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could
allow local users to bypass access restrictions or gain privileges by
placing a Trojan horse program into the root directory, which is
writable by default.
Modifications:
20040723 ADDREF XF:nt-login-default-folder(2336)
Analysis
--------
Vendor Acknowledgement:
The %systemroot% being writable by users is contrary to Microsoft
recommended configuration. So, is this just one implication of a bad
configuration problem?
INFERRED ACTION: CAN-1999-1365 ACCEPT (4 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Foat, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:nt-login-default-folder(2336)
CHANGE> [Foat changed vote from NOOP to ACCEPT]
Frech> XF:nt-login-default-folder(2336)
======================================================
Candidate: CAN-1999-1397
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1397
Final-Decision:
Interim-Decision: 20040825
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990323 Index Server 2.0 and the Registry
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92242671024118&w=2
Reference: NTBUGTRAQ:19990323 Index Server 2.0 and the Registry
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92223293409756&w=2
Reference: BID:476
Reference: URL:http://www.securityfocus.com/bid/476
Reference: XF:iis-indexserver-reveal-path(7559)
Reference: URL:http://www.iss.net/security_center/static/7559.php
Index Server 2.0 on IIS 4.0 stores physical path information in the
ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose
permissions allows local and remote users to obtain the physical paths
of directories that are being indexed.
Modifications:
ADDREF XF:iis-indexserver-reveal-path(7559)
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-1999-1397 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Wall, Cole
MODIFY(1) Frech
NOOP(1) Foat
Voter Comments:
Frech> XF:iis-indexserver-reveal-path(7559)
======================================================
Candidate: CAN-1999-1486
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1486
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CONFIRM:http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info
Reference: AIXAPAR:IX75554
Reference: AIXAPAR:IX76853
Reference: AIXAPAR:IX76330
Reference: BID:408
Reference: URL:http://www.securityfocus.com/bid/408
Reference: XF:aix-sadc-timex(7675)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7675
sadc in IBM AIX 4.1 through 4.3, when called from programs such as
timex that are setgid adm, allows local users to overwrite arbitrary
files via a symlink attack.
Modifications:
20040723 fix desc. to show linkage with timex
20040723 ADDREF CONFIRM
Analysis
--------
Vendor Acknowledgement: yes patch
ABSTRACTION:
This could be related to the sadc problem in other UNIXes as
discovered by 8lgm in 1994, but there are insufficient details to be
sure.
INFERRED ACTION: CAN-1999-1486 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Bollinger, Foat, Cole, Stracener
NOOP(1) Christey
Voter Comments:
Christey> The description needs to be modified to mention the role of
timex. The one-line description for the IX75554
APAR mentions timex instead of sadc, but the BID mentions
sadc and not timex. This apparent discrepancy is resolved
by a README file for the fileset that is used by IX75554:
CONFIRM:http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info
This clearly shows the relationship between timex and sadc.
Bollinger> The one line abstract is somewhat misleading. The timex
command calls sadc with a filename and it's the sadc command that can
be tricked into modifying files owned by the adm group. Since sadc is
only executable by group adm, a local attacker would need to use timex
to exploit this. (timex is setgid adm.) So the vulnerability is
really in sadc and that's where the fix was made.
======================================================
Candidate: CAN-1999-1520
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1520
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19990511 [ALERT] Site Server 3.0 May Expose SQL IDs and PSWs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92647407227303&w=2
Reference: BID:256
Reference: URL:http://www.securityfocus.com/bid/256
Reference: XF:siteserver-site-csc(2270)
Reference: URL:http://xforce.iss.net/static/2270.php
A configuration problem in the Ad Server Sample directory (AdSamples)
in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC
file, which exposes sensitive SQL database information.
Modifications:
20040723 update desc style
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-1999-1520 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Wall, Cole
NOOP(1) Foat
======================================================
Candidate: CAN-1999-1537
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1537
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990707 SSL and IIS.
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827329577&w=2
Reference: BID:521
Reference: URL:http://www.securityfocus.com/bid/521
Reference: XF:ssl-iis-dos(2352)
Reference: URL:http://xforce.iss.net/static/2352.php
IIS 3.x and 4.x does not distinguish between pages requiring
encryption and those that do not, which allows remote attackers to
cause a denial of service (resource exhaustion) via SSL requests to
the HTTPS port for normally unencrypted files, which will cause IIS
to perform extra work to send the files over SSL.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-1999-1537 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Wall, Cole
NOOP(1) Foat
======================================================
Candidate: CAN-1999-1556
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1556
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19980629 MS SQL Server 6.5 stores password in unprotected registry keys
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222453431645&w=2
Reference: BID:109
Reference: URL:http://www.securityfocus.com/bid/109
Reference: XF:mssql-sqlexecutivecmdexec-password(7354)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7354
Microsoft SQL Server 6.5 uses weak encryption for the password for the
SQLExecutiveCmdExec account and stores it in an accessible portion of
the registry, which could allow local users to gain privileges by
reading and decrypting the CmdExecAccount value.
Modifications:
20040723 ADDREF XF:mssql-sqlexecutivecmdexec-password(7354)
20040723 desc: fix typo "andd"
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-1999-1556 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Wall, Cole
MODIFY(1) Frech
NOOP(2) Christey, Foat
Voter Comments:
Frech> XF:mssql-sqlexecutivecmdexec-password(7354)
Christey> Need to consult MS on this issue.
======================================================
Candidate: CAN-1999-1568
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1568
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990223 NcFTPd remote buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91981352617720&w=2
Reference: BUGTRAQ:19990223 Comments on NcFTPd "theoretical root compromise"
Reference: URL:http://www.securityfocus.com/archive/1/12699
Reference: XF:ncftpd-port-bo(1833)
Reference: URL:http://xforce.iss.net/static/1833.php
Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote
attacker to cause a denial of service (crash) via a long PORT command.
Analysis
--------
Vendor Acknowledgement: yes followup
INCLUSION:
This is a UNIX based server. The process that crashes is a child
process whose resources are released appropriately, according to
reports. Since it's also an off-by-one error instead of a buffer
overflow, perhaps this is not "exploitable" and as such should not be
included in CVE.
INFERRED ACTION: CAN-1999-1568 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Foat, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0247
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0247
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20000412
Assigned: 20000412
Category: SF
Reference: BUGTRAQ:20000322 Local root compromise in GNQS 3.50.6 and 3.50.7
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0236.html
Reference: MISC:http://ftp.gnqs.org/pub/gnqs/source/by-version-number/v3.50/Generic-NQS-3.50.8-ChangeLog.txt
Reference: FREEBSD:FreeBSD-SA-00:13
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:13.generic-nqs.asc
Reference: BID:1842
Reference: URL:http://www.securityfocus.com/bid/1842
Reference: XF:generic-nqs-local-root(4306)
Reference: URL:http://xforce.iss.net/xforce/xfdb/4306
Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain
root privileges.
Modifications:
20040723 desc: add "unknown"
20040723 ADDREF BID:1842
20040723 ADDREF XF:generic-nqs-local-root(4306)
20040723 ADDREF FREEBSD:FreeBSD-SA-00:13
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2000-0247 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(1) Baker
MODIFY(2) Frech, Christey
NOOP(2) Magdych, Cole
REVIEWING(1) Levy
Voter Comments:
Christey> ADDREF FREEBSD:FreeBSD-SA-00:13
ADDREF ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A13-generic-nqs.asc
CHANGE> [Frech changed vote from REVIEWING to MODIFY]
Frech> XF:generic-nqs-local-root
CHANGE> [Magdych changed vote from REVIEWING to NOOP]
CHANGE> [Christey changed vote from NOOP to MODIFY]
Christey> BID:1842
XF:generic-nqs-local-root(4306)
======================================================
Candidate: CAN-2000-0747
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0747
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000726 CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENLDAP
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0379.html
Reference: XF:openldap-logrotate-script-dos(5036)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5036
The logrotate script for OpenLDAP before 1.2.11 in Conectiva
Linux sends an improper signal to the kernel log daemon (klogd) and
kills it.
Modifications:
20040723 ADDREF XF:openldap-logrotate-script-dos(5036)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2000-0747 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
REVIEWING(1) Levy
======================================================
Candidate: CAN-2000-0773
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0773
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000731 Two security flaws in Bajie Webserver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0426.html
Reference: BID:1522
Reference: URL:http://www.securityfocus.com/bid/1522
Reference: XF:bajie-view-arbitrary-files(5021)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5021
Bajie HTTP web server 0.30a allows remote attackers to read arbitrary
files via a URL that contains a "....", a variant of the dot dot
directory traversal attack.
Modifications:
20040723 XF:bajie-view-arbitrary-files(5021)
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2000-0773 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Levy, Williams
MODIFY(1) Christey
NOOP(2) Wall, Cole
Voter Comments:
Baker> Apparently the vendor fixed this issue, as it doesn't appear in later versions of the software.
Christey> XF:bajie-view-arbitrary-files(5021)
======================================================
Candidate: CAN-2000-0781
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0781
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000728 Client Agent 6.62 for Unix Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0431.html
Reference: BID:1519
Reference: URL:http://www.securityfocus.com/bid/1519
Reference: XF:arcserveit-clientagent-temp-file(5023)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5023
uagentsetup in ARCServeIT Client Agent 6.62 does not properly check
for the existence or ownership of a temporary file which is moved to
the agent.cfg configuration file, which allows local users to execute
arbitrary commands by modifying the temporary file before it is moved.
Modifications:
20040723 desc fix "the the"
20040723 XF:arcserveit-clientagent-temp-file(5023)
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2000-0781 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Williams
MODIFY(2) Baker, Christey
NOOP(2) Wall, Cole
Voter Comments:
Christey> fix typo: "the the"
Baker> Can't really access the CA website to get info on this.
CHANGE> [Christey changed vote from NOOP to MODIFY]
Christey> XF:arcserveit-clientagent-temp-file(5023)
======================================================
Candidate: CAN-2000-0797
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0797
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: SGI:20040104-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc
Reference: BID:1526
Reference: URL:http://www.securityfocus.com/bid/1526
Reference: XF:irix-grosview-bo(5062)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5062
Reference: OSVDB:3815
Reference: URL:http://www.osvdb.org/3815
Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to
gain privileges via a long -D option.
Modifications:
20040723 ADDREF XF:irix-grosview-bo(5062)
20040723 ADDREF SGI:20040104-01-P
20040818 ADDREF OSVDB:3815
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2000-0797 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
NOOP(4) Williams, Wall, Cole, Christey
Voter Comments:
Christey> XF:irix-grosview-bo
http://xforce.iss.net/static/5062.php
Christey> SGI:20040104-01-P
URL:ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc
======================================================
Candidate: CAN-2000-0894
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0894
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20010202
Assigned: 20001114
Category: SF
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Reference: URL:http://xforce.iss.net/alerts/advise70.php
Reference: XF:watchguard-soho-web-auth(5554)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5554
Reference: BID:2119
Reference: URL:http://www.securityfocus.com/bid/2119
Reference: OSVDB:4404
Reference: URL:http://www.osvdb.org/4404
HTTP server on the WatchGuard SOHO firewall does not properly restrict
access to administrative functions such as password resets or
rebooting, which allows attackers to cause a denial of service or
conduct unauthorized activities.
Modifications:
20040818 ADDREF OSVDB:4404
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2000-0894 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
REVIEWING(1) Ziese
Voter Comments:
Frech> XF:watchguard-soho-web-auth(5554)
Christey> Consider adding BID:2119
======================================================
Candidate: CAN-2000-0895
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0895
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20010202
Assigned: 20001114
Category: SF
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Reference: URL:http://xforce.iss.net/alerts/advise70.php
Reference: BID:2114
Reference: URL:http://www.securityfocus.com/bid/2114
Reference: XF:watchguard-soho-web-dos(5218)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5218
Reference: OSVDB:4403
Reference: URL:http://www.osvdb.org/4403
Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows
remote attackers to cause a denial of service and possibly execute
arbitrary code via a long GET request.
Modifications:
20040723 ADDREF XF:watchguard-soho-web-dos(5218)
20040723 desc normalize to "arbitrary code"
20040818 ADDREF OSVDB:4403
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2000-0895 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
REVIEWING(1) Ziese
Voter Comments:
Frech> XF:watchguard-soho-web-dos(5218)
======================================================
Candidate: CAN-2000-1203
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1203
Final-Decision:
Interim-Decision: 20040825
Modified: 20030325-01
Proposed: 20020830
Assigned: 20020131
Category: SF
Reference: VULN-DEV:20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=95886062521327&w=2
Reference: BUGTRAQ:20010820 Lotus Domino DoS
Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-21&end=2002-01-27&mid=209116&threads=1
Reference: BUGTRAQ:20010823 Lotus Domino DoS solution
Reference: URL:http://www.securityfocus.com/archive/1/209754
Reference: BID:3212
Reference: URL:http://www.securityfocus.com/bid/3212
Reference: XF:lotus-domino-bounced-message-dos(7012)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7012
Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to
cause a denial of service (CPU consumption) by forging an email
message with the sender as bounce@[127.0.0.1] (localhost), which
causes Domino to enter a mail loop.
Modifications:
ADDREF XF:lotus-domino-bounced-message-dos(7012)
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-2000-1203 ACCEPT (4 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Armstrong, Green
MODIFY(1) Frech
NOOP(5) Cox, Wall, Foat, Cole, Christey
Voter Comments:
Green> Since a work around involving configuration settings exists the presenting problem should also exist.
Frech> XF:lotus-domino-bounced-message-dos(7012)
CONFIRM:
http://www-1.ibm.com/support/docview.wss?rs=0&org=sims&doc=DA18AA221C3
B982085256B84000033EB
Christey> The CONFIRM URL provided by Andre is broken
======================================================
Candidate: CAN-2001-0042
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0042
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001206 CHINANSL Security Advisory(CSA-200011)
Reference: URL:http://www.securityfocus.com/archive/1/149210
Reference: BID:2060
Reference: URL:http://www.securityfocus.com/bid/2060
Reference: XF:apache-php-disclose-files
Reference: URL:http://xforce.iss.net/static/5659.php
PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read
arbitrary files via a modified .. (dot dot) attack containing "%5c"
(encoded backslash) sequences.
Modifications:
20040723 desc normalize, add "%5c" detail
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-2001-0042 ACCEPT_REV (3 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(3) Cole, Baker, Frech
NOOP(1) Wall
REVIEWING(1) Ziese
======================================================
Candidate: CAN-2001-0375
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0375
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010406 PIX Firewall 5.1 DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98658271707833&w=2
Reference: CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml
Reference: XF:cisco-pix-tacacs-dos(6353)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6353
Reference: BID:2551
Reference: URL:http://www.securityfocus.com/bid/2551
Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa
authentication to a TACACS+ server allows remote attackers to cause a
denial of service via a large number of authentication requests.
Modifications:
20040723 desc normalize
20040723 XF:cisco-pix-tacacs-dos(6353)
20040723 CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2001-0375 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
REVIEWING(1) Ziese
Voter Comments:
Frech> XF:cisco-pix-tacacs-dos(6353)
Christey> CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability
URL:http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml
======================================================
Candidate: CAN-2001-0423
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0423
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010412 Solaris ipcs vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0217.html
Reference: BID:2581
Reference: URL:http://www.securityfocus.com/bid/2581
Reference: XF:solaris-ipcs-bo(6369)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6369
Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute
arbitrary code via a long TZ (timezone) environmental variable, a
different vulnerability than CAN-2002-0093.
Modifications:
20040723 desc add "different from CAN-2002-0093"
20040723 ADDREF XF:solaris-ipcs-bo(6369)
Analysis
--------
Vendor Acknowledgement: yes cve-vote
INFERRED ACTION: CAN-2001-0423 ACCEPT_ACK_REV (2 accept, 1 ack, 2 review)
Current Votes:
ACCEPT(1) Dik
MODIFY(1) Frech
NOOP(3) Wall, Cole, Christey
REVIEWING(2) Ziese, Williams
Voter Comments:
Frech> XF:solaris-ipcs-bo(6369)
Dik> sun bug: 4448598
Christey> This might be a duplicate of CAN-2002-0093, which is for
Compaq IPCS.
Christey> An authoritative source confirmed that this issue is in fact
different from CAN-2002-0093.
======================================================
Candidate: CAN-2001-0485
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0485
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010426 IRIX /usr/lib/print/netprint local root symbols exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0475.html
Reference: BUGTRAQ:20010427 Re: IRIX /usr/lib/print/netprint local root symbols exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0502.html
Reference: SGI:20010701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010701-01-P
Reference: BID:2656
Reference: URL:http://www.securityfocus.com/bid/2656
Reference: XF:irix-netprint-shared-library(6473)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6473
Unknown vulnerability in netprint in IRIX 6.2, and possibly other
versions, allows local users with lp privileges attacker to execute
arbitrary commands via the -n option.
Modifications:
20040723 ADDREF SGI:20010701-01-P
20040723 ADDREF BID:2656
20040723 ADDREF XF:irix-netprint-shared-library(6473)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2001-0485 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(5) Wall, Cole, Christey, Ziese, Renaud
REVIEWING(1) Williams
Voter Comments:
Williams> Apply the following patch: 2022?
See advisory 19961203-01-PX for more information?
Frech> XF:irix-netprint-shared-library(6473)
Christey> SGI:20010701-01-P
Baker> SGI Patch 20010701-01-P
Christey> ADDREF BID:2656
======================================================
Candidate: CAN-2001-0548
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0548
Final-Decision:
Interim-Decision: 20040825
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010717
Category: SF
Reference: BUGTRAQ:20010724 NSFOCUS SA2001-04 : Solaris dtmail Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99598918914068&w=2
Reference: XF:solaris-dtmail-bo(6879)
Reference: URL:http://xforce.iss.net/static/6879.php
Reference: BID:3081
Reference: URL:http://www.securityfocus.com/bid/3081
Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to
gain privileges via the MAIL environment variable.
Modifications:
ADDREF XF:solaris-dtmail-bo(6879)
DESC remove "possibly other OSes"
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2001-0548 ACCEPT (5 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Foat, Armstrong, Stracener
MODIFY(2) Frech, Balinsky
NOOP(4) Wall, Cole, Christey, Ziese
Voter Comments:
Frech> XF:solaris-dtmail-bo(6879)
Balinsky> Delete "and possibly other operating systems" because that is not verifiable, and add the following references from Sun, which acknowledge the problem:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/105338
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/105339
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/107200
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/107201
Christey> BID:3081
URL:http://www.securityfocus.com/bid/3081
Christey> It is not clear from the patch list whether these *particular*
dtmail overflows have been addressed.
======================================================
Candidate: CAN-2001-0612
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0612
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010516 Remote Desktop DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0158.html
Reference: XF:remote-desktop-dos(6547)
Reference: URL:http://xforce.iss.net/static/6547.php
Reference: BID:2726
Reference: URL:http://www.securityfocus.com/bid/2726
Reference: OSVDB:6288
Reference: URL:http://www.osvdb.org/6288
McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause
a denial of service (crash) via a large number of packets to port
5045.
Modifications:
20040723 desc normalize
20040818 ADDREF OSVDB:6288
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2001-0612 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Frech, Ziese
NOOP(3) Wall, Foat, Bishop
Voter Comments:
CHANGE> [Bishop changed vote from REVIEWING to NOOP]
======================================================
Candidate: CAN-2001-0643
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0643
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20010829
Assigned: 20010806
Category: SF
Reference: BUGTRAQ:20010416 Double clicking on innocent looking files may be dangerous
Reference: URL:http://www.securityfocus.com/archive/1/176909
Reference: MISC:http://www.guninski.com/clsidext.html
Reference: MISC:http://vil.nai.com/vil/virusSummary.asp?virus_k=99048
Reference: MISC:http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html
Reference: XF:ie-clsid-execute-files(6426)
Reference: URL:http://xforce.iss.net/static/6426.php
Reference: BID:2612
Reference: URL:http://www.securityfocus.com/bid/2612
A type-check flaw in Internet Explorer 5.5 does not display the Class
ID (CLSID) when it is at the end of the file name, which could allow
attackers to trick the user into executing dangerous programs by
making it appear that the document is of a safe file type.
Modifications:
20040723 ADDREF MISC:http://www.guninski.com/clsidext.html
20040723 ADDREF BID:2612
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2001-0643 ACCEPT (5 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(5) Wall, Foat, Cole, Baker, Frech
NOOP(2) Stracener, Ziese
Voter Comments:
CHANGE> [Wall changed vote from REVIEWING to ACCEPT]
======================================================
Candidate: CAN-2001-0741
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0741
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20011012
Assigned: 20011012
Category: CF
Reference: BUGTRAQ:20010503 Cisco HSRP Weakness/DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0035.html
Reference: MISC:http://www.cisco.com/networkers/nw00/pres/2402.pdf
Reference: XF:cisco-hsrp-dos(6497)
Reference: URL:http://xforce.iss.net/static/6497.php
Reference: BID:2684
Reference: URL:http://www.securityfocus.com/bid/2684
Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to
cause a denial of service by spoofing HSRP packets.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2001-0741 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Foat, Armstrong, Frech
NOOP(2) Wall, Cole
======================================================
Candidate: CAN-2001-0749
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0749
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20020131
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010524 IPC@Chip Security
Reference: URL:http://www.securityfocus.com/archive/1/186418
Reference: BID:2775
Reference: URL:http://www.securityfocus.com/bid/2775
Reference: XF:ipcchip-web-root-system(8922)
Reference: URL:http://xforce.iss.net/xforce/xfdb/8922
Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attacker to
retrieve arbitrary files via webserver root directory set to system root.
Modifications:
20040723 ADDREF XF:ipcchip-web-root-system(8922)
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-2001-0749 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Green
MODIFY(1) Frech
NOOP(3) Wall, Foat, Armstrong
Voter Comments:
Frech> XF:ipcchip-web-root-system(8922)
======================================================
Candidate: CAN-2001-0792
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0792
Final-Decision:
Interim-Decision: 20040825
Modified: 20020226-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: MISC:http://www.securiteam.com/exploits/5AP0Q2A4AQ.html
Reference: XF:xchat-nickname-format-string(7416)
Reference: URL:http://xforce.iss.net/static/7416.php
Format string vulnerability in XChat 1.2.x allows remote attackers to
execute arbitrary code via a malformed nickname.
Modifications:
ADDREF XF:xchat-nickname-format-string(7416)
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-2001-0792 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Armstrong
MODIFY(1) Frech
NOOP(3) Wall, Foat, Christey
Voter Comments:
Frech> XF:xchat-nickname-format-string(7416)
Christey> Inquiry sent to xchat developer on 2/25/2002.
Christey> Received a reply 2/26/2002: "I don't know... It doesn't seem
to effect [sic] any recent versions though."
This vulnerability was reported for a *MUCH* older version.
======================================================
Candidate: CAN-2001-0825
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0825
Final-Decision:
Interim-Decision: 20040825
Modified: 20020821-02
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: SUSE:SuSE-SA:2001:022
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Jun/0002.html
Reference: CONECTIVA:CLA-2001:406
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406
Reference: REDHAT:RHSA-2001:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-092.html
Reference: IMMUNIX:IMNX-2001-70-029-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-029-01
Reference: BID:2971
Reference: URL:http://www.securityfocus.com/bid/2971
Reference: XF:xinetd-zero-length-bo(6804)
Reference: URL:http://xforce.iss.net/static/6804.php
Buffer overflow in internal string handling routines of xinetd before
2.1.8.8 allows remote attackers to execute arbitrary commands via a
length argument of zero or less, which disables the length check.
Modifications:
ADDREF XF:xinetd-zero-length-bo(6804)
ADDREF IMMUNIX:IMNX-2001-70-024-01
DELREF IMMUNIX:IMNX-2001-70-024-01
DELREF BUGTRAQ:20010629 xinetd update [normalize to IMMUNIX]
DELREF BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2001-0825 ACCEPT (7 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(6) Wall, Foat, Cole, Armstrong, Baker, Bishop
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:xinetd-zero-length-bo(6804)
Christey> Need to sift through the references to make sure they're
correct and appropriately distinguish from CAN-2001-0763.
Christey> DELREF IMMUNIX:IMNX-2001-70-024-01 - it does not explicitly
mention this issue.
DELREF BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1
That's for CAN-2001-0763.
Change affected version to 2.1.8, I have no idea where 2.3.1
came from.
======================================================
Candidate: CAN-2001-0837
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0837
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011025 Pc-to-Phone vulnerability - broken by design
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100403691432052&w=2
Reference: XF:pc2phone-temp-account-readable(7393)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7393
Reference: BID:3475
Reference: URL:http://www.securityfocus.com/bid/3475
DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable
locations in the installation directory, which allows local users to
read the information in (1) temp.html, (2) the log folder, and (3) the
PhoneBook folder.
Modifications:
20040723 ADDREF XF:pc2phone-temp-account-readable(7393)
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2001-0837 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Armstrong, Baker
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cole, Bishop
Voter Comments:
Frech> XF:pc2phone-temp-account-readable(7393)
Armstrong> http://www.securiteam.com/windowsntfocus/6V00P202UC.html
======================================================
Candidate: CAN-2001-0902
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0902
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011120 IIS logging issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626531103946&w=2
Reference: NTBUGTRAQ:20011120 IIS logging issue
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100627497122247&w=2
Reference: XF:iis-fake-log-entry(7613)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7613
Reference: BID:6795
Reference: URL:http://www.securityfocus.com/bid/6795
Microsoft IIS 5.0 allows remote attackers to spoof web log entries via
an HTTP request that includes hex-encoded newline or form-feed
characters.
Modifications:
20040723 ADDREF XF:iis-fake-log-entry(7613)
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2001-0902 ACCEPT_REV (3 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(2) Foat, Cole
MODIFY(1) Frech
NOOP(1) Armstrong
REVIEWING(1) Wall
Voter Comments:
Frech> XF:iis-fake-log-entry(7613)
======================================================
Candidate: CAN-2001-0907
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0907
Final-Decision:
Interim-Decision: 20040825
Modified: 20020817-01
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011018 Flaws in recent Linux kernels
Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337
Reference: MANDRAKE:MDKSA-2001:082
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082-1.php3
Reference: SUSE:SuSE-SA:2001:036
Reference: URL:http://www.suse.de/de/support/security/2001_036_kernel_txt.html
Reference: IMMUNIX:IMNX-2001-70-035-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01
Reference: CALDERA:CSSA-2001-036.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt
Reference: MANDRAKE:MDKSA-2001:079
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-079.php
Reference: ENGARDE:ESA-20011019-02
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1650.html
Reference: BUGTRAQ:20011019 TSLSA-2001-0028
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100350685431610&w=2
Reference: XF:linux-multiple-symlink-dos(7312)
Reference: URL:http://www.iss.net/security_center/static/7312.php
Reference: BID:3444
Reference: URL:http://www.securityfocus.com/bid/3444
Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows
local users to cause a denial of service via a series of deeply nested
symlinks, which causes the kernel to spend extra time when trying to
access the link.
Modifications:
ADDREF SUSE:SuSE-SA:2001:036
ADDREF IMMUNIX:IMNX-2001-70-035-01
ADDREF CALDERA:CSSA-2001-036.0
ADDREF MANDRAKE:MDKSA-2001:079
ADDREF ENGARDE:ESA-20011019-02
ADDREF BUGTRAQ:20011019 TSLSA-2001-0028
ADDREF XF:linux-multiple-symlink-dos(7312)
ADDREF BID:3444
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2001-0907 ACCEPT_REV (5 accept, 2 ack, 1 review)
Current Votes:
ACCEPT(4) Foat, Cole, Green, Baker
MODIFY(1) Frech
NOOP(1) Christey
REVIEWING(1) Wall
Voter Comments:
Frech> XF:linux-multiple-symlink-dos(7312)
Christey> SUSE:SuSE-SA:2001:036
URL:http://www.suse.de/de/support/security/2001_036_kernel_txt.html
IMMUNIX:IMNX-2001-70-035-01
URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01
CALDERA:CSSA-2001-036.0
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt
MANDRAKE:MDKSA-2001:079
ENGARDE:ESA-20011019-02
URL:http://www.linuxsecurity.com/advisories/other_advisory-1650.html
BUGTRAQ:20011019 TSLSA-2001-0028
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100350685431610&w=2
======================================================
Candidate: CAN-2001-0909
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0909
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011121 Buffer overflow in Windows XP "helpctr.exe"
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638955422011&w=2
Reference: XF:winxp-helpctr-bo(7605)
Reference: URL:http://xforce.iss.net/static/7605.php
Reference: BID:6802
Reference: URL:http://www.securityfocus.com/bid/6802
Buffer overflow in helpctr.exe program in Microsoft Help Center for
Windows XP allows remote attackers to execute arbitrary code via a
long hcp: URL.
Modifications:
20040723 BID:6802
Analysis
--------
Vendor Acknowledgement: no
INFERRED ACTION: CAN-2001-0909 ACCEPT_REV (3 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(3) Foat, Cole, Frech
NOOP(1) Armstrong
REVIEWING(1) Wall
======================================================
Candidate: CAN-2001-0914
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0914
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011121 SuSE 7.3 : Kernel 2.4.10-4GB Bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638584813349&w=2
Reference: BUGTRAQ:20011122 Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654787226869&w=2L:2
Reference: XF:linux-vmlinux-dos(7591)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7591
Reference: BID:3570
Reference: URL:http://www.securityfocus.com/bid/3570
Linux kernel before 2.4.11pre3 in multiple Linux distributions allows
local users to cause a denial of service (crash) by starting the core
vmlinux kernel, possibly related to poor error checking during ELF
loading.
Modifications:
20040723 ADDREF XF:linux-vmlinux-dos(7591)
20040723 ADDREF BID:3570
Analysis
--------
Vendor Acknowledgement: yes followup
ABSTRACTION: There could be a rediscovery of CVE-2000-0729, but there
is insufficient information to be certain.
INFERRED ACTION: CAN-2001-0914 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Foat, Cole, Armstrong, Baker
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:linux-vmlinux-dos(7591)
======================================================
Candidate: CAN-2001-0951
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0951
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011207 UDP DoS attack in Win2k via IKE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100774842520403&w=2
Reference: BUGTRAQ:20011211 UDP DoS attack in Win2k via IKE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100813081913496&w=2
Reference: XF:win2k-ike-dos(7667)
Reference: URL:http://xforce.iss.net/static/7667.php
Reference: BID:3652
Reference: URL:http://www.securityfocus.com/bid/3652
Windows 2000 allows remote attackers to cause a denial of service (CPU
consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with
packets that contain a large number of dot characters.
Modifications:
20040723 desc normalize DoS term
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2001-0951 ACCEPT_REV (3 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(3) Foat, Green, Frech
NOOP(1) Cole
REVIEWING(1) Wall
======================================================
Candidate: CAN-2001-1029
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1029
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html
Reference: XF:bsd-libutil-privilege-dropping(8697)
Reference: URL:http://xforce.iss.net/xforce/xfdb/8697
Reference: OSVDB:6073
Reference: URL:http://www.osvdb.org/6073
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges
before verifying the capabilities for reading the copyright and
welcome files, which allows local users to bypass the capabilities
checks and read arbitrary files by specifying alternate copyright or
welcome files.
Modifications:
20040723 ADDREF XF:bsd-libutil-privilege-dropping(8697)
20040818 ADDREF OSVDB:6073
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2001-1029 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Foat, Green
MODIFY(1) Frech
NOOP(2) Wall, Cole
Voter Comments:
CHANGE> [Frech changed vote from REVIEWING to MODIFY]
Frech> XF:bsd-libutil-privilege-dropping(8697)
======================================================
Candidate: CAN-2001-1055
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1055
Final-Decision:
Interim-Decision: 20040825
Modified: 20040723
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010730 ARPNuke - 80 kb/s kills a whole subnet
Reference: URL:http://www.securityfocus.com/archive/1/200323
Reference: BID:3113
Reference: URL:http://www.securityfocus.com/bid/3113
Reference: XF:win-arp-packet-flooding-dos(6924)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6924
The Microsoft Windows network stack allows remote attackers to cause a
denial of service (CPU consumption) via a flood of malformed ARP
request packets with random source IP and MAC addresses, as
demonstrated by ARPNuke.
Modifications:
20040723 ADDREF XF:win-arp-packet-flooding-dos(6924)
20040723 desc - add ARPNuke
Analysis
--------
Vendor Acknowledgement:
There is insufficient information to be able to narrow down which
operating systems are affected; the disclosers did not mention these
specifics.
INFERRED ACTION: CAN-2001-1055 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(1) Foat
MODIFY(2) Green, Frech
NOOP(3) Wall, Cole, Armstrong
Voter Comments:
Green> TOO VAGUE TO REACH ANY CONCLUSION
Frech> XF:win-arp-packet-flooding-dos(6924)
======================================================
Candidate: CAN-2001-1066
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1066
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010827 Dangerous temp file creation during installation of Netscape 6.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99893667921216&w=2
Reference: VULNWATCH:20010827 Dangerous temp file creation during installation of Netscape 6.
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0036.html
Reference: SUNBUG:4633888
Reference: BID:3243
Reference: URL:http://www.securityfocus.com/bid/3243
Reference: XF:netscape-install-tmpfile-symlink(7042)
Reference: URL:http://xforce.iss.net/static/7042.php
ns6install installation script for Netscape 6.01 on Solaris, and other
versions including 6.2.1 beta, allows local users to overwrite
arbitrary files via a symlink attack.
Modifications:
20040725 ADDREF SUNBUG:4633888
20040725 ADDREF BID:3243
20040725 ADDREF XF:netscape-install-tmpfile-symlink(7042)
20040725 ADDREF VULNWATCH:20010827 [VulnWatch] Dangerous temp file creation during installation of Netscape 6.
Analysis
--------
Vendor Acknowledgement: yes cve-vote
INFERRED ACTION: CAN-2001-1066 ACCEPT_REV (3 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(2) Dik, Green
MODIFY(1) Frech
NOOP(4) Foat, Cole, Armstrong, Christey
REVIEWING(1) Wall
Voter Comments:
Dik> Verified by code inspection of ns6install from netscape 6.2.1 beta
Sun bug: 4633888 (just filed)
Christey> BID:3243
URL:http://www.securityfocus.com/bid/3243
XF:netscape-install-tmpfile-symlink(7042)
URL:http://xforce.iss.net/static/7042.php
Christey> VULNWATCH:20010827 [VulnWatch] Dangerous temp file creation during installation of Netscape 6.
URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0036.html
Frech> XF:netscape-install-tmpfile-symlink(7042)
======================================================
Candidate: CAN-2001-1069
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1069
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20020131
Assigned: 20020131
Category: CF
Reference: BUGTRAQ:20010822 Adobe Acrobat creates world writable ~/AdobeFnt.lst files
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99849121502399&w=2
Reference: MISC:http://lists.debian.org/debian-security/2001/debian-security-200101/msg00085.html
Reference: BID:3225
Reference: URL:http://www.securityfocus.com/bid/3225
Reference: XF:adobe-acrobat-insecure-permissions(7024)
Reference: URL:http://xforce.iss.net/static/7024.php
libCoolType library as used in Adobe Acrobat (acroread) on Linux
creates the AdobeFnt.lst file with world-writable permissions, which
allows local users to modify the file and possibly modify acroread's
behavior.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2001-1069 ACCEPT_REV (3 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(3) Foat, Green, Frech
NOOP(3) Cole, Armstrong, Christey
REVIEWING(1) Wall
Voter Comments:
Christey> SGI:20020806-01-I points to this candidate, but I'm not so
sure that's correct; the SGI advisory discusses symlink
attacks, but this CAN is related to permissions.
======================================================
Candidate: CAN-2001-1081
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1081
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: CONFIRM:http://freshmeat.net/releases/52020/
Reference: MLIST:[fm-news] 20010713 Newsletter for Friday, July 13th 2001
Reference: URL:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0009.html
Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html
Reference: BID:2994
Reference: URL:http://www.securityfocus.com/bid/2994
Format string vulnerabilities in Livingston/Lucent RADIUS before
2.1.va.1 may allow local or remote attackers to cause a denial of
service and possibly execute arbitrary code via format specifiers that
are injected into log messages.
Modifications:
20040725 VULNWATCH:20010719 Changelog maddness (14 various broken apps)
20040725 MLIST:[fm-news] 20010713 Newsletter for Friday, July 13th 2001
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2001-1081 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Baker
MODIFY(2) Christey, Frech
NOOP(2) Wall, Foat
Voter Comments:
Frech> ISS: ISS Security Advisory: Remote Buffer Overflow in Multiple RADIUS
Implementations
XF:lucent-radius-authentication-bo(6794)
CONFIRM reference is no longer available.
Christey> VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps)
URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html
MISC:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0009.html
Christey> XF:lucent-radius-authentication-bo(6794) does not seem
appropriate, as it deals with buffer overflows; however, this is a
format string issue. XF:lucent-radius-authentication-bo(6794)
is really about CAN-2001-0534.
======================================================
Candidate: CAN-2001-1098
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1098
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011010 Vulnerability: Cisco PIX Firewall Manager
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0071.html
Reference: CERT-VN:VU#639507
Reference: URL:http://www.kb.cert.org/vuls/id/639507
Reference: XF:cisco-pfm-plaintext-password(7265)
Reference: URL:http://xforce.iss.net/static/7265.php
Reference: BID:3419
Reference: URL:http://www.securityfocus.com/bid/3419
Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in
plaintext in the pfm.log file, which could allow local users to obtain
the password by reading the file.
Modifications:
20040725 ADDREF BID:3419
20040725 ADDREF CERT-VN:VU#639507
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2001-1098 ACCEPT_REV (3 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(3) Foat, Green, Frech
NOOP(3) Wall, Cole, Armstrong
REVIEWING(1) Ziese
Voter Comments:
CHANGE> [Armstrong changed vote from REVIEWING to NOOP]
Frech> HAS-INDEPENDENT-CONFIRMATION:http://www.kb.cert.org/vuls/id/6
39507
======================================================
Candidate: CAN-2001-1103
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1103
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: CERT-VN:VU#320944
Reference: URL:http://www.kb.cert.org/vuls/id/320944
Reference: XF:ftp-voyager-embedded-script-execution(7119)
Reference: URL:http://xforce.iss.net/static/7119.php
FTP Voyager ActiveX control before 8.0, when it is marked as safe for
scripting (the default) or if allowed by the IObjectSafety interface,
allows remote attackers to execute arbitrary commands.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2001-1103 ACCEPT_REV (4 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(4) Green, Baker, Frech, Ziese
NOOP(3) Foat, Cole, Armstrong
REVIEWING(1) Wall
Voter Comments:
Green> Vendor appears to have acknowledged with a new release of the product, although there is no explicit citing of the vulnerability on the vendor's website
======================================================
Candidate: CAN-2001-1186
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1186
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug.
Reference: URL:http://www.securityfocus.com/archive/1/244892
Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug Memory attack
Reference: URL:http://online.securityfocus.com/archive/1/244931
Reference: BUGTRAQ:20011212 Microsoft IIS/5.0 Content-Length DoS (proved)
Reference: URL:http://online.securityfocus.com/archive/1/245100
Reference: BID:3667
Reference: URL:http://www.securityfocus.com/bid/3667
Reference: XF:iis-false-content-length-dos(7691)
Reference: URL:http://www.iss.net/security_center/static/7691.php
Microsoft IIS 5.0 allows remote attackers to cause a denial of service
via an HTTP request with a content-length value that is larger than
the size of the request, which prevents IIS from timing out the
connection.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2001-1186 ACCEPT_REV (3 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(3) Cole, Green, Frech
NOOP(2) Foat, Ziese
REVIEWING(1) Wall
======================================================
Candidate: CAN-2001-1200
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1200
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011217 Hot keys permissions bypass under XP
Reference: URL:http://www.securityfocus.com/archive/1/246014
Reference: BID:3703
Reference: URL:http://www.securityfocus.com/bid/3703
Reference: XF:winxp-hotkey-execute-programs(7713)
Reference: URL:http://www.iss.net/security_center/static/7713.php
Microsoft Windows XP allows local users to bypass a locked screen and
run certain programs that are associated with Hot Keys.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2001-1200 ACCEPT_REV (3 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(3) Foat, Green, Frech
NOOP(2) Cole, Ziese
REVIEWING(1) Wall
======================================================
Candidate: CAN-2001-1267
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1267
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers
Reference: URL:http://online.securityfocus.com/archive/1/196445
Reference: CONFIRM:ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz
Reference: MANDRAKE:MDKSA-2002:066
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:066
Reference: REDHAT:RHSA-2002:096
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-096.html
Reference: REDHAT:RHSA-2002:138
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-138.html
Reference: REDHAT:RHSA-2003:218
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-218.html
Reference: CONECTIVA:CLA-2002:538
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538
Reference: HP:HPSBTL0209-068
Reference: URL:http://online.securityfocus.com/advisories/4514
Reference: XF:archive-extraction-directory-traversal(10224)
Reference: URL:http://www.iss.net/security_center/static/10224.php
Reference: BID:3024
Reference: URL:http://www.securityfocus.com/bid/3024
Directory traversal vulnerability in GNU tar 1.13.19 and earlier
allows local users overwrite arbitrary files during archive extraction
via a tar file whose filenames contain a .. (dot dot).
Modifications:
ADDREF MANDRAKE:MDKSA-2002:066
ADDREF REDHAT:RHSA-2002:096
ADDREF CONECTIVA:CLA-2002:538
ADDREF HP:HPSBTL0209-068
ADDREF XF:archive-extraction-directory-traversal(10224)
20040725 BID:3024
20040818 ADDREF REDHAT:RHSA-2002:138
20040818 ADDREF REDHAT:RHSA-2003:218
Analysis
--------
Vendor Acknowledgement: yes changelog
ACKNOWLEDGEMENT: in the ChangeLog file for 1.13.25, the entry dated
2001-08-27 says "(extract_archive): Fix test for absolute pathnames
and/or '..'."
INFERRED ACTION: CAN-2001-1267 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Green
MODIFY(2) Frech, Cox
NOOP(3) Wall, Foat, Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2002:066
CHANGE> [Cox changed vote from REVIEWING to MODIFY]
Cox> ADDREF: RHSA-2002:096
Frech> XF:archive-extraction-directory-traversal(10224)
Christey> MANDRAKE:MDKSA-2002:066
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:066
CONECTIVA:CLA-2002:538
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538
HP:HPSBTL0209-068
URL:http://online.securityfocus.com/advisories/4514
REDHAT:RHSA-2002:096
URL:http://www.redhat.com/support/errata/RHSA-2002-096.html
Christey> There are a couple directory traversal variants for GNU tar
out there. Can we be sure the references line up correctly?
======================================================
Candidate: CAN-2001-1279
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1279
Final-Decision:
Interim-Decision: 20040825
Modified: 20030318-02
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: REDHAT:RHSA-2001:089
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-089.html
Reference: FREEBSD:FreeBSD-SA-01:48
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc
Reference: CONECTIVA:CLA-2002:480
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480
Reference: MANDRAKE:MDKSA-2002:032
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-032.php
Reference: CALDERA:CSSA-2002-025.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt
Reference: XF:tcpdump-afs-rpc-bo(7006)
Reference: URL:http://www.iss.net/security_center/static/7006.php
Reference: BID:3065
Reference: URL:http://online.securityfocus.com/bid/3065
Reference: CERT-VN:VU#797201
Reference: URL:http://www.kb.cert.org/vuls/id/797201
Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows
remote attackers to cause a denial of service and possibly execute
arbitrary code via AFS RPC packets with invalid lengths that trigger
an integer signedness error, a different vulnerability than
CVE-2000-1026.
Modifications:
ADDREF CONECTIVA:CLA-2002:480
ADDREF MANDRAKE:MDKSA-2002:032
ADDREF CALDERA:CSSA-2002-025.0
ADDREF XF:tcpdump-afs-rpc-bo(7006)
ADDREF CERT-VN:VU#797201
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2001-1279 ACCEPT (4 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Cox
MODIFY(1) Frech
NOOP(3) Wall, Foat, Christey
Voter Comments:
Christey> ADDREF CONECTIVA:CLA-2002:480
The Conectiva advisory references the FreeBSD advisory used in
this CAN, along with other issues that are addressed.
Christey> CONECTIVA:CLA-2002:480
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480
Christey> MANDRAKE:MDKSA-2002:032
CONECTIVA:CLA-2002:480
CALDERA:CSSA-2002-025.0
Frech> XF:tcpdump-afs-rpc-bo(7006)
Christey> Consider whether SUSE:SuSE-SA:2002:020 addresses this
issue or not.
======================================================
Candidate: CAN-2001-1302
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1302
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: NTBUGTRAQ:20010718 Changing NT/2000 accounts password from the command line
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1911
Reference: BID:3063
Reference: URL:http://www.securityfocus.com/bid/3063
Reference: XF:win2k-change-network-passwords(6876)
Reference: URL:http://xforce.iss.net/static/6876.php
The change password option in the Windows Security interface for
Windows 2000 allows attackers to use the option to attempt to change
passwords of other users on other systems or identify valid accounts
by monitoring error messages, possibly due to a problem in the
NetuserChangePassword function.
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-2001-1302 ACCEPT_REV (4 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(4) Foat, Cole, Green, Frech
NOOP(1) Cox
REVIEWING(1) Wall
======================================================
Candidate: CAN-2001-1328
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1328
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20020502
Assigned: 20020501
Category:
Reference: CIAC:L-103
Reference: AUSCERT:AA-2001.03
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2001.03
Reference: SUN:00203
Reference: XF:solaris-ypbind-bo(6828)
Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows
remote attackers to execute arbitrary code.
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-2001-1328 ACCEPT_ACK_REV (2 accept, 3 ack, 1 review)
Current Votes:
ACCEPT(2) Green, Frech
NOOP(3) Foat, Cole, Cox
REVIEWING(1) Wall
Voter Comments:
Green> Sun Security bulletin 00203
======================================================
Candidate: CAN-2001-1347
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1347
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010524 Elevation of privileges with debug registers on Win2K
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html
Reference: XF:win2k-debug-elevate-privileges(6590)
Reference: URL:http://www.iss.net/security_center/static/6590.php
Reference: BID:2764
Reference: URL:http://www.securityfocus.com/bid/2764
Windows 2000 allows local users to cause a denial of service and
possibly gain privileges by setting a hardware breakpoint that is
handled using global debug registers, which could cause other
processes to terminate due to an exception, and allow hijacking of
resources such as named pipes.
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2001-1347 ACCEPT_REV (4 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(4) Foat, Cole, Green, Frech
NOOP(1) Cox
REVIEWING(1) Wall
======================================================
Candidate: CAN-2001-1350
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1350
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020611
Assigned: 20020602
Category: SF
Reference: REDHAT:RHSA-2001:162
Reference: MISC:http://search.namazu.org/ml/namazu-devel-ja/msg02114.html
Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and
earlier allows remote attackers to execute arbitrary Javascript as
other web users via the lang parameter.
Modifications:
20040725 XF:linux-namazu-css(7875)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2001-1350 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Wall, Cole, Green, Cox
MODIFY(1) Frech
NOOP(2) Foat, Christey
Voter Comments:
Frech> XF:linux-namazu-bo(7876)
Christey> This is not a buffer overflow as suggested by the XF
reference, it's a CSS/XSS issue (XF:linux-namazu-css(7875))
======================================================
Candidate: CAN-2001-1351
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1351
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20020611
Assigned: 20020602
Category: SF
Reference: REDHAT:RHSA-2001:162
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&w=2&r=1&s=namazu&q=b
Reference: XF:linux-namazu-css(7875)
Reference: URL:http://www.iss.net/security_center/static/7875.php
Reference: OSVDB:5690
Reference: URL:http://www.osvdb.org/5690
Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows
remote attackers to execute arbitrary Javascript as other web users
via the index file name that is displayed when displaying hit numbers.
Modifications:
ADDREF XF:linux-namazu-css(7875)
20040818 ADDREF OSVDB:5690
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2001-1351 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Alderson, Green, Cox
MODIFY(1) Frech
NOOP(2) Wall, Foat
Voter Comments:
Frech> XF:linux-namazu-css(7875)
======================================================
Candidate: CAN-2001-1352
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1352
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20020611
Assigned: 20020602
Category: SF
Reference: REDHAT:RHSA-2001:179
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101060476404565&w=2
Reference: BUGTRAQ:20011227 Re: [RHSA-2001:162-04] Updated namazu packages are available
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100947261916155&w=2
Reference: BUGTRAQ:20020109 Details on the updated namazu packages that are available
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101068116016472&w=2
Reference: XF:linux-namazu-css(7875)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7875
Reference: OSVDB:5691
Reference: URL:http://www.osvdb.org/5691
Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows
remote attackers to execute arbitrary Javascript as other web users
via an error message that is returned when an invalid index file is
specified in the idxname parameter.
Modifications:
20040725 ADDREF XF:linux-namazu-css(7875)
20040818 ADDREF OSVDB:5691
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2001-1352 ACCEPT (6 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Wall, Cole, Alderson, Green, Cox
MODIFY(1) Frech
NOOP(1) Foat
Voter Comments:
Frech> XF:linux-namazu-css(7875)
======================================================
Candidate: CAN-2001-1367
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1367
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: CONFIRM:http://phpslice.org/comments.php?aid=1031&
Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html
Reference: XF:phpslice-checkaccess-function-privileges(9649)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9649
The checkAccess function in PHPSlice 0.1.4, and all other versions
between 0.1.1 and 0.1.6, does not properly verify the administrative
access level, which could allow remote attackers to gain privileges.
Modifications:
20040725 ADDREF XF:phpslice-checkaccess-function-privileges(9649)
Analysis
--------
Vendor Acknowledgement: yes changelog
ACKNOWLEDGEMENT: a post on the vendor web page states "Due to a stupid
mistake on a line in the checkAccess() function, PHPSlice 0.1.4 (and
potentially all earlier releases as well) has a gaping security hole
that allows any user to perform administrative tasks if they enter the
correct URL."
ACCURACY: while the vendor's statement implies that the problem was
fixed after 0.1.4, a review of the source code indicates that it
actually wasn't fixed until 0.1.7.
INFERRED ACTION: CAN-2001-1367 ACCEPT_REV (3 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(2) Cole, Green
MODIFY(1) Frech
NOOP(3) Wall, Foat, Cox
REVIEWING(1) Alderson
Voter Comments:
Alderson> Is there a candidate already in existence for the problem as it
relates to 0.1.4? If so, since this problem was not fixed, perhaps that one
needs to be modified to include 0.1.7.
Frech> XF:phpslice-checkaccess-function-privileges(9649)
======================================================
Candidate: CAN-2001-1386
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1386
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20010701 WFTPD v3.00 R5 Directory Traversal
Reference: URL:http://www.securityfocus.com/archive/1/194442
Reference: XF:ftp-lnk-directory-traversal(6760)
Reference: URL:http://www.iss.net/security_center/static/6760.php
Reference: BID:2957
Reference: URL:http://www.securityfocus.com/bid/2957
WFTPD 3.00 allows remote attackers to read arbitrary files by
uploading a (link) file that ends in a ".lnk." extension, which
bypasses WFTPD's check for a ".lnk" extension.
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-2001-1386 ACCEPT_REV (4 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(3) Green, Baker, Frech
MODIFY(1) Foat
NOOP(3) Cole, Armstrong, Cox
REVIEWING(1) Wall
Voter Comments:
Foat> If a windows shortcut file (*.lnk) linked to a directory is uploaded,
an ftp user would be3 able to have access to the directory link points by typing
'cd <file>.lnk'. If an ftp user uploads a *.lnk file to a known file for which
the user does not have access and then does a 'GET' on the link, the file will
be downloaded.
======================================================
Candidate: CAN-2001-1391
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1391
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2
Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
Reference: IMMUNIX:IMNX-2001-70-010-01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2
Reference: CALDERA:CSSA-2001-012.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2
Reference: MANDRAKE:MDKSA-2001:037
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2
Reference: DEBIAN:DSA-047
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2
Reference: SUSE:SuSE-SA:2001:018
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2
Reference: CONECTIVA:CLA-2001:394
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2
Reference: REDHAT:RHSA-2001:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html
Reference: XF:linux-cpia-memory-overwrite(11162)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11162
Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19
allows users to modify kernel memory.
Modifications:
20040725 desc fix small typo
20040725 XF:linux-cpia-memory-overwrite(11162)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2001-1391 ACCEPT (7 accept, 5 ack, 0 review)
Current Votes:
ACCEPT(6) Wall, Cole, Armstrong, Green, Baker, Cox
MODIFY(1) Frech
NOOP(2) Foat, Christey
Voter Comments:
Frech> XF:linux-ptrace-modify-process(6080)
Christey> fix typo: "off-by-one" should be "Off-by-one"
Christey> XF:linux-cpia-memory-overwrite(11162) is clearly the correct
reference here.
======================================================
Candidate: CAN-2002-0036
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0036
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20020116
Category: SF
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
Reference: CERT-VN:VU#587579
Reference: URL:http://www.kb.cert.org/vuls/id/587579
Reference: CONECTIVA:CLA-2003:639
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
Reference: MANDRAKE:MDKSA-2003:043
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043
Reference: REDHAT:RHSA-2003:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:168
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html
Reference: XF:kerberos-kdc-neglength-bo(11190)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11190
Reference: BID:6713
Reference: URL:http://www.securityfocus.com/bid/6713
Reference: OSVDB:4896
Reference: URL:http://www.osvdb.org/4896
Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5
1.2.5 allows remote attackers to cause a denial of service via a large
unsigned data element length, which is later used as a negative value.
Modifications:
20040725 ADDREF REDHAT:RHSA-2003:051
20040725 ADDREF REDHAT:RHSA-2003:052
20040725 ADDREF MANDRAKE:MDKSA-2003:043
20040725 ADDREF CONECTIVA:CLA-2003:639
20040725 ADDREF XF:kerberos-kdc-neglength-bo(11190)
20040725 ADDREF BID:6713
20040818 ADDREF REDHAT:RHSA-2003:168
20040818 ADDREF OSVDB:4896
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0036 ACCEPT (5 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Wall, Cole
MODIFY(2) Frech, Cox
NOOP(1) Christey
Voter Comments:
Cox> This is fixed in krb5 version 1.2.5
Cox> Addref RHSA-2003:051
Cox> Addref REDHAT:RHSA-2003:052
Christey> MANDRAKE:MDKSA-2003:043
(as suggested by Vincent Danen of Mandrake)
Frech> XF:kerberos-kdc-neglength-bo(11190)
======================================================
Candidate: CAN-2002-0090
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0090
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20020315
Assigned: 20020306
Category: SF
Reference: MISC:http://www.esecurityonline.com/advisories/eSO3761.asp
Reference: VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0041.html
Reference: BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/270149
Reference: SUNALERT:44842
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/44842
Reference: CERT-VN:VU#188507
Reference: URL:http://www.kb.cert.org/vuls/id/188507
Reference: BID:4633
Reference: URL:http://www.securityfocus.com/bid/4633
Reference: XF:solaris-lbxproxy-display-bo(8958)
Reference: URL:http://www.iss.net/security_center/static/8958.php
Reference: OVAL:OVAL179
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL179.html
Reference: OVAL:OVAL86
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL86.html
Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8
allows local users to execute arbitrary code via a long display
command line option.
Modifications:
ADDREF VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability
ADDREF BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability
ADDREF BID:4633
ADDREF CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44842&zone_32=category%3Asecurity%20lbxproxy
ADDREF XF:solaris-lbxproxy-display-bo(8958)
ADDREF CERT-VN:VU#188507
DESC expanded "lbx" term
20040725 Normalize SUNALERT reference
20040824 ADDREF OVAL:OVAL179
20040824 ADDREF OVAL:OVAL86
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2002-0090 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Balinsky, Wall, Cole, Green
NOOP(3) Ziese, Foat, Christey
Voter Comments:
Balinsky> Patch at http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652
resolves an lbxproxy buffer overflow.
Christey> VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0041.html
BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability
URL:http://online.securityfocus.com/archive/1/270149
BID:4633
URL:http://www.securityfocus.com/bid/4633
======================================================
Candidate: CAN-2002-0158
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0158
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20020502
Assigned: 20020327
Category: SF
Reference: BUGTRAQ:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2
Reference: VULNWATCH:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html
Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652
Reference: OVAL:OVAL14
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL14.html
Reference: OVAL:OVAL33
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL33.html
Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to
gain root privileges via a long -co (color database) command line
argument.
Modifications:
ADDREF CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652
20040824 ADDREF OVAL:OVAL14
20040824 ADDREF OVAL:OVAL33
Analysis
--------
Vendor Acknowledgement: yes patch
ACKNOWLEDGEMENT: the description for patch 108652-52, bug 4661987,
explicitly references CAN-2002-0158.
INFERRED ACTION: CAN-2002-0158 ACCEPT_REV (5 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(4) Baker, Foat, Armstrong, Green
MODIFY(1) Frech
NOOP(3) Christey, Cox, Cole
REVIEWING(1) Wall
Voter Comments:
Green> The documentation of this vulnerability is compelling
Christey> CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652
the description for patch 108652-52, bug 4661987,
explicitly references CAN-2002-0158.
Green> The documentation of this vulnerability is compelling
Frech> XF:solaris-xsun-co-bo(8703)
Christey> I received an email on Oct 10, 2003, that suggested that other
non-Sun operating systems may be affected.
Christey> XSco is also affected:
BUGTRAQ:20020611 SCO Openserver Xsco heap overflow.
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102380830430665&w=2
VULN-DEV:20020611 SCO Openserver Xsco heap overflow.
URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102381771109722&w=2
CALDERA:CSSA-2003-SCO.26
======================================================
Candidate: CAN-2002-0188
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0188
Final-Decision:
Interim-Decision: 20040825
Modified: 20030320-01
Proposed: 20020611
Assigned: 20020420
Category: SF
Reference: BUGTRAQ:20020516 [SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0126.html
Reference: MS:MS02-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp
Reference: MISC:http://www.lac.co.jp/security/english/snsadv_e/48_e.html
Reference: XF:ie-content-disposition-variant2(9086)
Reference: URL:http://www.iss.net/security_center/static/9086.php
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to
execute arbitrary code via malformed Content-Disposition and
Content-Type header fields that cause the application for the spoofed
file type to pass the file back to the operating system for handling
rather than raise an error message, aka the second variant of the
"Content Disposition" vulnerability.
Modifications:
ADDREF BUGTRAQ:20020516 [SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically
ADDREF MISC:http://www.lac.co.jp/security/english/snsadv_e/48_e.html
ADDREF XF:ie-content-disposition-variant2(9086)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0188 ACCEPT (6 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
MODIFY(1) Frech
NOOP(1) Cox
Voter Comments:
Frech> XF:ie-content-disposition-variant2(9086)
======================================================
Candidate: CAN-2002-0193
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0193
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20020611
Assigned: 20020420
Category: SF
Reference: MS:MS02-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp
Reference: XF:ie-content-disposition-variant(9085)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9085
Reference: BID:4752
Reference: URL:http://www.securityfocus.com/bid/4752
Reference: OVAL:OVAL27
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL27.html
Reference: OVAL:OVAL99
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL99.html
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to
execute arbitrary code via malformed Content-Disposition and
Content-Type header fields that cause the application for the spoofed
file type to pass the file back to the operating system for handling
rather than raise an error message, aka the first variant of the
"Content Disposition" vulnerability.
Modifications:
20040725 XF:ie-content-disposition-variant(9085)
20040725 BID:4752
20040824 ADDREF OVAL:OVAL27
20040824 ADDREF OVAL:OVAL99
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0193 ACCEPT (6 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Baker, Wall, Foat, Cole, Armstrong
MODIFY(1) Frech
NOOP(1) Cox
Voter Comments:
Frech> XF:ie-content-disposition-variant(9085)
======================================================
Candidate: CAN-2002-0275
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0275
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020213 Falcon Web Server Authentication Circumvention Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363946626951&w=2
Reference: VULNWATCH:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0082.html
Reference: BUGTRAQ:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102253858809370&w=2
Reference: BID:4099
Reference: URL:http://online.securityfocus.com/bid/4099
Reference: XF:falcon-protected-dir-access(8189)
Reference: URL:http://xforce.iss.net/xforce/xfdb/8189
Falcon web server 2.0.0.1020 and earlier allows remote attackers to
bypass authentication and read restricted files via an extra / (slash)
in the requested URL.
Modifications:
20040725 XF:falcon-protected-dir-access(8189)
20040725 VULNWATCH:20020526 [VulnWatch] [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability
20040725 BUGTRAQ:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability
Analysis
--------
Vendor Acknowledgement: yes via-email
ACKNOWLEDGEMENT: the vendor confirmed the issue via email.
INFERRED ACTION: CAN-2002-0275 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(6) Christey, Cox, Wall, Foat, Cole, Armstrong
Voter Comments:
Frech> XF:falcon-protected-dir-access(8189)
Christey> This issue was rediscovered a few months later:
VULNWATCH:20020526 [VulnWatch] [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0082.html
BUGTRAQ:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102253858809370&w=2
======================================================
Candidate: CAN-2002-0313
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0313
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)
Reference: URL:http://online.securityfocus.com/archive/1/258365
Reference: BUGTRAQ:20020221 SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440530023617&w=2
Reference: FULLDISC:20030704 Essentia Web Server 2.12 (Linux)
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2003-July/006231.html
Reference: XF:essentia-server-long-request-dos(8249)
Reference: URL:http://www.iss.net/security_center/static/8249.php
Reference: BID:4159
Reference: URL:http://www.securityfocus.com/bid/4159
Buffer overflow in Essentia Web Server 2.1 allows remote attackers to
cause a denial of service, and possibly execute arbitrary code, via a
long URL.
Modifications:
20040725 ADDREF FULLDISC:20030704 Essentia Web Server 2.12 (Linux)
Analysis
--------
Vendor Acknowledgement: yes followup
INFERRED ACTION: CAN-2002-0313 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Frech, Cole
NOOP(4) Christey, Cox, Wall, Foat
Voter Comments:
Christey> FULLDISC:20030704 Essentia Web Server 2.12 (Linux)
URL:http://lists.netsys.com/pipermail/full-disclosure/2003-July/010909.html
======================================================
Candidate: CAN-2002-0357
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0357
Final-Decision:
Interim-Decision: 20040825
Modified: 20030320-01
Proposed: 20020611
Assigned: 20020502
Category: SF
Reference: SGI:20020601-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020601-01-P
Reference: XF:irix-rpcpasswd-gain-privileges(9261)
Reference: URL:http://www.iss.net/security_center/static/9261.php
Reference: BID:4939
Reference: URL:http://online.securityfocus.com/bid/4939
Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI
IRIX 6.5.15 and earlier allows local users to gain root privileges.
Modifications:
ADDREF XF:irix-rpcpasswd-gain-privileges(9261)
ADDREF BID:4939
Analysis
--------
Vendor Acknowledgement: yes advisory
ACCURACY: SecurityFocus' title for the BID implies that the problem is
due to a buffer overflow, but there does not seem to be specific
information about the type of problem in the SGI advisory, which
appears to be the only public information regarding this
vulnerability.
INFERRED ACTION: CAN-2002-0357 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Armstrong
MODIFY(1) Frech
NOOP(4) Christey, Cox, Wall, Foat
Voter Comments:
Christey> XF:irix-rpcpasswd-gain-privileges(9261)
URL:http://www.iss.net/security_center/static/9261.php
BID:4939
URL:http://online.securityfocus.com/bid/4939
SecurityFocus' title for the BID implies that the problem
is due to a buffer overflow, but there does not seem to be
specific information about the type of problem in the
SGI advisory, which appears to be the only public information
regarding this vulnerability.
Frech> XF:irix-rpcpasswd-gain-privileges(9261)
======================================================
Candidate: CAN-2002-0362
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0362
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020611
Assigned: 20020506
Category: SF
Reference: VULNWATCH:20020506 [VulnWatch] w00w00 on AOL Instant Messenger remote overflow #2
Reference: BUGTRAQ:20020506 w00w00 on AOL Instant Messenger remote overflow #2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102071080509955&w=2
Reference: BID:4677
Reference: URL:http://www.securityfocus.com/bid/4677
Reference: XF:aim-addexternalapp-bo(9017)
Reference: URL:http://www.iss.net/security_center/static/9017.php
Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows
remote attackers to execute arbitrary code via a long AddExternalApp
request and a TLV type greater than 0x2711.
Modifications:
20040725 ADDREF XF:aim-addexternalapp-bo(9017)
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-0362 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Wall
MODIFY(1) Frech
NOOP(5) Christey, Cox, Foat, Cole, Armstrong
Voter Comments:
Frech> XF:aim-addexternalapp-bo(9017)
Christey> XF:aim-addexternalapp-bo(9017)
URL:http://www.iss.net/security_center/static/9017.php
======================================================
Candidate: CAN-2002-0376
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0376
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020513
Category: SF
Reference: ATSTAKE:A091002-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a091002-1.txt
Reference: BUGTRAQ:20020925 Fwd: QuickTime for Windows ActiveX security advisory
Reference: URL:http://online.securityfocus.com/archive/1/293095
Reference: XF:quicktime-activex-pluginspage-bo(10077)
Reference: URL:http://www.iss.net/security_center/static/10077.php
Reference: BID:5685
Reference: URL:http://www.securityfocus.com/bid/5685
Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote
attackers to execute arbitrary code via a long pluginspage field.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0376 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Cox
REVIEWING(1) Wall
======================================================
Candidate: CAN-2002-0380
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0380
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20020611
Assigned: 20020517
Category: SF
Reference: REDHAT:RHSA-2002:094
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-094.html
Reference: REDHAT:RHSA-2002:121
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-121.html
Reference: REDHAT:RHSA-2003:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html
Reference: FREEBSD:FreeBSD-SA-02:29
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102650721503642&w=2
Reference: CONECTIVA:CLA-2002:491
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000491
Reference: CALDERA:CSSA-2002-025.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt
Reference: DEBIAN:DSA-255
Reference: URL:http://www.debian.org/security/2003/dsa-255
Reference: BUGTRAQ:20020606 TSLSA-2002-0055 - tcpdump
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102339541014226&w=2
Reference: XF:tcpdump-nfs-bo(9216)
Reference: URL:http://www.iss.net/security_center/static/9216.php
Reference: BID:4890
Reference: URL:http://online.securityfocus.com/bid/4890
Reference: HP:HPSBTL0205-044
Reference: URL:http://online.securityfocus.com/advisories/4169
Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers
to cause a denial of service and possibly execute arbitrary code via
an NFS packet.
Modifications:
CHANGEREF REDHAT:RHSA-2002:094 (advisory ID was wrong)
ADDREF FREEBSD:FreeBSD-SA-02:29
ADDREF CONECTIVA:CLA-2002:491
ADDREF CALDERA:CSSA-2002-025.0
ADDREF XF:tcpdump-nfs-bo(9216)
ADDREF BID:4890
ADDREF BUGTRAQ:20020606 TSLSA-2002-0055 - tcpdump
ADDREF HP:HPSBTL0205-044
20040818 ADDREF REDHAT:RHSA-2002:121
20040818 ADDREF REDHAT:RHSA-2003:214
20040818 ADDREF DEBIAN:DSA-255
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0380 ACCEPT (6 accept, 5 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Wall, Cole, Armstrong
MODIFY(2) Frech, Cox
NOOP(2) Christey, Foat
Voter Comments:
Cox> ADDREF: CLA-2002:491 TSLSA-2002-0055
Christey> I clearly screwed up the references here. This is supposed
to be REDHAT:RHSA-2002:094. #089 is already covered by
CAN-2001-1279.
ADDREF FREEBSD:FreeBSD-SA-02:29
Christey> CALDERA:CSSA-2002-025.0
CONECTIVA:CLA-2002:491
Consider SUSE:SuSE-SA:2002:020, but beware that it upgrades
*to* 3.6.2, and it mentions *AFS* packets. There are no
cross-references to know for sure whether they meant this
tcpdump vulnerability or an older one.
Frech> XF:tcpdump-nfs-bo(9216)
Christey> HP:HPSBTL0205-044
URL:http://online.securityfocus.com/advisories/4169
Christey> I'm not going to add the SuSE reference, which may be
describing CAN-2001-1279. I don't want to hold this CAN back
from promotion to an entry any further.
======================================================
Candidate: CAN-2002-0384
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0384
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20020522
Category: SF
Reference: REDHAT:RHSA-2002:098
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-098.html
Reference: REDHAT:RHSA-2002:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-107.html
Reference: REDHAT:RHSA-2002:122
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-122.html
Reference: REDHAT:RHSA-2003:156
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-156.html
Reference: MANDRAKE:MDKSA-2002:054
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-054.php
Reference: HP:HPSBTL0208-057
Reference: URL:http://online.securityfocus.com/advisories/4358
Reference: XF:gaim-jabber-module-bo(9766)
Reference: URL:http://www.iss.net/security_center/static/9766.php
Reference: BID:5406
Reference: URL:http://www.securityfocus.com/bid/5406
Reference: OSVDB:3729
Reference: URL:http://www.osvdb.org/3729
Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows
remote attackers to execute arbitrary code.
Modifications:
20040725 ADDREF REDHAT:RHSA-2003:122
20040818 ADDREF REDHAT:RHSA-2002:122
20040818 ADDREF REDHAT:RHSA-2003:156
20040725 DELREF REDHAT:RHSA-2003:122 [does not exist]
20040818 ADDREF OSVDB:3729
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0384 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Cox, Cole, Armstrong, Green
NOOP(1) Christey
Voter Comments:
Christey> ADDREF MANDRAKE:MDKSA-2002:054
Cox> Addref: RHSA-2003:122
======================================================
Candidate: CAN-2002-0387
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0387
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020522
Category: SF
Reference: ATSTAKE:A031303-1
Reference: URL:http://www.atstake.com/research/advisories/2003/a031303-1.txt
Reference: SUNALERT:52022
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/52022
Reference: CIAC:N-064
Reference: URL:http://www.ciac.org/ciac/bulletins/n-064.shtml
Reference: XF:sunone-gxnsapi6-bo(11529)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11529
Reference: BID:7082
Reference: URL:http://www.securityfocus.com/bid/7082
Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module
for Sun ONE Application Server before 6.5 allows remote attackers to
execute arbitrary code via a long HTTP request URL.
Modifications:
20040725 ADDREF XF:sunone-gxnsapi6-bo(11529)
20040725 ADDREF SUNALERT:52022
20040725 CIAC:N-064
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0387 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Stracener, Green
NOOP(3) Cox, Wall, Cole
Voter Comments:
Green> ACKNOWLEDGED IN SP1 AVAILABLE AT
http://wwws.sun.com/software/download/products/3e3afb89.html
Stracener> cf. Sun[tm] ONE Application Server, Enterprise Edition 6.5 Service Pack 1
======================================================
Candidate: CAN-2002-0395
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0395
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020611
Assigned: 20020530
Category: SF
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: XF:redm-1050ap-tftp-bruteforce(9264)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9264
The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be
disabled and makes it easier for remote attackers to crack the
administration password via brute force methods.
Modifications:
20040725 ADDREF XF:redm-1050ap-tftp-bruteforce(9264)
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-0395 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Foat
MODIFY(1) Frech
NOOP(4) Cox, Wall, Cole, Armstrong
Voter Comments:
Frech> XF:redm-1050ap-tftp-bruteforce (9264)
======================================================
Candidate: CAN-2002-0396
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0396
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020611
Assigned: 20020530
Category: SF
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: XF:redm-1050ap-insecure-session(9265)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9265
The web management server for Red-M 1050 (Bluetooth Access Point) does
not use session-based credentials to authenticate users, which allows
attackers to connect to the server from the same IP address as a user
who has already established a session.
Modifications:
20040725 ADDREF XF:redm-1050ap-insecure-session(9265)
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-0396 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Foat
MODIFY(1) Frech
NOOP(4) Cox, Wall, Cole, Armstrong
Voter Comments:
Frech> XF:redm-1050ap-insecure-session(9265)
======================================================
Candidate: CAN-2002-0397
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0397
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020611
Assigned: 20020530
Category: SF
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: XF:redm-1050ap-device-existence(9266)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9266
Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address,
and other information in UDP packets to a broadcast address, which
allows any system on the network to obtain potentially sensitive
information about the Access Point device by monitoring UDP port 8887.
Modifications:
20040725 ADDREF XF:redm-1050ap-device-existence(9266)
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-0397 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Foat
MODIFY(1) Frech
NOOP(4) Cox, Wall, Cole, Armstrong
Voter Comments:
Frech> XF:redm-1050ap-device-existence (9266)
======================================================
Candidate: CAN-2002-0398
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0398
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020611
Assigned: 20020530
Category: SF
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: XF:redm-1050ap-ppp-dos(9267)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9267
Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to
cause a denial of service and possibly execute arbitrary code via a
long user name.
Modifications:
20040725 ADDREF XF:redm-1050ap-ppp-dos(9267)
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-0398 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Foat
MODIFY(1) Frech
NOOP(4) Cox, Wall, Cole, Armstrong
Voter Comments:
Frech> XF:redm-1050ap-ppp-dos(9267)
======================================================
Candidate: CAN-2002-0400
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0400
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20020611
Assigned: 20020603
Category: SF
Reference: CERT:CA-2002-15
Reference: URL:http://www.cert.org/advisories/CA-2002-15.html
Reference: CERT-VN:VU#739123
Reference: URL:http://www.kb.cert.org/vuls/id/739123
Reference: ISS:20020604 Remote Denial of Service Vulnerability in ISC BIND
Reference: CALDERA:CSSA-2002-SCO.24
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt
Reference: CONECTIVA:CLA-2002:494
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494
Reference: HP:HPSBUX0207-202
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0022.html
Reference: MANDRAKE:MDKSA-2002:038
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-038.php
Reference: REDHAT:RHSA-2002:105
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-105.html
Reference: REDHAT:RHSA-2002:119
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-119.html
Reference: REDHAT:RHSA-2003:154
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-154.html
Reference: SUSE:SuSE-SA:2002:021
Reference: URL:http://www.suse.de/de/security/2002_21_bind9.html
Reference: BID:4936
Reference: URL:http://www.securityfocus.com/bid/4936
Reference: XF:bind-findtype-dos(9250)
Reference: URL:http://www.iss.net/security_center/static/9250.php
ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of
service (shutdown) via a malformed DNS packet that triggers an error
condition that is not properly handled when the rdataset parameter to
the dns_message_findtype() function in message.c is not NULL.
Modifications:
ADDREF CALDERA:CSSA-2002-SCO.24
ADDREF CONECTIVA:CLA-2002:494
ADDREF SUSE:SuSE-SA:2002:021
ADDREF REDHAT:RHSA-2002:105
ADDREF MANDRAKE:MDKSA-2002:038
ADDREF BID:4936
ADDREF XF:bind-findtype-dos(9250)
ADDREF HP:HPSBUX0207-202
20040725 ADDREF REDHAT:RHSA-2003:154
20040818 ADDREF REDHAT:RHSA-2002:119
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0400 ACCEPT (6 accept, 7 ack, 0 review)
Current Votes:
ACCEPT(6) Baker, Cox, Wall, Foat, Cole, Armstrong
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Christey> CALDERA:CSSA-2002-SCO.24
Christey> CALDERA:CSSA-2002-SCO.24
URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt
CONECTIVA:CLA-2002:494
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494
SUSE:SuSE-SA:2002:021
URL:http://www.suse.de/de/support/security/2002_21_bind9.html
XF:bind-findtype-dos(9250)
URL:http://www.iss.net/security_center/static/9250.php
BID:4936
URL:http://www.securityfocus.com/bid/4936
Christey> REDHAT:RHSA-2002:105
Frech> XF:bind-findtype-dos(9250)
Christey> MANDRAKE:MDKSA-2002:038
Christey> HP:HPSBUX0207-202
URL:http://archives.neohapsis.com/archives/hp/2002-q3/0022.html
Christey> REDHAT:RHSA-2003:154
======================================================
Candidate: CAN-2002-0443
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0443
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020307 Windows 2000 password policy bypass possibility
Reference: URL:http://online.securityfocus.com/archive/1/260704
Reference: XF:win2k-password-bypass-policy(8402)
Reference: URL:http://www.iss.net/security_center/static/8402.php
Reference: BID:4256
Reference: URL:http://www.securityfocus.com/bid/4256
Microsoft Windows 2000 allows local users to bypass the policy that
prohibits reusing old passwords by changing the current password
before it expires, which does not enable the check for previous
passwords.
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-2002-0443 ACCEPT_REV (4 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(4) Frech, Foat, Cole, Alderson
NOOP(1) Cox
REVIEWING(1) Wall
======================================================
Candidate: CAN-2002-0444
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0444
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020408 Vulnerability: Windows2000Server running Terminalservices
Reference: URL:http://www.securityfocus.com/archive/1/266729
Reference: BID:4464
Reference: URL:http://www.securityfocus.com/bid/4464
Reference: XF:win2k-terminal-bypass-policies(8813)
Reference: URL:http://www.iss.net/security_center/static/8813.php
Microsoft Windows 2000 running the Terminal Server 90-day trial
version, and possibly other versions, does not apply group policies to
incoming users when the number of connections to the SYSVOL share
exceeds the maximum, e.g. with a maximum number of licenses, which can
allow remote authenticated users to bypass group policies.
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-2002-0444 ACCEPT_REV (4 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(4) Frech, Foat, Cole, Alderson
NOOP(1) Cox
REVIEWING(1) Wall
======================================================
Candidate: CAN-2002-0445
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0445
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020312 [ARL02-A05] PHP FirstPost System Information Path Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/261337
Reference: XF:phpfirstpost-path-disclosure(8434)
Reference: URL:http://www.iss.net/security_center/static/8434.php
Reference: BID:4274
Reference: URL:http://www.securityfocus.com/bid/4274
Reference: OSVDB:7170
Reference: URL:http://www.osvdb.org/7170
article.php in PHP FirstPost 0.1 allows allows remote attackers to
obtain the full pathname of the server via an invalid post number in
the post parameter, which leaks the pathname in an error message.
Modifications:
20040818 ADDREF OSVDB:7170
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INCLUSION: CD:EX-BETA suggests that beta software should not be
included in CVE unless it is popular or in permanent beta. The home
page for PHP FirstPost implies that the product is in beta; however,
the discloser suggests that the developer has stopped maintaining the
code, so it could be argued that this software is in "permanent beta"
and should be included in CVE.
INFERRED ACTION: CAN-2002-0445 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Frech, Cole
NOOP(3) Cox, Wall, Foat
======================================================
Candidate: CAN-2002-0546
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0546
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020403 Winamp: Mp3 file can control the minibrowser
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html
Reference: BUGTRAQ:20020403 Re: Winamp: Mp3 file can control the minibrowser
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html
Reference: XF:winamp-mp3-browser-css(8753)
Reference: URL:http://www.iss.net/security_center/static/8753.php
Reference: BID:4414
Reference: URL:http://www.securityfocus.com/bid/4414
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78
and 2.79 allows remote attackers to execute script via an ID3v1 or
ID3v2 tag in an MP3 file.
Analysis
--------
Vendor Acknowledgement: yes followup
ACKNOWLEDGEMENT: the vendor's changelog for version 2.80 says
"minibrowser security fix," but it is not clear that the vendor is
fixing *this* vulnerability, as there are several issues that affect
2.79 (at least CAN-2002-0546 and CAN-2002-0547, and possibly
CAN-2002-0284).
INFERRED ACTION: CAN-2002-0546 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Frech, Cole
NOOP(4) Cox, Wall, Foat, Armstrong
======================================================
Candidate: CAN-2002-0615
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0615
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020726
Assigned: 20020612
Category: SF
Reference: MS:MS02-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp
Reference: XF:mediaplayer-playlist-script-execution(9422)
Reference: URL:http://www.iss.net/security_center/static/9422.php
Reference: BID:5110
Reference: URL:http://www.securityfocus.com/bid/5110
The Windows Media Active Playlist in Microsoft Windows Media Player
7.1 stores information in a well known location on the local file
system, allowing attackers to execute HTML scripts in the Local
Computer zone, aka "Media Playback Script Invocation".
Modifications:
20040725 ADDREF XF:mediaplayer-playlist-script-execution(9422)
20040725 ADDREF BID:5110
20040725 DELREF BID:4821
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0615 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Wall, Foat, Cole
NOOP(2) Christey, Cox
Voter Comments:
Christey> XF:mediaplayer-playlist-script-execution(9422)
URL:http://www.iss.net/security_center/static/9422.php
BID:5110
URL:http://www.securityfocus.com/bid/5110
Christey> DELREF BID:4821 (that BID is for CVE-2002-0618)
======================================================
Candidate: CAN-2002-0627
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0627
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020617
Category: SF
Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
Reference: CIAC:M-123
Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml
Reference: XF:viewstation-unicode-retrieve-password(9348)
Reference: URL:http://www.iss.net/security_center/static/9348.php
Reference: BID:5632
Reference: URL:http://www.securityfocus.com/bid/5632
The Web server for Polycom ViewStation before 7.2.4 allows remote
attackers to bypass authentication and read files via Unicode encoded
requests.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-0627 ACCEPT_ACK (2 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-0630
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0630
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020617
Category: SF
Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
Reference: CIAC:M-123
Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml
Reference: XF:viewstation-icmp-dos(9350)
Reference: URL:http://www.iss.net/security_center/static/9350.php
Reference: BID:5637
Reference: URL:http://www.securityfocus.com/bid/5637
The Telnet service for Polycom ViewStation before 7.2.4 allows remote
attackers to cause a denial of service (crash) via long or malformed
ICMP packets.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-0630 ACCEPT_ACK (2 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-0651
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0651
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20020726
Assigned: 20020628
Category: SF
Reference: BUGTRAQ:20020626 Remote buffer overflow in resolver code of libc
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102513011311504&w=2
Reference: NTBUGTRAQ:20020703 Buffer overflow and DoS i BIND
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html
Reference: MISC:http://www.pine.nl/advisories/pine-cert-20020601.txt
Reference: CERT:CA-2002-19
Reference: URL:http://www.cert.org/advisories/CA-2002-19.html
Reference: CERT-VN:VU#803539
Reference: URL:http://www.kb.cert.org/vuls/id/803539
Reference: AIXAPAR:IY32719
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0001.html
Reference: AIXAPAR:IY32746
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0001.html
Reference: CALDERA:CSSA-2002-SCO.37
Reference: URL:ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37
Reference: CALDERA:CSSA-2002-SCO.39
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39
Reference: CONECTIVA:CLSA-2002:507
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
Reference: ENGARDE:ESA-20020724-018
Reference: URL:http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html
Reference: FREEBSD:FreeBSD-SA-02:28
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102520962320134&w=2
Reference: MANDRAKE:MDKSA-2002:038
Reference: URL:http://online.securityfocus.com/advisories/4397
Reference: MANDRAKE:MDKSA-2002:043
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php
Reference: NETBSD:NetBSD-SA2002-006
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc
Reference: REDHAT:RHSA-2002:119
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-119.html
Reference: REDHAT:RHSA-2002:133
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-133.html
Reference: REDHAT:RHSA-2002:139
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-139.html
Reference: REDHAT:RHSA-2002:167
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-167.html
Reference: REDHAT:RHSA-2003:154
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-154.html
Reference: SGI:20020701-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/
Reference: BUGTRAQ:20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102579743329251&w=2
Reference: XF:dns-resolver-lib-bo(9432)
Reference: URL:http://www.iss.net/security_center/static/9432.php
Reference: BID:5100
Reference: URL:http://online.securityfocus.com/bid/5100
Buffer overflow in the DNS resolver code used in libc, glibc, and
libbind, as derived from ISC BIND, allows remote malicious DNS servers
to cause a denial of service and possibly execute arbitrary code via
the stub resolvers.
Modifications:
ADDREF REDHAT:RHSA-2002:133
ADDREF MANDRAKE:MDKSA-2002:038
ADDREF CONECTIVA:CLSA-2002:507
ADDREF XF:dns-resolver-lib-bo(9432)
ADDREF BUGTRAQ:20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)
ADDREF BID:5100
ADDREF SGI:20020701-01-I
ADDREF REDHAT:RHSA-2002:139
ADDREF AIXAPAR:IY32719
ADDREF AIXAPAR:IY32746
ADDREF ENGARDE:ESA-20020724-018
20040725 ADDREF CALDERA:CSSA-2002-SCO.37
20040725 ADDREF CALDERA:CSSA-2002-SCO.39
20040725 ADDREF MISC:http://www.pine.nl/advisories/pine-cert-20020601.txt
20040725 ADDREF REDHAT:RHSA-2003:154
20040725 CHANGEREF CERT:VU#803539 (use CERT-VN source)
20040818 ADDREF REDHAT:RHSA-2002:119
20040818 ADDREF REDHAT:RHSA-2002:167
20040818 ADDREF REDHAT:RHSA-2003:154
20040818 DELREF REDHAT:RHSA-2002:154
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0651 ACCEPT (5 accept, 8 ack, 0 review)
Current Votes:
ACCEPT(5) Baker, Cox, Wall, Foat, Cole
NOOP(1) Christey
Voter Comments:
Christey> There are actually 2 closely related issues, one in
gethostbyname/etc. responses related to dn_expand(), and
another in the getnetbyX functions. The getnetby* functions
apparently don't affect BIND 8.x, so they should get a
different CAN. See:
http://marc.theaimsgroup.com/?l=bugtraq&m=102581482511612&w=2
Christey> Need to beef up the description to more clearly distinguish it
from CAN-2002-0684. The NetBSD reference has details,
related to padding and getanswer() and getnetanswer().
Also need to closely check each reference to see which
issue(s) the reference is *really* referring to.
Christey> REDHAT:RHSA-2002:133
Christey> MANDRAKE:MDKSA-2002:038
Christey> MANDRAKE:MDKSA-2002:050
Christey> The getnet* functions were assigned to CAN-2002-0684.
Note: MANDRAKE:MDKSA-2002:038-1 explicitly acknowledges this
issue, but the Mandrake site doesn't have this new revision yet.
Don't add MANDRAKE:MDKSA-2002:050, that's for CAN-2002-0684
Christey> XF:dns-resolver-lib-bo(9432)
URL:http://www.iss.net/security_center/static/9432.php
CONECTIVA:CLSA-2002:507
BUGTRAQ:20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)
BID:5100
URL:http://online.securityfocus.com/bid/5100
SGI:20020701-01-I
REDHAT:RHSA-2002:139
AIXAPAR:IY32719
AIXAPAR:IY32746
ENGARDE:ESA-20020724-018
Christey> CALDERA:CSSA-2002-SCO.37
URL:ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37
Christey> Change the CERT:VU#803539 to a CERT-VN reference.
Christey> MISC:http://www.pine.nl/advisories/pine-cert-20020601.txt
CALDERA:CSSA-2002-SCO.39
Christey> REDHAT:RHSA-2003:154
======================================================
Candidate: CAN-2002-0662
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0662
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020702
Category: SF
Reference: BUGTRAQ:20020902 The ScrollKeeper Root Trap
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103098575826031&w=2
Reference: DEBIAN:DSA-160
Reference: URL:http://www.debian.org/security/2002/dsa-160
Reference: REDHAT:RHSA-2002:186
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-186.html
Reference: BUGTRAQ:20020904 GLSA: scrollkeeper
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103115387102294&w=2
Reference: XF:scrollkeeper-tmp-file-symlink(10002)
Reference: URL:http://www.iss.net/security_center/static/10002.php
Reference: BID:5602
Reference: URL:http://www.securityfocus.com/bid/5602
scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users
to create and overwrite files via a symlink attack on the
scrollkeeper-tempfile.x temporary files.
Modifications:
20040725 ADDREF XF:scrollkeeper-tmp-file-symlink(10002)
20040725 ADDREF BID:5602
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0662 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Cox, Cole, Armstrong
NOOP(1) Christey
Voter Comments:
Christey> XF:scrollkeeper-tmp-file-symlink(10002)
URL:http://www.iss.net/security_center/static/10002.php
BID:5602
URL:http://www.securityfocus.com/bid/5602
======================================================
Candidate: CAN-2002-0668
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0668
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20020726
Assigned: 20020709
Category: SF
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
Reference: XF:pingtel-xpressa-call-hijacking(9563)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9563
Reference: OSVDB:5144
Reference: URL:http://www.osvdb.org/5144
The web interface for Pingtel xpressa SIP-based voice-over-IP phone
1.2.5 through 1.2.7.4 allows authenticated users to modify the Call
Forwarding settings and hijack calls.
Modifications:
20040725 ADDREF XF:pingtel-xpressa-call-hijacking(9563)
20040818 ADDREF OSVDB:5144
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0668 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(5) Cox, Wall, Foat, Cole, Armstrong
Voter Comments:
Frech> XF:pingtel-xpressa-call-hijacking(9563)
======================================================
Candidate: CAN-2002-0672
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0672
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020726
Assigned: 20020709
Category: SF
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
Reference: XF:pingtel-xpressa-factory-defaults(9567)
Reference: URL:http://www.iss.net/security_center/static/9567.php
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4
allows attackers with physical access to restore the phone to factory
defaults without authentication via a menu option, which sets the
administrator password to null.
Modifications:
20040725 XF:pingtel-xpressa-factory-defaults(9567)
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-0672 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(6) Christey, Cox, Wall, Foat, Cole, Armstrong
Voter Comments:
Christey> XF:pingtel-xpressa-factory-defaults(9567)
URL:http://www.iss.net/security_center/static/9567.php
Frech> XF:pingtel-xpressa-factory-defaults(9567)
======================================================
Candidate: CAN-2002-0673
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0673
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020726
Assigned: 20020709
Category: SF
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
Reference: XF:pingtel-xpressa-phone-reregister(9568)
Reference: URL:http://www.iss.net/security_center/static/9568.php
The enrollment process for Pingtel xpressa SIP-based voice-over-IP
phone 1.2.5 through 1.2.7.4 allows attackers with physical access to
the phone to log out the current user and re-register the phone using
MyPingtel Sign-In to gain remote access and perform unauthorized
actions.
Modifications:
20040725 ADDREF XF:pingtel-xpressa-phone-reregister(9568)
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-0673 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(6) Christey, Cox, Wall, Foat, Cole, Armstrong
Voter Comments:
Christey> XF:pingtel-xpressa-phone-reregister(9568)
URL:http://www.iss.net/security_center/static/9568.php
Frech> XF:pingtel-xpressa-phone-reregister(9568)
======================================================
Candidate: CAN-2002-0674
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0674
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020726
Assigned: 20020709
Category: SF
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
Reference: XF:pingtel-xpressa-admin-timeout(9569)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9569
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4
does not "time out" an inactive administrator session, which could
allow other users to perform administrator actions if the
administrator does not explicitly end the authentication.
Modifications:
20040725 ADDREF XF:pingtel-xpressa-admin-timeout(9569)
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-0674 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(5) Cox, Wall, Foat, Cole, Armstrong
Voter Comments:
Frech> XF:pingtel-xpressa-admin-timeout(9569)
======================================================
Candidate: CAN-2002-0682
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0682
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20020726
Assigned: 20020710
Category: SF
Reference: BUGTRAQ:20020710 wp-02-0008: Apache Tomcat Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102631703811297&w=2
Reference: VULNWATCH:20020710 [VulnWatch] wp-02-0008: Apache Tomcat Cross Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0014.html
Reference: XF:tomcat-servlet-xss(9520)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9520
Reference: BID:5193
Reference: URL:http://www.securityfocus.com/bid/5193
Reference: OSVDB:4973
Reference: URL:http://www.osvdb.org/4973
Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows
remote attackers to execute script as other web users via script in a
URL with the /servlet/ mapping, which does not filter the script when
an exception is thrown by the servlet.
Modifications:
20040725 ADDREF XF:tomcat-servlet-xss(9520)
20040725 ADDREF BID:5193
20040818 ADDREF OSVDB:4973
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-0682 ACCEPT (4 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Armstrong
MODIFY(1) Frech
NOOP(5) Christey, Cox, Balinsky, Wall, Foat
Voter Comments:
Christey> XF:tomcat-servlet-xss(9520)
URL:http://www.iss.net/security_center/static/9520.php
BID:5193
URL:http://www.securityfocus.com/bid/5193
Frech> XF:tomcat-servlet-xss(9520)
======================================================
Candidate: CAN-2002-0692
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0692
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020712
Category: SF
Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2002-September/002252.html
Reference: MS:MS02-053
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-053.asp
Reference: CERT-VN:VU#723537
Reference: URL:http://www.kb.cert.org/vuls/id/723537
Reference: XF:fpse-smarthtml-interpreter-dos(10194)
Reference: URL:http://www.iss.net/security_center/static/10194.php
Reference: XF:fpse-smarthtml-interpreter-bo(10195)
Reference: URL:http://www.iss.net/security_center/static/10195.php
Reference: BID:5804
Reference: URL:http://www.securityfocus.com/bid/5804
Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft
FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote
attackers to cause a denial of service (CPU consumption) or run
arbitrary code, respectively, via a certain type of web file request.
Modifications:
20040725 ADDREF CERT-VN:VU#723537
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0692 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(2) Christey, Cox
Voter Comments:
Christey> ADDREF CERT-VN:VU#723537
URL:http://www.kb.cert.org/vuls/id/723537
======================================================
Candidate: CAN-2002-0694
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0694
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20020712
Category: SF
Reference: MS:MS02-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-055.asp
Reference: XF:win-chm-code-execution(10254)
Reference: URL:http://www.iss.net/security_center/static/10254.php
Reference: OVAL:OVAL403
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL403.html
The HTML Help facility in Microsoft Windows 98, 98 Second Edition,
Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows
2000, and Windows XP uses the Local Computer Security Zone when
opening .chm files from the Temporary Internet Files folder, which
allows remote attackers to execute arbitrary code via HTML mail that
references or inserts a malicious .chm file containing shortcuts that
can be executed, aka "Code Execution via Compiled HTML Help File."
Modifications:
20040824 ADDREF OVAL:OVAL403
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0694 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-0696
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0696
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020712
Category: SF
Reference: MS:MS02-049
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-049.asp
Reference: XF:ms-foxpro-app-execution(10035)
Reference: URL:http://www.iss.net/security_center/static/10035.php
Reference: BID:5633
Reference: URL:http://www.securityfocus.com/bid/5633
Microsoft Visual FoxPro 6.0 does not register its associated files
with Internet Explorer, which allows remote attackers to execute
Visual FoxPro applications without warning via HTML that references
specially-crafted filenames.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0696 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-0729
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0729
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20020726
Assigned: 20020725
Category: SF
Reference: BUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102760196931518&w=2
Reference: NTBUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102760479902411&w=2
Microsoft SQL Server 2000 allows remote attackers to cause a denial of
service via a malformed 0x08 packet that is missing a colon separator.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-0729 ACCEPT_REV (5 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(4) Baker, Balinsky, Cole, Armstrong
MODIFY(1) Frech
NOOP(3) Christey, Cox, Foat
REVIEWING(1) Wall
Voter Comments:
Balinsky> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp
Frech> XF:mssql-resolution-service-bo(9661)
Christey> Microsoft MS02-039 does not mention this issue, therefore it
is uncertain whether they acknowledged it or not.
The XF reference is for an overflow, not a malformed packet.
======================================================
Candidate: CAN-2002-0835
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0835
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020808
Category: SF
Reference: REDHAT:RHSA-2002:162
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-162.html
Reference: REDHAT:RHSA-2002:165
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-165.html
Reference: CALDERA:CSSA-2002-044.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt
Reference: HP:HPSBTL0209-066
Reference: URL:http://online.securityfocus.com/advisories/4449
Reference: BID:5596
Reference: URL:http://www.securityfocus.com/bid/5596
Reference: XF:pxe-dhcp-dos(10003)
Reference: URL:http://www.iss.net/security_center/static/10003.php
Preboot eXecution Environment (PXE) server allows remote attackers to
cause a denial of service (crash) via certain DHCP packets from
Voice-Over-IP (VOIP) phones.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0835 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Cox
======================================================
Candidate: CAN-2002-0836
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0836
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020808
Category: SF
Reference: REDHAT:RHSA-2002:194
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-194.html
Reference: REDHAT:RHSA-2002:195
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-195.html
Reference: MANDRAKE:MDKSA-2002:070
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php
Reference: DEBIAN:DSA-207
Reference: URL:http://www.debian.org/security/2002/dsa-207
Reference: BUGTRAQ:20021018 GLSA: tetex
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103497852330838&w=2
Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005975415582&w=2
Reference: CONECTIVA:CLA-2002:537
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537
Reference: HP:HPSBTL0210-073
Reference: URL:http://www.securityfocus.com/advisories/4567
Reference: CERT-VN:VU#169841
Reference: URL:http://www.kb.cert.org/vuls/id/169841
Reference: BID:5978
Reference: URL:http://www.securityfocus.com/bid/5978
Reference: XF:dvips-system-execute-commands(10365)
Reference: URL:http://www.iss.net/security_center/static/10365.php
dvips converter for Postscript files in the tetex package calls the
system() function insecurely, which allows remote attackers to execute
arbitrary commands via certain print jobs, possibly involving fonts.
Modifications:
20040725 ADDREF REDHAT:RHSA-2002:195
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0836 ACCEPT (5 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Baker, Frech, Wall
MODIFY(1) Cox
Voter Comments:
Cox> Addref: REDHAT:RHSA-2002:195
======================================================
Candidate: CAN-2002-0840
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20020808
Category: SF
Reference: BUGTRAQ:20021002 Apache 2 Cross-Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103357160425708&w=2
Reference: VULNWATCH:20021002 Apache 2 Cross-Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html
Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2
Reference: CONECTIVA:CLA-2002:530
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Reference: ENGARDE:ESA-20021007-024
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Reference: MANDRAKE:MDKSA-2002:068
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Reference: DEBIAN:DSA-187
Reference: URL:http://www.debian.org/security/2002/dsa-187
Reference: DEBIAN:DSA-188
Reference: URL:http://www.debian.org/security/2002/dsa-188
Reference: DEBIAN:DSA-195
Reference: URL:http://www.debian.org/security/2002/dsa-195
Reference: HP:HPSBUX0210-224
Reference: URL:http://online.securityfocus.com/advisories/4617
Reference: BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103376585508776&w=2
Reference: BUGTRAQ:20021017 TSLSA-2002-0069-apache
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Reference: REDHAT:RHSA-2002:222
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-222.html
Reference: REDHAT:RHSA-2002:243
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html
Reference: REDHAT:RHSA-2002:244
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html
Reference: REDHAT:RHSA-2002:248
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html
Reference: REDHAT:RHSA-2002:251
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-251.html
Reference: REDHAT:RHSA-2003:106
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-106.html
Reference: SGI:20021105-02-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I
Reference: CERT-VN:VU#240329
Reference: URL:http://www.kb.cert.org/vuls/id/240329
Reference: XF:apache-http-host-xss(10241)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10241
Reference: BID:5847
Reference: URL:http://www.securityfocus.com/bid/5847
Reference: OSVDB:862
Reference: URL:http://www.osvdb.org/862
Cross-site scripting (XSS) vulnerability in the default error page of
Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
UseCanonicalName is "Off" and support for wildcard DNS is present,
allows remote attackers to execute script as other web page visitors
via the Host: header, a different vulnerability than CAN-2002-1157.
Modifications:
20040725 ADDREF REDHAT:RHSA-2002:222
20040725 ADDREF REDHAT:RHSA-2002:243
20040725 ADDREF REDHAT:RHSA-2002:244
20040725 ADDREF REDHAT:RHSA-2002:248
20040725 ADDREF REDHAT:RHSA-2002:251
20040725 ADDREF SGI:20021105-02-I
20040725 ADDREF XF:apache-http-host-xss(10241)
20040725 ADDREF BID:5847
20040818 ADDREF REDHAT:RHSA-2003:106
20040818 ADDREF OSVDB:862
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2002-0840 ACCEPT (5 accept, 6 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Baker, Wall
MODIFY(2) Frech, Cox
NOOP(1) Christey
Voter Comments:
Christey> CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Cox> Addref: RHSA-2002:251
Addref: RHSA-2002:248
Addref: RHSA-2002:244
Addref: RHSA-2002:243
Addref: RHSA-2002:222
Frech> XF:apache-http-host-xss(10241)
Christey> SGI:20021105-02-I
URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I
======================================================
Candidate: CAN-2002-0842
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0842
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020808
Category: SF
Reference: BUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549708626309&w=2
Reference: NTBUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549708626309&w=2
Reference: VULNWATCH:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0076.html
Reference: MISC:http://www.nextgenss.com/advisories/ora-appservfmtst.txt
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf
Reference: CERT:CA-2003-05
Reference: URL:http://www.cert.org/advisories/CA-2003-05.html
Reference: CERT-VN:VU#849993
Reference: URL:http://www.kb.cert.org/vuls/id/849993
Reference: CIAC:N-046
Reference: URL:http://www.ciac.org/ciac/bulletins/n-046.shtml
Reference: BUGTRAQ:20030218 CSSA-2003-007.0 Advisory withdrawn. Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav mo
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104559446010858&w=2
Reference: BUGTRAQ:20030218 Re: CSSA-2003-007.0 Advisory withdrawn.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104560577227981&w=2
Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2003-February/004258.html
Reference: XF:oracle-appserver-davpublic-dos(11330)
Reference: URL:http://www.iss.net/security_center/static/11330.php
Reference: BID:6846
Reference: URL:http://www.securityfocus.com/bid/6846
Format string vulnerability in certain third party modifications to
mod_dav for logging bad gateway messages (e.g. Oracle9i Application
Server 9.0.2) allows remote attackers to execute arbitrary code via a
destination URI that forces a "502 Bad Gateway" response, which causes
the format string specifiers to be returned from dav_lookup_uri() in
mod_dav.c, which is then used in a call to ap_log_rerror().
Modifications:
20040725 ADDREF CERT:CA-2003-05
20040725 ADDREF CIAC:N-046
20040725 ADDREF BID:6846
20040725 ADDREF MISC:http://www.nextgenss.com/advisories/ora-appservfmtst.txt
Analysis
--------
Vendor Acknowledgement: yes advisory
ACCURACY: a SCO advisory was released which mentioned this CAN, but it
was quickly rescinded. This CAN is for the issue addressed by Oracle
only.
NOTE: This CAN was public in 2003. It has a 2002 identifier because
the CNA (Red Hat) originally assigned the CAN to the issue in 2002;
but due to some early confusion regarding the "location" of the bug,
and the fact that it only affected certain modifications to the
package, and not the original package itself, it was a while before
the bug was published.
INFERRED ACTION: CAN-2002-0842 ACCEPT (5 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Baker, Frech, Cox, Wall
NOOP(1) Christey
Voter Comments:
Christey> CERT:CA-2003-05
URL:http://www.cert.org/advisories/CA-2003-05.html
CIAC:N-046
URL:http://www.ciac.org/ciac/bulletins/n-046.shtml
BID:6846
URL:http://www.securityfocus.com/bid/6846
MISC:http://www.nextgenss.com/advisories/ora-appservfmtst.txt
======================================================
Candidate: CAN-2002-0844
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0844
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20020830
Assigned: 20020809
Category: SF
Reference: BUGTRAQ:20020525 [DER ADV#8] - Local off by one in CVSD
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102233767925177&w=2
Reference: VULNWATCH:20020525 [DER ADV#8] - Local off by one in CVSD
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html
Reference: CALDERA:CSSA-2002-035.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt
Reference: REDHAT:RHSA-2004:004
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-004.html
Reference: SGI:20040103-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
Reference: XF:cvs-rcs-offbyone-bo(9175)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9175
Reference: BID:4829
Reference: URL:http://www.securityfocus.com/bid/4829
Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD
before 1.11.2 allows local users to execute arbitrary code.
Modifications:
20040725 ADDREF XF:cvs-rcs-offbyone-bo(9175)
20040725 ADDREF REDHAT:RHSA-2004:004
20040725 ADDREF SGI:20040103-01-U
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0844 ACCEPT_REV (6 accept, 3 ack, 1 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Alderson, Baker, Cox
MODIFY(1) Frech
NOOP(2) Christey, Foat
REVIEWING(1) Jones
Voter Comments:
Jones> Vulnerable version unclear. CVE description says 1.11.2, Caldera
reference says 1.11-8 is both vulnerable AND is the version of the patched
code.
Frech> XF:cvs-rcs-offbyone-bo(9175)
Christey> REDHAT:RHSA-2004:004
URL:http://www.redhat.com/support/errata/RHSA-2004-004.html
Christey> SGI:20040103-01-U
URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
======================================================
Candidate: CAN-2002-0850
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0850
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020809
Category: SF
Reference: BUGTRAQ:20020906 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103133995920090&w=2
Reference: VULNWATCH:20020905 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0106.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/ReadMe.txt
Reference: XF:pgp-long-filename-bo(10043)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10043
Reference: BID:5656
Reference: URL:http://www.securityfocus.com/bid/5656
Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers
to execute arbitrary code via an encrypted document that has a long
filename when it is decrypted.
Modifications:
20040725 ADDREF XF:pgp-long-filename-bo(10043)
20040725 ADDREF BID:5656
Analysis
--------
Vendor Acknowledgement: yes advisory
ACKNOWLEDGEMENT: The release notes for PGP Corporate Desktop 7.1.x
state: "While PGP supports long file names, it encounters problems
when it tries to encrypt or decrypt files that have names longer than
200 characters... For more information on this issue, see Foundstone
Labs Advisory - 080202-PCRO." While the advisory ID is different than
the one in Foundstone's Bugtraq post, Foundstone did confirm via email
that both ID's reference the same issue.
INFERRED ACTION: CAN-2002-0850 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-0864
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0864
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020815
Category: SF
Reference: BUGTRAQ:20020916 Microsoft Windows XP Remote Desktop denial of service vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103235745116592&w=2
Reference: BUGTRAQ:20020918 Microsoft Windows Terminal Services vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103236181522253&w=2
Reference: MS:MS02-051
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-051.asp
Reference: XF:winxp-remote-desktop-dos(10120)
Reference: URL:http://www.iss.net/security_center/static/10120.php
Reference: BID:5713
Reference: URL:http://www.securityfocus.com/bid/5713
The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP
allows remote attackers to cause a denial of service (crash) when
Remote Desktop is enabled via a PDU Confirm Active data packet that
does not set the Pattern BLT command, aka "Denial of Service in
Remote Desktop."
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0864 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Wall
NOOP(1) Cox
======================================================
Candidate: CAN-2002-0865
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0865
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020815
Category: SF
Reference: MS:MS02-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp
Reference: CERT-VN:VU#140898
Reference: URL:http://www.kb.cert.org/vuls/id/140898
Reference: XF:msvm-xml-methods-access(10135)
Reference: URL:http://www.iss.net/security_center/static/10135.php
Reference: BID:5752
Reference: URL:http://online.securityfocus.com/bid/5752
A certain class that supports XML (Extensible Markup Language) in
Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably
com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows
remote attackers to execute unsafe code via a Java applet, aka
"Inappropriate Methods Exposed in XML Support Classes."
Modifications:
20040725 ADDREF CERT-VN:VU#140898
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0865 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Wall
NOOP(2) Christey, Cox
Voter Comments:
Christey> ADDREF CERT-VN:VU#140898
URL:http://www.kb.cert.org/vuls/id/140898
This VU# also explicitly mentions the com.ms.osp.ospmrshl
class.
======================================================
Candidate: CAN-2002-0866
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0866
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020815
Category: SF
Reference: BUGTRAQ:20020923 Technical information about the vulnerabilities fixed by MS-02-52
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0271.html
Reference: MS:MS02-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp
Reference: CERT-VN:VU#307306
Reference: URL:http://www.kb.cert.org/vuls/id/307306
Reference: XF:msvm-jdbc-dll-execution(10133)
Reference: URL:http://www.iss.net/security_center/static/10133.php
Reference: BID:5751
Reference: URL:http://online.securityfocus.com/bid/5751
Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine
(VM) up to and including 5.0.3805 allow remote attackers to load and
execute DLLs (dynamic link libraries) via a Java applet that calls the
constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL
terminated by a null string, aka "DLL Execution via JDBC Classes."
Modifications:
20040725 ADDREF CERT-VN:VU#307306
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0866 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Wall
NOOP(2) Christey, Cox
Voter Comments:
Christey> ADDREF CERT-VN:VU#307306
URL:http://www.kb.cert.org/vuls/id/307306
======================================================
Candidate: CAN-2002-0867
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0867
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020815
Category: SF
Reference: MS:MS02-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp
Reference: CERT-VN:VU#792881
Reference: URL:http://www.kb.cert.org/vuls/id/792881
Reference: XF:msvm-jdbc-ie-dos(10134)
Reference: URL:http://www.iss.net/security_center/static/10134.php
Microsoft Virtual Machine (VM) up to and including build 5.0.3805
allows remote attackers to cause a denial of service (crash) in
Internet Explorer via invalid handle data in a Java applet, aka
"Handle Validation Flaw."
Modifications:
20040725 CERT-VN:VU#792881
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0867 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Wall
NOOP(2) Christey, Cox
Voter Comments:
Christey> ADDREF CERT-VN:VU#792881
URL:http://www.kb.cert.org/vuls/id/792881
Consider adding BID:5670
======================================================
Candidate: CAN-2002-0895
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0895
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020522 MatuFtpServer Remote Buffer Overflow and Possible DoS
Reference: URL:http://online.securityfocus.com/archive/1/273581
Reference: BID:4792
Reference: URL:http://www.securityfocus.com/bid/4792
Reference: XF:matuftpserver-pass-bo(9138)
Reference: URL:http://www.iss.net/security_center/static/9138.php
Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a long PASS (password) command.
Analysis
--------
Vendor Acknowledgement:
ACKNOWLEDGEMENT: vendor web page is in Japanese, so acknowledgement
could not be determined.
INFERRED ACTION: CAN-2002-0895 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Alderson, Frech, Jones
NOOP(4) Cole, Armstrong, Cox, Foat
Voter Comments:
Alderson> The fact that the vendor page is in Japanese and therefore couldnt
be verified may highlight future problems of a similar nature.
======================================================
Candidate: CAN-2002-0969
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0969
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020820
Category: SF
Reference: VULNWATCH:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html
Reference: BUGTRAQ:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103358628011935&w=2
Reference: MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt
Reference: CONFIRM:http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x
Reference: XF:mysql-myini-datadir-bo(10243)
Reference: URL:http://www.iss.net/security_center/static/10243.php
Reference: BID:5853
Reference: URL:http://www.securityfocus.com/bid/5853
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta
before 4.02, on the Win32 platform, allows local users to execute
arbitrary code via a long "datadir" parameter in the my.ini
initialization file, whose permissions on Windows allow Full Control
to the Everyone group.
Modifications:
20040725 desc - add Win32
Analysis
--------
Vendor Acknowledgement: unknown
ACKNOWLEDGEMENT: The changelog for "Changes in release 3.23.50 (21 Apr
2002)" says: "Fixed buffer overflow problem if someone specified a too
long datadir parameter to mysqld."
INFERRED ACTION: CAN-2002-0969 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
NOOP(2) Cox, Wall
Voter Comments:
Cox> Note that description should refer to Win32 platform
Green> THE VENDOR'S STATEMENTS IN THE CHANGELOG SHOULD SURFICE AS ACKNOWLEDGEMENT
======================================================
Candidate: CAN-2002-0970
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0970
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20020830
Assigned: 20020821
Category: SF
Reference: BUGTRAQ:20020812 Re: IE SSL Vulnerability (Konqueror affected too)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918241005893&w=2
Reference: BUGTRAQ:20020818 KDE Security Advisory: Konqueror SSL vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0170.html
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020818-1.txt
Reference: DEBIAN:DSA-155
Reference: URL:http://www.debian.org/security/2002/dsa-155
Reference: MANDRAKE:MDKSA-2002:058
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:058
Reference: CALDERA:CSSA-2002-047.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt
Reference: CONECTIVA:CLA-2002:519
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000519
Reference: REDHAT:RHSA-2002:220
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html
Reference: REDHAT:RHSA-2002:221
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-221.html
Reference: XF:ssl-ca-certificate-spoofing(9776)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9776
Reference: BID:5410
Reference: URL:http://www.securityfocus.com/bid/5410
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not
verify the Basic Constraints for an intermediate CA-signed
certificate, which allows remote attackers to spoof the certificates
of trusted sites via a man-in-the-middle attack.
Modifications:
ADDREF BUGTRAQ:20020818 KDE Security Advisory: Konqueror SSL vulnerability
ADDREF CONFIRM:http://www.kde.org/info/security/advisory-20020818-1.txt
ADDREF MANDRAKE:MDKSA-2002:058
ADDREF CALDERA:CSSA-2002-047.0
ADDREF CONECTIVA:CLA-2002:519
ADDREF REDHAT:RHSA-2002:220
20040725 ADDREF XF:ssl-ca-certificate-spoofing(9776)
20040725 ADDREF BID:5410
20040818 ADDREF REDHAT:RHSA-2002:221
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0970 ACCEPT (5 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Cox
MODIFY(1) Frech
NOOP(3) Foat, Christey, Wall
Voter Comments:
Christey> CAN-2002-0970 and CAN-2002-0828 are treated differently
because, as I understand it, the SSL design requires that
you verify Basic Constraints. Here, we have 2 separate
implementations that had the same implementation error,
just like the 20+ FTP servers have the "buffer overflow
in USER command" implementation error. It is assumed
that CAN-2002-0970 and CAN-2002-0828 don't share the same
codebases.
Christey> BUGTRAQ:20020818 KDE Security Advisory: Konqueror SSL vulnerability
URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0170.html
Christey> CONFIRM:http://www.kde.org/info/security/advisory-20020818-1.txt
MANDRAKE:MDKSA-2002:058
Christey> CALDERA:CSSA-2002-047.0
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt
Christey> CONECTIVA:CLA-2002:519
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000519
Christey> REDHAT:RHSA-2002:220
Frech> XF:ssl-ca-certificate-spoofing(9776)
======================================================
Candidate: CAN-2002-0974
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0974
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20020830
Assigned: 20020821
Category: SF
Reference: BUGTRAQ:20020815 Delete arbitrary files using Help and Support Center [MSRC 1198dg]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102942549832077&w=2
Reference: MS:MS02-060
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-060.asp
Reference: MSKB:Q328940
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q328940
Reference: XF:winxp-helpctr-delete-files(9878)
Reference: URL:http://www.iss.net/security_center/static/9878.php
Reference: BID:5478
Reference: URL:http://www.securityfocus.com/bid/5478
Reference: OSVDB:3001
Reference: URL:http://www.osvdb.org/3001
Help and Support Center for Windows XP allows remote attackers to
delete arbitrary files via a link to the hcp: protocol that accesses
uplddrvinfo.htm.
Modifications:
20040725 ADDREF MS:MS02-060
20040725 ADDREF MSKB:Q328940
20040725 ADDREF XF:winxp-helpctr-delete-files(9878)
20040725 ADDREF BID:5478
20040818 ADDREF OSVDB:3001
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2002-0974 ACCEPT_REV (3 accept, 2 ack, 1 review)
Current Votes:
ACCEPT(2) Foat, Armstrong
MODIFY(1) Frech
NOOP(3) Cole, Christey, Cox
REVIEWING(1) Wall
Voter Comments:
Christey> MSKB:Q328940
Christey> MS:MS02-060
URL:http://www.microsoft.com/technet/security/bulletin/ms02-060.asp
XF:winxp-helpctr-delete-files(9878)
URL:http://www.iss.net/security_center/static/9878.php
BID:5478
URL:http://www.securityfocus.com/bid/5478
Frech> XF:winxp-helpctr-delete-files(9878)
======================================================
Candidate: CAN-2002-0985
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0985
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20020830
Assigned: 20020823
Category: SF
Reference: BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2
Reference: DEBIAN:DSA-168
Reference: URL:http://www.debian.org/security/2002/dsa-168
Reference: REDHAT:RHSA-2002:213
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-213.html
Reference: REDHAT:RHSA-2002:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-214.html
Reference: REDHAT:RHSA-2002:243
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html
Reference: REDHAT:RHSA-2002:244
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html
Reference: REDHAT:RHSA-2002:248
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html
Reference: REDHAT:RHSA-2003:159
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-159.html
Reference: SUSE:SuSE-SA:2002:036
Reference: URL:http://www.suse.de/de/security/2002_036_modphp4.html
Reference: CONECTIVA:CLA-2002:545
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545
Reference: CALDERA:CSSA-2003-008.0
Reference: XF:php-mail-safemode-bypass(9966)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9966
Reference: BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2
Reference: MANDRAKE:MDKSA-2003:082
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:0
Reference: OSVDB:2111
Reference: URL:http://www.osvdb.org/2111
Argument injection vulnerability in the mail function for PHP 4.x to
4.2.2 may allow attackers to bypass safe mode restrictions and modify
command line arguments to the MTA (e.g. sendmail) in the 5th argument
to mail(), altering MTA behavior and possibly executing commands.
Modifications:
20040725 desc change "remote attackers"
20040725 desc say "argument injection"
20040725 ADDREF DEBIAN:DSA-168
20040725 ADDREF SUSE:SuSE-SA:2002:036
20040725 ADDREF REDHAT:RHSA-2002:213
20040725 ADDREF CONECTIVA:CLA-2002:545
20040725 ADDREF CALDERA:CSSA-2003-008.0
20040725 ADDREF XF:php-mail-safemode-bypass(9966)
20040725 ADDREF BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)
20040725 ADDREF MANDRAKE:MDKSA-2003:082
20040818 ADDREF REDHAT:RHSA-2002:214
20040818 ADDREF REDHAT:RHSA-2002:243
20040818 ADDREF REDHAT:RHSA-2002:244
20040818 ADDREF REDHAT:RHSA-2002:248
20040818 ADDREF REDHAT:RHSA-2003:159
20040818 ADDREF OSVDB:2111
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0985 ACCEPT_ACK (2 accept, 4 ack, 0 review)
Current Votes:
MODIFY(2) Frech, Cox
NOOP(5) Foat, Cole, Armstrong, Christey, Wall
Voter Comments:
CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
CHANGE> [Cox changed vote from ACCEPT to MODIFY]
Cox> this should read "local script authors" not "remote attackers"
(can be confirmed by checking the PHP advisory too).
Christey> DEBIAN:DSA-168
Christey> SUSE:SuSE-SA:2002:036
Christey> REDHAT:RHSA-2002:213
URL:http://www.redhat.com/support/errata/RHSA-2002-213.html
Christey> CONECTIVA:CLA-2002:545
Christey> Ummm... what is the relationship between this and
CVE-2001-1246? The Debian advisory may help to make the
distinction.
XF:php-mail-safemode-bypass(9966)
URL:http://www.iss.net/security_center/static/9966.php
Christey> CALDERA:CSSA-2003-008.0
Frech> XF:php-mail-safemode-bypass(9966)
Christey> BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2
Christey> MANDRAKE:MDKSA-2003:082
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:082
======================================================
Candidate: CAN-2002-0986
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0986
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20020830
Assigned: 20020823
Category: SF
Reference: BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2
Reference: DEBIAN:DSA-168
Reference: URL:http://www.debian.org/security/2002/dsa-168
Reference: SUSE:SuSE-SA:2002:036
Reference: URL:http://www.suse.de/de/security/2002_036_modphp4.html
Reference: REDHAT:RHSA-2002:213
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-213.html
Reference: REDHAT:RHSA-2002:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-214.html
Reference: REDHAT:RHSA-2002:243
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html
Reference: REDHAT:RHSA-2002:244
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html
Reference: REDHAT:RHSA-2002:248
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html
Reference: REDHAT:RHSA-2003:159
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-159.html
Reference: CONECTIVA:CLA-2002:545
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545
Reference: CALDERA:CSSA-2003-008.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt
Reference: MANDRAKE:MDKSA-2003:082
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082
Reference: BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2
Reference: XF:php-mail-ascii-injection(9959)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9959
Reference: BID:5562
Reference: URL:http://www.securityfocus.com/bid/5562
Reference: OSVDB:2160
Reference: URL:http://www.osvdb.org/2160
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy."
Modifications:
20040725 ADDREF DEBIAN:DSA-168
20040725 ADDREF SUSE:SuSE-SA:2002:036
20040725 ADDREF REDHAT:RHSA-2002:213
20040725 ADDREF CONECTIVA:CLA-2002:545
20040725 ADDREF CALDERA:CSSA-2003-008.0
20040725 ADDREF MANDRAKE:MDKSA-2003:082
20040725 ADDREF BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)
20040725 ADDREF XF:php-mail-ascii-injection(9959)
20040725 ADDREF BID:5562
20040818 ADDREF REDHAT:RHSA-2002:214
20040818 ADDREF REDHAT:RHSA-2002:243
20040818 ADDREF REDHAT:RHSA-2002:244
20040818 ADDREF REDHAT:RHSA-2002:248
20040818 ADDREF REDHAT:RHSA-2003:159
20040818 ADDREF OSVDB:2160
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0986 ACCEPT_ACK (2 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(1) Cox
MODIFY(1) Frech
NOOP(5) Foat, Cole, Armstrong, Christey, Wall
Voter Comments:
CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
Christey> DEBIAN:DSA-168
Christey> SUSE:SuSE-SA:2002:036
Christey> REDHAT:RHSA-2002:213
URL:http://www.redhat.com/support/errata/RHSA-2002-213.html
Christey> CONECTIVA:CLA-2002:545
Christey> XF:php-mail-ascii-injection(9959)
URL:http://www.iss.net/security_center/static/9959.php
BID:5562
URL:http://www.securityfocus.com/bid/5562
Christey> CALDERA:CSSA-2003-008.0
Frech> XF:php-mail-ascii-injection(9959)
Christey> BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2
Christey> MANDRAKE:MDKSA-2003:082
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:082
======================================================
Candidate: CAN-2002-0990
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0990
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20021014 Multiple Symantec Firewall Secure Webserver timeout DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103463869503124&w=2
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html
Reference: BID:5958
Reference: URL:http://www.securityfocus.com/bid/5958
Reference: XF:simple-webserver-url-dos(10364)
Reference: URL:http://www.iss.net/security_center/static/10364.php
The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2
through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec
Gateway Security allow remote attackers to cause a denial of service
(connection resource exhaustion) via multiple connection requests to
domains whose DNS server is unresponsive or does not exist, which
generates a long timeout.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-0990 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1091
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1091
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: BUGTRAQ:20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134051120770&w=2
Reference: MISC:http://crash.ihug.co.nz/~Sneuro/zerogif/
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=157989
Reference: MANDRAKE:MDKSA-2002:075
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075
Reference: REDHAT:RHSA-2002:192
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html
Reference: REDHAT:RHSA-2003:046
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-046.html
Reference: XF:netscape-zero-gif-bo(10058)
Reference: URL:http://www.iss.net/security_center/static/10058.php
Reference: BID:5665
Reference: URL:http://www.securityfocus.com/bid/5665
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers
to corrupt heap memory and execute arbitrary code via a GIF image with
a zero width.
Modifications:
20040725 ADDREF REDHAT:RHSA-2003:046
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1091 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
MODIFY(1) Cox
Voter Comments:
Cox> Addref: RHSA-2003:046
Green> ACKNOWLEDGED IN REDHAT ERRATA
======================================================
Candidate: CAN-2002-1092
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1092
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-bypass-authentication(10017)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10017
Reference: BID:5613
Reference: URL:http://www.securityfocus.com/bid/5613
Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when
configured to use internal authentication with group accounts and
without any user accounts, allows remote VPN clients to log in using
PPTP or IPSEC user authentication.
Modifications:
20040725 ADDREF XF:cisco-vpn-bypass-authentication(10017)
20040725 ADDREF BID:5613
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1092 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Baker, Jones, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1093
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1093
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-html-parser-dos(10018)
Reference: URL:http://www.iss.net/security_center/static/10018.php
Reference: BID:5615
Reference: URL:http://www.securityfocus.com/bid/5615
HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before
3.0.3(B) allows remote attackers to cause a denial of service (CPU
consumption) via a long URL request.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1093 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Baker, Jones, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1095
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-pptp-dos(10021)
Reference: URL:http://www.iss.net/security_center/static/10021.php
Reference: BID:5625
Reference: URL:http://www.securityfocus.com/bid/5625
Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled,
allows remote attackers to cause a denial of service (reload) via a
Windows-based PPTP client with the "No Encryption" option set.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1095 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Baker, Jones, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1096
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1096
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: BID:5611
Reference: URL:http://www.securityfocus.com/bid/5611
Reference: XF:cisco-vpn-user-passwords(10019)
Reference: URL:http://www.iss.net/security_center/static/10019.php
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows
restricted administrators to obtain user passwords that are stored in
plaintext in HTML source code.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1096 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Baker, Jones, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1097
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1097
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-certificate-passwords(10022)
Reference: URL:http://www.iss.net/security_center/static/10022.php
Reference: BID:5612
Reference: URL:http://www.securityfocus.com/bid/5612
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows
restricted administrators to obtain certificate passwords that are
stored in plaintext in the HTML source code for Certificate Management
pages.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1097 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Baker, Jones, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1098
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1098
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-xml-filter(10023)
Reference: URL:http://www.iss.net/security_center/static/10023.php
Reference: BID:5614
Reference: URL:http://www.securityfocus.com/bid/5614
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an
"HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the
protocol to "ANY" when the XML filter configuration is enabled, which
ultimately allows arbitrary traffic to pass through the concentrator.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1098 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Baker, Jones, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1099
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1099
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-web-access(10024)
Reference: URL:http://www.iss.net/security_center/static/10024.php
Reference: BID:5616
Reference: URL:http://www.securityfocus.com/bid/5616
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote
attackers to obtain potentially sensitive information without
authentication by directly accessing certain HTML pages.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1099 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Baker, Jones, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1102
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1102
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-lan-connection-dos(10027)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10027
Reference: BID:5622
Reference: URL:http://www.securityfocus.com/bid/5622
The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x,
and 3.x before 3.5.4, allows remote attackers to cause a denial of
service via an incoming LAN-to-LAN connection with an existing
security association with another device on the remote network, which
causes the concentrator to remove the previous connection.
Modifications:
20040725 ADDREF XF:cisco-vpn-lan-connection-dos(10027)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1102 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Baker, Jones, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1104
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1104
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
Reference: XF:cisco-vpn-tcp-dos(10042)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10042
Reference: BID:5649
Reference: URL:http://www.securityfocus.com/bid/5649
Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x
before 3.0.5 allows remote attackers to cause a denial of service
(crash) via TCP packets with source and destination ports of 137
(NETBIOS).
Modifications:
20040725 ADDREF XF:cisco-vpn-tcp-dos(10042)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1104 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Baker, Jones, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1105
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1105
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
Reference: XF:cisco-vpn-obtain-password(10044)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10044
Reference: BID:5650
Reference: URL:http://www.securityfocus.com/bid/5650
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x
before 3.5.1C, allows local users to use a utility program to obtain
the group password.
Modifications:
20040725 desc - add "local users"
20040725 ADDREF XF:cisco-vpn-obtain-password(10044)
20040725 ADDREF BID:5650
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1105 ACCEPT_REV (3 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(1) Cox
REVIEWING(1) Jones
Voter Comments:
Jones> [JHJ] "...allows local attackers..."?
======================================================
Candidate: CAN-2002-1106
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1106
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
Reference: XF:cisco-vpn-certificate-mitm(10045)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10045
Reference: BID:5652
Reference: URL:http://www.securityfocus.com/bid/5652
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x
before 3.5.1C, does not properly verify that certificate DN fields
match those of the certificate from the VPN Concentrator, which allows
remote attackers to conduct man-in-the-middle attacks.
Modifications:
20040725 ADDREF XF:cisco-vpn-certificate-mitm(10045)
20040725 ADDREF BID:5652
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1106 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Baker, Jones, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1107
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1107
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
Reference: XF:cisco-vpn-random-numbers(10046)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10046
Reference: BID:5653
Reference: URL:http://www.securityfocus.com/bid/5653
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x
before 3.5.2B, does not generate sufficiently random numbers, which
may make it vulnerable to certain attacks such as spoofing.
Modifications:
20040725 ADDREF XF:cisco-vpn-random-numbers(10046)
20040725 ADDREF BID:5653
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1107 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
MODIFY(1) Jones
NOOP(1) Cox
Voter Comments:
Jones> Suggest changing "...vulnerable to certain attacks such as
spoofing." to "vulnerable to certain attacks which exploit this
cryptographic weakness." Spoofing is a specific example of a broader class
of attacks based on the weak RN generation.
======================================================
Candidate: CAN-2002-1108
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1108
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
Reference: XF:cisco-vpn-tcp-filter(10047)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10047
Reference: BID:5651
Reference: URL:http://www.securityfocus.com/bid/5651
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x
before 3.6(Rel), when configured with all tunnel mode, can be forced
into acknowledging a TCP packet from outside the tunnel.
Modifications:
ADDREF 20040725 XF:cisco-vpn-tcp-filter(10047)
ADDREF 20040725 BID:5651
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1108 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
MODIFY(1) Jones
NOOP(1) Cox
Voter Comments:
Jones> Suggest adding quotes around "all tunnel", e.g., ...configured
with "all tunnel" mode..., to remove amiguity.
======================================================
Candidate: CAN-2002-1109
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1109
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=amavis-announce&m=103121272122242&w=2
Reference: BUGTRAQ:20020905 GLSA: amavis
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103124270321404&w=2
Reference: XF:amavis-securetar-tar-dos(10056)
Reference: URL:http://www.iss.net/security_center/static/10056.php
securetar, as used in AMaViS shell script 0.2.1 and earlier, allows
users to cause a denial of service (CPU consumption) via a malformed
TAR file, possibly via an incorrect file size parameter.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1109 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1111
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978873620491&w=2
Reference: DEBIAN:DSA-153
Reference: URL:http://www.debian.org/security/2002/dsa-153
Reference: BID:5515
Reference: URL:http://www.securityfocus.com/bid/5515
Reference: XF:mantis-limit-reporters-bypass(9898)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9898
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify
the limit_reporters option, which allows remote attackers to view bug
summaries for bugs that would otherwise be restricted.
Modifications:
20040725 ADDREF XF:mantis-limit-reporters-bypass(9898)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1111 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1112
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1112
Final-Decision:
Interim-Decision: 20040825
Modified: 20040725
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978673018271&w=2
Reference: DEBIAN:DSA-153
Reference: URL:http://www.debian.org/security/2002/dsa-153
Reference: BID:5514
Reference: URL:http://www.securityfocus.com/bid/5514
Reference: XF:mantis-private-project-bug-listing(9899)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9899
Mantis before 0.17.4 allows remote attackers to list project bugs
without authentication by modifying the cookie that is used by the
"View Bugs" page.
Modifications:
20040725 ADDREF XF:mantis-private-project-bug-listing(9899)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1112 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1113
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1113
Final-Decision:
Interim-Decision: 20040825
Modified: 20040820
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: BUGTRAQ:20020813 mantisbt security flaw
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102927873301965&w=2
Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-04] Arbitrary code execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978924821040&w=2
Reference: DEBIAN:DSA-153
Reference: URL:http://www.debian.org/security/2002/dsa-153
Reference: BID:5504
Reference: URL:http://www.securityfocus.com/bid/5504
Reference: XF:mantis-include-remote-files(9829)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9829
Reference: OSVDB:4858
Reference: URL:http://www.osvdb.org/4858
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote
attackers to execute arbitrary PHP code by modifying the
g_jpgraph_path parameter to reference the location of the PHP code.
Modifications:
20040725 ADDREF XF:mantis-include-remote-files(9829)
20040818 ADDREF OSVDB:4858
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1113 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1116
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1116
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: BUGTRAQ:20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on 'View Bugs'
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103014152320112&w=2
Reference: DEBIAN:DSA-161
Reference: URL:http://www.debian.org/security/2002/dsa-161
The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and
earlier includes summaries of private bugs for users that do not have
access to any projects.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1116 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1117
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1117
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: BUGTRAQ:20020906 Veritas Backup Exec opens networks for NetBIOS based attacks?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134395124579&w=2
Reference: BUGTRAQ:20020906 UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134930629683&w=2
Reference: CONFIRM:http://seer.support.veritas.com/docs/238618.htm
Reference: XF:veritas-backupexec-restrictanonymous-zero(10093)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10093
Reference: OSVDB:8230
Reference: URL:http://www.osvdb.org/8230
Reference: OVAL:OVAL1036
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1036.html
Veritas Backup Exec 8.5 and earlier requires that the
"RestrictAnonymous" registry key for Microsoft Exchange 2000 must be
set to 0, which enables anonymous listing of the SAM database and
shares.
Modifications:
20040804 ADDREF XF:veritas-backupexec-restrictanonymous-zero(10093)
20040818 ADDREF OSVDB:8230
20040824 ADDREF OVAL:OVAL1036
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2002-1117 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1118
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1118
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20020909
Category: SF
Reference: VULNWATCH:20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf
Reference: XF:oracle-net-services-dos(10283)
Reference: URL:http://www.iss.net/security_center/static/10283.php
Reference: BID:5678
Reference: URL:http://www.securityfocus.com/bid/5678
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and
Oracle 8i 8.1.x, allows remote attackers to cause a denial of service
(hang or crash) via a SERVICE_CURLOAD command.
Modifications:
20040804 ADDREF BID:5678
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1118 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Baker, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1119
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1119
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20020909
Category: SF
Reference: MISC:http://mail.python.org/pipermail/python-dev/2002-August/027229.html
Reference: DEBIAN:DSA-159
Reference: URL:http://www.debian.org/security/2002/dsa-159
Reference: CONECTIVA:CLA-2002:527
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000527
Reference: CALDERA:CSSA-2002-045.0
Reference: MANDRAKE:MDKSA-2002:082
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-082.php
Reference: REDHAT:RHSA-2002:202
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-202.html
Reference: REDHAT:RHSA-2003:048
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-048.html
Reference: BUGTRAQ:20030123 [OpenPKG-SA-2003.006] OpenPKG Security Advisory (python)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104333092200589&w=2
Reference: XF:python-execvpe-tmpfile-symlink(10009)
Reference: URL:http://www.iss.net/security_center/static/10009.php
Reference: BID:5581
Reference: URL:http://www.securityfocus.com/bid/5581
os._execvpe from os.py in Python 2.2.1 and earlier creates temporary
files with predictable names, which could allow local users to execute
arbitrary code via a symlink attack.
Modifications:
20040804 ADDREF REDHAT:RHSA-2003:048
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1119 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
MODIFY(1) Cox
Voter Comments:
Cox> Addref: RHSA-2003:048
======================================================
Candidate: CAN-2002-1122
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1122
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20020911
Category: SF
Reference: VULNWATCH:20020918 Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS Scanner
Reference: ISS:20020918 Flaw in Internet Scanner Parsing Mechanism
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21165
Reference: XF:is-http-response-bo(10130)
Reference: URL:http://www.iss.net/security_center/static/10130.php
Reference: BID:5738
Reference: URL:http://www.securityfocus.com/bid/5738
Reference: OSVDB:3150
Reference: URL:http://www.osvdb.org/3150
Buffer overflow in the parsing mechanism for ISS Internet Scanner
6.2.1, when using the license banner HTTP check, allows remote
attackers to execute arbitrary code via a long web server response.
Modifications:
20040818 ADDREF OSVDB:3150
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1122 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1123
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1123
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20020911
Category: SF
Reference: BUGTRAQ:20020806 SPIKE 2.5 and associated vulns
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865925419469&w=2
Reference: BUGTRAQ:20020807 MS SQL Server Hello Overflow NASL script
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102873609025020&w=2
Reference: MS:MS02-056
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp
Reference: BID:5411
Reference: URL:http://online.securityfocus.com/bid/5411
Reference: XF:mssql-preauth-bo(9788)
Reference: URL:http://www.iss.net/security_center/static/9788.php
Buffer overflow in the authentication function for Microsoft SQL
Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote
attackers to execute arbitrary code via a long request to TCP port
1433, aka the "Hello" overflow.
Modifications:
20040804 [refs] delete extra XF:mssql-preauth-bo(9788)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1123 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1126
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1126
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20020917
Category: SF
Reference: BUGTRAQ:20020911 Privacy leak in mozilla
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103176760004720&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=145579
Reference: REDHAT:RHSA-2002:192
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html
Reference: REDHAT:RHSA-2003:046
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-046.html
Reference: MANDRAKE:MDKSA-2002:075
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075
Reference: XF:mozilla-onunload-url-leak(10084)
Reference: URL:http://www.iss.net/security_center/static/10084.php
Reference: BID:5694
Reference: URL:http://www.securityfocus.com/bid/5694
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape
and Galeon, set the document referrer too quickly in certain
situations when a new page is being loaded, which allows web pages to
determine the next page that is being visited, including manually
entered URLs, using the onunload handler.
Modifications:
20040804 ADDREF REDHAT:RHSA-2003:046
Analysis
--------
Vendor Acknowledgement: yes patch
INFERRED ACTION: CAN-2002-1126 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
MODIFY(1) Cox
Voter Comments:
Cox> Addref: RHSA-2003:046
======================================================
Candidate: CAN-2002-1132
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1132
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20020920
Category: SF
Reference: BUGTRAQ:20020919 Squirrel Mail 1.2.7 XSS Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
Reference: REDHAT:RHSA-2002:204
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-204.html
Reference: DEBIAN:DSA-191
Reference: URL:http://www.debian.org/security/2002/dsa-191
Reference: XF:squirrelmail-options-path-disclosure(10345)
Reference: URL:http://www.iss.net/security_center/static/10345.php
SquirrelMail 1.2.7 and earlier allows remote attackers to determine
the absolute pathname of the options.php script via a malformed
optpage file argument, which generates an error message when the file
cannot be included in the script.
Modifications:
20040804 [desc] remove "and possibly later versions"
Analysis
--------
Vendor Acknowledgement: yes followup
INFERRED ACTION: CAN-2002-1132 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
MODIFY(1) Cox
Voter Comments:
Cox> We have verified through source code inspection that the issue
mentioned in CAN-2002-1132 was fixed in upstream Squirrelmail 1.2.8
======================================================
Candidate: CAN-2002-1135
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1135
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: BUGTRAQ:20020922 PHP source injection in phpWebSite
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103279980906880&w=2
Reference: CONFIRM:http://phpwebsite.appstate.edu/article.php?sid=400
Reference: XF:phpwebsite-modsecurity-file-include(10164)
Reference: URL:http://www.iss.net/security_center/static/10164.php
Reference: BID:5779
Reference: URL:http://www.securityfocus.com/bid/5779
Reference: OSVDB:3848
Reference: URL:http://www.osvdb.org/3848
modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier,
allows remote attackers to execute arbitrary PHP source code via an
inc_prefix parameter that points to the malicious code.
Modifications:
20040818 ADDREF OSVDB:3848
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1135 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1137
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1137
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: MISC:http://www.scan-associates.net/papers/foxpro.txt
Reference: MS:MS02-056
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp
Reference: XF:mssql-dbcc-bo-variant(10255)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10255
Reference: BID:5877
Reference: URL:http://www.securityfocus.com/bid/5877
Buffer overflow in the Database Console Command (DBCC) that handles
user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft
Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000,
allows attackers to execute arbitrary code via a long SourceDB
argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of
CAN-2002-0644.
Modifications:
20040804 ADDREF XF:mssql-dbcc-bo-variant(10255)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1137 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1138
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1138
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: MS:MS02-056
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp
Reference: XF:mssql-agent-create-files(10257)
Reference: URL:http://www.iss.net/security_center/static/10257.php
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine
(MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output
files for scheduled jobs under its own privileges instead of the
entity that launched it, which allows attackers to overwrite system
files, aka "Flaw in Output File Handling for Scheduled Jobs."
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1138 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1139
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1139
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: MS:MS02-054
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-054.asp
Reference: XF:win-zip-incorrect-path(10252)
Reference: URL:http://www.iss.net/security_center/static/10252.php
Reference: BID:5876
Reference: URL:http://www.securityfocus.com/bid/5876
The Compressed Folders feature in Microsoft Windows 98 with Plus!
Pack, Windows Me, and Windows XP does not properly check the
destination folder during the decompression of ZIP files, which allows
attackers to place an executable file in a known location on a user's
system, aka "Incorrect Target Path for Zipped File Decompression."
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1139 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1140
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1140
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: MS:MS02-057
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-057.asp
Reference: XF:sfu-rpc-parameter-bo(10258)
Reference: URL:http://www.iss.net/security_center/static/10258.php
Reference: BID:5879
Reference: URL:http://www.securityfocus.com/bid/5879
The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as
implemented on Microsoft Windows NT4, 2000, and XP, allows remote
attackers to cause a denial of service (service hang) via malformed
packet fragments, aka "Improper parameter size check leading to denial
of service."
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1140 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1141
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1141
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: MS:MS02-057
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-057.asp
Reference: XF:sfu-invalid-rpc-dos(10259)
Reference: URL:http://www.iss.net/security_center/static/10259.php
Reference: BID:5880
Reference: URL:http://www.securityfocus.com/bid/5880
An input validation error in the Sun Microsystems RPC library Services
for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4,
2000, and XP, allows remote attackers to cause a denial of service via
malformed fragmented RPC client packets, aka "Denial of service by
sending an invalid RPC request."
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1141 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1142
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1142
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: MS:MS02-065
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-065.asp
Reference: VULNWATCH:20021120 Foundstone Advisory
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html
Reference: MISC:http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337
Reference: CERT:CA-2002-33
Reference: URL:http://www.cert.org/advisories/CA-2002-33.html
Reference: CERT-VN:VU#542081
Reference: URL:http://www.kb.cert.org/vuls/id/542081
Reference: XF:mdac-rds-server-bo(10659)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10659
Reference: BID:6214
Reference: URL:http://www.securityfocus.com/bid/6214
Heap-based buffer overflow in the Remote Data Services (RDS) component
of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and
Internet Explorer 5.01 through 6.0, allows remote attackers to execute
code via a malformed HTTP request to the Data Stub.
Modifications:
20040804 ADDREF VULNWATCH:20021120 Foundstone Advisory
20040804 ADDREF MISC:http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337
20040804 ADDREF CERT:CA-2002-33
20040804 ADDREF CERT-VN:VU#542081
20040804 ADDREF XF:mdac-rds-server-bo(10659)
20040804 ADDREF BID:6214
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1142 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(2) Christey, Cox
Voter Comments:
Christey> VULNWATCH:20021120 Foundstone Advisory
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html
MISC:http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337
CERT:CA-2002-33
URL:http://www.cert.org/advisories/CA-2002-33.html
CERT-VN:VU#542081
URL:http://www.kb.cert.org/vuls/id/542081
XF:mdac-rds-server-bo(10659)
URL:http://xforce.iss.net/xforce/xfdb/10659
BID:6214
URL:http://www.securityfocus.com/bid/6214
======================================================
Candidate: CAN-2002-1146
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1146
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:42
Reference: MANDRAKE:MDKSA-2004:009
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:009
Reference: NETBSD:NetBSD-SA2002-015
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-015.txt.asc
Reference: REDHAT:RHSA-2002:197
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-197.html
Reference: REDHAT:RHSA-2002:258
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-258.html
Reference: REDHAT:RHSA-2003:022
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-022.html
Reference: REDHAT:RHSA-2003:212
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-212.html
Reference: CERT-VN:VU#738331
Reference: URL:http://www.kb.cert.org/vuls/id/738331
Reference: XF:dns-resolver-lib-read-bo(10295)
Reference: URL:http://www.iss.net/security_center/static/10295.php
Reference: CONECTIVA:CLA-2002:535
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries
such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum
buffer size instead of the actual size when processing a DNS response,
which causes the stub resolvers to read past the actual boundary
("read buffer overflow"), allowing remote attackers to cause a denial
of service (crash).
Modifications:
20040804 ADDREF REDHAT:RHSA-2003:022
20040804 ADDREF REDHAT:RHSA-2002:258
20040804 ADDREF MANDRAKE:MDKSA-2004:009
20040818 ADDREF REDHAT:RHSA-2003:212
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1146 ACCEPT (5 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Frech, Wall, Cole
MODIFY(1) Cox
NOOP(1) Christey
Voter Comments:
Cox> Addref: RHSA-2003:022
Addref: RHSA-2002:258
Christey> MANDRAKE:MDKSA-2004:009
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:009
======================================================
Candidate: CAN-2002-1147
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1147
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020924
Category: SF
Reference: MISC:http://www.tech-serve.com/research/advisories/2002/a092302-1.txt
Reference: BUGTRAQ:20020924 HP Procurve 4000M Stacked Switch HTTP Reset Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103287951910420&w=2
Reference: HP:HPSBUX0209-219
Reference: URL:http://online.securityfocus.com/advisories/4501
Reference: BID:5784
Reference: URL:http://www.securityfocus.com/bid/5784
Reference: XF:hp-procurve-http-reset-dos(10172)
Reference: URL:http://www.iss.net/security_center/static/10172.php
The HTTP administration interface for HP Procurve 4000M Switch
firmware before C.09.16, with stacking features and remote
administration enabled, does not authenticate requests to reset the
device, which allows remote attackers to cause a denial of service via
a direct request to the device_reset CGI program.
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2002-1147 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(2) Cole, Armstrong
NOOP(1) Cox
REVIEWING(1) Green
======================================================
Candidate: CAN-2002-1148
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1148
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20020924
Category: SF
Reference: BUGTRAQ:20020924 JSP source code exposure in Tomcat 4.x
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103288242014253&w=2
Reference: DEBIAN:DSA-170
Reference: URL:http://www.debian.org/security/2002/dsa-170
Reference: HP:HPSBUX0212-229
Reference: URL:http://online.securityfocus.com/advisories/4758
Reference: REDHAT:RHSA-2002:217
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-217.html
Reference: REDHAT:RHSA-2002:218
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-218.html
Reference: BID:5786
Reference: URL:http://www.securityfocus.com/bid/5786
Reference: XF:tomcat-servlet-source-code(10175)
Reference: URL:http://www.iss.net/security_center/static/10175.php
The default servlet (org.apache.catalina.servlets.DefaultServlet) in
Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read
source code for server files via a direct request to the servlet.
Modifications:
20040804 ADDREF REDHAT:RHSA-2002:217
20040804 ADDREF REDHAT:RHSA-2002:218
Analysis
--------
Vendor Acknowledgement: unknown vague
ACCURACY: The "DSA-169" number was inadvertently published for two
separate issues. Debian confirmed via email that DSA-169 is intended
for the htcheck issue (CAN-2002-1195), and DSA-170 is intended for the
Tomcat issue (CAN-2002-1148).
INFERRED ACTION: CAN-2002-1148 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Armstrong
MODIFY(1) Cox
NOOP(2) Christey, Cole
Voter Comments:
Christey> DEBIAN:DSA-170
Note: DSA-170 was originally published with the DSA-169 ID,
but DSA-169 is really ht://Check, and DSA-170 is really
tomcat, as confirmed by Debian via email. The online advisories
at www.debian.org are authoritative.
Cox> Addref: RHSA-2002:218
Addref: RHSA-2002:217
======================================================
Candidate: CAN-2002-1151
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1151
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20020924
Category: SF
Reference: BUGTRAQ:20020910 KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103175850925395&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020908-2.txt
Reference: CALDERA:CSSA-2002-047.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt
Reference: CONECTIVA:CLA-2002:525
Reference: DEBIAN:DSA-167
Reference: URL:http://www.debian.org/security/2002/dsa-167
Reference: MANDRAKE:MDKSA-2002:064
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-064.php
Reference: REDHAT:RHSA-2002:220
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html
Reference: REDHAT:RHSA-2002:221
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-221.html
Reference: BID:5689
Reference: URL:http://online.securityfocus.com/bid/5689
Reference: XF:ie-sameoriginpolicy-bypass(10039)
Reference: URL:http://www.iss.net/security_center/static/10039.php
Reference: OSVDB:7867
Reference: URL:http://www.osvdb.org/7867
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0
through 3.0.3 does not properly initialize the domains on sub-frames
and sub-iframes, which can allow remote attackers to execute script
and steal cookies from subframes that are in other domains.
Modifications:
20040804 ADDREF REDHAT:RHSA-2002:221
20040818 ADDREF OSVDB:7867
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1151 ACCEPT (4 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
MODIFY(1) Cox
Voter Comments:
Cox> Addref: RHSA-2002:221
======================================================
Candidate: CAN-2002-1152
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1152
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020924
Category: SF
Reference: BUGTRAQ:20020910 KDE Security Advisory: Secure Cookie Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103175827225044&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020908-1.txt
Reference: REDHAT:RHSA-2002:220
Reference: XF:kde-konqueror-cookie-hijacking(10083)
Reference: URL:http://www.iss.net/security_center/static/10083.php
Reference: BID:5691
Reference: URL:http://www.securityfocus.com/bid/5691
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the
"secure" flag in an HTTP cookie, which could cause Konqueror to send
the cookie across an unencrypted channel, which could allow remote
attackers to steal the cookie via sniffing.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1152 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Cox, Cole, Armstrong
======================================================
Candidate: CAN-2002-1153
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1153
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20020924
Category: SF
Reference: BUGTRAQ:20020919 KPMG-2002035: IBM Websphere Large Header DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103244572803950&w=2
Reference: CONFIRM:ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/pq62144/readme.txt
Reference: XF:websphere-host-header-bo(10140)
Reference: URL:http://www.iss.net/security_center/static/10140.php
Reference: BID:5749
Reference: URL:http://www.securityfocus.com/bid/5749
Reference: OSVDB:2092
Reference: URL:http://www.osvdb.org/2092
IBM Websphere 4.0.3 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via an HTTP
request with long HTTP headers, such as "Host".
Modifications:
20040818 ADDREF OSVDB:2092
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2002-1153 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Cox
REVIEWING(1) Wall
======================================================
Candidate: CAN-2002-1154
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1154
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20020925
Category: SF
Reference: CONFIRM:http://www.analog.cx/security5.html
Reference: REDHAT:RHSA-2002:059
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-059.html
Reference: XF:analog-anlgform-dos(10344)
Reference: URL:http://www.iss.net/security_center/static/10344.php
Reference: OSVDB:3779
Reference: URL:http://www.osvdb.org/3779
anlgform.pl in Analog before 5.23 does not restrict access to the
PROGRESSFREQ progress update command, which allows remote attackers to
cause a denial of service (disk consumption) by using the command to
report updates more frequently and fill the web server error log.
Modifications:
20040818 ADDREF REDHAT:RHSA-2002:059
20040818 ADDREF OSVDB:3779
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1154 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1156
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1156
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20020926
Category: SF
Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04
Reference: CONFIRM:http://www.apache.org/dist/httpd/CHANGES_2.0
Reference: HP:HPSBUX0210-224
Reference: URL:http://online.securityfocus.com/advisories/4617
Reference: CERT-VN:VU#910713
Reference: URL:http://www.kb.cert.org/vuls/id/910713
Reference: BID:6065
Reference: URL:http://online.securityfocus.com/bid/6065
Reference: XF:apache-webdav-cgi-source(10499)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10499
Apache 2.0.42 allows remote attackers to view the source code of a CGI
script via a POST request to a directory with both WebDAV and CGI
enabled.
Modifications:
20040804 ADDREF XF:apache-webdav-cgi-source(10499)
Analysis
--------
Vendor Acknowledgement: yes advisory
ACKNOWLEDGEMENT: The change log for 2.0.43 includes the item:
"SECURITY: Allow POST requests and CGI scripts to work when DAV is
enabled on the location."
INFERRED ACTION: CAN-2002-1156 ACCEPT (5 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Cox, Wall, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:apache-webdav-cgi-source(10499)
======================================================
Candidate: CAN-2002-1157
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1157
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20020926
Category: SF
Reference: CONECTIVA:CLA-2002:541
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541
Reference: DEBIAN:DSA-181
Reference: URL:http://www.debian.org/security/2002/dsa-181
Reference: ENGARDE:ESA-20021029-027
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2512.html
Reference: MANDRAKE:MDKSA-2002:072
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php
Reference: REDHAT:RHSA-2002:222
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-222.html
Reference: REDHAT:RHSA-2002:243
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html
Reference: REDHAT:RHSA-2002:244
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html
Reference: REDHAT:RHSA-2002:248
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html
Reference: REDHAT:RHSA-2002:251
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-251.html
Reference: REDHAT:RHSA-2003:106
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-106.html
Reference: BUGTRAQ:20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache)
Reference: URL:http://online.securityfocus.com/archive/1/296753
Reference: BUGTRAQ:20021026 GLSA: mod_ssl
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html
Reference: BID:6029
Reference: URL:http://www.securityfocus.com/bid/6029
Reference: XF:apache-modssl-host-xss(10457)
Reference: URL:http://www.iss.net/security_center/static/10457.php
Reference: OSVDB:2107
Reference: URL:http://www.osvdb.org/2107
Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9
and earlier, when UseCanonicalName is off and wildcard DNS is enabled,
allows remote attackers to execute script as other web site visitors,
via the server name in an HTTPS response on the SSL port, which is
used in a self-referencing URL, a different vulnerability than
CAN-2002-0840.
Modifications:
20040804 ADDREF REDHAT:RHSA-2002:248
20040804 ADDREF REDHAT:RHSA-2002:251
20040804 ADDREF REDHAT:RHSA-2002:222
20040804 ADDREF REDHAT:RHSA-2002:243
20040804 ADDREF REDHAT:RHSA-2002:244
20040818 ADDREF REDHAT:RHSA-2003:106
20040818 ADDREF OSVDB:2107
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1157 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
MODIFY(1) Cox
Voter Comments:
Cox> Addref: RHSA-2002:251
Addref: RHSA-2002:248
Addref: RHSA-2002:244
Addref: RHSA-2002:243
Addref: RHSA-2002:222
======================================================
Candidate: CAN-2002-1158
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1158
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20020926
Category: SF
Reference: CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt
Reference: DEBIAN:DSA-224
Reference: URL:http://www.debian.org/security/2003/dsa-224
Reference: REDHAT:RHSA-2002:246
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-246.html
Reference: REDHAT:RHSA-2002:261
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-261.html
Reference: REDHAT:RHSA-2003:115
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-115.html
Reference: BUGTRAQ:20021220 GLSA: canna
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104041812206344&w=2
Reference: BID:6351
Reference: URL:http://www.securityfocus.com/bid/6351
Reference: XF:canna-irwthrough-bo(10831)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10831
Buffer overflow in the irw_through function for Canna 3.5b2 and
earlier allows local users to execute arbitrary code as the bin user.
Modifications:
20040804 ADDREF REDHAT:RHSA-2002:261
20040804 ADDREF BID:6351
20040804 ADDREF XF:canna-irwthrough-bo(10831)
20040804 ADDREF DEBIAN:DSA-224
20040804 ADDREF BUGTRAQ:20021220 GLSA: canna
20040804 ADDREF CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt
20040804 [desc] add "irw_through"
20040818 ADDREF REDHAT:RHSA-2003:115
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1158 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Cole
MODIFY(1) Cox
Voter Comments:
Cox> Addref: RHSA-2002:261
======================================================
Candidate: CAN-2002-1159
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1159
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20020926
Category: SF
Reference: DEBIAN:DSA-224
Reference: URL:http://www.debian.org/security/2003/dsa-224
Reference: REDHAT:RHSA-2002:246
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-246.html
Reference: REDHAT:RHSA-2002:261
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-261.html
Reference: REDHAT:RHSA-2003:115
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-115.html
Reference: CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt
Reference: BID:6354
Reference: URL:http://www.securityfocus.com/bid/6354
Reference: XF:canna-improper-request-validation(10832)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10832
Canna 3.6 and earlier does not properly validate requests, which
allows remote attackers to cause a denial of service or information
leak.
Modifications:
20040804 ADDREF REDHAT:RHSA-2002:261
20040804 ADDREF CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt
20040804 ADDREF DEBIAN:DSA-224
20040804 ADDREF BID:6354
20040804 ADDREF XF:canna-improper-request-validation(10832)
20040818 ADDREF REDHAT:RHSA-2003:115
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1159 ACCEPT_ACK (2 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(1) Baker
MODIFY(1) Cox
NOOP(1) Cole
Voter Comments:
Cox> Addref: RHSA-2002:261
======================================================
Candidate: CAN-2002-1160
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1160
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20020926
Category: CF
Reference: BUGTRAQ:20021214 BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104431622818954&w=2
Reference: CONECTIVA:CLA-2003:693
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693
Reference: MANDRAKE:MDKSA-2003:017
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:017
Reference: REDHAT:RHSA-2003:028
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-028.html
Reference: REDHAT:RHSA-2003:035
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-035.html
Reference: SUNALERT:55760
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55760
Reference: CERT-VN:VU#911505
Reference: URL:http://www.kb.cert.org/vuls/id/911505
Reference: BID:6753
Reference: URL:http://www.securityfocus.com/bid/6753
Reference: XF:linux-pamxauth-gain-privileges(11254)
Reference: URL:http://www.iss.net/security_center/static/11254.php
The default configuration of the pam_xauth module forwards
MIT-Magic-Cookies to new X sessions, which could allow local users to
gain root privileges by stealing the cookies from a temporary .xauth
file, which is created with the original user's credentials after root
uses su.
Modifications:
20040804 ADDREF CONECTIVA:CLA-2003:693
20040804 ADDREF CERT-VN:VU#911505
20040804 ADDREF SUNALERT:55760
20040818 ADDREF REDHAT:RHSA-2003:028
Analysis
--------
Vendor Acknowledgement: yes advisory
ACCURACY: while the post from Andreas Beck appears to be dated
December 14, 2002, it was not actually published until February 3,
2002, as reflected in the Vendor Response section.
INFERRED ACTION: CAN-2002-1160 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Cox
NOOP(2) Christey, Cole
Voter Comments:
Green> CLEARLY ACKNOWLEDGED IN THE MANDRAKE SUPPORT ADVISORY
Christey> CONECTIVA:CLA-2003:693
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693
======================================================
Candidate: CAN-2002-1169
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1169
Final-Decision:
Interim-Decision: 20040825
Modified: 20040820
Proposed: 20030317
Assigned: 20020927
Category: SF
Reference: MISC:http://www.rapid7.com/advisories/R7-0007.txt
Reference: VULNWATCH:20021023 R7-0007: IBM WebSphere Edge Server Caching Proxy Denial of Service
Reference: AIXAPAR:IY35970
Reference: BID:6002
Reference: URL:http://online.securityfocus.com/bid/6002
Reference: XF:ibm-wte-helpout-dos(10452)
Reference: URL:http://www.iss.net/security_center/static/10452.php
Reference: OSVDB:2090
Reference: URL:http://www.osvdb.org/2090
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before
4.0.1.26 allows remote attackers to cause a denial of service (crash)
via an HTTP request to helpout.exe with a missing HTTP version number,
which causes ibmproxy.exe to crash.
Modifications:
20040818 ADDREF OSVDB:2090
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1169 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Armstrong
NOOP(2) Cox, Cole
Voter Comments:
Green> PATCH RELEASED BY VENDOR
======================================================
Candidate: CAN-2002-1170
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1170
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20020930
Category: SF
Reference: BUGTRAQ:20021002 iDEFENSE Security Advisory 10.02.2002: Net-SNMP DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359362020365&w=2
Reference: BUGTRAQ:20021014 GLSA: net-snmp
Reference: MISC:http://www.idefense.com/advisory/10.02.02.txt
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=216532
Reference: REDHAT:RHSA-2002:228
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-228.html
The handle_var_requests function in snmp_agent.c for the SNMP daemon
in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows
remote attackers to cause a denial of service (crash) via a NULL
dereference.
Analysis
--------
Vendor Acknowledgement: unknown
ACCURACY: While the initial iDEFENSE report said that 5.0.5 was fixed,
a followup consultation with the developer indicated that the fix was
incorrect, and 5.0.6 is the first fixed version.
INFERRED ACTION: CAN-2002-1170 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Cox, Cole, Armstrong
======================================================
Candidate: CAN-2002-1178
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1178
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021003
Category: SF
Reference: BUGTRAQ:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103358725813039&w=2
Reference: VULNWATCH:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution
Reference: MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt
Reference: CONFIRM:http://groups.yahoo.com/group/jetty-announce/message/45
Reference: XF:jetty-cgiservlet-directory-traversal(10246)
Reference: URL:http://www.iss.net/security_center/static/10246.php
Reference: BID:5852
Reference: URL:http://www.securityfocus.com/bid/5852
Directory traversal vulnerability in the CGIServlet for Jetty HTTP
server before 4.1.0 allows remote attackers to execute arbitrary
commands via ..\ (dot-dot backslash) sequences in an HTTP request to
the cgi-bin directory.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1178 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1179
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1179
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: NTBUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103429637822920&w=2
Reference: NTBUGTRAQ:20021010 Re: Problems applying MS02-058
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103429681123297&w=2
Reference: BUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103435413105661&w=2
Reference: MS:MS02-058
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-058.asp
Reference: XF:outlook-smime-bo(10338)
Reference: URL:http://www.iss.net/security_center/static/10338.php
Reference: BID:5944
Reference: URL:http://www.securityfocus.com/bid/5944
Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook
Express 5.5 and 6.0 allows remote attackers to execute arbitrary code
via a digitally signed email with a long "From" address, which
triggers the overflow when the user views or previews the message.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1179 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1180
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1180
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: MS:MS02-062
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp
Reference: XF:iis-script-source-access-bypass(10504)
Reference: URL:http://www.iss.net/security_center/static/10504.php
Reference: BID:6071
Reference: URL:http://www.securityfocus.com/bid/6071
Reference: OVAL:OVAL931
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL931.html
A typographical error in the script source access permissions for
Internet Information Server (IIS) 5.0 does not properly exclude .COM
files, which allows attackers with only write permissions to upload
malicious .COM files, aka "Script Source Access Vulnerability."
Modifications:
20040804 ADDREF
20040824 ADDREF OVAL:OVAL931
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1180 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1182
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1182
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: VULNWATCH:20021031 Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0048.html
Reference: MS:MS02-062
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp
Reference: XF:iis-webdav-memory-allocation-dos(10503)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10503
Reference: BID:6070
Reference: URL:http://www.securityfocus.com/bid/6070
Reference: OVAL:OVAL1009
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1009.html
Reference: OVAL:OVAL1011
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1011.html
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service
(crash) via malformed WebDAV requests that cause a large amount of
memory to be assigned.
Modifications:
20040804 ADDREF XF:iis-webdav-memory-allocation-dos(10503)
20040804 ADDREF BID:6070
20040824 ADDREF OVAL:OVAL1009
20040824 ADDREF OVAL:OVAL1011
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1182 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1183
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1183
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: MS:MS02-050
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-050.asp
Reference: XF:ssl-ca-certificate-spoofing(9776)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9776
Reference: BID:5410
Reference: URL:http://www.securityfocus.com/bid/5410
Reference: OVAL:OVAL1059
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1059.html
Reference: OVAL:OVAL1455
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL1455.html
Reference: OVAL:OVAL2108
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL2108.html
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the
Basic Constraints of digital certificates, allowing remote attackers
to execute code, aka "New Variant of Certificate Validation Flaw Could
Enable Identity Spoofing" (CAN-2002-0862).
Modifications:
20040804 ADDREF XF:ssl-ca-certificate-spoofing(9776)
20040804 ADDREF BID:5410
20040824 ADDREF OVAL:OVAL1059
20040824 ADDREF OVAL:OVAL1455
20040824 ADDREF OVAL:OVAL2108
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1183 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1184
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1184
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021004
Category: CF
Reference: MS:MS02-064
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-064.asp
Reference: XF:win2k-partition-weak-permissions(9779)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9779
Reference: BID:5415
Reference: URL:http://www.securityfocus.com/bid/5415
The system root folder of Microsoft Windows 2000 has default
permissions of Everyone group with Full access (Everyone:F) and is in
the search path when locating programs during login or application
launch from the desktop, which could allow attackers to gain
privileges as other users via Trojan horse programs.
Modifications:
20040804 ADDREF XF:win2k-partition-weak-permissions(9779)
20040804 ADDREF BID:5415
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1184 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1185
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1185
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: VULNWATCH:20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html
Reference: BUGTRAQ:20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103970996205091&w=2
Reference: MS:MS02-066
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp
Reference: XF:ie-png-bo(10662)
Reference: URL:http://www.iss.net/security_center/static/10662.php
Reference: BID:6216
Reference: URL:http://online.securityfocus.com/bid/6216
Reference: OVAL:OVAL393
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL393.html
Reference: OVAL:OVAL542
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL542.html
Internet Explorer 5.01 through 6.0 does not properly check certain
parameters of a PNG file when opening it, which allows remote
attackers to cause a denial of service (crash) by triggering a
heap-based buffer overflow using invalid length codes during
decompression, aka "Malformed PNG Image File Failure."
Modifications:
20040824 ADDREF OVAL:OVAL393
20040824 ADDREF OVAL:OVAL542
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1185 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1186
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1186
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: BUGTRAQ:20020903 MSIEv6 % encoding causes a problem again
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html
Reference: MS:MS02-066
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp
Reference: XF:ie-sameoriginpolicy-bypass(10039)
Reference: URL:http://www.iss.net/security_center/static/10039.php
Reference: BID:5610
Reference: URL:http://online.securityfocus.com/bid/5610
Reference: OVAL:OVAL143
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL143.html
Reference: OVAL:OVAL471
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL471.html
Reference: OVAL:OVAL495
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL495.html
Internet Explorer 5.01 through 6.0 does not properly perform security
checks on certain encoded characters within a URL, which allows a
remote attacker to steal potentially sensitive information from a user
by redirecting the user to another site that has that information, aka
"Encoded Characters Information Disclosure."
Modifications:
20040824 ADDREF OVAL:OVAL143
20040824 ADDREF OVAL:OVAL471
20040824 ADDREF OVAL:OVAL495
Analysis
--------
Vendor Acknowledgement: yes advisory
ACCURACY: Microsoft confirmed via email that this item addresses the
specified Bugtraq post.
INFERRED ACTION: CAN-2002-1186 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1187
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1187
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: BUGTRAQ:20020909 Who framed Internet Explorer (GM#010-IE)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103158601431054&w=2
Reference: MS:MS02-066
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp
Reference: XF:ie-frame-script-execution (10066)
Reference: URL:http://www.iss.net/security_center/static/10066.php
Reference: BID:5672
Reference: URL:http://online.securityfocus.com/bid/5672
Reference: OSVDB:2998
Reference: URL:http://www.osvdb.org/2998
Reference: OVAL:OVAL203
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL203.html
Reference: OVAL:OVAL225
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL225.html
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01
through 6.0 allows remote attackers to read and execute files on the
local system via web pages using the <frame> or <iframe> element and
javascript, aka "Frames Cross Site Scripting," as demonstrated using
the PrivacyPolicy.dlg resource.
Modifications:
20040818 ADDREF OSVDB:2998
20040824 ADDREF OVAL:OVAL203
20040824 ADDREF OVAL:OVAL225
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1187 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1188
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1188
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: BUGTRAQ:20020912 LEVERAGING CROSS-PROTOCOL SCRIPTING IN MSIE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184415307193&w=2
Reference: MS:MS02-066
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp
Reference: BID:6217
Reference: URL:http://www.securityfocus.com/bid/6217
Reference: XF:ie-object-read-tif(10665)
Reference: URL:http://www.iss.net/security_center/static/10665.php
Reference: OVAL:OVAL444
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL444.html
Reference: OVAL:OVAL690
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL690.html
Internet Explorer 5.01 through 6.0 allows remote attackers to identify
the path to the Temporary Internet Files folder and obtain user
information such as cookies via certain uses of the OBJECT tag, which
are not subjected to the proper security checks, aka "Temporary
Internet Files folders Name Reading."
Modifications:
20040804 ADDREF BID:6217
20040824 ADDREF OVAL:OVAL444
20040824 ADDREF OVAL:OVAL690
Analysis
--------
Vendor Acknowledgement: yes advisory
ACCURACY: Microsoft confirmed via email that this item addresses the
specified Bugtraq post.
INFERRED ACTION: CAN-2002-1188 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1189
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1189
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: CISCO:20021004 Predefined Restriction Tables Allow Calls to International Operator
Reference: URL:http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml
Reference: XF:cisco-unity-insecure-configuration(10282)
Reference: URL:http://www.iss.net/security_center/static/10282.php
Reference: BID:5896
Reference: URL:http://www.securityfocus.com/bid/5896
The default configuration of Cisco Unity 2.x and 3.x does not block
international operator calls in the predefined restriction tables,
which could allow authenticated users to place international calls
using call forwarding.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1189 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Baker, Jones, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1193
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1193
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021008
Category: SF
Reference: DEBIAN:DSA-172
Reference: URL:http://www.debian.org/security/2002/dsa-172
Reference: XF:tkmail-tmp-file-symlink(10307)
Reference: URL:http://www.iss.net/security_center/static/10307.php
Reference: BID:5911
Reference: URL:http://www.securityfocus.com/bid/5911
tkmail before 4.0beta9-8.1 allows local users to create or overwrite
files as users via a symlink attack on temporary files.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1193 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1195
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1195
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021009
Category: SF
Reference: BUGTRAQ:20020912 ht://Check XSS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184269605160&w=2
Reference: DEBIAN:DSA-169
Reference: URL:http://www.debian.org/security/2002/dsa-169
Reference: XF:htcheck-server-header-xss(10089)
Reference: URL:http://www.iss.net/security_center/static/10089.php
Cross-site scripting vulnerability (XSS) in the PHP interface for
ht://Check 1.1 allows remote web servers to insert arbitrary HTML,
including script, via a web page.
Analysis
--------
Vendor Acknowledgement: yes advisory
ACCURACY: The "DSA-169" number was inadvertently published for two
separate issues. Debian confirmed via email that DSA-169 is intended
for the htcheck issue (CAN-2002-1195), and DSA-170 is intended for the
Tomcat issue (CAN-2002-1148).
INFERRED ACTION: CAN-2002-1195 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(2) Christey, Cox
Voter Comments:
Christey> DEBIAN:DSA-169
Note: DSA-170 was originally published with the DSA-169 ID,
but DSA-169 is really ht://Check, and DSA-170 is really
tomcat, as confirmed by Debian via email. The online advisories
at www.debian.org are authoritative.
======================================================
Candidate: CAN-2002-1196
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1196
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021009
Category: SF
Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12
Reference: DEBIAN:DSA-173
Reference: URL:http://www.debian.org/security/2002/dsa-173
Reference: BID:5843
Reference: URL:http://www.securityfocus.com/bid/5843
Reference: XF:bugzilla-usebuggroups-permissions-leak(10233)
Reference: URL:http://www.iss.net/security_center/static/10233.php
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before
2.16.1, when the "usebuggroups" feature is enabled and more than 47
groups are specified, does not properly calculate bit values for large
numbers, which grants extra permissions to users via known features of
Perl math that set multiple bits.
Modifications:
20040804 ADDREF BID:5843
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1196 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(2) Christey, Cox
Voter Comments:
Christey> ADDREF BID:5843
URL:http://www.securityfocus.com/bid/5843
======================================================
Candidate: CAN-2002-1197
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1197
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021009
Category: SF
Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=163024
Reference: XF:bugzilla-emailappend-command-injection(10234)
Reference: URL:http://www.iss.net/security_center/static/10234.php
bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x
before 2.16.1, allows remote attackers to execute arbitrary code via
shell metacharacters in a system call to processmail.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1197 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(3) Christey, Cox, Wall
Voter Comments:
Christey> Via email, Debian said that they are NOT vulnerable to this
issue, because the bug is in a "contrib" package and not
part of the core product.
======================================================
Candidate: CAN-2002-1198
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1198
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021009
Category: SF
Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=165221
Reference: XF:bugzilla-email-sql-injection(10235)
Reference: URL:http://www.iss.net/security_center/static/10235.php
Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes
from an email address during account creation, which allows remote
attackers to execute arbitrary SQL via a SQL injection attack.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1198 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(3) Christey, Cox, Wall
Voter Comments:
Christey> Via email, Debian said that they are NOT vulnerable to this
issue.
======================================================
Candidate: CAN-2002-1199
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1199
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021011
Category: SF
Reference: BUGTRAQ:20021010 Multiple vendor ypxfrd map handling vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103426842025029&w=2
Reference: CALDERA:CSSA-2002-SCO.40
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40
Reference: COMPAQ:SSRT2339
Reference: SUNALERT:47903
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47903
Reference: CERT-VN:VU#538033
Reference: URL:http://www.kb.cert.org/vuls/id/538033
Reference: XF:ypxfrd-file-disclosure(10329)
Reference: URL:http://www.iss.net/security_center/static/10329.php
Reference: BID:5937
Reference: URL:http://www.securityfocus.com/bid/5937
The getdbm procedure in ypxfrd allows local users to read arbitrary
files, and remote attackers to read databases outside /var/yp, via a
directory traversal and symlink attack on the domain and map
arguments.
Modifications:
20040804 [refs] normalize SUNALERT ref
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1199 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Frech, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1200
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1200
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021011
Category: SF
Reference: CONFIRM:http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt
Reference: BUGTRAQ:20021010 syslog-ng buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103426595021928&w=2
Reference: DEBIAN:DSA-175
Reference: URL:http://www.debian.org/security/2002/dsa-175
Reference: ENGARDE:ESA-20021016-025
Reference: ENGARDE:ESA-20021029-028
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2513.html
Reference: CONECTIVA:CLA-2002:547
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000547
Reference: SUSE:SuSE-SA:2002:039
Reference: URL:http://www.suse.com/de/security/2002_039_syslog_ng.html
Reference: BID:5934
Reference: URL:http://www.securityfocus.com/bid/5934
Reference: XF:syslogng-macro-expansion-bo(10339)
Reference: URL:http://www.iss.net/security_center/static/10339.php
Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when
using template filenames or output, does not properly track the size
of a buffer when constant characters are encountered during macro
expansion, which allows remote attackers to cause a denial of service
and possibly execute arbitrary code.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1200 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1211
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1211
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021014
Category: SF
Reference: MISC:http://www.idefense.com/advisory/10.31.02b.txt
Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616306403031&w=2
Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0050.html
Reference: XF:prometheus-php-file-include(10515)
Reference: URL:http://www.iss.net/security_center/static/10515.php
Reference: BID:6087
Reference: URL:http://www.securityfocus.com/bid/6087
Prometheus 6.0 and earlier allows remote attackers to execute
arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points
to code stored on a remote server, which is then used in (1)
index.php, (2) install.php, or (3) various test_*.php scripts.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1211 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1214
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1214
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021014
Category: SF
Reference: BUGTRAQ:20020926 Microsoft PPTP Server and Client remote vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/293146
Reference: MS:MS02-063
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-063.asp
Reference: XF:win-pptp-packet-bo (10199)
Reference: URL:http://www.iss.net/security_center/static/10199.php
Reference: BID:5807
Reference: URL:http://online.securityfocus.com/bid/5807
Buffer overflow in Microsoft PPTP Service on Windows XP and Windows
2000 allows remote attackers to cause a denial of service (hang) and
possibly execute arbitrary code via a certain PPTP packet with
malformed control data.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1214 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
Voter Comments:
Green> ACKNOWLEDGED IN http://www.microsoft.com/technet/security/bulletin/ms02-063.asp
======================================================
Candidate: CAN-2002-1219
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021016
Category: SF
Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2
Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html
Reference: CERT:CA-2002-31
Reference: URL:http://www.cert.org/advisories/CA-2002-31.html
Reference: CERT-VN:VU#852283
Reference: URL:http://www.kb.cert.org/vuls/id/852283
Reference: FREEBSD:FreeBSD-SA-02:43
Reference: ENGARDE:ESA-20021114-029
Reference: SUSE:SuSE-SA:2002:044
Reference: MANDRAKE:MDKSA-2002:077
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
Reference: DEBIAN:DSA-196
Reference: URL:http://www.debian.org/security/2002/dsa-196
Reference: CONECTIVA:CLA-2002:546
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546
Reference: CALDERA:CSSA-2003-SCO.2
Reference: CIAC:N-013
Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml
Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
Reference: URL:http://online.securityfocus.com/archive/1/300019
Reference: COMPAQ:SSRT2408
Reference: URL:http://online.securityfocus.com/advisories/4999
Reference: SGI:20021201-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P
Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818
Reference: BID:6160
Reference: URL:http://www.securityfocus.com/bid/6160
Reference: XF:bind-sig-rr-bo(10304)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10304
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8
versions 8.3.3 and earlier, allows remote attackers to execute
arbitrary code via a certain DNS server response containing SIG
resource records (RR).
Modifications:
20040804 ADDREF XF:bind-sig-rr-bo(10304)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1219 ACCEPT (4 accept, 11 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Cox, Wall, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:bind-sig-rr-bo(10304)
======================================================
Candidate: CAN-2002-1220
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1220
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021016
Category: SF
Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2
Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html
Reference: CERT:CA-2002-31
Reference: URL:http://www.cert.org/advisories/CA-2002-31.html
Reference: CERT-VN:VU#229595
Reference: URL:http://www.kb.cert.org/vuls/id/229595
Reference: FREEBSD:FreeBSD-SA-02:43
Reference: ENGARDE:ESA-20021114-029
Reference: SUSE:SuSE-SA:2002:044
Reference: MANDRAKE:MDKSA-2002:077
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
Reference: DEBIAN:DSA-196
Reference: URL:http://www.debian.org/security/2002/dsa-196
Reference: CALDERA:CSSA-2003-SCO.2
Reference: CIAC:N-013
Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml
Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
Reference: URL:http://online.securityfocus.com/archive/1/300019
Reference: COMPAQ:SSRT2408
Reference: URL:http://online.securityfocus.com/advisories/4999
Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2
Reference: XF:bind-opt-rr-dos(10332)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10332
Reference: BID:6161
Reference: URL:http://www.securityfocus.com/bid/6161
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of
service (termination due to assertion failure) via a request for a
subdomain that does not exist, with an OPT resource record with a
large UDP payload size.
Modifications:
20040804 ADDREF XF:bind-opt-rr-dos(10332)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1220 ACCEPT (4 accept, 10 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Cox, Wall, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:bind-opt-rr-dos(10332)
======================================================
Candidate: CAN-2002-1221
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021016
Category: SF
Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2
Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html
Reference: CERT:CA-2002-31
Reference: URL:http://www.cert.org/advisories/CA-2002-31.html
Reference: CERT-VN:VU#581682
Reference: URL:http://www.kb.cert.org/vuls/id/581682
Reference: FREEBSD:FreeBSD-SA-02:43
Reference: ENGARDE:ESA-20021114-029
Reference: SUSE:SuSE-SA:2002:044
Reference: MANDRAKE:MDKSA-2002:077
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
Reference: DEBIAN:DSA-196
Reference: URL:http://www.debian.org/security/2002/dsa-196
Reference: CONECTIVA:CLA-2002:546
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546
Reference: CALDERA:CSSA-2003-SCO.2
Reference: CIAC:N-013
Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml
Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
Reference: URL:http://online.securityfocus.com/archive/1/300019
Reference: COMPAQ:SSRT2408
Reference: URL:http://online.securityfocus.com/advisories/4999
Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2
Reference: XF:bind-null-dereference-dos(10333)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10333
Reference: BID:6159
Reference: URL:http://www.securityfocus.com/bid/6159
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of
service (crash) via SIG RR elements with invalid expiry times, which
are removed from the internal BIND database and later cause a null
dereference.
Modifications:
20040804 ADDREF XF:bind-null-dereference-dos(10333)
20040804 ADDREF BID:6159
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1221 ACCEPT (4 accept, 10 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Cox, Wall, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:bind-null-dereference-dos(10333)
======================================================
Candidate: CAN-2002-1222
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1222
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021017
Category: SF
Reference: CISCO:20021016 Cisco CatOS Embedded HTTP Server Buffer Overflow
Reference: URL:http://www.cisco.com/warp/public/707/catos-http-overflow-vuln.shtml
Reference: XF:cisco-catalyst-ciscoview-bo(10382)
Reference: URL:http://www.iss.net/security_center/static/10382.php
Reference: BID:5976
Reference: URL:http://www.securityfocus.com/bid/5976
Buffer overflow in the embedded HTTP server for Cisco Catalyst
switches running CatOS 5.4 through 7.3 allows remote attackers to
cause a denial of service (reset) via a long HTTP request.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1222 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Baker, Jones, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1223
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1223
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021017
Category: SF
Reference: BUGTRAQ:20021009 KDE Security Advisory: KGhostview Arbitary Code Execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0163.html
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-1.txt
Reference: REDHAT:RHSA-2002:220
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html
Reference: MANDRAKE:MDKSA-2002:071
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:071
Reference: XF:gsview-dsc-ps-bo(11319)
Reference: URL:http://www.iss.net/security_center/static/11319.php
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView
in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of
service or execute arbitrary code via a modified .ps (PostScript)
input file.
Analysis
--------
Vendor Acknowledgement: yes advisory
ABSTRACTION: CAN-2002-0838 and CAN-2002-1223 are different overflows
that stem from different packages. The KDE security advisory makes
this clear. Therefore CD:SF-LOC suggests keeping them SPLIT.
INFERRED ACTION: CAN-2002-1223 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cox, Cole
======================================================
Candidate: CAN-2002-1224
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1224
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021017
Category: SF
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-2.txt
Reference: REDHAT:RHSA-2002:220
Reference: BUGTRAQ:20021009 KDE Security Advisory: kpf Directory traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0164.html
Reference: BUGTRAQ:20021011 Security hole in kpf - KDE personal fileserver.
Reference: URL:http://online.securityfocus.com/archive/1/294991
Reference: XF:kpf-icon-view-files(10347)
Reference: URL:http://www.iss.net/security_center/static/10347.php
Reference: BID:5951
Reference: URL:http://www.securityfocus.com/bid/5951
Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE
3.0.3a allows remote attackers to read arbitrary files as the kpf user
via a URL with a modified icon parameter.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1224 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Cox, Cole, Armstrong
======================================================
Candidate: CAN-2002-1227
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1227
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021017
Category: SF
Reference: DEBIAN:DSA-177
Reference: URL:http://www.debian.org/security/2002/dsa-177
Reference: XF:pam-disabled-bypass-authentication(10405)
Reference: URL:http://www.iss.net/security_center/static/10405.php
Reference: BID:5994
Reference: URL:http://www.securityfocus.com/bid/5994
PAM 0.76 treats a disabled password as if it were an empty (null)
password, which allows local and remote attackers to gain privileges
as disabled users.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1227 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Cox, Cole, Armstrong
Voter Comments:
CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
======================================================
Candidate: CAN-2002-1230
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1230
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021021
Category: SF
Reference: MISC:http://getad.chat.ru/
Reference: MISC:http://www.packetstormsecurity.nl/filedesc/GetAd.c.html
Reference: MS:MS02-071
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-071.asp
Reference: BID:5927
Reference: URL:http://online.securityfocus.com/bid/5927
Reference: XF:win-netdde-gain-privileges(10343)
Reference: URL:http://www.iss.net/security_center/static/10343.php
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows
2000, and Windows XP allows local users to execute arbitrary code as
LocalSystem via "shatter" style attack by sending a WM_COPYDATA
message followed by a WM_TIMER message, as demonstrated by GetAd, aka
"Flaw in Windows WM_TIMER Message Handling Could Enable Privilege
Elevation."
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1230 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Wall
NOOP(2) Cox, Cole
Voter Comments:
Green> ACKNOWLEDGED IN http://www.microsoft.com/technet/security/bulletin/ms02-071.asp
======================================================
Candidate: CAN-2002-1231
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1231
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021021
Category: SF
Reference: CALDERA:CSSA-2002-SCO.41
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.41
Reference: XF:openunix-unixware-rcp-dos(10425)
Reference: URL:http://www.iss.net/security_center/static/10425.php
Reference: BID:6025
Reference: URL:http://www.securityfocus.com/bid/6025
SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a
denial of service via an rcp call on /proc.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1231 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1232
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1232
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021022
Category: SF
Reference: CALDERA:CSSA-2002-054.0
Reference: CONECTIVA:CLA-2002:539
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539
Reference: DEBIAN:DSA-180
Reference: URL:http://www.debian.org/security/2002/dsa-180
Reference: HP:HPSBTL0210-074
Reference: URL:http://online.securityfocus.com/advisories/4605
Reference: MANDRAKE:MDKSA-2002:078
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php
Reference: REDHAT:RHSA-2002:223
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-223.html
Reference: REDHAT:RHSA-2002:224
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-224.html
Reference: REDHAT:RHSA-2003:229
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-229.html
Reference: BUGTRAQ:20021028 GLSA: ypserv
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103582692228894&w=2
Reference: BID:6016
Reference: URL:http://www.securityfocus.com/bid/6016
Reference: XF:ypserv-map-memory-leak(10423)
Reference: URL:http://www.iss.net/security_center/static/10423.php
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS
package 3.9 and earlier allows remote attackers to cause a denial of
service (memory consumption) via a large number of requests for a map
that does not exist.
Modifications:
20040804 ADDREF REDHAT:RHSA-2002:224
20040818 ADDREF REDHAT:RHSA-2003:229
Analysis
--------
Vendor Acknowledgement: yes advisory
ACCURACY: Via email, Thorsten Kukuk (the developer) clarified that
this is a basic memory leak, and not an information leak of old
domain/map names, which was suggested in some vendor advisories.
ACCURACY: an early version of MANDRAKE:MDKSA-2002:078 included a
description that discussed the ypserv issue, but its references were
for other problems. Mandrake has confirmed that MDKSA-2002:078 is
intended for CAN-2002-1232 only.
INFERRED ACTION: CAN-2002-1232 ACCEPT (4 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
MODIFY(1) Cox
Voter Comments:
Cox> Addref RHSA-2002:224
======================================================
Candidate: CAN-2002-1236
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1236
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021024
Category: SF
Reference: MISC:http://www.idefense.com/advisory/10.31.02a.txt
Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616324103171&w=2
Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0049.html
Reference: XF:linksys-etherfast-gozila-dos(10514)
Reference: URL:http://www.iss.net/security_center/static/10514.php
Reference: BID:6086
Reference: URL:http://www.securityfocus.com/bid/6086
The remote management web server for Linksys BEFSR41 EtherFast
Cable/DSL Router before firmware 1.42.7 allows remote attackers to
cause a denial of service (crash) via an HTTP request to Gozila.cgi
without any arguments.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1236 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(2) Cox, Wall
Voter Comments:
Green> RELEASED IN DEC., 2002 IS REPORTED TO CORRECT THE PROBLEM
======================================================
Candidate: CAN-2002-1239
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1239
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: BUGTRAQ:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103679043232178&w=2
Reference: VULNWATCH:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0066.html
Reference: MISC:http://www.idefense.com/advisory/11.08.02b.txt
Reference: XF:qnx-rtos-gain-privileges(10564)
Reference: URL:http://www.iss.net/security_center/static/10564.php
Reference: BID:6146
Reference: URL:http://www.securityfocus.com/bid/6146
QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and
execute the cp program while operating at raised privileges, which
allows local users to gain privileges by modifying the PATH to point
to a malicious cp program.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1239 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(2) Cox, Wall
Voter Comments:
Green> QNX ACKNOWNLEDGED THE ISSUE AND CORRECTED IT IN CURRENT VERSION RELEASED JAN. 2003
======================================================
Candidate: CAN-2002-1242
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1242
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: MISC:http://www.idefense.com/advisory/10.31.02c.txt
Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616324103171&w=2
Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html
Reference: XF:phpnuke-accountmanager-sql-injection(10516)
Reference: URL:http://www.iss.net/security_center/static/10516.php
Reference: BID:6088
Reference: URL:http://www.securityfocus.com/bid/6088
Reference: OSVDB:6244
Reference: URL:http://www.osvdb.org/6244
SQL injection vulnerability in PHP-Nuke before 6.0 allows remote
authenticated users to modify the database and gain privileges via the
"bio" argument to modules.php.
Modifications:
20040818 ADDREF OSVDB:6244
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2002-1242 ACCEPT (4 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Balinsky, Cole, Armstrong
NOOP(2) Cox, Wall
Voter Comments:
Balinsky> Vendor acknowledged problem in its fix:
http://phpnuke.org/modules.php?name=News&file=article&sid=5647
======================================================
Candidate: CAN-2002-1244
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1244
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103642642802889&w=2
Reference: VULNWATCH:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0057.html
Reference: CONFIRM:http://www.pablovandermeer.nl/ftpserver.zip
Reference: BID:6099
Reference: URL:http://www.securityfocus.com/bid/6099
Reference: XF:pablo-ftp-username-dos(10532)
Reference: URL:http://www.iss.net/security_center/static/10532.php
Reference: OSVDB:4996
Reference: URL:http://www.osvdb.org/4996
Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly
other versions, allows remote attackers to cause a denial of service
and possibly execute arbitrary code via format strings in the USER
command.
Modifications:
20040804 [refs] remove dupe XF:pablo-ftp-username-dos(10532)
20040818 ADDREF OSVDB:4996
Analysis
--------
Vendor Acknowledgement: yes changelog
ACKNOWLEDGEMENT: the "whatsnew.txt" file includes an item for version
1.51, dated 11/01/2002, which says "Fixed security vulnerability:
sending %n%n%n (and other c-formating strings) c rashed the system
(thanks to www.idefense.com) [the discloser]."
INFERRED ACTION: CAN-2002-1244 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1245
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1245
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: MISC:http://www.idefense.com/advisory/11.06.02.txt
Reference: BUGTRAQ:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103660334009855&w=2
Reference: VULNWATCH:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0062.html
Reference: DEBIAN:DSA-189
Reference: URL:http://www.debian.org/security/2002/dsa-189
Reference: XF:luxman-maped-read-memory(10549)
Reference: URL:http://www.iss.net/security_center/static/10549.php
Reference: BID:6113
Reference: URL:http://www.securityfocus.com/bid/6113
Maped in LuxMan 0.41 uses the user-provided search path to find and
execute the gzip program, which allows local users to modify /dev/mem
and gain privileges via a modified PATH environment variable that
points to a Trojan horse gzip program.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1245 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1248
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1248
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103642597302308&w=2
Reference: MISC:http://www.idefense.com/advisory/11.04.02b.txt
Reference: XF:xeneo-php-dos(10534)
Reference: URL:http://www.iss.net/security_center/static/10534.php
Reference: BID:6098
Reference: URL:http://www.securityfocus.com/bid/6098
Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other
versions before 2.1.5 allows remote attackers to cause a denial of
service (crash) via a GET request for a "%" URI.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1248 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1250
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1250
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: MISC:http://www.idefense.com/advisory/11.01.02.txt
Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html
Reference: XF:abuse-net-command-bo(10519)
Reference: URL:http://www.iss.net/security_center/static/10519.php
Reference: BID:6094
Reference: URL:http://www.securityfocus.com/bid/6094
Buffer overflow in Abuse 2.00 and earlier allows local users to gain
root privileges via a long -net command line argument.
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2002-1250 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Armstrong
NOOP(3) Cox, Balinsky, Wall
======================================================
Candidate: CAN-2002-1251
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1251
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: DEBIAN:DSA-186
Reference: URL:http://www.debian.org/security/2002/dsa-186
Reference: XF:log2mail-log-file-bo(10527)
Reference: URL:http://www.iss.net/security_center/static/10527.php
Reference: BID:6089
Reference: URL:http://www.securityfocus.com/bid/6089
Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to
execute arbitrary code via a long log message.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1251 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1252
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1252
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: ISS:20030120 PeopleSoft XML External Entities Vulnerability
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811
Reference: BID:6647
Reference: URL:http://www.securityfocus.com/bid/6647
Reference: XF:peoplesoft-xxe-read-files(10520)
Reference: URL:http://www.iss.net/security_center/static/10520.php
The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as
used in various PeopleSoft products, allows remote attackers to read
arbitrary files via certain XML External Entities (XXE) fields in an
HTTP POST request that is processed by the SimpleFileHandler handler.
Modifications:
20040804 ADDREF BID:6647
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1252 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Baker
NOOP(4) Green, Cox, Wall, Cole
======================================================
Candidate: CAN-2002-1253
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1253
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021101
Category: SF
Reference: MISC:http://www.idefense.com/advisory/11.01.02.txt
Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html
Reference: XF:abuse-lisp-gain-privileges(11300)
Reference: URL:http://www.iss.net/security_center/static/11300.php
Abuse 2.00 and earlier allows local users to gain privileges via
command line arguments that specify alternate Lisp scripts that run at
escalated privileges, which can contain functions that execute
commands or modify files.
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2002-1253 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Armstrong
NOOP(3) Cox, Balinsky, Wall
======================================================
Candidate: CAN-2002-1255
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1255
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: MS:MS02-067
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-067.asp
Reference: XF:outlook-email-header-dos(10763)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10763
Reference: BID:6319
Reference: URL:http://www.securityfocus.com/bid/6319
Microsoft Outlook 2002 allows remote attackers to cause a denial of
service (repeated failure) via an email message with a certain invalid
header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail
Header Processing Flaw Could Cause Outlook 2002 to Fail."
Modifications:
20040804 ADDREF XF:outlook-email-header-dos(10763)
20040804 ADDREF BID:6319
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1255 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1256
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1256
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: MS:MS02-070
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-070.asp
Reference: XF:win-smb-policy-modification(10843)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10843
Reference: BID:6367
Reference: URL:http://www.securityfocus.com/bid/6367
Reference: OVAL:OVAL277
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL277.html
The SMB signing capability in the Server Message Block (SMB) protocol
in Microsoft Windows 2000 and Windows XP allows attackers to disable
the digital signing settings in an SMB session to force the data to be
sent unsigned, then inject data into the session without detection,
e.g. by modifying group policy information sent from a domain
controller.
Modifications:
20040804 ADDREF XF:win-smb-policy-modification(10843)
20040804 ADDREF BID:6367
20040824 ADDREF OVAL:OVAL277
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1256 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(2) Christey, Cox
Voter Comments:
Christey> XF:win-smb-policy-modification (10843)
URL:http://www.iss.net/security_center/static/10843.php
BID:6367
URL:http://www.securityfocus.com/bid/6367
======================================================
Candidate: CAN-2002-1257
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1257
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: MS:MS02-069
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp
Reference: BID:6371
Reference: URL:http://www.securityfocus.com/bid/6371
Microsoft Virtual Machine (VM) up to and including build 5.0.3805
allows remote attackers to execute arbitrary code by including a Java
applet that invokes COM (Component Object Model) objects in a web site
or an HTML mail.
Modifications:
20040804 ADDREF BID:6371
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1257 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1260
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1260
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: MS:MS02-069
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp
Reference: XF:msvm-jdbc-gain-access(10833)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10833
Reference: BID:6379
Reference: URL:http://www.securityfocus.com/bid/6379
The Java Database Connectivity (JDBC) APIs in Microsoft Virtual
Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass
security checks and access database contents via an untrusted Java
applet.
Modifications:
20040804 ADDREF XF:msvm-jdbc-gain-access(10833)
20040804 ADDREF BID:6379
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1260 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1264
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1264
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: BUGTRAQ:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103643298712284&w=2
Reference: VULNWATCH:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html
Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf
Reference: XF:oracle-isqlplus-userid-bo(10524)
Reference: URL:http://www.iss.net/security_center/static/10524.php
Reference: BID:6085
Reference: URL:http://www.securityfocus.com/bid/6085
Reference: OSVDB:4013
Reference: URL:http://www.osvdb.org/4013
Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9
database server allows remote attackers to execute arbitrary code via
a long USERID parameter in the isqlplus URL.
Modifications:
20040818 ADDREF OSVDB:4013
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1264 ACCEPT_REV (3 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(1) Cox
REVIEWING(1) Wall
======================================================
Candidate: CAN-2002-1265
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1265
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: CERT-VN:VU#266817
Reference: URL:http://www.kb.cert.org/vuls/id/266817
Reference: HP:HPSBUX01020
Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0800.1
Reference: SGI:20021103-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021103-01-P
Reference: SUNALERT:51082
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51082
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Reference: BID:6103
Reference: URL:http://www.securityfocus.com/bid/6103
Reference: XF:sun-rpc-libc-dos(10539)
Reference: URL:http://www.iss.net/security_center/static/10539.php
The Sun RPC functionality in multiple libc implementations does not
provide a time-out mechanism when reading data from TCP connections,
which allows remote attackers to cause a denial of service (hang).
Modifications:
20040804 ADDREF HP:HPSBUX01020
20040804 ADDREF SUNALERT:51082
20040804 ADDREF BID:6103
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1265 ACCEPT (4 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Frech, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1266
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1266
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Reference: XF:macos-disk-image-privileges(10818)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10818
Reference: OSVDB:7057
Reference: URL:http://www.osvdb.org/7057
Mac OS X 10.2.2 allows local users to gain privileges by mounting a
disk image file that was created on another system, aka "Local User
Privilege Elevation via Disk Image File."
Modifications:
20040804 ADDREF XF:macos-disk-image-privileges(10818)
20040818 ADDREF OSVDB:7057
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1266 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1267
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1267
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Reference: XF:macos-cups-dos(10824)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10824
Reference: OSVDB:7058
Reference: URL:http://www.osvdb.org/7058
Mac OS X 10.2.2 allows remote attackers to cause a denial of service
by accessing the CUPS Printing Web Administration utility, aka "CUPS
Printing Web Administration is Remotely Accessible."
Modifications:
20040804 ADDREF XF:macos-cups-dos(10824)
20040818 ADDREF OSVDB:7058
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1267 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1268
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1268
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Reference: XF:macos-iso9600-gain-privileges(10828)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10828
Reference: OSVDB:7059
Reference: URL:http://www.osvdb.org/7059
Mac OS X 10.2.2 allows local users to gain privileges via a mounted
ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600
CD."
Modifications:
20040804 ADDREF XF:macos-iso9600-gain-privileges(10828)
20040818 ADDREF OSVDB:7059
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1268 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1270
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1270
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Reference: XF:macos-mach-read-files(10829)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10829
Reference: OSVDB:7060
Reference: URL:http://www.osvdb.org/7060
Mac OS X 10.2.2 allows local users to read files that only allow write
access via the map_fd() Mach system call.
Modifications:
20040804 ADDREF XF:macos-mach-read-files(10829)
20040818 ADDREF OSVDB:7060
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1270 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1271
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1271
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021105
Category: SF
Reference: DEBIAN:DSA-386
Reference: URL:http://www.debian.org/security/2003/dsa-386
Reference: MANDRAKE:MDKSA-2002:076
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php
Reference: SUSE:SuSE-SA:2002:041
Reference: URL:http://www.suse.de/de/security/2002_041_perl_mailtools.html
Reference: BUGTRAQ:20021106 GLSA: MailTools
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103659723101369&w=2
Reference: BUGTRAQ:20021108 [Security Announce] Re: MDKSA-2002:076 - perl-MailTools update
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103679569705086&w=2
Reference: XF:mail-mailer-command-execution(10548)
Reference: URL:http://www.iss.net/security_center/static/10548.php
Reference: BID:6104
Reference: URL:http://www.securityfocus.com/bid/6104
The Mail::Mailer Perl module in the perl-MailTools package 1.47 and
earlier uses mailx as the default mailer, which allows remote
attackers to execute arbitrary commands by inserting them into the
mail body, which is then processed by mailx.
Modifications:
20040804 ADDREF DEBIAN:DSA-386
Analysis
--------
Vendor Acknowledgement: yes advisory
Note: Debian has stated that they are not vulnerable.
INFERRED ACTION: CAN-2002-1271 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(2) Christey, Cox
Voter Comments:
Christey> DEBIAN:DSA-386
URL:http://www.debian.org/security/2003/dsa-386
======================================================
Candidate: CAN-2002-1272
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1272
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021106
Category: SF
Reference: CERT:CA-2002-32
Reference: URL:http://www.cert.org/advisories/CA-2002-32.html
Reference: CERT-VN:VU#181721
Reference: URL:http://www.kb.cert.org/vuls/id/181721
Reference: BID:6220
Reference: URL:http://online.securityfocus.com/bid/6220
Reference: XF:alcatel-omniswitch-backdoor(10664)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10664
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a
back door telnet server that was intended for development but not
removed before distribution, which allows remote attackers to gain
administrative privileges.
Modifications:
20040804 ADDREF XF:alcatel-omniswitch-backdoor(10664)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1272 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Cox, Wall
Voter Comments:
Frech> XF:alcatel-omniswitch-backdoor(10664)
======================================================
Candidate: CAN-2002-1277
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1277
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021108
Category: SF
Reference: DEBIAN:DSA-190
Reference: URL:http://www.debian.org/security/2002/dsa-190
Reference: CONECTIVA:CLA-2002:548
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548
Reference: MANDRAKE:MDKSA-2002:085
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-085.php
Reference: REDHAT:RHSA-2003:009
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-009.html
Reference: REDHAT:RHSA-2003:043
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-043.html
Reference: XF:window-maker-image-bo(10560)
Reference: URL:http://www.iss.net/security_center/static/10560.php
Reference: BID:6119
Reference: URL:http://www.securityfocus.com/bid/6119
Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow
remote attackers to execute arbitrary code via a certain image file
that is not properly handled when Window Maker uses width and height
information to allocate a buffer.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1277 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Cox, Cole, Armstrong
NOOP(1) Christey
Voter Comments:
Christey> REDHAT:RHSA-2003:009
URL:http://www.redhat.com/support/errata/RHSA-2003-009.html
======================================================
Candidate: CAN-2002-1278
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1278
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021108
Category: CF
Reference: CONECTIVA:CLA-2002:544
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000544
Reference: XF:linuxconf-sendmail-mail-relay(10554)
Reference: URL:http://www.iss.net/security_center/static/10554.php
Reference: BID:6118
Reference: URL:http://www.securityfocus.com/bid/6118
Reference: OSVDB:6066
Reference: URL:http://www.osvdb.org/6066
The mailconf module in Linuxconf 1.24, and other versions before 1.28,
on Conectiva Linux 6.0 through 8, and possibly other distributions,
generates the Sendmail configuration file (sendmail.cf) in a way that
configures Sendmail to run as an open mail relay, which allows remote
attackers to send Spam email.
Modifications:
20040804 [desc] add "and possibly other distros" and 1.28
20040818 ADDREF OSVDB:6066
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1278 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
MODIFY(1) Cox
Voter Comments:
Cox> This is an issue that does not just affect Conectiva Linux, so perhaps
remove or add "and possibly other distributions". This is fixed
in Linuxconf 1.28
======================================================
Candidate: CAN-2002-1284
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1284
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021112
Category: SF
Reference: CONFIRM:http://devel-home.kde.org/~kgpg/bug.html
Reference: BUGTRAQ:20021110 GLSA: kgpg
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103702926611286&w=2
Reference: XF:kgpg-wizard-empty-password(10629)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10629
Reference: BID:6152
Reference: URL:http://www.securityfocus.com/bid/6152
The wizard in KGPG 0.6 through 0.8.2 does not properly provide the
passphrase to gpg when creating new keys, which causes secret keys to
be created with an empty passphrase and allows local attackers to
steal the keys if they can be read.
Modifications:
20040804 ADDREF XF:kgpg-wizard-empty-password(10629)
20040804 ADDREF BID:6152
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1284 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1296
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1296
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021113
Category: SF
Reference: BUGTRAQ:20021127 Solaris priocntl exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103842619803173&w=2
Reference: CERT-VN:VU#683673
Reference: URL:http://www.kb.cert.org/vuls/id/683673
Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/49131
Reference: BID:6262
Reference: URL:http://online.securityfocus.com/bid/6262
Reference: XF:solaris-priocntl-pcclname-modules(10717)
Reference: URL:http://www.iss.net/security_center/static/10717.php
Directory traversal vulnerability in priocntl system call in Solaris
does allows local users to execute arbitrary code via ".." sequences
in the pc_clname field of a pcinfo_t structure, which cause priocntl
to load a malicious kernel module.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1296 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Frech, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1307
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1307
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021115
Category: SF
Reference: DEBIAN:DSA-199
Reference: URL:http://www.debian.org/security/2002/dsa-199
Reference: CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200210211713.g9LHDXE02256@mcguire.earlhood.com
Reference: BID:6204
Reference: URL:http://online.securityfocus.com/bid/6204
Reference: XF:mhonarc-mime-header-xss(10666)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10666
Reference: OSVDB:7353
Reference: URL:http://www.osvdb.org/7353
Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier
allows remote attackers to insert script or HTML via an email message
with the script in a MIME header name.
Modifications:
20040804 ADDREF XF:mhonarc-mime-header-xss(10666)
20040818 ADDREF OSVDB:7353
Analysis
--------
Vendor Acknowledgement: yes advisory
ACKNOWLEDGEMENT: an email posted by the author to the mhonarc-users
mailing list on October 21, 2002 indicates acknowledgement.
INFERRED ACTION: CAN-2002-1307 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1308
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1308
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021115
Category: SF
Reference: BUGTRAQ:20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103730181813075&w=2
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=157646
Reference: REDHAT:RHSA-2003:162
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-162.html
Reference: REDHAT:RHSA-2003:163
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-163.html
Reference: XF:mozilla-netscape-jar-bo(10636)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10636
Reference: BID:6185
Reference: URL:http://www.securityfocus.com/bid/6185
Heap-based buffer overflow in Netscape and Mozilla allows remote
attackers to execute arbitrary code via a jar: URL that references a
malformed .jar file, which overflows a buffer during decompression.
Modifications:
20040804 ADDREF REDHAT:RHSA-2003:162
20040804 ADDREF REDHAT:RHSA-2003:163
20040804 ADDREF XF:mozilla-netscape-jar-bo(10636)
20040804 ADDREF BID:6185
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1308 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(2) Baker, Cox
NOOP(3) Christey, Wall, Cole
REVIEWING(1) Green
Voter Comments:
CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
Christey> REDHAT:RHSA-2003:162
URL:http://www.redhat.com/support/errata/RHSA-2003-162.html
Christey> REDHAT:RHSA-2003:163
Christey> REDHAT:RHSA-2003:163
URL:http://www.redhat.com/support/errata/RHSA-2003-163.html
======================================================
Candidate: CAN-2002-1311
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1311
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021116
Category: SF
Reference: DEBIAN:DSA-197
Reference: URL:http://www.debian.org/security/2002/dsa-197
Reference: BUGTRAQ:20021119 GLSA: courier
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103794021013436&w=2
Reference: XF:courier-mta-insecure-permissions(10643)
Reference: URL:http://www.iss.net/security_center/static/10643.php
Reference: BID:6189
Reference: URL:http://www.securityfocus.com/bid/6189
Courier sqwebmail before 0.40.0 does not quickly drop privileges after
startup in certain cases, which could allow local users to read
arbitrary files.
Modifications:
20040804 ADDREF BUGTRAQ:20021119 GLSA: courier
20040804 ADDREF XF:courier-mta-insecure-permissions(10643)
20040804 ADDREF BID:6189
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1311 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(2) Christey, Cox
Voter Comments:
Christey> BUGTRAQ:20021119 GLSA: courier
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103794021013436&w=2
XF:courier-mta-insecure-permissions(10643)
URL:http://www.iss.net/security_center/static/10643.php
BID:6189
URL:http://www.securityfocus.com/bid/6189
======================================================
Candidate: CAN-2002-1313
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1313
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021118
Category: SF
Reference: DEBIAN:DSA-198
Reference: URL:http://www.debian.org/security/2002/dsa-198
Reference: BID:6193
Reference: URL:http://www.securityfocus.com/bid/6193
Reference: XF:nullmailer-nonexistent-user-dos(10649)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10649
nullmailer 1.00RC5 and earlier allows local users to cause a denial of
service via an email to a local user that does not exist, which
generates an error that causes nullmailer to stop sending mail to all
users.
Modifications:
20040804 ADDREF XF:nullmailer-nonexistent-user-dos(10649)
20040804 ADDREF BID:6193
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1313 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1317
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1317
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20021125
Category: SF
Reference: ISS:20021125 Solaris fs.auto Remote Compromise Vulnerability
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541
Reference: BUGTRAQ:20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103825150527843&w=2
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879
Reference: SGI:20021202-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I
Reference: HP:HPSBUX0212-228
Reference: URL:http://www.securityfocus.com/advisories/4988
Reference: CERT:CA-2002-34
Reference: URL:http://www.cert.org/advisories/CA-2002-34.html
Reference: CERT-VN:VU#312313
Reference: URL:http://www.kb.cert.org/vuls/id/312313
Reference: CIAC:N-024
Reference: URL:http://www.ciac.org/ciac/bulletins/n-024.shtml
Reference: XF:solaris-fsauto-execute-code(10375)
Reference: URL:http://www.iss.net/security_center/static/10375.php
Reference: BID:6241
Reference: URL:http://www.securityfocus.com/bid/6241
Reference: OVAL:OVAL149
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL149.html
Reference: OVAL:OVAL152
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL152.html
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on
Solaris 2.5.1 through 9 allows remote attackers to cause a denial of
service (crash) or execute arbitrary code via a certain XFS query.
Modifications:
20040804 ADDREF BID:6241
20040804 ADDREF CERT-VN:VU#312313
20040804 ADDREF CIAC:N-024
20040804 ADDREF HP:HPSBUX0212-228
20040824 ADDREF OVAL:OVAL149
20040824 ADDREF OVAL:OVAL152
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1317 ACCEPT (3 accept, 7 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Frech, Wall, Cole
NOOP(2) Christey, Cox
Voter Comments:
Christey> BID:6241
URL:http://www.securityfocus.com/bid/6241
CERT-VN:VU#312313
URL:http://www.kb.cert.org/vuls/id/312313
CIAC:N-024
URL:http://www.ciac.org/ciac/bulletins/n-024.shtml
HP:HPSBUX0212-228
URL:http://www.securityfocus.com/advisories/4988
======================================================
Candidate: CAN-2002-1318
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1318
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021125
Category: SF
Reference: CONFIRM:http://us1.samba.org/samba/whatsnew/samba-2.2.7.html
Reference: CONECTIVA:CLA-2002:550
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000550
Reference: DEBIAN:DSA-200
Reference: URL:http://www.debian.org/security/2002/dsa-200
Reference: HP:HPSBUX0212-230
Reference: URL:http://www.ciac.org/ciac/bulletins/n-023.shtml
Reference: MANDRAKE:MDKSA-2002:081
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-081.php
Reference: REDHAT:RHSA-2002:266
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-266.html
Reference: SGI:20021204-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021204-01-I
Reference: SUNALERT:53580
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/53580
Reference: SUSE:SuSE-SA:2002:045
Reference: URL:http://www.suse.de/de/security/2002_045_samba.html
Reference: TURBO:TSLSA-2002-0080
Reference: BUGTRAQ:20021121 GLSA: samba
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103801986818076&w=2
Reference: BUGTRAQ:20021129 [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103859045302448&w=2
Reference: CERT-VN:VU#958321
Reference: URL:http://www.kb.cert.org/vuls/id/958321
Reference: XF:samba-password-change-bo(10683)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10683
Reference: BID:6210
Reference: URL:http://www.securityfocus.com/bid/6210
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers
to cause a denial of service and possibly execute arbitrary code via
an encrypted password that causes the overflow during decryption in
which a DOS codepage string is converted to a little-endian UCS2
unicode string.
Modifications:
20040804 ADDREF XF:samba-password-change-bo(10683)
20040804 ADDREF BID:6210
20040804 ADDREF SUNALERT:53580
20040804 ADDREF CERT-VN:VU#958321
20040804 ADDREF HP:HPSBUX0212-230
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1318 ACCEPT (4 accept, 7 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Cox, Cole, Armstrong
======================================================
Candidate: CAN-2002-1319
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1319
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021125
Category: SF
Reference: BUGTRAQ:20021111 i386 Linux kernel DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103714004623587&w=2
Reference: BUGTRAQ:20021114 Re: i386 Linux kernel DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103737292709297&w=2
Reference: CONECTIVA:CLA-2002:553
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000553
Reference: REDHAT:RHSA-2002:262
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-262.html
Reference: REDHAT:RHSA-2002:263
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-263.html
Reference: REDHAT:RHSA-2002:264
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-264.html
The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86
systems, allows local users to cause a denial of service (hang) via
the emulation mode, which does not properly clear TF and NT EFLAGs.
Modifications:
20040804 ADDREF REDHAT:RHSA-2002:263
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1319 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
MODIFY(1) Cox
Voter Comments:
Cox> Addref :RHSA-2002:263
======================================================
Candidate: CAN-2002-1320
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1320
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021125
Category: SF
Reference: BUGTRAQ:20021107 Remote pine Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103668430620531&w=2
Reference: CONECTIVA:CLA-2002:551
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000551
Reference: ENGARDE:ESA-20021127-032
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html
Reference: MANDRAKE:MDKSA-2002:084
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-084.php
Reference: REDHAT:RHSA-2002:270
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-270.html
Reference: REDHAT:RHSA-2002:271
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-271.html
Reference: SUSE:SuSE-SA:2002:046
Reference: URL:http://www.suse.de/de/security/2002_046_pine.html
Reference: BUGTRAQ:20021202 GLSA: pine
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103884988306241&w=2
Reference: XF:pine-from-header-dos(10555)
Reference: URL:http://www.iss.net/security_center/static/10555.php
Reference: BID:6120
Reference: URL:http://www.securityfocus.com/bid/6120
Pine 4.44 and earlier allows remote attackers to cause a denial of
service (core dump and failed restart) via an email message with a
>From header that contains a large number of quotation marks (").
Modifications:
20040804 ADDREF REDHAT:RHSA-2002:271
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1320 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
MODIFY(1) Cox
Voter Comments:
Cox> Addref: RHSA-2002:271
======================================================
Candidate: CAN-2002-1323
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021126
Category: SF
Reference: CONFIRM:http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744
Reference: CONFIRM:http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
Reference: DEBIAN:DSA-208
Reference: URL:http://www.debian.org/security/2002/dsa-208
Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005919814869&w=2
Reference: BUGTRAQ:20021219 TSLSA-2002-0087 - perl
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104033126305252&w=2
Reference: BUGTRAQ:20021220 GLSA: perl
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104040175522502&w=2
Reference: VULNWATCH:20021105 Perl Safe.pm compartment reuse vuln
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html
Reference: REDHAT:RHSA-2003:256
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-256.html
Reference: REDHAT:RHSA-2003:257
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-257.html
Reference: SGI:20030606-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A
Reference: CALDERA:CSSA-2004-007.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt
Reference: SCO:SCOSA-2004.1
Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt
Reference: BID:6111
Reference: URL:http://www.securityfocus.com/bid/6111
Reference: XF:safe-pm-bypass-restrictions(10574)
Reference: URL:http://www.iss.net/security_center/static/10574.php
Reference: OSVDB:2183
Reference: URL:http://www.osvdb.org/2183
Reference: OSVDB:3814
Reference: URL:http://www.osvdb.org/3814
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may
allow attackers to break out of safe compartments in (1) Safe::reval
or (2) Safe::rdo using a redefined @_ variable, which is not reset
between successive calls.
Modifications:
20040804 ADDREF SGI:20030606-01-A
20040804 ADDREF REDHAT:RHSA-2003:256
20040804 ADDREF CALDERA:CSSA-2004-007.0
20040804 ADDREF SCO:SCOSA-2004.1
20040818 ADDREF REDHAT:RHSA-2003:257
20040818 ADDREF OSVDB:2183
20040818 ADDREF OSVDB:3814
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1323 ACCEPT (4 accept, 5 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Cox, Cole, Armstrong
NOOP(1) Christey
Voter Comments:
Green> ACKNOWLEDGED BY PERL.ORG
Christey> SGI:20030606-01-A
URL:ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A
Christey> REDHAT:RHSA-2003:256
Christey> CALDERA:CSSA-2004-007.0
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt
Christey> SCO:SCOSA-2004.1
URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt
======================================================
Candidate: CAN-2002-1325
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1325
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20021126
Category: SF
Reference: MS:MS02-069
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp
Reference: BID:6380
Reference: URL:http://online.securityfocus.com/bid/6380
Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows
remote attackers to determine a local user's username via a Java
applet that accesses the user.dir system property, aka "User.dir
Exposure Vulnerability."
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1325 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Wall
NOOP(2) Cox, Cole
======================================================
Candidate: CAN-2002-1327
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1327
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021126
Category: SF
Reference: BUGTRAQ:20021219 Foundstone Research Labs Advisory - Exploitable Windows XP Media Files
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104025849109384&w=2
Reference: MS:MS02-072
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-072.asp
Reference: CERT:CA-2002-37
Reference: URL:http://www.cert.org/advisories/CA-2002-37.html
Reference: CERT-VN:VU#591890
Reference: URL:http://www.kb.cert.org/vuls/id/591890
Reference: XF:winxp-windows-shell-bo(10892)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10892
Reference: BID:6427
Reference: URL:http://www.securityfocus.com/bid/6427
Buffer overflow in the Windows Shell function in Microsoft Windows XP
allows remote attackers to execute arbitrary code via an .MP3 or .WMA
audio file with a corrupt custom attribute, aka "Unchecked Buffer in
Windows Shell Could Enable System Compromise."
Modifications:
20040804 ADDREF XF:winxp-windows-shell-bo(10892)
20040804 ADDREF BID:6427
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1327 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Wall, Cole
MODIFY(1) Frech
NOOP(1) Cox
Voter Comments:
Frech> XF:winxp-windows-shell-bo(10892)
======================================================
Candidate: CAN-2002-1336
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1336
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021202
Category: SF
Reference: BUGTRAQ:20020724 VNC authentication weakness
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102753170201524&w=2
Reference: BUGTRAQ:20020726 RE: VNC authentication weakness
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102769183913594&w=2
Reference: CONFIRM:http://www.tightvnc.com/WhatsNew.txt
Reference: CONECTIVA:CLA-2003:640
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640
Reference: MANDRAKE:MDKSA-2003:022
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022
Reference: REDHAT:RHSA-2002:287
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-287.html
Reference: REDHAT:RHSA-2003:041
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-041.html
Reference: BID:5296
Reference: URL:http://online.securityfocus.com/bid/5296
Reference: XF:vnc-weak-authentication(5992)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5992
TightVNC before 1.2.6 generates the same challenge string for multiple
connections, which allows remote attackers to bypass VNC
authentication by sniffing the challenge and response of other users.
Modifications:
20040804 ADDREF REDHAT:RHSA-2002:287
20040804 ADDREF REDHAT:RHSA-2003:041
20040804 ADDREF CONECTIVA:CLA-2003:640
20040804 ADDREF XF:vnc-weak-authentication(5992)
Analysis
--------
Vendor Acknowledgement: yes changelog
ACKNOWLEDGEMENT: The changelog for 1.2.6 says that it "Fixed a
repeated challenge replay attack vulnerability, bugtraq id 5296."
INFERRED ACTION: CAN-2002-1336 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
MODIFY(1) Cox
NOOP(1) Christey
Voter Comments:
Cox> Addref: RHSA-2002:287
Addref: RHSA-2003:041
Christey> CONECTIVA:CLA-2003:640
======================================================
Candidate: CAN-2002-1337
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021203
Category: SF
Reference: ISS:20030303 Remote Sendmail Header Processing Vulnerability
Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
Reference: CONFIRM:http://www.sendmail.org/8.12.8.html
Reference: BUGTRAQ:20030303 sendmail 8.12.8 available
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104673778105192&w=2
Reference: BUGTRAQ:20030304 [LSD] Technical analysis of the remote sendmail vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678739608479&w=2
Reference: CERT:CA-2003-07
Reference: URL:http://www.cert.org/advisories/CA-2003-07.html
Reference: FREEBSD:FreeBSD-SA-03:04
Reference: REDHAT:RHSA-2003:073
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-073.html
Reference: REDHAT:RHSA-2003:074
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-074.html
Reference: REDHAT:RHSA-2003:227
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-227.html
Reference: SGI:20030301-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
Reference: AIXAPAR:IY40500
Reference: AIXAPAR:IY40501
Reference: AIXAPAR:IY40502
Reference: SUSE:SuSE-SA:2003:013
Reference: MANDRAKE:MDKSA-2003:028
Reference: NETBSD:NetBSD-SA2003-002
Reference: CONECTIVA:CLA-2003:571
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
Reference: DEBIAN:DSA-257
Reference: URL:http://www.debian.org/security/2003/dsa-257
Reference: HP:HPSBUX0302-246
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104679411316818&w=2
Reference: CALDERA:CSSA-2003-SCO.6
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
Reference: CALDERA:CSSA-2003-SCO.5
Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
Reference: BUGTRAQ:20030304 GLSA: sendmail (200303-4)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678862409849&w=2
Reference: BUGTRAQ:20030303 Fwd: APPLE-SA-2003-03-03 sendmail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678862109841&w=2
Reference: CERT-VN:VU#398025
Reference: URL:http://www.kb.cert.org/vuls/id/398025
Reference: BID:6991
Reference: URL:http://www.securityfocus.com/bid/6991
Reference: XF:sendmail-header-processing-bo(10748)
Reference: URL:http://www.iss.net/security_center/static/10748.php
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to
execute arbitrary code via certain formatted address fields, related
to sender and recipient header comments as processed by the crackaddr
function of headers.c.
Modifications:
20040804 ADDREF REDHAT:RHSA-2003:074
20040804 ADDREF BID:6991
20040818 ADDREF REDHAT:RHSA-2003:227
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1337 ACCEPT (5 accept, 13 ack, 0 review)
Current Votes:
ACCEPT(5) Baker, Bollinger, Frech, Wall, Cole
MODIFY(1) Cox
Voter Comments:
Cox> Addref: REDHAT:RHSA-2003:074
======================================================
Candidate: CAN-2002-1348
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1348
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021210
Category: SF
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=126233
Reference: DEBIAN:DSA-249
Reference: URL:http://www.debian.org/security/2003/dsa-249
Reference: DEBIAN:DSA-250
Reference: URL:http://www.debian.org/security/2003/dsa-250
Reference: DEBIAN:DSA-251
Reference: URL:http://www.debian.org/security/2003/dsa-251
Reference: REDHAT:RHSA-2003:044
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-044.html
Reference: REDHAT:RHSA-2003:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-045.html
Reference: BUGTRAQ:20030217 GLSA: w3m
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104552193927323&w=2
Reference: BID:6794
Reference: URL:http://www.securityfocus.com/bid/6794
Reference: XF:w3m-img-alt-xss(11266)
Reference: URL:http://www.iss.net/security_center/static/11266.php
w3m before 0.3.2.2 does not properly escape HTML tags in the ALT
attribute of an IMG tag, which could allow remote attackers to access
files or cookies.
Modifications:
20040804 ADDREF REDHAT:RHSA-2003:045
20040804 ADDREF BID:6794
20040804 ADDREF DEBIAN:DSA-250
20040804 ADDREF DEBIAN:DSA-251
20040818 ADDREF DEBIAN:DSA-249
Analysis
--------
Vendor Acknowledgement: yes advisory
ACKNOWLEDGEMENT: The changelog for 0.3.2.2 describes "another security
vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag in
img alt attribute, so malicious frame html may deceive you to access
your local files, cookies and so on."
NOTE: CAN-2002-1404 was also assigned to this issue. However, it is
being rejected in favor of CAN-2002-1348.
INFERRED ACTION: CAN-2002-1348 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Cole
MODIFY(1) Cox
Voter Comments:
Cox> Addref: REDHAT:RHSA-2003:045
======================================================
Candidate: CAN-2002-1349
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1349
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021210
Category: SF
Reference: BUGTRAQ:20021210 Unchecked buffer in PC-cillin
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103953822705917&w=2
Reference: MISC:http://www.texonet.com/advisories/TEXONET-20021210.txt
Reference: CONFIRM:http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982
Reference: CERT-VN:VU#157961
Reference: URL:http://www.kb.cert.org/vuls/id/157961
Reference: BID:6350
Reference: URL:http://www.securityfocus.com/bid/6350
Reference: XF:pccillin-pop3trap-bo(10814)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10814
Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003
allows local users to execute arbitrary code via a long input string
to TCP port 110 (POP3).
Modifications:
20040804 ADDREF XF:pccillin-pop3trap-bo(10814)
20040804 ADDREF CERT-VN:VU#157961
20040804 ADDREF BID:6350
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1349 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1350
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1350
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021213
Category: SF
Reference: DEBIAN:DSA-206
Reference: URL:http://www.debian.org/security/2002/dsa-206
Reference: MANDRAKE:MDKSA-2003:027
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
Reference: REDHAT:RHSA-2003:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html
Reference: REDHAT:RHSA-2003:033
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-033.html
Reference: REDHAT:RHSA-2003:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html
Reference: BUGTRAQ:20021219 TSLSA-2002-0084 - tcpdump
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032975103398&w=2
Reference: MLIST:[tcpdump-workers] 20011015 Bug in print-bgp.c?
Reference: URL:http://www.tcpdump.org/lists/workers/2001/10/msg00101.html
Reference: BID:6213
Reference: URL:http://www.securityfocus.com/bid/6213
Reference: XF:tcpdump-sizeof-memory-corruption(10695)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10695
The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly
copy data, which allows remote attackers to cause a denial of service
(application crash).
Modifications:
20040804 [desc] fix affected versions
20040804 ADDREF REDHAT:RHSA-2003:032
20040804 ADDREF REDHAT:RHSA-2003:033
20040804 ADDREF MANDRAKE:MDKSA-2003:027
20040804 ADDREF MLIST:[tcpdump-workers] 20011015 Bug in print-bgp.c?
20040804 ADDREF XF:tcpdump-sizeof-memory-corruption(10695)
20040804 ADDREF BID:6213
20040818 ADDREF REDHAT:RHSA-2003:214
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1350 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Cole
MODIFY(1) Cox
NOOP(1) Christey
Voter Comments:
Cox> Note that the -2.2 implies a Debian package version where they have
backported a security fix to their 3.6.2-2.2 packages. Upstream
tcpdump 3.6.* was vulnerable to this issue, it was fixed in 3.7
Addref: RHSA-2003:033
Christey> REDHAT:RHSA-2003:032
URL:http://www.redhat.com/support/errata/RHSA-2003-032.html
Christey> MANDRAKE:MDKSA-2003:027
(as suggested by Vincent Danen of Mandrake)
Cox> ADDREF: http://www.tcpdump.org/lists/workers/2001/10/msg00101.html
This issue is a safety check that is triggered because of a bug;
therefore this is soley a Denial of Service vulnerability and
would not be able to result in arbitrary code execution.
======================================================
Candidate: CAN-2002-1361
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1361
Final-Decision:
Interim-Decision: 20040825
Modified: 20040804
Proposed: 20030317
Assigned: 20021214
Category: SF
Reference: BUGTRAQ:20021205 Cobalt RaQ4 Remote root exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103912513522807&w=2
Reference: SUNALERT:49377
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/49377
Reference: CERT:CA-2002-35
Reference: URL:http://www.cert.org/advisories/CA-2002-35.html
Reference: CERT-VN:VU#810921
Reference: URL:http://www.kb.cert.org/vuls/id/810921
Reference: CIAC:N-025
Reference: URL:http://www.ciac.org/ciac/bulletins/n-025.shtml
Reference: BID:6326
Reference: URL:http://www.securityfocus.com/bid/6326
Reference: XF:cobalt-shp-overflow-privileges(10776)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10776
overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security
Hardening Patch) installed allows remote attackers to execute
arbitrary code via a POST request with shell metacharacters in the
email parameter.
Modifications:
20040804 ADDREF XF:cobalt-shp-overflow-privileges(10776)
20040804 ADDREF BID:6326
20040804 ADDREF CIAC:N-025
20040804 [refs] normalize SUNALERT
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1361 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Cox, Wall
Voter Comments:
Frech> XF:cobalt-shp-overflow-privileges(10776)
======================================================
Candidate: CAN-2002-1362
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1362
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20021214
Category: SF
Reference: DEBIAN:DSA-211
Reference: URL:http://www.debian.org/security/2002/dsa-211
Reference: REDHAT:RHSA-2003:118
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-118.html
Reference: XF:micq-0xfe-dos(10872)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10872
Reference: BID:6392
Reference: URL:http://www.securityfocus.com/bid/6392
mICQ 0.4.9 and earlier allows remote attackers to cause a denial of
service (crash) via malformed ICQ message types without a 0xFE
separator character.
Modifications:
20040804 ADDREF REDHAT:RHSA-2003:118
20040804 ADDREF XF:micq-0xfe-dos(10872)
20040804 ADDREF BID:6392
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1362 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cox, Cole
NOOP(1) Christey
Voter Comments:
Christey> REDHAT:RHSA-2003:118
======================================================
Candidate: CAN-2002-1363
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021214
Category: SF
Reference: DEBIAN:DSA-213
Reference: URL:http://www.debian.org/security/2002/dsa-213
Reference: MANDRAKE:MDKSA-2004:063
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063
Reference: REDHAT:RHSA-2003:006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-006.html
Reference: REDHAT:RHSA-2003:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-007.html
Reference: REDHAT:RHSA-2003:119
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-119.html
Reference: REDHAT:RHSA-2003:157
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-157.html
Reference: REDHAT:RHSA-2004:249
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-249.html
Reference: REDHAT:RHSA-2004:402
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-402.html
Reference: SUSE:SUSE-SA:2003:0004
Reference: URL:http://www.suse.com/de/security/2003_004_libpng.html
Reference: XF:libpng-file-offset-bo(10925)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10925
Reference: BID:6431
Reference: URL:http://www.securityfocus.com/bid/6431
Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does
not correctly calculate offsets, which allows remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code
via a buffer overflow attack on the row buffers.
Modifications:
20040810 desc - modify affected versions
20040810 ADDREF GENTOO:GLSA-200407-06
20040810 ADDREF MANDRAKE:MDKSA-2004:063
20040810 ADDREF REDHAT:RHSA-2003:007
20040810 ADDREF REDHAT:RHSA-2003:119
20040810 ADDREF REDHAT:RHSA-2004:249
20040810 ADDREF XF:libpng-file-offset-bo(10925)
20040810 ADDREF BID:6431
20040818 ADDREF REDHAT:RHSA-2003:157
20040818 ADDREF REDHAT:RHSA-2004:402
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1363 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Cole
MODIFY(1) Cox
NOOP(1) Christey
Voter Comments:
Cox> Addref: REDHAT:RHSA-2003:007
Cox> ADDREF REDHAT:RHSA-2003:119
Cox> There is only one upstream version of libpng, and so the description
should be
"Portable Network Graphics (PNG) libraries libpng 1.2.5 and earlier does
not correctly calculate offsets"
Christey> REDHAT:RHSA-2004:249
URL:http://www.redhat.com/support/errata/RHSA-2004-249.html
Christey> MANDRAKE:MDKSA-2004:063
URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063
Christey> GENTOO:GLSA-200407-06
URL:http://www.gentoo.org/security/en/glsa/glsa-200407-06.xml
Christey> Consider REDHAT:RHSA-2004:402, although that advisory may in
fact be addressing a variant.
Christey> APPLE:APPLE-SA-2004-09-09
URL:http://lists.apple.com/mhonarc/security-announce/msg00056.html
======================================================
Candidate: CAN-2002-1364
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1364
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: DEBIAN:DSA-254
Reference: URL:http://www.debian.org/security/2003/dsa-254
Reference: SUSE:SuSE-SA:2002:043
Reference: URL:http://www.suse.de/de/security/2002_043_traceroute_nanog_nkitb.html
Reference: BUGTRAQ:20021129 Exploit for traceroute-nanog overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103858895600963&w=2
Reference: BID:6166
Reference: URL:http://www.securityfocus.com/bid/6166
Reference: XF:traceroute-nanog-getorigin-bo(10778)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10778
Buffer overflow in the get_origin function in traceroute-nanog allows
attackers to execute arbitrary code via long WHOIS responses.
Modifications:
20040810 ADDREF XF:traceroute-nanog-getorigin-bo(10778)
20040818 ADDREF DEBIAN:DSA-254
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1364 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1365
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1365
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021213 Advisory 05/2002: Another Fetchmail Remote Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103979751818638&w=2
Reference: MISC:http://security.e-matters.de/advisories/052002.html
Reference: BUGTRAQ:20021215 GLSA: fetchmail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004858802000&w=2
Reference: CALDERA:CSSA-2003-001.0
Reference: CONECTIVA:CLA-2002:554
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000554
Reference: DEBIAN:DSA-216
Reference: URL:http://www.debian.org/security/2002/dsa-216
Reference: ENGARDE:ESA-20030127-002
Reference: IMMUNIX:IMNX-2003-7+-023-01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106674887826149&w=2
Reference: MANDRAKE:MDKSA-2003:011
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:011
Reference: REDHAT:RHSA-2002:293
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-293.html
Reference: REDHAT:RHSA-2002:294
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-294.html
Reference: REDHAT:RHSA-2003:155
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-155.html
Reference: SUSE:SuSE-SA:2003:001
Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not
account for the "@" character when determining buffer lengths for
local addresses, which allows remote attackers to execute arbitrary
code via a header with a large number of local addresses.
Modifications:
20040810 ADDREF REDHAT:RHSA-2002:294
20040810 ADDREF IMMUNIX:IMNX-2003-7+-023-01
20040818 ADDREF REDHAT:RHSA-2003:155
20040818 ADDREF DEBIAN:DSA-216
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1365 ACCEPT (3 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Cole
MODIFY(1) Cox
NOOP(1) Christey
Voter Comments:
Cox> Addref: REDHAT:RHSA-2002:294
Christey> BUGTRAQ:20031020 Immunix Secured OS 7+ fetchmail update
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106674887826149&w=2
======================================================
Candidate: CAN-2002-1366
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1366
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: DEBIAN:DSA-232
Reference: URL:http://www.debian.org/security/2003/dsa-232
Reference: MANDRAKE:MDKSA-2003:001
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html
Reference: SUSE:SuSE-SA:2003:002
Reference: URL:http://www.suse.com/de/security/2003_002_cups.html
Reference: XF:cups-certs-race-condition(10907)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10907
Reference: BID:6435
Reference: URL:http://www.securityfocus.com/bid/6435
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local
users with lp privileges to create or overwrite arbitrary files via
file race conditions, as demonstrated by ice-cream.
Modifications:
20040810 ADDREF DEBIAN:DSA-232
20040810 ADDREF MANDRAKE:MDKSA-2003:001
20040810 ADDREF SUSE:SuSE-SA:2003:002
20040810 ADDREF XF:cups-certs-race-condition(10907)
20040810 ADDREF BID:6435
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1366 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cox, Cole
NOOP(1) Christey
Voter Comments:
Cox> Is it usual to name some arbitrary exploit in CVE descriptions?
Christey> MANDRAKE:MDKSA-2003:001
Christey> CVE rarely mentions exploits or other malware by name, except
where a vulnerability is often referred to by that exploit
name, or if there is some evidence that it would be used in a keyword
search. This makes it easier for people to be certain that they have
found the correct CVE identifier for a particular issue. In this
case, there was a large number of CUPS vulnerabilities reported all at
once, so the "ice-cream" keyword would be useful to clarify which bug
is being discussed.
======================================================
Candidate: CAN-2002-1367
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1367
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: CONECTIVA:CLSA-2003:702
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
Reference: DEBIAN:DSA-232
Reference: URL:http://www.debian.org/security/2003/dsa-232
Reference: MANDRAKE:MDKSA-2003:001
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html
Reference: SUSE:SuSE-SA:2003:002
Reference: URL:http://www.suse.com/de/security/2003_002_cups.html
Reference: XF:cups-udp-add-printers(10908)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10908
Reference: BID:6436
Reference: URL:http://www.securityfocus.com/bid/6436
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote
attackers to add printers without authentication via a certain UDP
packet, which can then be used to perform unauthorized activities such
as stealing the local root certificate for the administration server
via a "need authorization" page, as demonstrated by new-coke.
Modifications:
20040810 ADDREF CONECTIVA:CLSA-2003:702
20040810 ADDREF DEBIAN:DSA-232
20040810 ADDREF MANDRAKE:MDKSA-2003:001
20040810 ADDREF SUSE:SuSE-SA:2003:002
20040810 ADDREF XF:cups-udp-add-printers(10908)
20040810 ADDREF BID:6436
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1367 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cox, Cole
NOOP(1) Christey
Voter Comments:
Cox> Is it usual to name some arbitrary exploit in CVE descriptions?
Christey> MANDRAKE:MDKSA-2003:001
======================================================
Candidate: CAN-2002-1369
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1369
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: CONECTIVA:CLSA-2003:702
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
Reference: DEBIAN:DSA-232
Reference: URL:http://www.debian.org/security/2003/dsa-232
Reference: MANDRAKE:MDKSA-2003:001
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html
Reference: SUSE:SuSE-SA:2003:002
Reference: URL:http://www.suse.com/de/security/2003_002_cups.html
Reference: BID:6438
Reference: URL:http://www.securityfocus.com/bid/6438
Reference: XF:cups-strncat-options-bo(10910)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10910
jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17
does not properly use the strncat function call when processing the
options string, which allows remote attackers to execute arbitrary
code via a buffer overflow attack.
Modifications:
20040810 ADDREF CONECTIVA:CLSA-2003:702
20040810 ADDREF DEBIAN:DSA-232
20040810 ADDREF MANDRAKE:MDKSA-2003:001
20040810 ADDREF SUSE:SuSE-SA:2003:002
20040810 ADDREF BID:6438
20040810 ADDREF XF:cups-strncat-options-bo(10910)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1369 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cox, Cole
NOOP(1) Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2003:001
======================================================
Candidate: CAN-2002-1371
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1371
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: CONECTIVA:CLSA-2003:702
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
Reference: DEBIAN:DSA-232
Reference: URL:http://www.debian.org/security/2003/dsa-232
Reference: MANDRAKE:MDKSA-2003:001
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html
Reference: SUSE:SuSE-SA:2003:002
Reference: URL:http://www.suse.com/de/security/2003_002_cups.html
Reference: BID:6439
Reference: URL:http://www.securityfocus.com/bid/6439
Reference: XF:cups-zero-width-images(10911)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10911
filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14
through 1.1.17 does not properly check for zero-length GIF images,
which allows remote attackers to execute arbitrary code via modified
chunk headers, as demonstrated by nogif.
Modifications:
20040810 ADDREF CONECTIVA:CLSA-2003:702
20040810 ADDREF DEBIAN:DSA-232
20040810 ADDREF MANDRAKE:MDKSA-2003:001
20040810 ADDREF SUSE:SuSE-SA:2003:002
20040810 ADDREF BID:6439
20040810 ADDREF XF:cups-zero-width-images(10911)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1371 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cox, Cole
NOOP(1) Christey
Voter Comments:
Cox> Is it usual to name some arbitrary exploit in CVE descriptions?
Christey> MANDRAKE:MDKSA-2003:001
======================================================
Candidate: CAN-2002-1372
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1372
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: CONECTIVA:CLSA-2003:702
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
Reference: DEBIAN:DSA-232
Reference: URL:http://www.debian.org/security/2003/dsa-232
Reference: MANDRAKE:MDKSA-2003:001
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html
Reference: SUSE:SuSE-SA:2003:002
Reference: URL:http://www.suse.com/de/security/2003_002_cups.html
Reference: BID:6440
Reference: URL:http://www.securityfocus.com/bid/6440
Reference: XF:cups-file-descriptor-dos(10912)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10912
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not
properly check the return values of various file and socket
operations, which could allow a remote attacker to cause a denial of
service (resource exhaustion) by causing file descriptors to be
assigned and not released, as demonstrated by fanta.
Modifications:
20040810 ADDREF CONECTIVA:CLSA-2003:702
20040810 ADDREF DEBIAN:DSA-232
20040810 ADDREF MANDRAKE:MDKSA-2003:001
20040810 ADDREF SUSE:SuSE-SA:2003:002
20040810 ADDREF BID:6440
20040810 ADDREF XF:cups-file-descriptor-dos(10912)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1372 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cox, Cole
NOOP(1) Christey
Voter Comments:
Cox> Is it usual to name some arbitrary exploit in CVE descriptions?
Christey> MANDRAKE:MDKSA-2003:001
======================================================
Candidate: CAN-2002-1373
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1373
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2
Reference: MISC:http://security.e-matters.de/advisories/042002.html
Reference: DEBIAN:DSA-212
Reference: URL:http://www.debian.org/security/2002/dsa-212
Reference: ENGARDE:ESA-20030127-001
Reference: GENTOO:200212-2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2
Reference: IMMUNIX:IMNX-2003-7+-008-01
Reference: URL:http://www.securityfocus.com/advisories/5269
Reference: REDHAT:RHSA-2002:288
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html
Reference: REDHAT:RHSA-2002:289
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-289.html
Reference: REDHAT:RHSA-2003:166
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html
Reference: SUSE:SUSE-SA:2003:003
Reference: URL:http://www.suse.com/de/security/2003_003_mysql.html
Reference: TRUSTIX:2002-0086
Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt
Reference: BID:6368
Reference: URL:http://www.securityfocus.com/bid/6368
Reference: XF:mysql-comtabledump-dos(10846)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10846
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL
3.23.x before 3.23.54 allows remote attackers to cause a denial of
service (crash or hang) in mysqld by causing large negative integers
to be provided to a memcpy call.
Modifications:
20040810 ADDREF DEBIAN:DSA-212
20040810 ADDREF IMMUNIX:IMNX-2003-7+-008-01
20040810 ADDREF MANDRAKE:MDKSA-2002:087
20040810 ADDREF SUSE:SUSE-SA:2003:003
20040810 ADDREF REDHAT:RHSA-2002:289
20040810 ADDREF BID:6368
20040810 ADDREF XF:mysql-comtabledump-dos(10846)
20040810 [ref] normalize TRUSTIX
20040810 [ref] normalize GENTOO
20040818 ADDREF REDHAT:RHSA-2003:166
Analysis
--------
Vendor Acknowledgement: unknown
ACCURACY: a MySQL developer (Sergei Golubchik) confirmed via email
that the only the 3.23 branch was affected.
INFERRED ACTION: CAN-2002-1373 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Cole
MODIFY(1) Cox
Voter Comments:
Cox> Addref: REDHAT:RHSA-2002:289
======================================================
Candidate: CAN-2002-1374
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1374
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2
Reference: MISC:http://security.e-matters.de/advisories/042002.html
Reference: DEBIAN:DSA-212
Reference: URL:http://www.debian.org/security/2002/dsa-212
Reference: ENGARDE:ESA-20021213-033
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html
Reference: GENTOO:GLSA-200212-2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2
Reference: IMMUNIX:IMNX-2003-7+-008-01
Reference: URL:http://www.securityfocus.com/advisories/5269
Reference: REDHAT:RHSA-2002:288
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html
Reference: REDHAT:RHSA-2002:289
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-289.html
Reference: REDHAT:RHSA-2003:166
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html
Reference: SUSE:SUSE-SA:2003:003
Reference: URL:http://www.suse.com/de/security/2003_003_mysql.html
Reference: TRUSTIX:2002-0086
Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt
Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005886114500&w=2
Reference: BID:6373
Reference: URL:http://www.securityfocus.com/bid/6373
Reference: XF:mysql-comchangeuser-password-bypass(10847)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10847
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x
before 4.0.6, allows remote attackers to gain privileges via a brute
force attack using a one-character password, which causes MySQL to
only compare the provided password against the first character of the
real password.
Modifications:
20040810 ADDREF DEBIAN:DSA-212
20040810 ADDREF IMMUNIX:IMNX-2003-7+-008-01
20040810 ADDREF MANDRAKE:MDKSA-2002:087
20040810 ADDREF SUSE:SUSE-SA:2003:003
20040810 ADDREF REDHAT:RHSA-2002:289
20040810 ADDREF BID:6373
20040810 ADDREF XF:mysql-comchangeuser-password-bypass(10847)
20040810 [ref] normalize TRUSTIX
20040810 [ref] normalize GENTOO
20040818 ADDREF REDHAT:RHSA-2003:166
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1374 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Cole
MODIFY(1) Cox
Voter Comments:
Cox> Addref: REDHAT:RHSA-2002:289
Green> ACKNOWLEDGED IN THE RED HAT ERRATA
======================================================
Candidate: CAN-2002-1375
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1375
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2
Reference: MISC:http://security.e-matters.de/advisories/042002.html
Reference: DEBIAN:DSA-212
Reference: URL:http://www.debian.org/security/2002/dsa-212
Reference: ENGARDE:ESA-20021213-033
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html
Reference: GENTOO:GLSA-200212-2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2
Reference: IMMUNIX:IMNX-2003-7+-008-01
Reference: URL:http://www.securityfocus.com/advisories/5269
Reference: REDHAT:RHSA-2002:288
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html
Reference: REDHAT:RHSA-2002:289
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-289.html
Reference: REDHAT:RHSA-2003:166
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html
Reference: SUSE:SUSE-SA:2003:003
Reference: URL:http://www.suse.com/de/security/2003_003_mysql.html
Reference: TRUSTIX:2002-0086
Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt
Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005886114500&w=2
Reference: BID:6375
Reference: URL:http://www.securityfocus.com/bid/6375
Reference: XF:mysql-comchangeuser-password-bo(10848)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10848
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to
4.0.6, allows remote attackers to execute arbitrary code via a long
response.
Modifications:
20040810 ADDREF DEBIAN:DSA-212
20040810 ADDREF IMMUNIX:IMNX-2003-7+-008-01
20040810 ADDREF MANDRAKE:MDKSA-2002:087
20040810 ADDREF SUSE:SUSE-SA:2003:003
20040810 ADDREF REDHAT:RHSA-2002:289
20040810 ADDREF BID:6375
20040810 ADDREF XF:mysql-comchangeuser-password-bo(10848)
20040810 [ref] normalize TRUSTIX
20040810 [ref] normalize GENTOO
20040818 ADDREF REDHAT:RHSA-2003:166
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1375 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Cole
MODIFY(1) Cox
Voter Comments:
Cox> Addref: REDHAT:RHSA-2002:289
Green> ACKNOWLEDGED IN THE RED HAT ERRATA
======================================================
Candidate: CAN-2002-1377
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1377
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: FULLDISC:20021213 Some vim problems, yet still vim much better than windows
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2002-December/002948.html
Reference: MISC:http://www.guninski.com/vim1.html
Reference: BUGTRAQ:20040331 OpenLinux: vim arbitrary commands execution through modelines
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108077992208690&w=2
Reference: CONECTIVA:CLA-2004:812
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812
Reference: MANDRAKE:MDKSA-2003:012
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:012
Reference: REDHAT:RHSA-2002:297
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-297.html
Reference: REDHAT:RHSA-2002:302
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-302.html
Reference: SUNALERT:55700
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55700
Reference: BID:6384
Reference: URL:http://www.securityfocus.com/bid/6384
Reference: XF:vim-modeline-command-execution(10835)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10835
vim 6.0 and 6.1, and possibly other versions, allows attackers to
execute arbitrary commands using the libcall feature in modelines,
which are not sandboxed but may be executed when vim is used to edit a
malicious file, as demonstrated using mutt.
Modifications:
20040810 ADDREF CONECTIVA:CLA-2004:812
20040810 ADDREF SUNALERT:55700
20040810 ADDREF BID:6384
20040810 ADDREF XF:vim-modeline-command-execution(10835)
20040810 ADDREF BUGTRAQ:20040331 OpenLinux: vim arbitrary commands execution through modelines
20040810 [refs] normalize FULLDISC
20040810 [desc] clarify
20040818 ADDREF REDHAT:RHSA-2002:302
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1377 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Cole
MODIFY(1) Cox
NOOP(1) Christey
Voter Comments:
Cox> The mention of mutt in the original advisory is used to give one
indication of a possible attack vector. It should be 'but may
be executed when vim is used to edit a malicious file'
Addref: REDHAT:RHSA-2002:302
Green> ACKNOWLEDGED IN REDHAT ERRATA
Christey> CONECTIVA:CLA-2004:812
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812
Christey> BUGTRAQ:20040331 OpenLinux: vim arbitrary commands execution through modelines
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108077992208690&w=2
======================================================
Candidate: CAN-2002-1380
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1380
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: VULNWATCH:20021217 RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability
Reference: DEBIAN:DSA-336
Reference: URL:http://www.debian.org/security/2003/dsa-336
Reference: ENGARDE:ESA-20030318-009
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html
Reference: MANDRAKE:MDKSA-2003:039
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:039
Reference: REDHAT:RHSA-2003:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-088.html
Reference: TRUSTIX:2002-0083
Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0083-kernel.asc.txt
Reference: BID:6420
Reference: URL:http://www.securityfocus.com/bid/6420
Reference: XF:linux-protread-mmap-dos(10884)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10884
Linux kernel 2.2.x allows local users to cause a denial of service
(crash) by using the mmap() function with a PROT_READ parameter to
access non-readable memory pages through the /proc/pid/mem interface.
Modifications:
20040810 ADDREF DEBIAN:DSA-336
20040810 ADDREF ENGARDE:ESA-20030318-009
20040810 ADDREF MANDRAKE:MDKSA-2003:039
20040810 ADDREF REDHAT:RHSA-2003:088
20040810 ADDREF BID:6420
20040810 ADDREF XF:linux-protread-mmap-dos(10884)
20040810 [refs] normalize TRUSTIX
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1380 ACCEPT_ACK_REV (2 accept, 2 ack, 2 review)
Current Votes:
ACCEPT(1) Baker
MODIFY(1) Cox
NOOP(2) Christey, Cole
REVIEWING(2) Green, Wall
Voter Comments:
Christey> ENGARDE:ESA-20030318-009
URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html
CHANGE> [Cox changed vote from ACCEPT to MODIFY]
Cox> Addref: RHSA-2003:088
Christey> MANDRAKE:MDKSA-2003:039
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:039
Christey> DEBIAN:DSA-336
URL:http://www.debian.org/security/2003/dsa-336
======================================================
Candidate: CAN-2002-1381
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1381
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20021216
Category: SF
Reference: BUGTRAQ:20021204 Local root vulnerability found in exim 4.x (and 3.x)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103903403527788&w=2
Reference: CONFIRM:http://groups.yahoo.com/group/exim-users/message/42358
Reference: GENTOO:GLSA-200212-5
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104006219018664&w=2
Reference: BID:6314
Reference: URL:http://www.securityfocus.com/bid/6314
Reference: XF:exim-daemonc-format-string(10761)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10761
Format string vulnerability in daemon.c for Exim 4.x through 4.10, and
3.x through 3.36, allows exim administrative users to execute
arbitrary code by modifying the pid_file_path value.
Modifications:
20040810 ADDREF BID:6314
20040810 ADDREF XF:exim-daemonc-format-string(10761)
20040810 [refs] normalize GENTOO
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1381 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Baker, Cox, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2002-1382
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1382
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20021217
Category: SF
Reference: BUGTRAQ:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104014220727109&w=2
Reference: VULNWATCH:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2
Reference: URL:http://marc.theaimsgroup.com/?l=vulnwatch&m=104013370116670
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23569
Reference: BID:6383
Reference: URL:http://www.securityfocus.com/bid/6383
Reference: XF:flash-swf-bo(10861)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10861
Macromedia Flash Player before 6.0.65.0 allows remote attackers to
execute arbitrary code via certain malformed data headers in Shockwave
Flash file format (SWF) files, a different issue than CAN-2002-0846.
Modifications:
20040810 ADDREF BID:6383
20040810 ADDREF XF:flash-swf-bo(10861)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1382 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Green, Baker, Wall, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1384
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1384
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20021218
Category: SF
Reference: VULNWATCH:20021223 iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops
Reference: MISC:http://www.idefense.com/advisory/12.23.02.txt
Reference: DEBIAN:DSA-222
Reference: URL:http://www.debian.org/security/2003/dsa-222
Reference: DEBIAN:DSA-226
Reference: URL:http://www.debian.org/security/2003/dsa-226
Reference: DEBIAN:DSA-232
Reference: URL:http://www.debian.org/security/2003/dsa-232
Reference: GENTOO:GLSA-200301-1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104152282309980&w=2
Reference: MANDRAKE:MDKSA-2003:001
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
Reference: MANDRAKE:MDKSA-2003:002
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:002
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html
Reference: REDHAT:RHSA-2002:307
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-307.html
Reference: REDHAT:RHSA-2003:037
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-037.html
Reference: REDHAT:RHSA-2003:216
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-216.html
Reference: SUSE:SUSE-SA:2003:002
Reference: URL:http://www.suse.com/de/security/2003_002_cups.html
Reference: BID:6475
Reference: URL:http://www.securityfocus.com/bid/6475
Reference: XF:pdftops-integer-overflow(10937)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10937
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i,
and CUPS before 1.1.18, allows local users to execute arbitrary code
via a ColorSpace entry with a large number of elements, as
demonstrated by cups-pdf.
Modifications:
20040810 ADDREF DEBIAN:DSA-232
20040810 ADDREF MANDRAKE:MDKSA-2003:001
20040810 ADDREF MANDRAKE:MDKSA-2003:002
20040810 ADDREF REDHAT:RHSA-2002:307
20040810 ADDREF SUSE:SUSE-SA:2003:002
20040810 ADDREF XF:pdftops-integer-overflow(10937)
20040810 ADDREF BID:6475
20040810 [refs] normalize GENTOO
20040818 ADDREF REDHAT:RHSA-2003:216
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2002-1384 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Cole
MODIFY(1) Cox
NOOP(1) Christey
Voter Comments:
Cox> Addref: REDHAT:RHSA-2002:307
Christey> MANDRAKE:MDKSA-2003:001
MANDRAKE:MDKSA-2003:002
======================================================
Candidate: CAN-2002-1385
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1385
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20021219
Category: SF
Reference: BUGTRAQ:20021218 Openwebmail 1.71 remote root compromise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104031696120743&w=2
Reference: BUGTRAQ:20021219 [Fix] Openwebmail 1.71 remote root compromise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032263328026&w=2
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435
Reference: BID:6425
Reference: URL:http://www.securityfocus.com/bid/6425
Reference: XF:open-webmail-command-execution(10904)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10904
openwebmail_init in Open WebMail 1.81 and earlier allows local users
attackers to execute arbitrary code via .. (dot dot) sequences in a
login name, such as the name provided in the sessionid parameter for
openwebmail-abook.pl, which is used to find a configuration file that
specifies additional code to be executed.
Modifications:
20040810 ADDREF BID:6425
20040810 ADDREF XF:open-webmail-command-execution(10904)
Analysis
--------
Vendor Acknowledgement: yes advisory
ACKNOWLEDGEMENT: the announce page for Open WebMail includes an item
"Security Advisory 20021219," which describes the problem and credits
the Bugtraq poster.
INFERRED ACTION: CAN-2002-1385 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1388
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1388
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20021230
Category: SF
Reference: CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200212220120.gBM1K8502180@mcguire.earlhood.com
Reference: DEBIAN:DSA-221
Reference: URL:http://www.debian.org/security/2002/dsa-221
Reference: XF:mhonarc-m2htexthtml-filter-xss(10950)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10950
Reference: BID:6479
Reference: URL:http://www.securityfocus.com/bid/6479
Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14
allows remote attackers to inject arbitrary HTML into web archive
pages via HTML mail messages.
Modifications:
20040810 ADDREF XF:mhonarc-m2htexthtml-filter-xss(10950)
20040810 ADDREF BID:6479
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1388 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1389
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1389
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20021230
Category: SF
Reference: DEBIAN:DSA-217
Reference: URL:http://www.debian.org/security/2002/dsa-217
Reference: BID:6485
Reference: URL:http://www.securityfocus.com/bid/6485
Reference: XF:typespeed-command-line-bo(10936)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10936
Buffer overflow in typespeed 0.4.2 and earlier allows local users to
gain privileges via long input.
Modifications:
20040810 BID:6485
20040810 XF:typespeed-command-line-bo(10936)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1389 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Cole
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1390
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1390
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20030106
Category: SF
Reference: CONFIRM:http://cristal.inria.fr/~ddr/GeneWeb/en/version/4.09.html
Reference: DEBIAN:DSA-223
Reference: URL:http://www.debian.org/security/2003/dsa-223
Reference: BID:6549
Reference: URL:http://www.securityfocus.com/bid/6549
Reference: XF:geneweb-absolute-information-disclosure(11021)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11021
The daemon for GeneWeb before 4.09 does not properly handle requested
paths, which allows remote attackers to read arbitrary files via a
crafted URL.
Modifications:
20040810 ADDREF BID:6549
20040810 ADDREF XF:geneweb-absolute-information-disclosure(11021)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1390 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Cole
NOOP(2) Christey, Cox
Voter Comments:
Christey> BID:6549
URL:http://www.securityfocus.com/bid/6549
XF:geneweb-absolute-information-disclosure(11021)
URL:http://www.iss.net/security_center/static/11021.php
======================================================
Candidate: CAN-2002-1391
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1391
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20030106
Category: SF
Reference: CONFIRM:http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty
Reference: CALDERA:CSSA-2003-021.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt
Reference: GENTOO:GLSA-200304-09
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154413326136&w=2
Reference: REDHAT:RHSA-2003:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-008.html
Reference: REDHAT:RHSA-2003:036
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-036.html
Reference: BID:7303
Reference: URL:http://www.securityfocus.com/bid/7303
Reference: XF:mgetty-cndprogram-callername-bo(11072)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11072
Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a Caller ID string with a long CallerName argument.
Modifications:
20040810 ADDREF CALDERA:CSSA-2003-021.0
20040810 ADDREF GENTOO:GLSA-200304-09
20040810 ADDREF REDHAT:RHSA-2003:008
20040810 ADDREF REDHAT:RHSA-2003:036
20040810 ADDREF BID:7303
20040810 ADDREF XF:mgetty-cndprogram-callername-bo(11072)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1391 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
MODIFY(1) Cox
NOOP(2) Christey, Wall
Voter Comments:
Cox> ADDREF: RHSA-2003:0008
Christey> BUGTRAQ:20030428 GLSA: mgetty (200304-09)
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154413326136&w=2
Christey> CALDERA:CSSA-2003-021.0
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt
======================================================
Candidate: CAN-2002-1392
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1392
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20030106
Category: CF
Reference: CONFIRM:http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty
Reference: CALDERA:CSSA-2003-021.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt
Reference: GENTOO:GLSA-200304-09
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154413326136&w=2
Reference: REDHAT:RHSA-2003:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-008.html
Reference: REDHAT:RHSA-2003:036
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-036.html
Reference: BID:7302
Reference: URL:http://www.securityfocus.com/bid/7302
Reference: XF:mgetty-faxspool-worldwritable-directory(11070)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11070
faxspool in mgetty before 1.1.29 uses a world-writable spool directory
for outgoing faxes, which allows local users to modify fax
transmission privileges.
Modifications:
20040810 ADDREF CALDERA:CSSA-2003-021.0
20040810 ADDREF GENTOO:GLSA-200304-09
20040810 ADDREF REDHAT:RHSA-2003:008
20040810 ADDREF REDHAT:RHSA-2003:036
20040810 ADDREF BID:7302
20040810 ADDREF XF:mgetty-faxspool-worldwritable-directory(11070)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1392 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Baker, Cole
MODIFY(1) Cox
NOOP(2) Christey, Wall
Voter Comments:
Cox> ADDREF: RHSA-2003:0008
Christey> BUGTRAQ:20030428 GLSA: mgetty (200304-09)
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154413326136&w=2
Christey> CALDERA:CSSA-2003-021.0
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt
======================================================
Candidate: CAN-2002-1394
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1394
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20030106
Category: SF
Reference: DEBIAN:DSA-225
Reference: URL:http://www.debian.org/security/2003/dsa-225
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=tomcat-dev&m=103417249325526&w=2
Reference: CONFIRM:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13365
Reference: REDHAT:RHSA-2003:075
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-075.html
Reference: REDHAT:RHSA-2003:082
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-082.html
Reference: GENTOO:GLSA-200210-001
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103470282514938&w=2
Reference: BID:6562
Reference: URL:http://www.securityfocus.com/bid/6562
Reference: XF:tomcat-invoker-source-code(10376)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10376
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet
and the default servlet, allows remote attackers to read source code
for server files or bypass certain protections, a variant of
CAN-2002-1148.
Modifications:
20040810 ADDREF REDHAT:RHSA-2003:075
20040810 ADDREF REDHAT:RHSA-2003:082
20040810 ADDREF BID:6562
20040810 ADDREF XF:tomcat-invoker-source-code(10376)
20040810 [refs] normalize GENTOO
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1394 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cole, Armstrong
MODIFY(1) Cox
Voter Comments:
Cox> Addref: RHSA-2003:082
Cox> ADDREF REDHAT:RHSA-2003:075
======================================================
Candidate: CAN-2002-1396
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: BUGTRAQ:20021227 Buffer overflow in PHP "wordwrap" function
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104102689503192&w=2
Reference: CONFIRM:http://bugs.php.net/bug.php?id=20927
Reference: ENGARDE:ESA-20030219-003
Reference: URL:http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0003.html
Reference: GENTOO:200301-8
Reference: URL:http://www.securityfocus.com/advisories/4862
Reference: MANDRAKE:MDKSA-2003:019
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:019
Reference: REDHAT:RHSA-2003:017
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-017.html
Reference: SCO:CSSA-2003-SCO.28
Reference: SUSE:SuSE-SA:2003:0009
Reference: URL:http://www.suse.com/de/security/2003_009_mod_php4.html
Reference: BID:6488
Reference: URL:http://www.securityfocus.com/bid/6488
Reference: XF:php-wordwrap-bo(10944)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10944
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2
and before 4.3.0 may allow attackers to cause a denial of service or
execute arbitrary code.
Modifications:
20040810 ADDREF GENTOO:200301-8
20040810 ADDREF SCO:CSSA-2003-SCO.28
20040810 ADDREF BID:6488
20040810 ADDREF XF:php-wordwrap-bo(10944)
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1396 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Green, Cox, Cole
NOOP(1) Christey
Voter Comments:
Green> ACKNOWLEDGED IN http://bugs.php.net/bug.php?id=20927
Christey> SCO:CSSA-2003-SCO.28
======================================================
Candidate: CAN-2002-1403
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1403
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20030110
Category: SF
Reference: CONECTIVA:CLA-2002:549
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000549
Reference: DEBIAN:DSA-219
Reference: URL:http://www.debian.org/security/2002/dsa-219
Reference: GENTOO:GLSA-200301-3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104189546709447&w=2
Reference: MANDRAKE:MDKSA-2003:003
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003
Reference: BID:6200
Reference: URL:http://online.securityfocus.com/bid/6200
Reference: XF:dhcpcd-info-execute-commands(10663)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10663
dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to
execute arbitrary code via shell metacharacters that are fed from a
dhcpd .info script into a .exe script.
Modifications:
20040810 ADDREF XF:dhcpcd-info-execute-commands(10663)
20040810 [refs] normalize GENTOO
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1403 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Cox
NOOP(1) Christey
Voter Comments:
CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
Christey> XF:dhcpcd-info-execute-commands(10663)
======================================================
Candidate: CAN-2002-1405
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1405
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: BUGTRAQ:20020819 Lynx CRLF Injection
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978118411977&w=2
Reference: BUGTRAQ:20020822 Lynx CRLF Injection, part two
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103003793418021&w=2
Reference: DEBIAN:DSA-210
Reference: URL:http://www.debian.org/security/2002/dsa-210
Reference: CALDERA:CSSA-2002-049.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt
Reference: REDHAT:RHSA-2003:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-029.html
Reference: REDHAT:RHSA-2003:030
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-030.html
Reference: TRUSTIX:2002-0085
Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt
Reference: MANDRAKE:MDKSA-2003:023
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023
Reference: BID:5499
Reference: URL:http://www.securityfocus.com/bid/5499
Reference: XF:lynx-crlf-injection(9887)
Reference: URL:http://www.iss.net/security_center/static/9887.php
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote
attackers to inject false HTTP headers into an HTTP request that is
provided on the command line, via a URL containing encoded carriage
return, line feed, and other whitespace characters.
Modifications:
20040810 ADDREF BID:5499
20040810 ADDREF REDHAT:RHSA-2003:030
20040810 [refs] normalize TRUSTIX
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1405 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
MODIFY(1) Cox
NOOP(1) Christey
Voter Comments:
Cox> Addref: RHSA-2003:030
Christey> BID:5499
URL:http://www.securityfocus.com/bid/5499
======================================================
Candidate: CAN-2002-1407
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1407
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020805 IE SSL Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102866120821995&w=2
Reference: BUGTRAQ:20020810 TinySSL Vendor Statement: Basic Constraints Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0096.html
Reference: BID:5410
Reference: URL:http://www.securityfocus.com/bid/5410
Reference: XF:ssl-ca-certificate-spoofing(9776)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9776
TinySSL 1.02 and earlier does not verify the Basic Constraints for an
intermediate CA-signed certificate, which allows remote attackers to
spoof the certificates of trusted sites via a man-in-the-middle
attack.
Modifications:
20040810 ADDREF XF:ssl-ca-certificate-spoofing(9776)
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2002-1407 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1412
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1412
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020801 code injection in gallery
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0471.html
Reference: CONFIRM:http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=50&mode=thread&order=0&thold=0
Reference: DEBIAN:DSA-138
Reference: URL:http://www.debian.org/security/2002/dsa-138
Reference: BID:5375
Reference: URL:http://www.securityfocus.com/bid/5375
Reference: XF:gallery-basedir-execute-commands(9737)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9737
Gallery photo album package before 1.3.1 allows local and possibly
remote attackers to execute arbitrary code via a modified
GALLERY_BASEDIR variable that points to a directory or URL that
contains a Trojan horse init.php script.
Modifications:
20040810 ADDREF BID:5375
20040810 ADDREF XF:gallery-basedir-execute-commands(9737)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1412 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(2) Christey, Cox
Voter Comments:
Christey> BID:5375
======================================================
Candidate: CAN-2002-1413
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1413
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020821 NOVL-2002-2963349 - Rconag6 Secure IP Login Vulnerability - NW6SP2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0216.html
Reference: CERT-VN:VU#746251
Reference: URL:http://www.kb.cert.org/vuls/id/746251
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963349
Reference: XF:netware-rconj-no-password(9928)
Reference: URL:http://www.iss.net/security_center/static/9928.php
Reference: BID:5541
Reference: URL:http://www.securityfocus.com/bid/5541
RCONAG6 for Novell Netware SP2, while running RconJ in secure mode,
allows remote attackers to bypass authentication using the RconJ
"Secure IP" (SSL) option during a connection.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1413 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Baker, Frech
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1414
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1414
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: VULN-DEV:20020806 qmailadmin SUID buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102859603029424&w=2
Reference: BUGTRAQ:20020724 Re: qmailadmin SUID buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0016.html
Reference: CONFIRM:http://www.inter7.com/qmailadmin/ChangeLog
Reference: BID:5404
Reference: URL:http://www.securityfocus.com/bid/5404
Reference: XF:qmailadmin-templatedir-bo(9786)
Reference: URL:http://www.iss.net/security_center/static/9786.php
Buffer overflow in qmailadmin allows local users to gain privileges
via a long QMAILADMIN_TEMPLATEDIR environment variable.
Analysis
--------
Vendor Acknowledgement: yes advisory
ACKNOWLEDGEMENT: The changelog includes an item dated August 6, 2002,
which states "Fixed local overflow in template code."
INFERRED ACTION: CAN-2002-1414 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1417
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1417
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0199.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963297
Reference: BID:5523
Reference: URL:http://www.securityfocus.com/bid/5523
Reference: XF:novell-netbasic-directory-traversal(9910)
Reference: URL:http://www.iss.net/security_center/static/9910.php
Directory traversal vulnerability in Novell NetBasic Scripting Server
(NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and
6, allows remote attackers to read arbitrary files via a URL
containing a "..%5c" sequence (modified dot-dot), which is mapped to
the directory separator.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1417 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1418
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1418
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0199.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963297
Reference: XF:novell-netbasic-interpreter-bo(9911)
Reference: URL:http://www.iss.net/security_center/static/9911.php
Reference: BID:5524
Reference: URL:http://www.securityfocus.com/bid/5524
Buffer overflow in the interpreter for Novell NetBasic Scripting
Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite
5.1 and 6, allows remote attackers to cause a denial of service
(ABEND) via a long module name.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1418 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1419
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1419
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: SGI:20020805-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020805-01-I
Reference: BID:5467
Reference: URL:http://www.securityfocus.com/bid/5467
Reference: XF:irix-origin-bypass-filtering(9868)
Reference: URL:http://www.iss.net/security_center/static/9868.php
The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes
the MAC address of the system, which could modify intended access
restrictions that are based on a MAC address.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1419 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1420
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1420
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020812 OpenBSD Security Advisory: Select Boundary Condition (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918817012863&w=2
Reference: BID:5442
Reference: URL:http://www.securityfocus.com/bid/5442
Reference: XF:openbsd-select-bo(9809)
Reference: URL:http://www.iss.net/security_center/static/9809.php
Reference: OSVDB:7554
Reference: URL:http://www.osvdb.org/7554
Integer signedness error in select() on OpenBSD 3.1 and earlier allows
local users to overwrite arbitrary kernel memory via a negative value
for the size parameter, which satisfies the boundary check as a signed
integer, but is later used as an unsigned integer during a data
copying operation.
Modifications:
20040818 ADDREF OSVDB:7554
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1420 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1424
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1424
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: DEBIAN:DSA-141
Reference: URL:http://www.debian.org/security/2002/dsa-141
Reference: BID:5385
Reference: URL:http://www.securityfocus.com/bid/5385
Reference: XF:munpack-mime-bo(9747)
Reference: URL:http://www.iss.net/security_center/static/9747.php
Buffer overflow in munpack in mpack 1.5 and earlier allows remote
attackers to cause a denial of service and possibly execute arbitrary
code.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1424 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1425
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1425
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: DEBIAN:DSA-141
Reference: URL:http://www.debian.org/security/2002/dsa-141
Reference: BID:5386
Reference: URL:http://www.securityfocus.com/bid/5386
Reference: XF:munpack-dotdot-directory-traversal(9748)
Reference: URL:http://www.iss.net/security_center/static/9748.php
Directory traversal vulnerability in munpack in mpack 1.5 and earlier
allows remote attackers to create new files in the parent directory
via a ../ (dot-dot) sequence in the filename to be extracted.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1425 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1430
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1430
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020730 [ADVISORY]: Arbitrary file disclosure vulnerability in Sympoll 1.2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0401.html
Reference: CONFIRM:http://www.ralusp.net/downloads/sympoll/changelog.txt
Reference: BID:5360
Reference: URL:http://www.securityfocus.com/bid/5360
Reference: XF:sympoll-php-view-files(9723)
Reference: URL:http://www.iss.net/security_center/static/9723.php
Unknown vulnerability in Sympoll 1.2 allows remote attackers to read
arbitrary files when register_globals is enabled, possibly by
modifying certain PHP variables through URL parameters.
Analysis
--------
Vendor Acknowledgement: yes changelog
ACKNOWLEDGEMENT: the vendor's changelog for version 1.3 includes an
item labeled "IMPORTANT SECURITY FIX" and crediting an individual who
is also credited by the author of the Bugtraq post. The dates of the
Bugtraq post and vendor changelog are also the same (July 30).
ACCURACY: while neither the Bugtraq poster nor the vendor say that PHP
variables are directly modified through URL parameters, that is the
behavior that is otherwise prevented by the register_globals feature,
and typical of vulnerabilities in many PHP scripts.
INFERRED ACTION: CAN-2002-1430 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1435
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1435
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020822 Arbitrary code execution problem in Achievo
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html
Reference: CONFIRM:http://www.achievo.org/lists/2002/Aug/msg00092.html
Reference: XF:achievo-php-execute-code(9947)
Reference: URL:http://www.iss.net/security_center/static/9947.php
Reference: BID:5552
Reference: URL:http://www.securityfocus.com/bid/5552
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except
0.8.2, allows remote attackers to execute arbitrary PHP code when the
'allow_url_fopen' setting is enabled via a URL in the config_atkroot
parameter that points to the code.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1435 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1436
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1436
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963307
Reference: XF:netware-perl-code-execution(9916)
Reference: URL:http://www.iss.net/security_center/static/9916.php
Reference: BID:5520
Reference: URL:http://www.securityfocus.com/bid/5520
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6
allows remote attackers to execute arbitrary Perl code via an HTTP
POST request.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1436 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1437
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1437
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963307
Reference: BID:5522
Reference: URL:http://www.securityfocus.com/bid/5522
Reference: XF:netware-perl-directory-traversal(9915)
Reference: URL:http://www.iss.net/security_center/static/9915.php
Directory traversal vulnerability in the web handler for Perl 5.003 on
Novell NetWare 5.1 and NetWare 6 allows remote attackers to read
arbitrary files via an HTTP request containing "..%5c" (URL-encoded
dot-dot backslash) sequences.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1437 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1438
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1438
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963307
Reference: XF:netware-perl-information-disclosure(9917)
Reference: URL:http://www.iss.net/security_center/static/9917.php
Reference: BID:5521
Reference: URL:http://www.securityfocus.com/bid/5521
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6
allows remote attackers to obtain Perl version information via the -v
option.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1438 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1443
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1443
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC)
Reference: URL:http://online.securityfocus.com/archive/1/286527
Reference: NTBUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC)
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html
Reference: MISC:http://sec.greymagic.com/adv/gm001-mc/
Reference: CONFIRM:http://toolbar.google.com/whatsnew.php3
Reference: BID:5426
Reference: URL:http://www.securityfocus.com/bid/5426
Reference: XF:google-toolbar-keypress-monitoring(10054)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10054
The Google toolbar 1.1.58 and earlier allows remote web sites to
monitor a user's input into the toolbar via an "onkeydown" event
handler.
Modifications:
20040810 ADDREF XF:google-toolbar-keypress-monitoring(10054)
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2002-1443 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1446
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1446
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020819 nCipher Advisory #5: C_Verify validates incorrect symmetric signatures
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0172.html
Reference: CONFIRM:http://www.ncipher.com/support/advisories/advisory5_c_verify.html
Reference: BID:5498
Reference: URL:http://www.securityfocus.com/bid/5498
Reference: XF:ncipher-cverify-improper-verification(9895)
Reference: URL:http://www.iss.net/security_center/static/9895.php
The error checking routine used for the C_Verify call on a symmetric
verification key in the nCipher PKCS#11 library 1.2.0 and later
returns the CKR_OK status even when it detects an invalid signature,
which could allow remote attackers to modify or forge messages.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1446 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1447
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1447
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020619 [AP] Cisco vpnclient buffer overflow
Reference: URL:http://online.securityfocus.com/archive/1/277653
Reference: CISCO:20020619 Buffer Overflow in UNIX VPN Client
Reference: URL:http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml
Reference: MISC:http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txt
Reference: XF:ciscovpn-profile-name-bo(9376)
Reference: URL:http://www.iss.net/security_center/static/9376.php
Reference: BID:5056
Reference: URL:http://www.securityfocus.com/bid/5056
Buffer overflow in the vpnclient program for UNIX VPN Client before
3.5.2 allows local users to gain administrative privileges via a long
profile name in a connect argument.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1447 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Jones
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1448
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1448
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: CF
Reference: BUGTRAQ:20020805 SNMP vulnerability in AVAYA Cajun firmware
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0519.html
Reference: CONFIRM:http://support.avaya.com/security/Unauthorized_SNMP/index.jhtml
Reference: XF:avaya-cajun-default-snmp(9769)
Reference: URL:http://www.iss.net/security_center/static/9769.php
Reference: BID:5396
Reference: URL:http://www.securityfocus.com/bid/5396
An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya
P330, P130, and M770-ATM Cajun products allows remote attackers to
gain administrative privileges.
Analysis
--------
Vendor Acknowledgement: yes advisory
ACKNOWLEDGEMENT: the vendor's security advisory credits Jacek
Lipkowski, the author of the Bugtraq post.
INFERRED ACTION: CAN-2002-1448 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1463
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1463
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020802 Security Advisory: Raptor Firewall Weak ISN Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0492.html
Reference: CONFIRM:http://www.symantec.com/techsupp/bulletin/archive/firewall/082002firewall.html
Reference: BID:5387
Reference: URL:http://www.securityfocus.com/bid/5387
Reference: XF:symantec-tcp-seq-predict(12836)
Reference: URL:http://xforce.iss.net/xforce/xfdb/12836
Reference: OSVDB:855
Reference: URL:http://www.osvdb.org/855
Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and
7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway
Security 5110/5200/5300 generate easily predictable initial sequence
numbers (ISN), which allows remote attackers to spoof connections.
Modifications:
20040810 ADDREF BID:5387
20040810 ADDREF XF:symantec-tcp-seq-predict(12836)
20040818 ADDREF OSVDB:855
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1463 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1468
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1468
Final-Decision:
Interim-Decision: 20040825
Modified: 20040810
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: AIXAPAR:IY31997
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0007.html
Reference: BID:5885
Reference: URL:http://www.securityfocus.com/bid/5885
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute
arbitrary code as root.
Modifications:
20040810 [desc] clarify based on Bollinger's vote
20040810 ADDREF BID:5885
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2002-1468 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Bollinger
NOOP(1) Cox
Voter Comments:
Bollinger> This buffer overflow allows a local attacker to execute
arbitrary code as root.
======================================================
Candidate: CAN-2002-1469
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1469
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020820 vulnerabilities in scponly
Reference: URL:http://online.securityfocus.com/archive/1/288245
Reference: CONFIRM:http://www.sublimation.org/scponly/
Reference: BID:5526
Reference: URL:http://www.securityfocus.com/bid/5526
Reference: XF:scponly-ssh-env-upload(9913)
Reference: URL:http://www.iss.net/security_center/static/9913.php
scponly does not properly verify the path when finding the (1) scp or
(2) sftp-server programs, which could allow remote authenticated users
to bypass access controls by uploading malicious programs and
modifying the PATH variable in $HOME/.ssh/environment to locate those
programs.
Analysis
--------
Vendor Acknowledgement: yes changelog
ACKNOWLEDGEMENT: on the release notes for scponly is an item titled
"aug 2002 addendum" and states "Derek D. Martin [the discloser] sent
me an exploitable vulnerability condition that can be used to run
arbitrary commands, thus circumventing scponly!"
INFERRED ACTION: CAN-2002-1469 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1471
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1471
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20021003 SSL certificate validation problems in Ximian Evolution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0045.html
Reference: XF:evolution-camel-certificate-mitm(10292)
Reference: URL:http://www.iss.net/security_center/static/10292.php
Reference: BID:5875
Reference: URL:http://www.securityfocus.com/bid/5875
The camel component for Ximian Evolution 1.0.x and earlier does not
verify certificates when it establishes a new SSL connection after
previously verifying a certificate, which could allow remote attackers
to monitor or modify sessions via a man-in-the-middle attack.
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-2002-1471 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
Voter Comments:
CHANGE> [Cox changed vote from REVIEWING to NOOP]
======================================================
Candidate: CAN-2002-1472
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1472
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: CONECTIVA:CLA-2002:529
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529
Reference: REDHAT:RHSA-2003:066
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-066.html
Reference: REDHAT:RHSA-2003:067
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-067.html
Reference: SUSE:SuSE-SA:2002:032
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html
Reference: BID:5735
Reference: URL:http://www.securityfocus.com/bid/5735
Reference: XF:xfree86-x11-program-execution(10137)
Reference: URL:http://www.iss.net/security_center/static/10137.php
libX11.so in xfree86, when used in setuid or setgid programs, allows
local users to gain root privileges via a modified LD_PRELOAD
environment variable that points to a malicious module.
Modifications:
20040810 ADDREF REDHAT:RHSA-2003:067
20040810 [desc] clarify role of setuid/setgid programs
20040818 ADDREF REDHAT:RHSA-2003:066
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1472 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
MODIFY(1) Cox
NOOP(1) Christey
Voter Comments:
Christey> REDHAT:RHSA-2003:067
URL:http://www.redhat.com/support/errata/RHSA-2003-067.html
CHANGE> [Cox changed vote from REVIEWING to MODIFY]
Cox> The description should be updated to show that this is exploitable only in
setuid/gid programs that happen to link libX11.so. This is important as
many distributions did not ship with any setuid programs linked to
libX11.so.
Perhaps "setuid/gid programs linked to the xfree86 libX11.so allows local
users to gain privileges via a modified LD_PRELOAD environment
variable that points to a malicious module."
======================================================
Candidate: CAN-2002-1476
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1476
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: NETBSD:NetBSD-SA2002-012
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc
Reference: BID:5724
Reference: URL:http://www.securityfocus.com/bid/5724
Reference: XF:netbsd-libc-setlocale-bo(10159)
Reference: URL:http://www.iss.net/security_center/static/10159.php
Reference: OSVDB:7565
Reference: URL:http://www.osvdb.org/7565
Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and
possibly other operating systems, when called with the LC_ALL
category, allows local attackers to execute arbitrary code via a
user-controlled locale string that has more than 6 elements, which
exceeds the boundaries of the new_categories category array, as
exploitable through programs such as xterm and zsh.
Modifications:
20040818 ADDREF OSVDB:7565
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1476 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1477
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1477
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020903 Cacti security issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html
Reference: DEBIAN:DSA-164
Reference: URL:http://www.debian.org/security/2002/dsa-164
Reference: MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
Reference: XF:cacti-graph-label-commands(10048)
Reference: URL:http://www.iss.net/security_center/static/10048.php
Reference: BID:5627
Reference: URL:http://www.securityfocus.com/bid/5627
graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti
administrators to execute arbitrary commands via shell metacharacters
in the title during edit mode.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1477 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1478
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1478
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020903 Cacti security issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html
Reference: MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
Reference: DEBIAN:DSA-164
Reference: URL:http://www.debian.org/security/2002/dsa-164
Reference: XF:cacti-console-mode-commands(10050)
Reference: URL:http://www.iss.net/security_center/static/10050.php
Reference: BID:5630
Reference: URL:http://www.securityfocus.com/bid/5630
Cacti before 0.6.8 allows attackers to execute arbitrary commands via
the "Data Input" option in console mode.
Modifications:
20040811 ADDREF DEBIAN:DSA-164
Analysis
--------
Vendor Acknowledgement:
ACCURACY: it is not clear from the report whether the "console mode"
is remote or not; if only accessible on the command line, this may not
be a vulnerability unless Cacti is setuid.
INFERRED ACTION: CAN-2002-1478 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(3) Christey, Cox, Wall
Voter Comments:
Christey> Sounds like DEBIAN:DSA-164 is a match.
Baker> http://www.dsinet.org/textfiles/advisories/Debian/DSA-164-1
======================================================
Candidate: CAN-2002-1479
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1479
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020903 Cacti security issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html
Reference: MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
Reference: XF:cacti-config-world-readable(10049)
Reference: URL:http://www.iss.net/security_center/static/10049.php
Reference: BID:5628
Reference: URL:http://www.securityfocus.com/bid/5628
Cacti before 0.6.8 stores a MySQL username and password in plaintext
in config.php, which has world-readable permissions, which allows
local users modify databases as the Cacti user and possibly gain
privileges.
Analysis
--------
Vendor Acknowledgement:
ACCURACY: it is not clear from the report whether the "console mode"
is remote or not; if only accessible on the command line, this may not
be a vulnerability unless Cacti is setuid.
INFERRED ACTION: CAN-2002-1479 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1490
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1490
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: NETBSD:NetBSD-SA2002-007
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-007.txt.asc
Reference: XF:netbsd-tiocsctty-ioctl-bo(10115)
Reference: URL:http://www.iss.net/security_center/static/10115.php
Reference: BID:5722
Reference: URL:http://www.securityfocus.com/bid/5722
Reference: OSVDB:7566
Reference: URL:http://www.osvdb.org/7566
NetBSD 1.4 through 1.6 beta allows local users to cause a denial of
service (kernel panic) via a series of calls to the TIOCSCTTY ioctl,
which causes an integer overflow in a structure counter and sets the
counter to zero, which frees memory that is still in use by other
processes.
Modifications:
20040818 ADDREF OSVDB:7566
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1490 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1491
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1491
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: CISCO:20020918 Cisco VPN 5000 Client Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn5000-defaultconnection-password(10129)
Reference: URL:http://www.iss.net/security_center/static/10129.php
Reference: BID:5736
Reference: URL:http://www.securityfocus.com/bid/5736
Reference: OSVDB:7041
Reference: URL:http://www.osvdb.org/7041
The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most
recently used login password in plaintext when saving "Default
Connection" settings, which could allow local users to gain
privileges.
Modifications:
20040818 ADDREF OSVDB:7041
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1491 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
MODIFY(1) Jones
NOOP(1) Cox
Voter Comments:
Jones> Change "...to gain privileges." to "...to gain additional
privileges."
======================================================
Candidate: CAN-2002-1493
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1493
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020914 Lycos HTMLGear Guestbook Script Injection Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0198.html
Reference: VULNWATCH:20020926 [VulnWatch] BugTraq ID: 5728
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0132.html
Reference: BID:5728
Reference: URL:http://www.securityfocus.com/bid/5728
Reference: XF:guestgear-img-xss(12235)
Reference: URL:http://xforce.iss.net/xforce/xfdb/12235
Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook
allows remote attackers to inject arbitrary script via (1) STYLE
attributes or (2) SRC attributes in an IMG tag.
Modifications:
20040811 ADDREF XF:guestgear-img-xss(12235)
Analysis
--------
Vendor Acknowledgement: yes followup
INFERRED ACTION: CAN-2002-1493 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1494
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1494
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020903 Cross-Site Scripting in Aestiva's HTML/OS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0026.html
Reference: BID:5618
Reference: URL:http://www.securityfocus.com/bid/5618
Reference: XF:aestiva-htmlos-cgi-xss(10029)
Reference: URL:http://www.iss.net/security_center/static/10029.php
Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows
remote attackers to insert arbitrary HTML or script by inserting the
script after a trailing / character, which inserts the script into the
resulting error message.
Modifications:
20040811 [refs] fix Bugtraq post subject
Analysis
--------
Vendor Acknowledgement: no
INFERRED ACTION: CAN-2002-1494 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(3) Christey, Cox, Wall
Voter Comments:
Christey> Fix Bugtraq subject line:
BUGTRAQ:20020903 Cross-Site Scripting in Aestiva's HTML/OS
======================================================
Candidate: CAN-2002-1496
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1496
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020922 remote exploitable heap overflow in Null HTTPd 0.5.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0284.html
Reference: CONFIRM:http://freshmeat.net/releases/97910/
Reference: BID:5774
Reference: URL:http://www.securityfocus.com/bid/5774
Reference: XF:null-httpd-contentlength-bo(10160)
Reference: URL:http://www.iss.net/security_center/static/10160.php
Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier
allows remote attackers to execute arbitrary code via a negative value
in the Content-Length HTTP header.
Analysis
--------
Vendor Acknowledgement: yes changelog
INFERRED ACTION: CAN-2002-1496 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1497
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1497
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: CONFIRM:http://freshmeat.net/releases/97910/
Reference: BID:5603
Reference: URL:http://www.securityfocus.com/bid/5603
Reference: XF:null-httpd-xss(10004)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10004
Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and
earlier allows remote attackers to insert arbitrary HTML into a "404
Not Found" response.
Modifications:
20040811 ADDREF BID:5603
20040811 ADDREF XF:null-httpd-xss(10004)
Analysis
--------
Vendor Acknowledgement: yes changelog
ACKNOWLEDGEMENT: the changelog for 0.5.1 includes a statement that the
new version "fixes XSS filtering in 404 responses."
INFERRED ACTION: CAN-2002-1497 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1501
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1501
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020913 Scan against Enterasys SSR8000 crash the system
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0141.html
Reference: MISC:http://www.enterasys.com/support/techtips/tk0659-9.html
Reference: BID:5703
Reference: URL:http://www.securityfocus.com/bid/5703
Reference: XF:smartswitch-portscan-dos(10096)
Reference: URL:http://www.iss.net/security_center/static/10096.php
The MPS functionality in Enterasys SSR8000 (Smart Switch Router)
before firmware 8.3.0.10 allows remote attackers to cause a denial of
service (crash) via multiple port scans to ports 15077 and 15078.
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2002-1501 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
Voter Comments:
Baker> http://www.enterasys.com/support/techtips/tk0659-9.html
======================================================
Candidate: CAN-2002-1502
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1502
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020912 xbreaky symlink vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0131.html
Reference: CONFIRM:http://xbreaky.sourceforge.net/
Reference: BID:5700
Reference: URL:http://www.securityfocus.com/bid/5700
Reference: XF:xbreaky-breakyhighscores-symlink(10078)
Reference: URL:http://www.iss.net/security_center/static/10078.php
Symbolic link vulnerability in xbreaky before 0.5.5 allows local users
to overwrite arbitrary files via a symlink from the user's
.breakyhighscores file to the target file.
Analysis
--------
Vendor Acknowledgement: yes changelog
ACKNOWLEDGEMENT: on the front page for xbreaky, a changelog dated
September 12, 2002, says "Marco van Berkum [the discloser] discovered
a bug in xbreaky" and includes a short description of the problem.
INFERRED ACTION: CAN-2002-1502 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1505
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1505
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020908 sql injection vulnerability in WBB 2.0 RC1 and below
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0083.html
Reference: BID:5675
Reference: URL:http://www.securityfocus.com/bid/5675
Reference: XF:wbb-board-sql-injection(10069)
Reference: URL:http://www.iss.net/security_center/static/10069.php
SQL injection vulnerability in board.php for WoltLab Burning Board
(wBB) 2.0 RC 1 and earlier allows remote attackers to modify the
database and possibly gain privileges via the boardid parameter.
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed fixed
INFERRED ACTION: CAN-2002-1505 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
Voter Comments:
Baker> http://www.woltlab.de/documentation/54.html
Release notes for RC2 indicate the "safety problem" with the parameters.
======================================================
Candidate: CAN-2002-1509
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1509
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030213
Category: SF
Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418
Reference: MANDRAKE:MDKSA-2003:026
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:026
Reference: REDHAT:RHSA-2003:057
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-057.html
Reference: REDHAT:RHSA-2003:058
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-058.html
A patch for shadow-utils 20000902 causes the useradd command to create
a mail spool files with read/write privileges of the new user's group
(mode 660), which allows other users in the same group to read or
modify the new user's incoming email.
Modifications:
20040811 [desc] fix affected version
20040811 REDHAT:RHSA-2003:058
Analysis
--------
Vendor Acknowledgement: yes patch
INFERRED ACTION: CAN-2002-1509 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Jones
MODIFY(1) Cox
Voter Comments:
Cox> Addref: RHSA-2003:058
"20000902-7" should just be "20000902", the -7 being a Red Hat
specific release number.
======================================================
Candidate: CAN-2002-1510
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1510
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030219
Category: SF
Reference: CONECTIVA:CLA-2002:533
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533
Reference: MISC:http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG
Reference: REDHAT:RHSA-2003:064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-064.html
Reference: REDHAT:RHSA-2003:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-065.html
Reference: SUNALERT:55602
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602
Reference: XF:xfree86-xdm-unauth-access(11389)
Reference: URL:http://www.iss.net/security_center/static/11389.php
xdm, with the authComplain variable set to false, allows arbitrary
attackers to connect to the X server if the xdm auth directory does
not exist.
Modifications:
20040811 ADDREF SUNALERT:55602
20040818 ADDREF REDHAT:RHSA-2003:064
20040818 ADDREF REDHAT:RHSA-2003:065
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1510 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Cox
======================================================
Candidate: CAN-2002-1511
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1511
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030219
Category: SF
Reference: CONFIRM:http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog
Reference: CONECTIVA:CLSA-2003:640
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640
Reference: GENTOO:200302-15
Reference: URL:http://security.gentoo.org/glsa/glsa-200302-15.xml
Reference: MANDRAKE:MDKSA-2003:022
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022
Reference: REDHAT:RHSA-2003:041
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-041.html
Reference: REDHAT:RHSA-2003:068
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-068.html
Reference: SUNALERT:56161
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161
Reference: BID:6905
Reference: URL:http://www.securityfocus.com/bid/6905
Reference: XF:vnc-rand-weak-cookie(11384)
Reference: URL:http://www.iss.net/security_center/static/11384.php
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand()
function instead of srand(), which causes vncserver to generate weak
cookies.
Modifications:
20040811 ADDREF CONECTIVA:CLSA-2003:640
20040811 ADDREF GENTOO:200302-15
20040811 ADDREF SUNALERT:56161
20040811 ADDREF BID:6905
20040818 ADDREF REDHAT:RHSA-2003:068
Analysis
--------
Vendor Acknowledgement: yes changelog
INFERRED ACTION: CAN-2002-1511 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
MODIFY(1) Cox
NOOP(1) Christey
Voter Comments:
Cox> Addref: RHSA-2003:068
Christey> CONECTIVA:CLA-2003:640
======================================================
Candidate: CAN-2002-1513
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1513
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20020927 OpenVMS POP server local vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/293070
Reference: BUGTRAQ:20021001 [security bulletin] SSRT2371 HP OpenVMS Potential POP server local vulnerability (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0010.html
Reference: COMPAQ:SSRT2371
Reference: URL:http://archives.neohapsis.com/archives/compaq/2002-q4/0000.html
Reference: BID:5790
Reference: URL:http://www.securityfocus.com/bid/5790
Reference: XF:openvms-pop-gain-privileges(10236)
Reference: URL:http://www.iss.net/security_center/static/10236.php
The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3
allows local users to truncate arbitrary files via the -logfile
command line option, which overrides file system permissions because
the server runs with the SYSPRV and BYPASS privileges.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1513 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1514
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1514
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20020925 Borland Interbase local root exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0311.html
Reference: BID:5805
Reference: URL:http://www.securityfocus.com/bid/5805
Reference: XF:interbase-gdslockmgr-bo(10196)
Reference: URL:http://www.iss.net/security_center/static/10196.php
gds_lock_mgr in Borland InterBase allows local users to overwrite
files and gain privileges via a symlink attack on a "isc_init1.X"
temporary file, as demonstrated by modifying the xinetdbd file.
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-2002-1514 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(3) Cox, Balinsky, Wall
======================================================
Candidate: CAN-2002-1516
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1516
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: CIAC:N-004
Reference: URL:http://www.ciac.org/ciac/bulletins/n-004.shtml
Reference: SGI:20020903-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P
Reference: XF:irix-rpcbind-w-symlink(10272)
Reference: URL:http://www.iss.net/security_center/static/10272.php
Reference: BID:5889
Reference: URL:http://online.securityfocus.com/bid/5889
rpcbind in SGI IRIX, when using the -w command line switch, allows
local users to overwrite arbitrary files via a symlink attack.
Analysis
--------
Vendor Acknowledgement: yes advisory
ABSTRACTION: this is most likely a different vulnerability than
CVE-1999-0190 because CVE-1999-0190 is remotely exploitable, and
symlink issues are, by there nature, only locally exploitable.
INFERRED ACTION: CAN-2002-1516 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1517
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1517
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: CIAC:N-004
Reference: URL:http://www.ciac.org/ciac/bulletins/n-004.shtml
Reference: SGI:20020903-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P
Reference: XF:irix-fsr-efs-symlink(10275)
Reference: URL:http://www.iss.net/security_center/static/10275.php
Reference: BID:5897
Reference: URL:http://www.securityfocus.com/bid/5897
fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file
activities via a symlink attack, possibly via the .fsrlast file.
Analysis
--------
Vendor Acknowledgement: yes advisory
ACCURACY: the only source that specifically mentions the ".fsrlast"
file is SecurityFocus, and it is not clear where that knowledge came
from.
INFERRED ACTION: CAN-2002-1517 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1518
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1518
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: CIAC:N-004
Reference: URL:http://www.ciac.org/ciac/bulletins/n-004.shtml
Reference: SGI:20020903-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P
Reference: BID:5893
Reference: URL:http://www.securityfocus.com/bid/5893
Reference: XF:irix-mv-directory-insecure(10276)
Reference: URL:http://www.iss.net/security_center/static/10276.php
mv in IRIX 6.5 creates a directory with world-writable permissions
while moving a directory, which could allow local users to modify
files and directories.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1518 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1519
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1519
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20020926 Watchguard firewall appliances security issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html
Reference: BUGTRAQ:20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html
Reference: BID:5814
Reference: URL:http://www.securityfocus.com/bid/5814
Reference: XF:firebox-vclass-cli-format-string(10217)
Reference: URL:http://www.iss.net/security_center/static/10217.php
Reference: OSVDB:4924
Reference: URL:http://www.osvdb.org/4924
Format string vulnerability in the CLI interface for WatchGuard
Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows
remote attackers to cause a denial of service and possibly execute
arbitrary code via format string specifiers in the password parameter.
Modifications:
20040811 [desc] fix "and possible" typo
20040818 ADDREF OSVDB:4924
Analysis
--------
Vendor Acknowledgement: yes followup
INFERRED ACTION: CAN-2002-1519 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(3) Christey, Cox, Wall
Voter Comments:
Christey> fix typo: "and possible"
======================================================
Candidate: CAN-2002-1520
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1520
Final-Decision:
Interim-Decision: 20040825
Modified: 20040820
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html
Reference: BUGTRAQ:20020926 Watchguard firewall appliances security issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html
Reference: BID:5815
Reference: URL:http://www.securityfocus.com/bid/5815
Reference: XF:firebox-vclass-cli-admin-privileges(10218)
Reference: URL:http://www.iss.net/security_center/static/10218.php
Reference: OSVDB:4831
Reference: URL:http://www.osvdb.org/4831
The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and
RSSA Appliance 3.0.2, does not properly close the SSH connection when
a -N option is provided during authentication, which allows remote
attackers to access CLI with administrator privileges.
Modifications:
20040818 ADDREF OSVDB:4831
Analysis
--------
Vendor Acknowledgement: yes followup
INFERRED ACTION: CAN-2002-1520 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1521
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1521
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: VULNWATCH:20020925 [SecurityOffice] Webserver 4D v3.6 Weak Password Preservation Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0128.html
Reference: XF:webserver-4d-plaintext-passwords(10198)
Reference: URL:http://www.iss.net/security_center/static/10198.php
Reference: BID:5803
Reference: URL:http://www.securityfocus.com/bid/5803
Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD
file, which allows attackers to gain privileges.
Analysis
--------
Vendor Acknowledgement: no
INFERRED ACTION: CAN-2002-1521 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1524
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1524
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20020929 IIL Advisory: Winamp 3 (1.0.0.488) XML parser buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0346.html
Reference: BID:5832
Reference: URL:http://www.securityfocus.com/bid/5832
Reference: XF:winamp-xml-parser-bo(10228)
Reference: URL:http://www.iss.net/security_center/static/10228.php
Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488)
allows remote attackers to execute arbitrary code via a skin file
(.wal) with a long include file tag.
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-2002-1524 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1528
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1528
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20021010 MondoSearch show the source of all files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0147.html
Reference: XF:mondosearch-url-souce-disclosure(10350)
Reference: URL:http://www.iss.net/security_center/static/10350.php
Reference: BID:5941
Reference: URL:http://www.securityfocus.com/bid/5941
MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the
source code of scripts via the mask parameter.
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-2002-1528 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1529
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1529
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
Reference: XF:superscout-emailfilter-error-xss(10319)
Reference: URL:http://www.iss.net/security_center/static/10319.php
Reference: BID:5928
Reference: URL:http://www.securityfocus.com/bid/5928
Cross-site scripting (XSS) vulnerability in msgError.asp for the
administrative web interface (STEMWADM) for SurfControl SuperScout
Email Filter allows remote attackers to insert arbitrary script or
HTML via the Reason parameter.
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2002-1529 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1530
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1530
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
Reference: BID:5929
Reference: URL:http://www.securityfocus.com/bid/5929
Reference: XF:superscout-emailfilter-plaintext-passwords(10320)
Reference: URL:http://www.iss.net/security_center/static/10320.php
The administrative web interface (STEMWADM) for SurfControl SuperScout
Email Filter allows users to obtain usernames and plaintext passwords
via a request to the userlist.asp program, which includes the
passwords in a user editing form.
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2002-1530 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1531
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1531
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
Reference: XF:superscout-emailfilter-content-dos(10321)
Reference: URL:http://www.iss.net/security_center/static/10321.php
Reference: BID:5930
Reference: URL:http://www.securityfocus.com/bid/5930
The administrative web interface (STEMWADM) for SurfControl SuperScout
Email Filter allows remote attackers to cause a denial of service
(crash) via an HTTP request without a Content-Length parameter.
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2002-1531 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1532
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1532
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
Reference: BID:5931
Reference: URL:http://www.securityfocus.com/bid/5931
Reference: XF:superscout-emailfilter-get-dos(10322)
Reference: URL:http://www.iss.net/security_center/static/10322.php
The administrative web interface (STEMWADM) for SurfControl SuperScout
Email Filter allows remote attackers to cause a denial of service
(resource exhaustion) via a GET request without the terminating
/r/n/r/n (CRLF) sequence, which causes the interface to wait for the
sequence and blocks other users from accessing it.
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2002-1532 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1534
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1534
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20021006 Flash player can read local files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0083.html
Reference: XF:flash-xml-read-files(10297)
Reference: URL:http://www.iss.net/security_center/static/10297.php
Reference: BID:5904
Reference: URL:http://www.securityfocus.com/bid/5904
Macromedia Flash Player allows remote attackers to read arbitrary
files via XML script in a .swf file that is hosted on a remote SMB
share.
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-2002-1534 ACCEPT_REV (3 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(1) Cox
REVIEWING(1) Wall
======================================================
Candidate: CAN-2002-1537
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1537
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: BUGTRAQ:20021027 Privilege Escalation Vulnerability In phpBB 2.0.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html
Reference: XF:phpbb-adminugauth-admin-privileges(10489)
Reference: URL:http://www.iss.net/security_center/static/10489.php
Reference: BID:6056
Reference: URL:http://www.securityfocus.com/bid/6056
Reference: OSVDB:4284
Reference: URL:http://www.osvdb.org/4284
admin_ug_auth.php in phpBB 2.0.0 allows local users to gain
administrator privileges by directly calling admin_ug_auth.php with
modifed form fields such as "u".
Modifications:
20040818 ADDREF OSVDB:4284
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2002-1537 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1538
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1538
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: BUGTRAQ:20021025 Sec-Tec advisory 24.10.02 Unauthorised file acces in Acuma
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0366.html
Reference: XF:acusend-unauthorized-file-access(10473)
Reference: URL:http://www.iss.net/security_center/static/10473.php
Reference: BID:6048
Reference: URL:http://www.securityfocus.com/bid/6048
Acuma Acusend 4, and possibly earlier versions, allows remote
authenticated users to read the reports of other users by inferring
the full URL, whose name is easily predictable.
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
INFERRED ACTION: CAN-2002-1538 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1540
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1540
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: BUGTRAQ:20021024 DH team: Norton Antivirus Corporate Edition Privilege Escalation
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html
Reference: BUGTRAQ:20021025 RE: DH team: Norton Antivirus Corporate Edition Privilege Escalation, http://online.securityfocus.com/archive/1/296979/2002-10-22/2002-10-28/0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html
Reference: XF:nav-winhlp32-gain-privileges(10475)
Reference: URL:http://www.iss.net/security_center/static/10475.php
Reference: OSVDB:6258
Reference: URL:http://www.osvdb.org/6258
The client for Symantec Norton AntiVirus Corporate Edition 7.5.x
before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32
with raised privileges, which allows local users to gain privileges by
using certain features of winhlp32.
Modifications:
20040818 ADDREF OSVDB:6258
Analysis
--------
Vendor Acknowledgement: yes followup
INFERRED ACTION: CAN-2002-1540 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Wall
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1541
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1541
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: VULNWATCH:20021024 [SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0041.html
Reference: BID:6044
Reference: URL:http://www.securityfocus.com/bid/6044
Reference: XF:badblue-protected-file-access(10466)
Reference: URL:http://www.iss.net/security_center/static/10466.php
BadBlue 1.7 allows remote attackers to bypass password protections for
directories and files via an HTTP request containing an extra /
(slash).
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2002-1541 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1543
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1543
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: NETBSD:NetBSD-SA2002-025
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-025.txt.asc
Reference: XF:trek-keyboard-input-bo(10458)
Reference: URL:http://www.iss.net/security_center/static/10458.php
Reference: BID:6036
Reference: URL:http://www.securityfocus.com/bid/6036
Reference: OSVDB:7570
Reference: URL:http://www.osvdb.org/7570
Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users
to gain privileges via long keyboard input.
Modifications:
20040818 ADDREF OSVDB:7570
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1543 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(1) Cox
======================================================
Candidate: CAN-2002-1547
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1547
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: BUGTRAQ:20021101 Netscreen SSH1 CRC32 Compensation Denial of service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0443.html
Reference: VULNWATCH:20021101 Netscreen SSH1 CRC32 Compensation Denial of service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0053.html
Reference: VULNWATCH:20021101 (Correction) Netscreen SSH1 CRC32 Compensation Denial of service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0054.html
Reference: BUGTRAQ:20021101 (Correction) Netscreen SSH1 CRC32 Compensation Denial of service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0446.html
Reference: CONFIRM:http://www.netscreen.com/support/alerts/11_06_02.html
Reference: XF:netscreen-ssh-dos(10528)
Reference: URL:http://www.iss.net/security_center/static/10528.php
Reference: OSVDB:4376
Reference: URL:http://www.osvdb.org/4376
Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers
to cause a denial of service via a malformed SSH packet to the Secure
Command Shell (SCS) management interface, as demonstrated via certain
CRC32 exploits, a different vulnerability than CVE-2001-0144.
Modifications:
20040818 ADDREF OSVDB:4376
Analysis
--------
Vendor Acknowledgement: yes advisory
ACKNOWLEDGEMENT: The advisory by Netscreen says "NetScreen has
confirmed a customer report that an SSHv1 CRC32 Attack can compromise
the ability to manage the NetScreen device and/or force the device to
reboot"
INFERRED ACTION: CAN-2002-1547 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1548
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1548
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: AIXAPAR:IY31934
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
Unknown vulnerability in autofs on AIX 4.3.0, when using executable
maps, allows attackers to execute arbitrary commands as root, possibly
related to "string handling around how the executable map is called."
Modifications:
20040811 [desc] add details
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1548 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Bollinger
NOOP(2) Armstrong, Cox
======================================================
Candidate: CAN-2002-1549
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1549
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: BUGTRAQ:20021112 Remote Buffer Overflow vulnerability in Light HTTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-11/0138.html
Reference: BID:6162
Reference: URL:http://www.securityfocus.com/bid/6162
Reference: XF:light-httpd-bo(10607)
Reference: URL:http://www.iss.net/security_center/static/10607.php
Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to
execute arbitrary code via a long HTTP GET request.
Analysis
--------
Vendor Acknowledgement:
INFERRED ACTION: CAN-2002-1549 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1550
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1550
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: AIXAPAR:IY34617
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary
files via a symlink attack on temporary files.
Modifications:
20040811 [desc] add "overwrite files" per Bollinger
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2002-1550 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Bollinger
NOOP(1) Cox
Voter Comments:
Bollinger> local attacker can overwrite arbitrary files as root. the
attacker does not have control over the contents or the timing of the
attack.
======================================================
Candidate: CAN-2002-1552
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1552
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: BUGTRAQ:20021112 NOVL-2002-2963827 - Remote Manager Security Issue - NW5.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712790808781&w=2
Reference: BUGTRAQ:20021112 NOVL-2002-2963767 - Remote Manager Security Issue - eDir 8.6.2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712498905027&w=2
Reference: BID:6163
Reference: URL:http://www.securityfocus.com/bid/6163
Reference: XF:novell-edirectory-expired-accounts(10604)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10604
Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users
with expired passwords to gain inappropriate permissions when logging
in from Remote Manager.
Modifications:
20040811 ADDREF XF:novell-edirectory-expired-accounts(10604)
20040811 ADDREF BID:6163
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1552 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
NOOP(3) Christey, Cox, Wall
Voter Comments:
Christey> BID:6163
URL:http://www.securityfocus.com/bid/6163
======================================================
Candidate: CAN-2002-1560
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1560
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030304
Category: SF
Reference: BUGTRAQ:20021022 gBook
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0328.html
Reference: BID:6033
Reference: URL:http://www.securityfocus.com/bid/6033
Reference: XF:gbook-mysql-admin-access(10455)
Reference: URL:http://www.iss.net/security_center/static/10455.php
index.php in gBook 1.4 allows remote attackers to bypass
authentication and gain administrative privileges by setting the login
parameter to true.
Analysis
--------
Vendor Acknowledgement: no
INFERRED ACTION: CAN-2002-1560 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2002-1574
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1574
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20031201
Category: SF
Reference: REDHAT:RHSA-2004:044
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-044.html
Reference: REDHAT:RHSA-2004:106
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-106.html
Reference: CIAC:N-096
Reference: URL:http://www.ciac.org/ciac/bulletins/n-096.shtml
Reference: XF:linux-ixj-root-privileges(10417)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10417
Reference: BID:5985
Reference: URL:http://www.securityfocus.com/bid/5985
Buffer overflow in the ixj telephony card driver in Linux before
2.4.20, with unknown attack vectors and impact.
Modifications:
20040818 ADDREF REDHAT:RHSA-2004:106
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2002-1574 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Baker, Cox, Wall
Voter Comments:
Cox> http://linux.bkbits.net:8080/linux-2.4/cset@alan@lxorguk.ukuu.org.uk|ChangeSet|20020826224304|09117
======================================================
Candidate: CAN-2003-0002
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0002
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030102
Category: SF
Reference: BUGTRAQ:20021007 CSS on Microsoft Content Management Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103417794800719&w=2
Reference: MS:MS03-002
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-002.asp
Reference: BID:5922
Reference: URL:http://online.securityfocus.com/bid/5922
Reference: XF:mcms-manuallogin-reasontxt-xss (10318)
Reference: URL:http://www.iss.net/security_center/static/10318.php
Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for
Microsoft Content Management Server (MCMS) 2001 allows remote
attackers to execute arbitrary script via the REASONTXT parameter.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0002 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Cole, Green
NOOP(1) Cox
======================================================
Candidate: CAN-2003-0003
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0003
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20030102
Category: SF
Reference: BUGTRAQ:20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104394414713415&w=2
Reference: NTBUGTRAQ:20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104393588232166&w=2
Reference: MS:MS03-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-001.asp
Reference: CERT:CA-2003-03
Reference: URL:http://www.cert.org/advisories/CA-2003-03.html
Reference: CERT-VN:VU#610986
Reference: URL:http://www.kb.cert.org/vuls/id/610986
Reference: BID:6666
Reference: URL:http://www.securityfocus.com/bid/6666
Reference: XF:win-locator-bo(11132)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11132
Reference: OVAL:OVAL103
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL103.html
Buffer overflow in the RPC Locator service for Microsoft Windows NT
4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows
XP allows local users to execute arbitrary code via an RPC call to the
service containing certain parameter information.
Modifications:
20040811 ADDREF BID:6666
20040811 ADDREF XF:win-locator-bo(11132)
20040824 ADDREF OVAL:OVAL103
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0003 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Cole, Baker
MODIFY(1) Frech
NOOP(1) Cox
Voter Comments:
Frech> XF:win-locator-bo(11132)
======================================================
Candidate: CAN-2003-0004
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0004
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030102
Category: SF
Reference: BUGTRAQ:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104878038418534&w=2
Reference: VULNWATCH:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0154.html
Reference: MS:MS03-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-005.asp
Reference: BID:6778
Reference: URL:http://www.securityfocus.com/bid/6778
Reference: XF:winxp-windows-redirector-bo(11260)
Reference: URL:http://www.iss.net/security_center/static/11260.php
Buffer overflow in the Windows Redirector function in Microsoft
Windows XP allows local users to execute arbitrary code via a long
parameter.
Modifications:
20040811 ADDREF BUGTRAQ:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability
20040811 ADDREF VULNWATCH:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability
20040811 ADDREF BID:6778
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0004 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Cole, Green
NOOP(2) Christey, Cox
Voter Comments:
Christey> BUGTRAQ:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104878038418534&w=2
Christey> VULNWATCH:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0154.html
Christey> BID:6778
URL:http://www.securityfocus.com/bid/6778
======================================================
Candidate: CAN-2003-0007
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0007
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030102
Category: SF
Reference: MS:MS03-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-003.asp
Reference: BID:6667
Reference: URL:http://www.securityfocus.com/bid/6667
Reference: XF:outlook-v1-certificate-plaintext(11133)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11133
Microsoft Outlook 2002 does not properly handle requests to encrypt
email messages with V1 Exchange Server Security certificates, which
causes Outlook to send the email in plaintext, aka "Flaw in how
Outlook 2002 handles V1 Exchange Server Security Certificates could
lead to Information Disclosure."
Modifications:
20040811 ADDREF BID:6667
20040811 ADDREF XF:outlook-v1-certificate-plaintext(11133)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0007 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Cole, Green
NOOP(1) Cox
======================================================
Candidate: CAN-2003-0009
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0009
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030102
Category: SF
Reference: BUGTRAQ:20030227 MS-Windows ME IE/Outlook/HelpCenter critical vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104636383018686&w=2
Reference: MS:MS03-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-006.asp
Reference: CIAC:N-047
Reference: URL:http://www.ciac.org/ciac/bulletins/n-047.shtml
Reference: CERT-VN:VU#489721
Reference: URL:http://www.kb.cert.org/vuls/id/489721
Reference: BID:6966
Reference: URL:http://www.securityfocus.com/bid/6966
Reference: XF:winme-hsc-hcp-bo(11425)
Reference: URL:http://www.iss.net/security_center/static/11425.php
Reference: OSVDB:6074
Reference: URL:http://www.osvdb.org/6074
Cross-site scripting (XSS) vulnerability in Help and Support Center
for Microsoft Windows Me allows remote attackers to execute arbitrary
script in the Local Computer security context via an hcp:// URL with
the malicious script in the topic parameter.
Modifications:
20040811 ADDREF CIAC:N-047
20040811 ADDREF CERT-VN:VU#489721
20040811 ADDREF BID:6966
20040818 ADDREF OSVDB:6074
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0009 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Cole, Green
NOOP(2) Christey, Cox
Voter Comments:
Christey> CIAC:N-047
URL:http://www.ciac.org/ciac/bulletins/n-047.shtml
CERT-VN:VU#489721
URL:http://www.kb.cert.org/vuls/id/489721
BID:6966
URL:http://www.securityfocus.com/bid/6966
======================================================
Candidate: CAN-2003-0012
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0012
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030106
Category: SF
Reference: BUGTRAQ:20030102 [BUGZILLA] Security Advisory - remote database password disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104154319200399&w=2
Reference: DEBIAN:DSA-230
Reference: URL:http://www.debian.org/security/2003/dsa-230
Reference: REDHAT:RHSA-2003:012
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-012.html
Reference: BID:6502
Reference: URL:http://online.securityfocus.com/bid/6502
Reference: XF:bugzilla-mining-world-writable(10971)
Reference: URL:http://www.iss.net/security_center/static/10971.php
The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x
before 2.16.2, and 2.17.x before 2.17.3 sets world-writable
permissions for the data/mining directory when it runs, which allows
local users to modify or delete the data.
Modifications:
20040811 ADDREF REDHAT:RHSA-2003:012
20040811 ADDREF XF:bugzilla-mining-world-writable(10971)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0012 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Jones
NOOP(2) Christey, Cox
Voter Comments:
Christey> REDHAT:RHSA-2003:012
URL:http://www.redhat.com/support/errata/RHSA-2003-012.html
XF:bugzilla-mining-world-writable(10971)
URL:http://www.iss.net/security_center/static/10971.php
======================================================
Candidate: CAN-2003-0013
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0013
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030106
Category: CF
Reference: BUGTRAQ:20030102 [BUGZILLA] Security Advisory - remote database password disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104154319200399&w=2
Reference: DEBIAN:DSA-230
Reference: URL:http://www.debian.org/security/2003/dsa-230
Reference: BID:6501
Reference: URL:http://online.securityfocus.com/bid/6501
Reference: XF:bugzilla-htaccess-database-password(10970)
Reference: URL:http://www.iss.net/security_center/static/10970.php
Reference: OSVDB:6351
Reference: URL:http://www.osvdb.org/6351
The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5,
2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include
filenames for backup copies of the localconfig file that are made from
editors such as vi and Emacs, which could allow remote attackers to
obtain a database password by directly accessing the backup file.
Modifications:
20040811 ADDREF XF:bugzilla-htaccess-database-password(10970)
20040818 ADDREF OSVDB:6351
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0013 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Jones
NOOP(2) Christey, Cox
Voter Comments:
Christey> XF:bugzilla-htaccess-database-password(10970)
URL:http://www.iss.net/security_center/static/10970.php
======================================================
Candidate: CAN-2003-0015
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: VULNWATCH:20030120 Advisory 01/2003: CVS remote vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
Reference: MISC:http://security.e-matters.de/advisories/012003.html
Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2003-January/003606.html
Reference: BUGTRAQ:20030124 Test program for CVS double-free.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104342550612736&w=2
Reference: BUGTRAQ:20030202 Exploit for CVS double free() for Linux pserver
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104428571204468&w=2
Reference: CERT:CA-2003-02
Reference: URL:http://www.cert.org/advisories/CA-2003-02.html
Reference: CONFIRM:http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14
Reference: CALDERA:CSSA-2003-006
Reference: DEBIAN:DSA-233
Reference: URL:http://www.debian.org/security/2003/dsa-233
Reference: FREEBSD:FreeBSD-SA-03:01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104438807203491&w=2
Reference: MANDRAKE:MDKSA-2003:009
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009
Reference: REDHAT:RHSA-2003:012
Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-012.html
Reference: REDHAT:RHSA-2003:013
Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-013.html
Reference: SUSE:SuSE-SA:2003:0007
Reference: BUGTRAQ:20030122 [security@slackware.com: [slackware-security] New CVS packages available]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104333092200589&w=2
Reference: CIAC:N-032
Reference: URL:http://www.ciac.org/ciac/bulletins/n-032.shtml
Reference: CERT-VN:VU#650937
Reference: URL:http://www.kb.cert.org/vuls/id/650937
Reference: BID:6650
Reference: URL:http://www.securityfocus.com/bid/6650
Reference: XF:cvs-doublefree-memory-corruption(11108)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11108
Double-free vulnerabiity in CVS 1.11.4 and earlier allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a malformed Directory request, as demonstrated by bypassing
write checks to execute Update-prog and Checkin-prog commands.
Modifications:
20040811 ADDREF BID:6650
20040811 ADDREF XF:cvs-doublefree-memory-corruption(11108)
20040811 ADDREF CIAC:N-032
20040811 ADDREF MANDRAKE:MDKSA-2003:009
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0015 ACCEPT (5 accept, 9 ack, 0 review)
Current Votes:
ACCEPT(4) Wall, Cole, Baker, Cox
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:cvs-doublefree-memory-corruption(11108)
Christey> BID:6650
URL:http://www.securityfocus.com/bid/6650
CIAC:N-032
URL:http://www.ciac.org/ciac/bulletins/n-032.shtml
MANDRAKE:MDKSA-2003:009
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:009
======================================================
Candidate: CAN-2003-0016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0016
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: MLIST:[apache-httpd-announce] 20030120 [ANNOUNCE] Apache 2.0.44 Released
Reference: URL:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=104313442901017&w=2
Reference: CERT-VN:VU#979793
Reference: URL:http://www.kb.cert.org/vuls/id/979793
Reference: CERT-VN:VU#825177
Reference: URL:http://www.kb.cert.org/vuls/id/825177
Reference: CONFIRM:http://www.apacheweek.com/issues/03-01-24#security
Reference: BID:6659
Reference: URL:http://www.securityfocus.com/bid/6659
Reference: XF:apache-device-name-dos(11124)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11124
Reference: XF:apache-device-code-execution(11125)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11125
Apache before 2.0.44, when running on unpatched Windows 9x and Me
operating systems, allows remote attackers to cause a denial of
service or execute arbitrary code via an HTTP request containing
MS-DOS device names.
Modifications:
20040811 ADDREF CERT-VN:VU#979793
20040811 ADDREF CERT-VN:VU#825177
20040811 ADDREF CONFIRM:http://www.apacheweek.com/issues/03-01-24#security
20040811 ADDREF XF:apache-device-name-dos(11124)
20040811 ADDREF XF:apache-device-code-execution(11125)
20040811 ADDREF BID:6659
20040811 [refs] normalize MLIST
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0016 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Wall, Cole, Green, Baker, Cox
NOOP(1) Christey
Voter Comments:
Cox> Addref: http://www.apacheweek.com/issues/03-01-24#security
Christey> BUGTRAQ:20030122 Path Parsing Errata in Apache HTTP Server
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104326783301113&w=2
CERT-VN:VU#979793
URL:http://www.kb.cert.org/vuls/id/979793
CERT-VN:VU#825177
URL:http://www.kb.cert.org/vuls/id/825177
Need to update the description to cover the fact that there
are 2 separate attack vectors / bugs here (note: CD:SF-LOC
does suggest keeping these issues MERGED in a single item)
======================================================
Candidate: CAN-2003-0017
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0017
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=104313442901017&w=2
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers
to obtain certain files via an HTTP request that ends in certain
illegal characters such as ">", which causes a different filename to
be processed and served.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0017 ACCEPT_REV (4 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Cox
REVIEWING(1) Wall
Voter Comments:
Cox> You can use this vulnerability to quickly build up a complete list of
available files in a directory, (for example if "a>" returns a file
then try "aa>" and so on. So suggest modification of "certain files"
to "files".
Addref: http://www.apacheweek.com/issues/03-01-24#security
Green> SPECIFIC REFERENCE TO THE VULNERABILITY IN APACHE 2.0.44
ANNOUNCEMENT
======================================================
Candidate: CAN-2003-0018
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0018
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: DEBIAN:DSA-358
Reference: URL:http://www.debian.org/security/2003/dsa-358
Reference: DEBIAN:DSA-423
Reference: URL:http://www.debian.org/security/2004/dsa-423
Reference: MANDRAKE:MDKSA-2003:014
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:014
Reference: REDHAT:RHSA-2003:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-025.html
Reference: BID:6763
Reference: URL:http://www.securityfocus.com/bid/6763
Reference: XF:linux-odirect-information-leak(11249)
Reference: URL:http://www.iss.net/security_center/static/11249.php
Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the
O_DIRECT feature, which allows local attackers with write privileges
to read portions of previously deleted files, or cause file system
corruption.
Modifications:
20040811 ADDREF DEBIAN:DSA-423
20040811 ADDREF BID:6763
20040818 ADDREF DEBIAN:DSA-358
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0018 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Green, Cox, Jones
NOOP(1) Christey
Voter Comments:
Christey> BID:6763
URL:http://www.securityfocus.com/bid/6763
SUSE:SuSE-SA:2003:049 also references this bug: "race
condition with files opened via O_DIRECT which could be exploited to
read disk blocks randomly. This could include blocks of previously
deleted files with sensitive content"
Christey> DEBIAN:DSA-423
URL:http://www.debian.org/security/2004/dsa-423
======================================================
Candidate: CAN-2003-0019
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0019
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: REDHAT:RHSA-2003:056
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-056.html
Reference: CERT-VN:VU#134025
Reference: URL:http://www.kb.cert.org/vuls/id/134025
Reference: CIAC:N-044
Reference: URL:http://www.ciac.org/ciac/bulletins/n-044.shtml
Reference: BID:6801
Reference: URL:http://www.securityfocus.com/bid/6801
Reference: XF:linux-umlnet-gain-privileges(11276)
Reference: URL:http://www.iss.net/security_center/static/11276.php
uml_net in the kernel-utils package for Red Hat Linux 8.0 has
incorrect setuid root privileges, which allows local users to modify
network interfaces, e.g. by modifying ARP entries or placing
interfaces into promiscuous mode.
Modifications:
20040811 ADDREF CIAC:N-044
20040811 ADDREF CERT-VN:VU#134025
20040811 ADDREF BID:6801
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0019 ACCEPT (5 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Green, Cox, Jones
NOOP(1) Christey
Voter Comments:
Christey> CIAC:N-044
URL:http://www.ciac.org/ciac/bulletins/n-044.shtml
CERT-VN:VU#134025
URL:http://www.kb.cert.org/vuls/id/134025
BID:6801
URL:http://www.securityfocus.com/bid/6801
======================================================
Candidate: CAN-2003-0020
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: APPLE:APPLE-SA-2004-05-03
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108369640424244&w=2
Reference: GENTOO:GLSA-200405-22
Reference: URL:http://security.gentoo.org/glsa/glsa-200405-22.xml
Reference: HP:SSRT4717
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108731648532365&w=2
Reference: MANDRAKE:MDKSA-2003:050
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050
Reference: MANDRAKE:MDKSA-2004:046
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:046
Reference: REDHAT:RHSA-2003:082
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-082.html
Reference: REDHAT:RHSA-2003:083
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-083.html
Reference: REDHAT:RHSA-2003:104
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-104.html
Reference: REDHAT:RHSA-2003:139
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-139.html
Reference: REDHAT:RHSA-2003:243
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-243.html
Reference: REDHAT:RHSA-2003:244
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-244.html
Reference: TRUSTIX:2004-0017
Reference: URL:http://www.trustix.org/errata/2004/0017
Reference: TRUSTIX:2004-0027
Reference: URL:http://www.trustix.org/errata/2004/0027
Reference: SLACKWARE:SSA:2004-133
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
Reference: BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108437852004207&w=2
Reference: XF:apache-esc-seq-injection(11412)
Reference: URL:http://www.iss.net/security_center/static/11412.php
Reference: BID:9930
Reference: URL:http://www.securityfocus.com/bid/9930
Reference: OVAL:OVAL150
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL150.html
Apache does not filter terminal escape sequences from its error logs,
which could make it easier for attackers to insert those sequences
into terminal emulators containing vulnerabilities related to escape
sequences.
Modifications:
20040811 ADDREF REDHAT:RHSA-2003:139
20040811 ADDREF REDHAT:RHSA-2003:243
20040811 ADDREF MANDRAKE:MDKSA-2003:050
20040811 ADDREF TRUSTIX:2004-0017
20040811 ADDREF TRUSTIX:2004-0027
20040811 ADDREF APPLE:APPLE-SA-2004-05-03
20040811 ADDREF BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
20040811 ADDREF SLACKWARE:SSA:2004-133
20040811 ADDREF MANDRAKE:MDKSA-2004:046
20040811 ADDREF GENTOO:GLSA-200405-22
20040811 ADDREF HP:SSRT4717
20040818 ADDREF REDHAT:RHSA-2003:082
20040818 ADDREF REDHAT:RHSA-2003:083
20040818 ADDREF REDHAT:RHSA-2003:104
20040818 ADDREF REDHAT:RHSA-2003:244
20040824 ADDREF OVAL:OVAL150
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0020 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Baker
MODIFY(1) Cox
NOOP(3) Wall, Green, Christey
Voter Comments:
CHANGE> [Cox changed vote from REVIEWING to MODIFY]
Cox> This issue affects Apache 1.3.27, Apache 2.0.45 and earlier,
as well as possibly later versions (since it's not fixed by
ASF yet)
Cox> ADDREF REDHAT:RHSA-2003:139
Christey> MANDRAKE:MDKSA-2003:050
(as suggested by Vincent Danen of Mandrake)
Christey> REDHAT:RHSA-2003:243
Christey> BUGTRAQ:20040330 TSLSA-2004-0017 - apache
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108066914830552&w=2
Christey> APPLE:APPLE-SA-2004-05-03
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108369640424244&w=2
Christey> BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108437852004207&w=2
Christey> SLACKWARE:SSA:2004-133
URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
TRUSTIX:2004-0027
URL:http://www.trustix.org/errata/2004/0027
Christey> MANDRAKE:MDKSA-2004:046
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:046
Christey> BUGTRAQ:20040526 [ GLSA 200405-22 ] Apache 1.3: Multiple vulnerabilities
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108559521611694&w=2
Christey> HP:SSRT4717
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108731648532365&w=2
======================================================
Candidate: CAN-2003-0021
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0021
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: MANDRAKE:MDKSA-2003:040
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040
Reference: GENTOO:GLSA-200303-1
Reference: URL:http://www.linuxsecurity.com/advisories/gentoo_advisory-2911.html
Reference: BID:6936
Reference: URL:http://www.securityfocus.com/bid/6936
Reference: XF:terminal-emulator-screen-dump(11413)
Reference: URL:http://www.iss.net/security_center/static/11413.php
The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers
to overwrite arbitrary files via a certain character escape sequence
when it is echoed to a user's terminal, e.g. when the user views a
file containing the malicious sequence.
Modifications:
20040811 ADDREF MANDRAKE:MDKSA-2003:040
20040811 ADDREF BID:6936
20040811 [refs] normalize GENTOO
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0021 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Cox
NOOP(2) Wall, Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2003:040
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:040
Christey> MANDRAKE:MDKSA-2003:040
(as suggested by Vincent Danen of Mandrake)
Christey> BID:6936
URL:http://www.securityfocus.com/bid/6936
======================================================
Candidate: CAN-2003-0022
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0022
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: MANDRAKE:MDKSA-2003:034
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034
Reference: REDHAT:RHSA-2003:054
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-054.html
Reference: REDHAT:RHSA-2003:055
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-055.html
Reference: BID:6938
Reference: URL:http://www.securityfocus.com/bid/6938
Reference: XF:terminal-emulator-screen-dump(11413)
Reference: URL:http://www.iss.net/security_center/static/11413.php
The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite
arbitrary files via a certain character escape sequence when it is
echoed to a user's terminal, e.g. when the user views a file
containing the malicious sequence.
Modifications:
20040811 ADDREF REDHAT:RHSA-2003:055
20040811 ADDREF MANDRAKE:MDKSA-2003:034
20040811 ADDREF BID:6938
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0022 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
MODIFY(1) Cox
NOOP(2) Wall, Christey
Voter Comments:
Cox> Addref: RHSA-2003:055
Christey> MANDRAKE:MDKSA-2003:034
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:034
Green> ACKNOWLEDGED IN RHSA-2003:054-07
Christey> MANDRAKE:MDKSA-2003:034
(as suggested by Vincent Danen of Mandrake)
Christey> BID:6938
URL:http://www.securityfocus.com/bid/6938
======================================================
Candidate: CAN-2003-0023
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0023
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: MANDRAKE:MDKSA-2003:034
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034
Reference: REDHAT:RHSA-2003:055
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-055.html
Reference: REDHAT:RHSA-2003:054
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-054.html
Reference: BID:6947
Reference: URL:http://www.securityfocus.com/bid/6947
Reference: XF:terminal-emulator-menu-modification(11416)
Reference: URL:http://www.iss.net/security_center/static/11416.php
The menuBar feature in rxvt 2.7.8 allows attackers to modify menu
options and execute arbitrary commands via a certain character escape
sequence that inserts the commands into the menu.
Modifications:
20040811 ADDREF REDHAT:RHSA-2003:055
20040811 ADDREF MANDRAKE:MDKSA-2003:034
20040811 ADDREF BID:6947
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0023 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
MODIFY(1) Cox
NOOP(2) Wall, Christey
Voter Comments:
Cox> Addref: RHSA-2003:055
Christey> MANDRAKE:MDKSA-2003:034
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:034
Green> ACKNOWLEDGED IN RHSA-2003:054-07
Christey> MANDRAKE:MDKSA-2003:034
(as suggested by Vincent Danen of Mandrake)
Christey> BID:6947
URL:http://www.securityfocus.com/bid/6947
======================================================
Candidate: CAN-2003-0024
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0024
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: BID:6949
Reference: URL:http://www.securityfocus.com/bid/6949
Reference: XF:terminal-emulator-menu-modification(11416)
Reference: URL:http://www.iss.net/security_center/static/11416.php
The menuBar feature in aterm 0.42 allows attackers to modify menu
options and execute arbitrary commands via a certain character escape
sequence that inserts the commands into the menu.
Modifications:
20040811 ADDREF BID:6949
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0024 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Baker, Cox
NOOP(3) Wall, Green, Christey
Voter Comments:
Christey> BID:6949
URL:http://www.securityfocus.com/bid/6949
======================================================
Candidate: CAN-2003-0027
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0027
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20030110
Category: SF
Reference: BUGTRAQ:20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104326556329850&w=2
Reference: MISC:http://www.entercept.com/news/uspr/01-22-03.asp
Reference: SUNALERT:50104
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50104
Reference: CERT-VN:VU#850785
Reference: URL:http://www.kb.cert.org/vuls/id/850785
Reference: BID:6665
Reference: URL:http://www.securityfocus.com/bid/6665
Reference: XF:solaris-kcms-directory-traversal(11129)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11129
Reference: OVAL:OVAL120
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL120.html
Reference: OVAL:OVAL195
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL195.html
Directory traversal vulnerability in Sun Kodak Color Management System
(KCMS) library service daemon (kcms_server) allows remote attackers to
read arbitrary files via the KCS_OPEN_PROFILE procedure.
Modifications:
20040811 ADDREF SUNALERT:50104
20040811 ADDREF BID:6665
20040811 ADDREF XF:solaris-kcms-directory-traversal(11129)
20040824 ADDREF OVAL:OVAL120
20040824 ADDREF OVAL:OVAL195
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0027 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Cole, Baker
MODIFY(1) Frech
NOOP(1) Cox
Voter Comments:
Frech> XF:solaris-kcms-directory-traversal(11129)
======================================================
Candidate: CAN-2003-0032
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0032
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030112
Category: SF
Reference: BUGTRAQ:20030103 Multiple libmcrypt vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104162752401212&w=2
Reference: BUGTRAQ:20030105 GLSA: libmcrypt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104188513728573&w=2
Reference: DEBIAN:DSA-228
Reference: URL:http://www.debian.org/security/2003/dsa-228
Reference: CONECTIVA:CLA-2003:567
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567
Reference: SUSE:SuSE-SA:2003:0010
Reference: XF:libmcrypt-libtool-memory-leak(10988)
Reference: URL:http://www.iss.net/security_center/static/10988.php
Reference: BID:6512
Reference: URL:http://www.securityfocus.com/bid/6512
Memory leak in libmcrypt before 2.5.5 allows attackers to cause a
denial of service (memory exhaustion) via a large number of requests
to the application, which causes libmcrypt to dynamically load
algorithms via libtool.
Modifications:
20040811 ADDREF XF:libmcrypt-libtool-memory-leak(10988)
20040811 ADDREF BID:6512
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0032 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Jones
NOOP(2) Christey, Cox
Voter Comments:
Christey> XF:libmcrypt-libtool-memory-leak(10988)
URL:http://www.iss.net/security_center/static/10988.php
BID:6512
URL:http://www.securityfocus.com/bid/6512
======================================================
Candidate: CAN-2003-0033
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0033
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030115
Category: SF
Reference: ISS:20030303 Snort RPC Preprocessing Vulnerability
Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951
Reference: BUGTRAQ:20030303 Snort RPC Vulnerability (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104673386226064&w=2
Reference: DEBIAN:DSA-297
Reference: URL:http://www.debian.org/security/2003/dsa-297
Reference: ENGARDE:ESA-20030307-007
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html
Reference: GENTOO:GLSA-200304-06
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154530427824&w=2
Reference: GENTOO:GLSA-200303-6.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104716001503409&w=2
Reference: MANDRAKE:MDKSA-2003:029
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:029
Reference: CERT:CA-2003-13
Reference: URL:http://www.cert.org/advisories/CA-2003-13.html
Reference: CERT-VN:VU#916785
Reference: URL:http://www.kb.cert.org/vuls/id/916785
Reference: BID:6963
Reference: URL:http://www.securityfocus.com/bid/6963
Reference: XF:snort-rpc-fragment-bo(10956)
Reference: URL:http://www.iss.net/security_center/static/10956.php
Reference: OSVDB:4418
Reference: URL:http://www.osvdb.org/4418
Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before
1.9.1 allows remote attackers to execute arbitrary code via fragmented
RPC packets.
Modifications:
20040811 ADDREF CERT:CA-2003-13
20040811 ADDREF CERT-VN:VU#916785
20040811 ADDREF DEBIAN:DSA-297
20040811 ADDREF GENTOO:GLSA-200304-06
20040811 ADDREF BID:6963
20040811 [refs] normalize GENTOO 200303-6.1
20040818 ADDREF OSVDB:4418
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0033 ACCEPT (4 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Jones
NOOP(2) Christey, Cox
Voter Comments:
Christey> CERT:CA-2003-13
URL:http://www.cert.org/advisories/CA-2003-13.html
CERT-VN:VU#916785
URL:http://www.kb.cert.org/vuls/id/916785
Christey> BUGTRAQ:20030428 GLSA: snort (200304-06)
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154530427824&w=2
Christey> DEBIAN:DSA-297
URL:http://www.debian.org/security/2003/dsa-297
======================================================
Candidate: CAN-2003-0039
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0039
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030127
Category: SF
Reference: BUGTRAQ:20030115 DoS against DHCP infrastructure with isc dhcrelay
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104310927813830&w=2
Reference: CONECTIVA:CLSA-2003:616
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616
Reference: DEBIAN:DSA-245
Reference: URL:http://www.debian.org/security/2003/dsa-245
Reference: REDHAT:RHSA-2003:034
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-034.html
Reference: TURBO:TLSA-2003-26
Reference: URL:http://cc.turbolinux.com/security/TLSA-2003-26.txt
Reference: BUGTRAQ:20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd)
Reference: URL:http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.html
Reference: CERT-VN:VU#149953
Reference: URL:http://www.kb.cert.org/vuls/id/149953
Reference: BID:6628
Reference: URL:http://www.securityfocus.com/bid/6628
Reference: XF:dhcp-dhcrelay-dos(11187)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11187
ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other
versions, allows remote attackers to cause a denial of service (packet
storm) via a certain BOOTP packet that is forwarded to a broadcast MAC
address, causing an infinite loop that is not restricted by a hop
count.
Modifications:
20040811 ADDREF REDHAT:RHSA-2003:034
20040811 ADDREF CONECTIVA:CLSA-2003:616
20040811 ADDREF CERT-VN:VU#149953
20040811 ADDREF TURBO:TLSA-2003-26
20040811 ADDREF XF:dhcp-dhcrelay-dos(11187)
20040811 ADDREF BID:6628
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2003-0039 ACCEPT (5 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Green, Cox, Jones
NOOP(1) Christey
Voter Comments:
Christey> REDHAT:RHSA-2003:034
URL:http://www.redhat.com/support/errata/RHSA-2003-034.html
======================================================
Candidate: CAN-2003-0040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0040
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030127
Category: SF
Reference: DEBIAN:DSA-247
Reference: URL:http://www.debian.org/security/2003/dsa-247
Reference: BID:6738
Reference: URL:http://www.securityfocus.com/bid/6738
Reference: XF:courierimap-authmysqllib-sql-injection(11213)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11213
SQL injection vulnerability in the PostgreSQL auth module for courier
0.40 and earlier allows remote attackers to execute SQL code via the
user name.
Modifications:
20040811 ADDREF BID:6738
20040811 ADDREF XF:courierimap-authmysqllib-sql-injection(11213)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0040 ACCEPT_REV (3 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(1) Cox
REVIEWING(1) Jones
Voter Comments:
Jones> [JHJ] Specific user name?
======================================================
Candidate: CAN-2003-0043
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0043
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030127
Category: SF
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
Reference: DEBIAN:DSA-246
Reference: URL:http://www.debian.org/security/2003/dsa-246
Reference: HP:HPSBUX0303-249
Reference: URL:http://www.securityfocus.com/advisories/5111
Reference: BID:6722
Reference: URL:http://www.securityfocus.com/bid/6722
Reference: XF:tomcat-webxml-read-files(11195)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11195
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier,
uses trusted privileges when processing the web.xml file, which could
allow remote attackers to read portions of some files through the
web.xml file.
Modifications:
20040811 ADDREF HP:HPSBUX0303-249
20040811 ADDREF BID:6722
20040811 ADDREF XF:tomcat-webxml-read-files(11195)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0043 ACCEPT (5 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Green, Cox, Jones
Voter Comments:
CHANGE> [Cox changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-2003-0045
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0045
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030127
Category: SF
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
Reference: XF:jakarta-tomcat-msdos-dos(12102)
Reference: URL:http://xforce.iss.net/xforce/xfdb/12102
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow
remote attackers to cause a denial of service (thread hang and
resource consumption) via a request for a JSP page containing an
MS-DOS device name, such as aux.jsp.
Modifications:
20040811 ADDREF XF:jakarta-tomcat-msdos-dos(12102)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0045 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Cox
NOOP(1) Wall
Voter Comments:
CHANGE> [Cox changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-2003-0050
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0050
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6954
Reference: URL:http://www.securityfocus.com/bid/6954
Reference: XF:quicktime-darwin-command-execution(11401)
Reference: URL:http://www.iss.net/security_center/static/11401.php
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2
and QuickTime Streaming Server 4.1.1 allows remote attackers to
execute arbitrary code via shell metacharacters.
Modifications:
20040811 ADDREF BID:6954
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2003-0050 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
NOOP(2) Wall, Cox
======================================================
Candidate: CAN-2003-0051
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0051
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6956
Reference: URL:http://www.securityfocus.com/bid/6956
Reference: XF:quicktime-darwin-path-disclosure(11402)
Reference: URL:http://www.iss.net/security_center/static/11402.php
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2
and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain
the physical path of the server's installation path via a NULL file
parameter.
Modifications:
20040811 ADDREF BID:6956
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0051 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
NOOP(2) Wall, Cox
Voter Comments:
Green> APPEARS TO BE ACKNOWLEDGED IN AppleCare Knowledge Base Documents
70171 and 70172
======================================================
Candidate: CAN-2003-0052
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0052
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6955
Reference: URL:http://www.securityfocus.com/bid/6955
Reference: XF:quicktime-darwin-directory-disclosure(11403)
Reference: URL:http://www.iss.net/security_center/static/11403.php
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2
and QuickTime Streaming Server 4.1.1 allows remote attackers to list
arbitrary directories.
Modifications:
20040811 ADDREF BID:6955
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0052 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
NOOP(2) Wall, Cox
Voter Comments:
Green> APPEARS TO BE ACKNOWLEDGED IN AppleCare Knowledge Base Documents
70171 and 70172
======================================================
Candidate: CAN-2003-0053
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0053
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6958
Reference: URL:http://www.securityfocus.com/bid/6958
Reference: XF:quicktime-darwin-parsexml-xss(11404)
Reference: URL:http://www.iss.net/security_center/static/11404.php
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple
Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming
Server 4.1.1 allows remote attackers to insert arbitrary script via
the filename parameter, which is inserted into an error message.
Modifications:
20040811 ADDREF BID:6958
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0053 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
NOOP(2) Wall, Cox
Voter Comments:
Green> APPEARS TO BE ACKNOWLEDGED IN AppleCare Knowledge Base Documents
70171 and 70172
======================================================
Candidate: CAN-2003-0054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0054
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6960
Reference: URL:http://www.securityfocus.com/bid/6960
Reference: XF:quicktime-darwin-describe-xss(11405)
Reference: URL:http://www.iss.net/security_center/static/11405.php
Apple Darwin Streaming Administration Server 4.1.2 and QuickTime
Streaming Server 4.1.1 allows remote attackers to execute certain code
via a request to port 7070 with the script in an argument to the rtsp
DESCRIBE method, which is inserted into a log file and executed when
the log is viewed using a browser.
Modifications:
20040811 ADDREF BID:6960
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0054 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
NOOP(2) Wall, Cox
Voter Comments:
Green> APPEARS TO BE ACKNOWLEDGED IN AppleCare Knowledge Base
Documents70171 and 70172
======================================================
Candidate: CAN-2003-0055
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0055
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030128
Category: SF
Reference: ATSTAKE:A032403-1
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6957
Reference: URL:http://www.securityfocus.com/bid/6957
Reference: XF:quicktime-darwin-mp3-bo(11406)
Reference: URL:http://www.iss.net/security_center/static/11406.php
Buffer overflow in the MP3 broadcasting module of Apple Darwin
Streaming Administration Server 4.1.2 and QuickTime Streaming Server
4.1.1 allows remote attackers to execute arbitrary code via a long
filename.
Modifications:
20040811 ADDREF BID:6957
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0055 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
NOOP(3) Wall, Christey, Cox
Voter Comments:
Green> APPEARS TO BE ACKNOWLEDGED IN AppleCare Knowledge Base Documents
7017 and 70172
Christey> BID:6957
URL:http://www.securityfocus.com/bid/6957
======================================================
Candidate: CAN-2003-0058
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0058
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030131
Category: SF
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
Reference: CERT-VN:VU#661243
Reference: URL:http://www.kb.cert.org/vuls/id/661243
Reference: CONECTIVA:CLSA-2003:639
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
Reference: MANDRAKE:MDKSA-2003:043
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043
Reference: REDHAT:RHSA-2003:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:168
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html
Reference: SUNALERT:50142
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50142
Reference: BID:6683
Reference: URL:http://www.securityfocus.com/bid/6683
Reference: XF:kerberos-kdc-null-pointer-dos(10099)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10099
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows
remote authenticated attackers to cause a denial of service (crash) on
KDCs within the same realm via a certain protocol request that causes
a null dereference.
Modifications:
20040811 ADDREF CONECTIVA:CLSA-2003:639
20040811 ADDREF REDHAT:RHSA-2003:051
20040811 ADDREF REDHAT:RHSA-2003:052
20040811 ADDREF MANDRAKE:MDKSA-2003:043
20040811 ADDREF SUNALERT:50142
20040811 ADDREF XF:kerberos-kdc-null-pointer-dos(10099)
20040811 ADDREF BID:6683
20040818 ADDREF REDHAT:RHSA-2003:168
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0058 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Baker
MODIFY(2) Frech, Cox
NOOP(3) Wall, Cole, Christey
Voter Comments:
CHANGE> [Cox changed vote from ACCEPT to MODIFY]
Cox> Addref RHSA-2003:051
Cox> Addref REDHAT:RHSA-2003:052
Green> PATCH ADDRESSING THIS ISSUE RELEASED 3/26/03
Christey> MANDRAKE:MDKSA-2003:043
(as suggested by Vincent Danen of Mandrake)
Frech> XF:kerberos-kdc-null-pointer-dos(10099)
======================================================
Candidate: CAN-2003-0059
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0059
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030131
Category: SF
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
Reference: CONECTIVA:CLSA-2003:639
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
Reference: MANDRAKE:MDKSA-2003:043
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043
Reference: REDHAT:RHSA-2003:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:168
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html
Reference: CERT-VN:VU#684563
Reference: URL:http://www.kb.cert.org/vuls/id/684563
Reference: BID:6714
Reference: URL:http://www.securityfocus.com/bid/6714
Reference: XF:kerberos-kdc-user-spoofing(11188)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11188
Unknown vulnerability in the chk_trans.c of the libkrb5 library for
MIT Kerberos V5 before 1.2.5 allows users from one realm to
impersonate users in other realms that have the same inter-realm keys.
Modifications:
20040811 ADDREF CONECTIVA:CLSA-2003:639
20040811 ADDREF REDHAT:RHSA-2003:051
20040811 ADDREF REDHAT:RHSA-2003:052
20040811 ADDREF MANDRAKE:MDKSA-2003:043
20040811 ADDREF BID:6714
20040811 ADDREF XF:kerberos-kdc-user-spoofing(11188)
20040818 ADDREF REDHAT:RHSA-2003:168
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0059 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Baker
MODIFY(2) Frech, Cox
NOOP(3) Wall, Cole, Christey
Voter Comments:
Cox> This is actually fixed in krb5 version 1.2.3 not 1.2.5
Cox> Addref RHSA-2003:051
Cox> Addref REDHAT:RHSA-2003:052
Christey> MANDRAKE:MDKSA-2003:043
(as suggested by Vincent Danen of Mandrake)
Frech> XF:kerberos-kdc-user-spoofing(11188)
======================================================
Candidate: CAN-2003-0062
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0062
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: BUGTRAQ:20030210 iDEFENSE Security Advisory 02.10.03: Buffer Overflow In NOD32 Antivirus Software for Unix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104490777824360&w=2
Reference: MISC:http://www.idefense.com/advisory/02.10.03.txt
Reference: BID:6803
Reference: URL:http://www.securityfocus.com/bid/6803
Reference: XF:nod32-pathname-bo(11282)
Reference: URL:http://www.iss.net/security_center/static/11282.php
Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows
local users to execute arbitrary code via a long path name.
Modifications:
20040811 ADDREF BID:6803
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0062 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Stracener, Baker
NOOP(3) Wall, Green, Cox
======================================================
Candidate: CAN-2003-0063
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: DEBIAN:DSA-380
Reference: URL:http://www.debian.org/security/2003/dsa-380
Reference: REDHAT:RHSA-2003:064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-064.html
Reference: REDHAT:RHSA-2003:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-065.html
Reference: REDHAT:RHSA-2003:066
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-066.html
Reference: REDHAT:RHSA-2003:067
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-067.html
Reference: BID:6940
Reference: URL:http://www.securityfocus.com/bid/6940
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php
The xterm terminal emulator in XFree86 4.2.0 and earlier allows
attackers to modify the window title via a certain character escape
sequence and then insert it back to the command line in the user's
terminal, e.g. when the user views a file containing the malicious
sequence, which could allow the attacker to execute arbitrary
commands.
Modifications:
20040811 ADDREF BID:6940
20040811 ADDREF DEBIAN:DSA-380
20040811 ADDREF REDHAT:RHSA-2003:063
20040811 ADDREF REDHAT:RHSA-2003:067
20040818 ADDREF REDHAT:RHSA-2003:065
20040818 ADDREF REDHAT:RHSA-2003:066
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0063 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
MODIFY(1) Cox
NOOP(2) Wall, Christey
Voter Comments:
Cox> add "and earlier", this does not just affect 4.2.0
Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE
VERIFIED AND REPLICATABLE
Christey> REDHAT:RHSA-2003:067
URL:http://www.redhat.com/support/errata/RHSA-2003-067.html
Christey> DEBIAN:DSA-380
======================================================
Candidate: CAN-2003-0064
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0064
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: HP:HPSBUX0401-309
Reference: URL:http://www.securityfocus.com/advisories/6236
Reference: BID:6942
Reference: URL:http://www.securityfocus.com/bid/6942
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php
The dtterm terminal emulator allows attackers to modify the window
title via a certain character escape sequence and then insert it back
to the command line in the user's terminal, e.g. when the user views a
file containing the malicious sequence, which could allow the attacker
to execute arbitrary commands.
Modifications:
20040811 ADDREF BID:6942
20040811 ADDREF HP:HPSBUX0401-309
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0064 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Cox
NOOP(1) Wall
Voter Comments:
Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE
VERIFIED AND REPLICATABLE
======================================================
Candidate: CAN-2003-0065
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0065
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: BID:6945
Reference: URL:http://www.securityfocus.com/bid/6945
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php
The uxterm terminal emulator allows attackers to modify the window
title via a certain character escape sequence and then insert it back
to the command line in the user's terminal, e.g. when the user views a
file containing the malicious sequence, which could allow the attacker
to execute arbitrary commands.
Modifications:
20040811 ADDREF BID:6945
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0065 ACCEPT (4 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Cox
NOOP(1) Wall
Voter Comments:
Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE
VERIFIED AND REPLICATABLE
======================================================
Candidate: CAN-2003-0066
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0066
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: GENTOO:200303-16
Reference: URL:http://www.securityfocus.com/advisories/5137
Reference: MANDRAKE:MDKSA-2003:003
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003
Reference: REDHAT:RHSA-2003:054
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-054.html
Reference: REDHAT:RHSA-2003:055
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-055.html
Reference: BID:6953
Reference: URL:http://www.securityfocus.com/bid/6953
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php
The rxvt terminal emulator 2.7.8 and earlier allows attackers to
modify the window title via a certain character escape sequence and
then insert it back to the command line in the user's terminal,
e.g. when the user views a file containing the malicious sequence,
which could allow the attacker to execute arbitrary commands.
Modifications:
20040811 ADDREF GENTOO:200303-16
20040811 ADDREF MANDRAKE:MDKSA-2003:003
20040811 ADDREF REDHAT:RHSA-2003:055
20040811 ADDREF BID:6953
20040811 [desc] add "and earlier" for versions
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0066 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
MODIFY(1) Cox
NOOP(2) Wall, Christey
Voter Comments:
Cox> This also affects versions of rxvt prior to 2.7.8
Addref: RHSA-2003:055
Christey> MANDRAKE:MDKSA-2003:034
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:034
Green> ACKNOWLEDGED IN RHSA-2003:054-07
Christey> MANDRAKE:MDKSA-2003:034
(as suggested by Vincent Danen of Mandrake)
======================================================
Candidate: CAN-2003-0067
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0067
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php
The aterm terminal emulator 0.42 allows attackers to modify the window
title via a certain character escape sequence and then insert it back
to the command line in the user's terminal, e.g. when the user views a
file containing the malicious sequence, which could allow the attacker
to execute arbitrary commands.
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0067 ACCEPT (4 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Cox
NOOP(1) Wall
Voter Comments:
Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE
VERIFIED AND REPLICATABLE
======================================================
Candidate: CAN-2003-0068
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0068
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: DEBIAN:DSA-496
Reference: URL:http://www.debian.org/security/2004/dsa-496
Reference: GENTOO:GLSA-200303-1
Reference: URL:http://lwn.net/Articles/24193/
Reference: MANDRAKE:MDKSA-2003:040
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040
Reference: BID:10237
Reference: URL:http://www.securityfocus.com/bid/10237
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php
The Eterm terminal emulator 0.9.1 and earlier allows attackers to
modify the window title via a certain character escape sequence and
then insert it back to the command line in the user's terminal,
e.g. when the user views a file containing the malicious sequence,
which could allow the attacker to execute arbitrary commands.
Modifications:
20040811 ADDREF BID:10237
20040811 ADDREF DEBIAN:DSA-496
20040811 ADDREF GENTOO:GLSA-200303-1
20040811 ADDREF MANDRAKE:MDKSA-2003:040
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0068 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Cox
NOOP(2) Wall, Christey
Voter Comments:
Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE
VERIFIED AND REPLICATABLE
Christey> MANDRAKE:MDKSA-2003:040
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:040
Christey> MANDRAKE:MDKSA-2003:040
(as suggested by Vincent Danen of Mandrake)
Christey> DEBIAN:DSA-496
URL:http://www.debian.org/security/2004/dsa-496
======================================================
Candidate: CAN-2003-0069
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0069
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php
Reference: OSVDB:8347
Reference: URL:http://www.osvdb.org/8347
The PuTTY terminal emulator 0.53 allows attackers to modify the window
title via a certain character escape sequence and then insert it back
to the command line in the user's terminal, e.g. when the user views a
file containing the malicious sequence, which could allow the attacker
to execute arbitrary commands.
Modifications:
20040818 ADDREF OSVDB:8347
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0069 ACCEPT (4 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Cox
NOOP(1) Wall
Voter Comments:
Green> RELEASE NOTES OF 2002-11-12 ACKNOWLEDGE THE RAPID7 FINDINGS
======================================================
Candidate: CAN-2003-0070
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0070
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: REDHAT:RHSA-2003:053
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-053.html
Reference: GENTOO:GLSA-200303-2
Reference: URL:http://seclists.org/lists/bugtraq/2003/Mar/0010.html
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as
an option in gnome-terminal 2.0, allows attackers to modify the window
title via a certain character escape sequence and then insert it back
to the command line in the user's terminal, e.g. when the user views a
file containing the malicious sequence, which could allow the attacker
to execute arbitrary commands.
Modifications:
20040811 [refs] normalize GENTOO
Analysis
--------
Vendor Acknowledgement: yes advisory
ACCURACY: Affected versions confirmed by Mark Cox of Red Hat via
email.
INFERRED ACTION: CAN-2003-0070 ACCEPT_REV (4 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Cox
REVIEWING(1) Jones
Voter Comments:
Jones> [JHJ] "gnome-terminal terminal"? flow/clarity?
======================================================
Candidate: CAN-2003-0071
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0071
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: DEBIAN:DSA-380
Reference: URL:http://www.debian.org/security/2003/dsa-380
Reference: REDHAT:RHSA-2003:064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-064.html
Reference: REDHAT:RHSA-2003:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-065.html
Reference: REDHAT:RHSA-2003:066
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-066.html
Reference: REDHAT:RHSA-2003:067
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-067.html
Reference: BID:6950
Reference: URL:http://www.securityfocus.com/bid/6950
Reference: XF:terminal-emulator-dec-udk(11415)
Reference: URL:http://www.iss.net/security_center/static/11415.php
The DEC UDK processing feature in the xterm terminal emulator in
XFree86 4.2.99.4 and earlier allows attackers to cause a denial of
service via a certain character escape sequence that causes the
terminal to enter a tight loop.
Modifications:
20040811 ADDREF BID:6950
20040811 ADDREF DEBIAN:DSA-380
20040811 ADDREF REDHAT:RHSA-2003:067
20040818 ADDREF REDHAT:RHSA-2003:064
20040818 ADDREF REDHAT:RHSA-2003:065
20040818 ADDREF REDHAT:RHSA-2003:066
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0071 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Cox
NOOP(2) Wall, Christey
Voter Comments:
Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE
VERIFIED AND REPLICATABLE
Christey> REDHAT:RHSA-2003:067
URL:http://www.redhat.com/support/errata/RHSA-2003-067.html
Christey> DEBIAN:DSA-380
======================================================
Candidate: CAN-2003-0073
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0073
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20030204
Category: SF
Reference: CONFIRM:http://www.mysql.com/doc/en/News-3.23.55.html
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013
Reference: BUGTRAQ:20030129 [OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104385719107879&w=2
Reference: CONECTIVA:CLA-2003:743
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743
Reference: DEBIAN:DSA-303
Reference: URL:http://www.debian.org/security/2003/dsa-303
Reference: ENGARDE:ESA-20030220-004
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html
Reference: MANDRAKE:MDKSA-2003:013
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013
Reference: REDHAT:RHSA-2003:093
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-093.html
Reference: REDHAT:RHSA-2003:094
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-094.html
Reference: REDHAT:RHSA-2003:166
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html
Reference: BID:6718
Reference: URL:http://www.securityfocus.com/bid/6718
Reference: XF:mysql-mysqlchangeuser-doublefree-dos(11199)
Reference: URL:http://www.iss.net/security_center/static/11199.php
Reference: OVAL:OVAL436
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL436.html
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows
attackers with MySQL access to cause a denial of service (crash) via
mysql_change_user.
Modifications:
20040811 ADDREF CONECTIVA:CLA-2003:743
20040811 ADDREF DEBIAN:DSA-303
20040811 ADDREF REDHAT:RHSA-2003:093
20040811 ADDREF REDHAT:RHSA-2003:094
20040811 ADDREF BID:6718
20040818 ADDREF REDHAT:RHSA-2003:166
20040824 ADDREF OVAL:OVAL436
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0073 ACCEPT_REV (4 accept, 3 ack, 1 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
MODIFY(1) Cox
NOOP(1) Christey
REVIEWING(1) Jones
Voter Comments:
Jones> [JHJ] double-free?
CHANGE> [Cox changed vote from ACCEPT to MODIFY]
Cox> ADDREF REDHAT:RHSA-2003:094
Christey> REDHAT:RHSA-2003:093
URL:http://www.redhat.com/support/errata/RHSA-2003-093.html
Christey> DEBIAN:DSA-303
URL:http://www.debian.org/security/2003/dsa-303
Christey> CONECTIVA:CLA-2003:743
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743
======================================================
Candidate: CAN-2003-0075
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0075
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20030202 Bladeenc 0.94.2 code execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104428700106672&w=2
Reference: MISC:http://www.pivx.com/luigi/adv/blade942-adv.txt
Reference: GENTOO:GLSA-200302-04
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104446346127432&w=2
Reference: BID:6745
Reference: URL:http://www.securityfocus.com/bid/6745
Reference: XF:bladeenc-myfseek-code-execution(11227)
Reference: URL:http://www.iss.net/security_center/static/11227.php
Integer signedness error in the myFseek function of samplein.c for
Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to
execute arbitrary code via a negative offset value following a "fmt"
wave chunk.
Modifications:
20040811 ADDREF BID:6745
20040811 [refs] normalize GENTOO
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0075 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
NOOP(2) Wall, Cox
======================================================
Candidate: CAN-2003-0077
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0077
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030210
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: REDHAT:RHSA-2003:070
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-070.html
Reference: REDHAT:RHSA-2003:071
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-071.html
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php
Reference: OSVDB:4917
Reference: URL:http://www.osvdb.org/4917
The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and
possibly later versions, allows attackers to modify the window title
via a certain character escape sequence and then insert it back to the
command line in the user's terminal, e.g. when the user views a file
containing the malicious sequence, which could allow the attacker to
execute arbitrary commands.
Modifications:
20040811 ADDREF REDHAT:RHSA-2003:070
20040811 [desc] change versions
20040818 ADDREF REDHAT:RHSA-2003:071
20040818 ADDREF OSVDB:4917
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0077 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
MODIFY(1) Cox
NOOP(2) Wall, Christey
Voter Comments:
Cox> This is not yet fixed upstream (2003-03-24) therefore "2.0.5" should
be removed
Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE
VERIFIED AND REPLICATABLE
Christey> REDHAT:RHSA-2003:070
URL:http://www.redhat.com/support/errata/RHSA-2003-070.html
======================================================
Candidate: CAN-2003-0078
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030210
Category: SF
Reference: CONFIRM:http://www.openssl.org/news/secadv_20030219.txt
Reference: BUGTRAQ:20030219 OpenSSL 0.9.7a and 0.9.6i released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104567627211904&w=2
Reference: CONECTIVA:CLSA-2003:570
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570
Reference: DEBIAN:DSA-253
Reference: URL:http://www.debian.org/security/2003/dsa-253
Reference: ENGARDE:ESA-20030220-005
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html
Reference: FREEBSD:FreeBSD-SA-03:02
Reference: GENTOO:GLSA-200302-10
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104577183206905&w=2
Reference: REDHAT:RHSA-2003:062
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-062.html
Reference: REDHAT:RHSA-2003:063
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-063.html
Reference: REDHAT:RHSA-2003:082
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-082.html
Reference: REDHAT:RHSA-2003:104
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-104.html
Reference: REDHAT:RHSA-2003:205
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-205.html
Reference: SGI:20030501-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
Reference: TRUSTIX:2003-0005
Reference: URL:http://www.trustix.org/errata/2003/0005
Reference: MANDRAKE:MDKSA-2003:020
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020
Reference: NETBSD:NetBSD-SA2003-001
Reference: SUSE:SuSE-SA:2003:011
Reference: BUGTRAQ:20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104568426824439&w=2
Reference: CIAC:N-051
Reference: URL:http://www.ciac.org/ciac/bulletins/n-051.shtml
Reference: BID:6884
Reference: URL:http://www.securityfocus.com/bid/6884
Reference: XF:ssl-cbc-information-leak(11369)
Reference: URL:http://www.iss.net/security_center/static/11369.php
Reference: OSVDB:3945
Reference: URL:http://www.osvdb.org/3945
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before
0.9.6i does not perform a MAC computation if an incorrect block cipher
padding is used, which causes an information leak (timing discrepancy)
that may make it easier to launch cryptographic attacks that rely on
distinguishing between padding and MAC verification errors, possibly
leading to extraction of the original plaintext, aka the "Vaudenay
timing attack."
Modifications:
20040811 [refs] normalize GENTOO
20040811 [refs] normalize TRUSTIX
20040811 ADDREF REDHAT:RHSA-2003:062
20040811 ADDREF REDHAT:RHSA-2003:063
20040811 ADDREF REDHAT:RHSA-2003:082
20040811 ADDREF REDHAT:RHSA-2003:104
20040811 ADDREF REDHAT:RHSA-2003:205
20040811 ADDREF SGI:20030501-01-I
20040811 ADDREF CIAC:N-051
20040811 ADDREF BUGTRAQ:20030526 TLS timing attack on OpenSSL [can-2003-78] [bid 6884] exploit
20040811 ADDREF BID:6884
20040818 ADDREF OSVDB:3945
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0078 ACCEPT (5 accept, 8 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Jones
MODIFY(1) Cox
NOOP(1) Christey
Voter Comments:
Christey> ** WARNING ** This candidate was accidentally assigned to two
different issues. It is for the OpenSSL issue *ONLY*. A
separate candidate will be provided for the hanterm-xf
window title reporting bug.
Cox> Addref: RHSA-2003:104
Addref: RHSA-2003:082
Addref: RHSA-2003:063
Addref: RHSA-2003:062
Christey> BUGTRAQ:20030526 TLS timing attack on OpenSSL [can-2003-78] [bid 6884] exploit
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104869795326445&w=2
Christey> SGI:20030501-01-I
URL:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
Christey> CIAC:N-051
URL:http://www.ciac.org/ciac/bulletins/n-051.shtml - URL
REDHAT:RHSA-2003:062
URL:http://www.redhat.com/support/errata/RHSA-2003-062.html
Christey> REDHAT:RHSA-2003:205
======================================================
Candidate: CAN-2003-0079
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0079
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030210
Category: SF
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
Reference: REDHAT:RHSA-2003:070
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-070.html
Reference: REDHAT:RHSA-2003:071
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-071.html
Reference: BID:6944
Reference: URL:http://www.securityfocus.com/bid/6944
Reference: XF:terminal-emulator-dec-udk(11415)
Reference: URL:http://www.iss.net/security_center/static/11415.php
Reference: OSVDB:4918
Reference: URL:http://www.osvdb.org/4918
The DEC UDK processing feature in the hanterm (hanterm-xf) terminal
emulator before 2.0.5 allows attackers to cause a denial of service
via a certain character escape sequence that causes the terminal to
enter a tight loop.
Modifications:
20040811 ADDREF REDHAT:RHSA-2003:070
20040811 ADDREF REDHAT:RHSA-2003:071
20040811 ADDREF BID:6944
20040818 ADDREF OSVDB:4918
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0079 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Cox
NOOP(2) Wall, Christey
Voter Comments:
Green> ENITRE CLASS OF TERMINAL EMULATOR EXPLOITS APPEARS TO BE
VERIFIED AND REPLICATABLE
Christey> REDHAT:RHSA-2003:070
URL:http://www.redhat.com/support/errata/RHSA-2003-070.html
======================================================
Candidate: CAN-2003-0081
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0081
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20030210
Category: SF
Reference: FULLDISC:20030308 Ethereal format string bug, yet still ethereal much better than windows
Reference: URL:http://seclists.org/lists/fulldisclosure/2003/Mar/0080.html
Reference: MISC:http://www.guninski.com/etherre.html
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00008.html
Reference: CONECTIVA:CLSA-2003:627
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000627
Reference: DEBIAN:DSA-258
Reference: URL:http://www.debian.org/security/2003/dsa-258
Reference: GENTOO:GLSA-200303-10
Reference: URL:http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html
Reference: MANDRAKE:MDKSA-2003:051
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:051
Reference: REDHAT:RHSA-2003:076
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-076.html
Reference: REDHAT:RHSA-2003:077
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-077.html
Reference: SUSE:SuSE-SA:2003:019
Reference: URL:http://www.suse.de/de/security/2003_019_ethereal.html
Reference: BID:7049
Reference: URL:http://www.securityfocus.com/bid/7049
Reference: XF:ethereal-socks-format-string(11497)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11497
Reference: OVAL:OVAL54
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL54.html
Format string vulnerability in packet-socks.c of the SOCKS dissector
for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute
arbitrary code via SOCKS packets containing format string specifiers.
Modifications:
20040811 ADDREF CONECTIVA:CLSA-2003:627
20040811 ADDREF GENTOO:GLSA-200303-10
20040811 ADDREF REDHAT:RHSA-2003:076
20040811 ADDREF REDHAT:RHSA-2003:077
20040811 ADDREF SUSE:SuSE-SA:2003:019
20040811 CHANGEREF BUGTRAQ FULLDISC
20040811 ADDREF BID:7049
20040811 ADDREF XF:ethereal-socks-format-string(11497)
20040824 ADDREF OVAL:OVAL54
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0081 ACCEPT (4 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Cox
NOOP(2) Christey, Jones
Voter Comments:
Christey> SUSE:SuSE-SA:2003:019
URL:http://www.suse.de/de/security/2003_019_ethereal.html
Christey> MANDRAKE:MDKSA-2003:051
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:051
======================================================
Candidate: CAN-2003-0087
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0087
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030210
Category: SF
Reference: BUGTRAQ:20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104508375107938&w=2
Reference: VULNWATCH:20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0066.html
Reference: BUGTRAQ:20030212 libIM.a buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104508833214691&w=2
Reference: MISC:http://www.idefense.com/advisory/02.12.03.txt
Reference: AIXAPAR:IY40307
Reference: AIXAPAR:IY40317
Reference: AIXAPAR:IY40320
Reference: BID:6840
Reference: URL:http://www.securityfocus.com/bid/6840
Reference: XF:aix-aixterm-libim-bo(11309)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11309
Reference: OSVDB:7996
Reference: URL:http://www.osvdb.org/7996
Buffer overflow in libIM library (libIM.a) for National Language
Support (NLS) on AIX 4.3 through 5.2 allows local users to gain
privileges via several possible attack vectors, including a long -im
argument to aixterm.
Modifications:
20040811 ADDREF XF:aix-aixterm-libim-bo(11309)
20040811 ADDREF BID:6840
20040818 ADDREF OSVDB:7996
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0087 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Bollinger
MODIFY(1) Jones
NOOP(1) Cox
Voter Comments:
Bollinger> local attacker can execute arbitrary code as root
Jones> Change "...allows local users to gain privileges..." to "...allows
local users to gain additional privileges..."
======================================================
Candidate: CAN-2003-0088
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0088
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030210
Category: SF
Reference: ATSTAKE:A021403-1
Reference: URL:http://www.atstake.com/research/advisories/2003/a021403-1.txt
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6859
Reference: URL:http://www.securityfocus.com/bid/6859
Reference: XF:macos-trublueenvironment-gain-privileges(11332)
Reference: URL:http://www.iss.net/security_center/static/11332.php
TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to
overwrite or create arbitrary files and gain root privileges by
setting a certain environment variable that is used to write debugging
information.
Modifications:
20040811 ADDREF BID:6859
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2003-0088 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
NOOP(2) Wall, Cox
======================================================
Candidate: CAN-2003-0093
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0093
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030212
Category: SF
Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=81585
Reference: DEBIAN:DSA-261
Reference: URL:http://www.debian.org/security/2003/dsa-261
Reference: MANDRAKE:MDKSA-2003:027
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
Reference: REDHAT:RHSA-2003:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html
Reference: REDHAT:RHSA-2003:033
Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-033.html
Reference: REDHAT:RHSA-2003:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html
Reference: XF:tcpdump-radius-decoder-dos(11324)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11324
The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote
attackers to cause a denial of service (crash) via an invalid RADIUS
packet with a header length field of 0, which causes tcpdump to
generate data within an infinite loop.
Modifications:
20040811 ADDREF REDHAT:RHSA-2003:032
20040811 ADDREF MANDRAKE:MDKSA-2003:027
20040811 ADDREF XF:tcpdump-radius-decoder-dos(11324)
20040818 ADDREF REDHAT:RHSA-2003:214
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2003-0093 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Green, Cox, Jones
NOOP(1) Christey
Voter Comments:
Christey> REDHAT:RHSA-2003:032
URL:http://www.redhat.com/support/errata/RHSA-2003-032.html
Christey> MANDRAKE:MDKSA-2003:027
(as suggested by Vincent Danen of Mandrake)
======================================================
Candidate: CAN-2003-0094
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0094
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030214
Category: SF
Reference: MANDRAKE:MDKSA-2003:016
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016
Reference: BID:6855
Reference: URL:http://www.securityfocus.com/bid/6855
Reference: XF:utillinux-mcookie-cookie-predictable(11318)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11318
A patch for mcookie in the util-linux package for Mandrake Linux 8.2
and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie
to use an entropy source that is more predictable than expected, which
may make it easier for certain types of attacks to succeed.
Modifications:
20040811 ADDREF BID:6855
20040811 ADDREF XF:utillinux-mcookie-cookie-predictable(11318)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0094 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Jones
NOOP(2) Christey, Cox
Voter Comments:
Christey> BID:6855
URL:http://www.securityfocus.com/bid/6855
XF:utillinux-mcookie-cookie-predictable(11318)
URL:http://xforce.iss.net/xforce/xfdb/11318
======================================================
Candidate: CAN-2003-0095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0095
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030218
Category: SF
Reference: VULNWATCH:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)
Reference: BUGTRAQ:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549693426042&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf
Reference: CERT:CA-2003-05
Reference: URL:http://www.cert.org/advisories/CA-2003-05.html
Reference: CERT-VN:VU#953746
Reference: URL:http://www.kb.cert.org/vuls/id/953746
Reference: CIAC:N-046
Reference: URL:http://www.ciac.org/ciac/bulletins/n-046.shtml
Reference: BID:6849
Reference: URL:http://www.securityfocus.com/bid/6849
Reference: XF:oracle-username-bo(11328)
Reference: URL:http://www.iss.net/security_center/static/11328.php
Reference: OSVDB:6319
Reference: URL:http://www.osvdb.org/6319
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i,
8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via
a long username that is provided during login, as exploitable through
client applications that perform their own authentication, as
demonstrated using LOADPSP.
Modifications:
20040811 ADDREF CIAC:N-046
20040811 ADDREF BID:6849
20040818 ADDREF OSVDB:6319
Analysis
--------
Vendor Acknowledgement: yes advisory
ABSTRACTION: According to the Oracle advisories, CAN-2003-0095 appears
in 8.0.x, whereas CAN-2003-0096 does not; therefore, CD:SF-LOC
suggests that the issues be SPLIT.
INFERRED ACTION: CAN-2003-0095 ACCEPT (4 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(4) Wall, Cole, Baker, Frech
NOOP(2) Christey, Cox
Voter Comments:
Christey> BID:6849
URL:http://www.securityfocus.com/bid/6849
Christey> CIAC:N-046
URL:http://www.ciac.org/ciac/bulletins/n-046.shtml
======================================================
Candidate: CAN-2003-0097
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0097
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030218
Category: SF
Reference: BUGTRAQ:20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550977011668&w=2
Reference: VULNWATCH:20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0
Reference: GENTOO:GLSA-200302-09
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104567042700840&w=2
Reference: GENTOO:GLSA-200302-09.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104567137502557&w=2
Reference: CONFIRM:http://www.slackware.com/changelog/current.php?cpu=i386
Reference: BID:6875
Reference: URL:http://www.securityfocus.com/bid/6875
Reference: XF:php-cgi-sapi-access(11343)
Reference: URL:http://www.iss.net/security_center/static/11343.php
Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to
access arbitrary files as the PHP user, and possibly execute PHP code,
by bypassing the CGI force redirect settings (cgi.force_redirect or
--enable-force-cgi-redirect).
Modifications:
20040811 [refs] normalize GENTOO
20040811 ADDREF BID:6875
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0097 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Cox
NOOP(1) Wall
======================================================
Candidate: CAN-2003-0100
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0100
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030224
Category: SF
Reference: BUGTRAQ:20030220 Cisco IOS OSPF exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104576100719090&w=2
Reference: BUGTRAQ:20030221 Re: Cisco IOS OSPF exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104587206702715&w=2
Reference: BID:6895
Reference: URL:http://www.securityfocus.com/bid/6895
Reference: XF:cisco-ios-ospf-bo(11373)
Reference: URL:http://www.iss.net/security_center/static/11373.php
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers
to cause a denial of service and possibly execute commands via a large
number of OSPF neighbor announcements.
Modifications:
20040811 ADDREF BID:6895
Analysis
--------
Vendor Acknowledgement: yes followup
INFERRED ACTION: CAN-2003-0100 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Wall, Cole, Green, Baker
NOOP(1) Cox
======================================================
Candidate: CAN-2003-0102
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0102
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: BUGTRAQ:20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104680706201721&w=2
Reference: MISC:http://www.idefense.com/advisory/03.04.03.txt
Reference: DEBIAN:DSA-260
Reference: URL:http://www.debian.org/security/2003/dsa-260
Reference: IMMUNIX:IMNX-2003-7+-012-01
Reference: URL:http://lwn.net/Alerts/34908/
Reference: MANDRAKE:MDKSA-2003:030
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030
Reference: NETBSD:NetBSD-SA2003-003
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc
Reference: SUSE:SuSE-SA:2003:017
Reference: URL:http://www.suse.de/de/security/2003_017_file.html
Reference: REDHAT:RHSA-2003:086
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-086.html
Reference: REDHAT:RHSA-2003:087
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-087.html
Buffer overflow in tryelf() in readelf.c of the file command allows
attackers to execute arbitrary code as the user running file, possibly
via a large entity size value in an ELF header (elfhdr.e_shentsize).
Modifications:
20040811 ADDREF REDHAT:RHSA-2003:087
20040811 ADDREF MANDRAKE:MDKSA-2003:030
20040811 ADDREF SUSE:SuSE-SA:2003:017
20040811 ADDREF IMMUNIX:IMNX-2003-7+-012-01
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0102 ACCEPT (5 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
MODIFY(2) Jones, Cox
NOOP(1) Christey
Voter Comments:
Christey> SUSE:SuSE-SA:2003:017
URL:http://www.suse.de/de/security/2003_017_file.html
Cox> Addref: RHSA-2003:087
Jones> Change "...user running file,..." to "...user running the file
command," for clarity
Christey> MANDRAKE:MDKSA-2003:030
(as suggested by Vincent Danen of Mandrake)
Christey> IMMUNIX:IMNX-2003-7+-012-01
======================================================
Candidate: CAN-2003-0103
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0103
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: ATSTAKE:A022503-1
Reference: BID:6952
Reference: URL:http://www.securityfocus.com/bid/6952
Reference: XF:nokia-6210-vcard-dos(11421)
Reference: URL:http://www.iss.net/security_center/static/11421.php
Format string vulnerability in Nokia 6210 handset allows remote
attackers to cause a denial of service (crash, lockup, or restart) via
a Multi-Part vCard with fields containing a large number of format
string specifiers.
Modifications:
20040811 ADDREF BID:6952
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0103 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
NOOP(2) Wall, Cox
======================================================
Candidate: CAN-2003-0104
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0104
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030225
Category: SF
Reference: ISS:20030310 PeopleSoft PeopleTools Remote Command Execution Vulnerability
Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999
Reference: BID:7053
Reference: URL:http://www.securityfocus.com/bid/7053
Reference: XF:peoplesoft-schedulertransfer-create-files(10962)
Reference: URL:http://www.iss.net/security_center/static/10962.php
Directory traversal vulnerability in PeopleTools 8.10 through 8.18,
8.40, and 8.41 allows remote attackers to overwrite arbitrary files
via the SchedulerTransfer servlet.
Modifications:
20040811 ADDREF BID:7053
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0104 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Baker
NOOP(4) Wall, Cole, Green, Cox
======================================================
Candidate: CAN-2003-0107
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0107
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030226
Category: SF
Reference: BUGTRAQ:20030222 buffer overrun in zlib 1.1.4
Reference: URL:http://online.securityfocus.com/archive/1/312869
Reference: BUGTRAQ:20030223 poc zlib sploit just for fun :)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610337726297&w=2
Reference: BUGTRAQ:20030224 Re: buffer overrun in zlib 1.1.4
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610536129508&w=2
Reference: BUGTRAQ:20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104620610427210&w=2
Reference: CALDERA:CSSA-2003-011.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt
Reference: CONECTIVA:CLSA-2003:619
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619
Reference: GENTOO:GLSA-200303-25
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104887247624907&w=2
Reference: MANDRAKE:MDKSA-2003:033
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033
Reference: NETBSD:NetBSD-SA2003-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc
Reference: REDHAT:RHSA-2003:079
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-079.html
Reference: REDHAT:RHSA-2003:081
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-081.html
Reference: SUNALERT:57405
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
Reference: CERT-VN:VU#142121
Reference: URL:http://www.kb.cert.org/vuls/id/142121
Reference: BID:6913
Reference: URL:http://online.securityfocus.com/bid/6913
Reference: XF:zlib-gzprintf-bo(11381)
Reference: URL:http://www.iss.net/security_center/static/11381.php
Reference: OSVDB:6599
Reference: URL:http://www.osvdb.org/6599
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is
compiled without vsnprintf or when long inputs are truncated using
vsnprintf, allows attackers to cause a denial of service or possibly
execute arbitrary code.
Modifications:
20040811 ADDREF GENTOO:GLSA-200303-25
20040811 ADDREF MANDRAKE:MDKSA-2003:033
20040811 ADDREF REDHAT:RHSA-2003:079
20040811 ADDREF CERT-VN:VU#142121
20040811 ADDREF SUNALERT:57405
20040811 ADDREF CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
20040811 ADDREF CALDERA:CSSA-2003-011.0
20040811 ADDREF NETBSD:NetBSD-SA2003-004
20040811 ADDREF CONECTIVA:CLSA-2003:619
20040818 ADDREF REDHAT:RHSA-2003:081
20040818 ADDREF OSVDB:6599
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0107 ACCEPT (4 accept, 5 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Cox
NOOP(2) Wall, Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2003:033
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:033
Christey> BUGTRAQ:20030328 GLSA: zlib (200303-25)
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104887247624907&w=2
Christey> MANDRAKE:MDKSA-2003:033
(as suggested by Vincent Danen of Mandrake)
Christey> REDHAT:RHSA-2003:079
URL:http://www.redhat.com/support/errata/RHSA-2003-079.html
Christey> CERT-VN:VU#142121
URL:http://www.kb.cert.org/vuls/id/142121
Christey> SUNALERT:57405
URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405
Christey> CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
Christey> CALDERA:CSSA-2003-011.0
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt
NETBSD:NetBSD-SA2003-004
URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc
Christey> CONECTIVA:CLSA-2003:619
URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619
======================================================
Candidate: CAN-2003-0108
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0108
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030226
Category: SF
Reference: BUGTRAQ:20030227 iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsin
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104637420104189&w=2
Reference: MISC:http://www.idefense.com/advisory/02.27.03.txt
Reference: CONECTIVA:CLA-2003:629
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629
Reference: DEBIAN:DSA-255
Reference: URL:http://www.debian.org/security/2003/dsa-255
Reference: MANDRAKE:MDKSA-2003:027
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
Reference: REDHAT:RHSA-2003:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html
Reference: REDHAT:RHSA-2003:085
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-085.html
Reference: REDHAT:RHSA-2003:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html
Reference: SUSE:SuSE-SA:2003:0015
Reference: URL:http://www.suse.de/de/security/2003_015_tcpdump.html
Reference: BUGTRAQ:20030304 [OpenPKG-SA-2003.014] OpenPKG Security Advisory (tcpdump)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678787109030&w=2
Reference: BID:6974
Reference: URL:http://www.securityfocus.com/bid/6974
Reference: XF:tcpdump-isakmp-dos(11434)
Reference: URL:http://www.iss.net/security_center/static/11434.php
isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers
to cause a denial of service (CPU consumption) via a certain malformed
ISAKMP packet to UDP port 500, which causes tcpdump to enter an
infinite loop.
Modifications:
20040811 ADDREF CONECTIVA:CLA-2003:629
20040811 ADDREF REDHAT:RHSA-2003:032
20040811 ADDREF BID:6974
20040818 ADDREF REDHAT:RHSA-2003:085
20040818 ADDREF REDHAT:RHSA-2003:214
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2003-0108 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Green, Cox
NOOP(2) Jones, Christey
Voter Comments:
Christey> REDHAT:RHSA-2003:032
URL:http://www.redhat.com/support/errata/RHSA-2003-032.html
Christey> CONECTIVA:CLA-2003:629
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629
Christey> BID:6974
URL:http://www.securityfocus.com/bid/6974
======================================================
Candidate: CAN-2003-0120
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0120
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030228
Category: SF
Reference: DEBIAN:DSA-256
Reference: URL:http://www.debian.org/security/2003/dsa-256
Reference: BID:6978
Reference: URL:http://www.securityfocus.com/bid/6978
Reference: XF:mhc-adb2mhc-insecure-tmp(11439)
Reference: URL:http://www.iss.net/security_center/static/11439.php
adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local
users to overwrite arbitrary files via a symlink attack on a default
temporary directory with a predictable name.
Modifications:
20040811 [desc] fix typo
20040811 ADDREF BID:6978
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0120 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Green
MODIFY(1) Jones
NOOP(2) Christey, Cox
Voter Comments:
Jones> change "diectory" to "directory"
Christey> BID:6978
URL:http://www.securityfocus.com/bid/6978
======================================================
Candidate: CAN-2003-0122
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0122
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030310
Category: SF
Reference: BUGTRAQ:20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104757319829443&w=2
Reference: VULNWATCH:20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html
Reference: MISC:http://www.rapid7.com/advisories/R7-0010.html
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101
Reference: CERT:CA-2003-11
Reference: URL:http://www.cert.org/advisories/CA-2003-11.html
Reference: CERT-VN:VU#433489
Reference: URL:http://www.kb.cert.org/vuls/id/433489
Reference: CIAC:N-065
Reference: URL:http://www.ciac.org/ciac/bulletins/n-065.shtml
Reference: BID:7037
Reference: URL:http://www.securityfocus.com/bid/7037
Reference: XF:lotus-nrpc-bo(11526)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11526
Buffer overflow in Notes server before Lotus Notes R4, R5 before
5.0.11, and early R6 allows remote attackers to execute arbitrary code
via a long distinguished name (DN) during NotesRPC authentication and
an outer field length that is less than that of the DN field.
Modifications:
20040811 ADDREF CERT:CA-2003-11
20040811 ADDREF CERT-VN:VU#433489
20040811 ADDREF CIAC:N-065
20040811 ADDREF XF:lotus-nrpc-bo(11526)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0122 ACCEPT (4 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Bollinger
NOOP(3) Wall, Christey, Cox
Voter Comments:
Green> ACKNOWLEDGED IN LOTUS SPR #DBAR5CJJJS
Christey> CERT-VN:VU#433489
URL:http://www.kb.cert.org/vuls/id/433489
CERT:CA-2003-11
URL:http://www.cert.org/advisories/CA-2003-11.html
Christey> CIAC:N-065
URL:http://www.ciac.org/ciac/bulletins/n-065.shtml
XF:lotus-nrpc-bo(11526)
URL:http://xforce.iss.net/xforce/xfdb/11526
======================================================
Candidate: CAN-2003-0123
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0123
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030310
Category: SF
Reference: BUGTRAQ:20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104757545500368&w=2
Reference: MISC:http://www.rapid7.com/advisories/R7-0011.html
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060
Reference: CERT:CA-2003-11
Reference: URL:http://www.cert.org/advisories/CA-2003-11.html
Reference: CERT-VN:VU#411489
Reference: URL:http://www.kb.cert.org/vuls/id/411489
Reference: CIAC:N-065
Reference: URL:http://www.ciac.org/ciac/bulletins/n-065.shtml
Reference: BID:7038
Reference: URL:http://www.securityfocus.com/bid/7038
Reference: XF:lotus-web-retriever-bo(11525)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11525
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5
through R6 allows remote malicious web servers to cause a denial of
service (crash) via a long HTTP status line.
Modifications:
20040811 ADDREF CERT:CA-2003-11
20040811 ADDREF CERT-VN:VU#411489
20040811 ADDREF CIAC:N-065
20040811 ADDREF XF:lotus-web-retriever-bo(11525)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0123 ACCEPT (4 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Green, Baker, Bollinger
NOOP(3) Wall, Christey, Cox
Voter Comments:
Christey> CERT-VN:VU#411489
URL:http://www.kb.cert.org/vuls/id/411489
CERT:CA-2003-11
URL:http://www.cert.org/advisories/CA-2003-11.html
Christey> CIAC:N-065
URL:http://www.ciac.org/ciac/bulletins/n-065.shtml
XF:lotus-web-retriever-bo(11525)
URL:http://xforce.iss.net/xforce/xfdb/11525
CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060
======================================================
Candidate: CAN-2003-0124
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0124
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030312
Category: SF
Reference: BUGTRAQ:20030311 Vulnerability in man < 1.5l
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104740927915154&w=2
Reference: CONECTIVA:CLSA-2003:620
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620
Reference: GENTOO:GLSA-200303-13
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104802285112752&w=2
Reference: REDHAT:RHSA-2003:133
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-133.html
Reference: REDHAT:RHSA-2003:134
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-134.html
Reference: BID:7066
Reference: URL:http://www.securityfocus.com/bid/7066
Reference: XF:man-myxsprintf-code-execution(11512)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11512
man before 1.51 allows attackers to execute arbitrary code via a
malformed man file with improper quotes, which causes the my_xsprintf
function to return a string with the value "unsafe," which is then
executed as a program via a system call if it is in the search path of
the user who runs man.
Modifications:
20040811 ADDREF GENTOO:200303-13
20040811 ADDREF REDHAT:RHSA-2003:133
20040811 ADDREF REDHAT:RHSA-2003:134
20040811 ADDREF CONECTIVA:CLSA-2003:620
20040811 ADDREF BID:7066
20040811 ADDREF XF:man-myxsprintf-code-execution(11512)
20040811 [desc] clarify issue
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0124 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Green, Baker
MODIFY(1) Cox
NOOP(3) Wall, Cole, Christey
Voter Comments:
Christey> BUGTRAQ:20030318 GLSA: man (200303-13)
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104802285112752&w=2
Cox> This vulnerability will only execute the arbitrary code as the
user that runs 'man' and only if that user has an executable called
'unsafe' somewhere on their path to which the attacker has
access. Suggest modification of description to take this into
account.
Green> NEW VERSION RELEASE FOLLOWING REPORT OF VULNERABILITY
Cox> ADDREF REDHAT:RHSA-2003:134
Christey> REDHAT:RHSA-2003:133
======================================================
Candidate: CAN-2003-0125
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0125
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030312
Category: SF
Reference: MISC:http://www.krusesecurity.dk/advisories/routefind550bof.txt
Reference: VULNWATCH:20030311 SOHO Routefinder 550 VPN, DoS and Buffer Overflow
Reference: CONFIRM:ftp://ftp.multitech.com/Routers/RF550VPN.TXT
Reference: BID:7067
Reference: URL:http://www.securityfocus.com/bid/7067
Reference: XF:routefinder-vpn-options-bo(11514)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11514
Buffer overflow in the web interface for SOHO Routefinder 550 before
firmware 4.63 allows remote attackers to cause a denial of service
(reboot) and execute arbitrary code via a long GET /OPTIONS value.
Modifications:
20040811 ADDREF BID:7067
20040811 ADDREF XF:routefinder-vpn-options-bo(11514)
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2003-0125 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
NOOP(2) Wall, Cox
======================================================
Candidate: CAN-2003-0143
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0143
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20030317
Assigned: 20030313
Category: SF
Reference: BUGTRAQ:20030310 QPopper 4.0.x buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104739841223916&w=2
Reference: BUGTRAQ:20030312 Re: QPopper 4.0.x buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104748775900481&w=2
Reference: DEBIAN:DSA-259
Reference: URL:http://www.debian.org/security/2003/dsa-259
Reference: GENTOO:GLSA-200303-12
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792541215354&w=2
Reference: SUSE:SuSE-SA:2003:018
Reference: URL:http://www.suse.de/de/security/2003_018_qpopper.html
Reference: BUGTRAQ:20030314 [OpenPKG-SA-2003.018] OpenPKG Security Advisory (qpopper)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104768137314397&w=2
Reference: BID:7058
Reference: URL:http://www.securityfocus.com/bid/7058
Reference: XF:qpopper-popmsg-macroname-bo(11516)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11516
The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null
terminate a message buffer after a call to Qvsnprintf, which could
allow authenticated users to execute arbitrary code via a buffer
overflow in a mdef command with a long macro name.
Modifications:
20040811 CHANGEREF GENTOO [normalize]
20040811 ADDREF SUSE:SuSE-SA:2003:018
20040811 ADDREF BID:7058
20040811 ADDREF XF:qpopper-popmsg-macroname-bo(11516)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0143 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Jones, Cole, Armstrong, Green
NOOP(2) Christey, Cox
Voter Comments:
Christey> SUSE:SuSE-SA:2003:018
URL:http://www.suse.de/de/security/2003_018_qpopper.html
======================================================
Candidate: CAN-2003-0145
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0145
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20030317
Assigned: 20030314
Category: SF
Reference: CONFIRM:http://www.tcpdump.org/tcpdump-changes.txt
Reference: DEBIAN:DSA-261
Reference: URL:http://www.debian.org/security/2003/dsa-261
Reference: MANDRAKE:MDKSA-2003:027
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
Reference: REDHAT:RHSA-2003:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html
Reference: REDHAT:RHSA-2003:151
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-151.html
Reference: REDHAT:RHSA-2003:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html
Reference: XF:tcpdump-radius-attribute-dos(11857)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11857
Unknown vulnerability in tcpdump before 3.7.2 related to an inability
to "Handle unknown RADIUS attributes properly," allows remote
attackers to cause a denial of service (infinite loop), a different
vulnerability than CAN-2003-0093.
Modifications:
20040811 ADDREF MANDRAKE:MDKSA-2003:027
20040811 ADDREF REDHAT:RHSA-2003:032
20040811 ADDREF REDHAT:RHSA-2003:151
20040811 ADDREF XF:tcpdump-radius-attribute-dos(11857)
20040818 ADDREF REDHAT:RHSA-2003:214
20040818 ADDREF DEBIAN:DSA-261
Analysis
--------
Vendor Acknowledgement: yes changelog
ACCURACY: Via email on March 14, 2003, Martin Schulze confirmed that
this is a different issue than CAN-2003-0093.
INFERRED ACTION: CAN-2003-0145 ACCEPT_REV (3 accept, 3 ack, 1 review)
Current Votes:
ACCEPT(3) Cole, Green, Baker
NOOP(2) Wall, Christey
REVIEWING(1) Cox
Voter Comments:
Christey> REDHAT:RHSA-2003:032
URL:http://www.redhat.com/support/errata/RHSA-2003-032.html
Christey> MANDRAKE:MDKSA-2003:027
(as suggested by Vincent Danen of Mandrake)
Christey> REDHAT:RHSA-2003:151
URL:http://www.redhat.com/support/errata/RHSA-2003-151.html
======================================================
Candidate: CAN-2003-0825
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0825
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20030918
Category: SF
Reference: MS:MS04-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-006.asp
Reference: CERT-VN:VU#445214
Reference: URL:http://www.kb.cert.org/vuls/id/445214
Reference: BID:9624
Reference: URL:http://www.securityfocus.com/bid/9624
Reference: XF:win-wins-gsflag-dos(15037)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15037
Reference: OSVDB:3903
Reference: URL:http://www.osvdb.org/3903
Reference: OVAL:OVAL704
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL704.html
Reference: OVAL:OVAL800
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL800.html
Reference: OVAL:OVAL801
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL801.html
Reference: OVAL:OVAL802
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL802.html
The Windows Internet Naming Service (WINS) for Microsoft Windows
Server 2003, and possibly Windows NT and Server 2000, does not
properly validate the length of certain packets, which allows
attackers to cause a denial of service and possibly execute arbitrary
code.
Modifications:
20040811 ADDREF CERT-VN:VU#445214
20040811 ADDREF BID:9624
20040811 ADDREF XF:win-wins-gsflag-dos(15037)
20040818 ADDREF OSVDB:3903
20040824 ADDREF OVAL:OVAL704
20040824 ADDREF OVAL:OVAL800
20040824 ADDREF OVAL:OVAL801
20040824 ADDREF OVAL:OVAL802
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0825 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Wall, Cole, Armstrong
NOOP(1) Cox
======================================================
Candidate: CAN-2003-0903
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0903
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20031104
Category: SF
Reference: MS:MS04-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-003.asp
Reference: CERT-VN:VU#139150
Reference: URL:http://www.kb.cert.org/vuls/id/139150
Reference: BID:9407
Reference: URL:http://www.securityfocus.com/bid/9407
Reference: XF:mdac-broadcastrequest-bo(14187)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14187
Reference: OSVDB:3457
Reference: URL:http://www.osvdb.org/3457
Reference: OVAL:OVAL525
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL525.html
Reference: OVAL:OVAL553
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL553.html
Reference: OVAL:OVAL751
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL751.html
Reference: OVAL:OVAL775
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL775.html
Buffer overflow in a component of Microsoft Data Access Components
(MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary
code via a malformed UDP response to a broadcast request.
Modifications:
20040811 ADDREF CERT-VN:VU#139150
20040811 ADDREF BID:9407
20040811 ADDREF XF:mdac-broadcastrequest-bo(14187)
20040818 ADDREF OSVDB:3457
20040824 ADDREF OVAL:OVAL525
20040824 ADDREF OVAL:OVAL553
20040824 ADDREF OVAL:OVAL751
20040824 ADDREF OVAL:OVAL775
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0903 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Baker, Wall, Cole, Armstrong, Green
NOOP(1) Cox
======================================================
Candidate: CAN-2003-0905
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0905
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20031104
Category: SF
Reference: MS:MS04-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-008.asp
Reference: CERT-VN:VU#982630
Reference: URL:http://www.kb.cert.org/vuls/id/982630
Reference: BID:9825
Reference: URL:http://www.securityfocus.com/bid/9825
Reference: XF:win-media-services-dos(15038)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15038
Reference: OVAL:OVAL842
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL842.html
Unknown vulnerability in Windows Media Station Service and Windows
Media Monitor Service components of Windows Media Services 4.1 allows
remote attackers to cause a denial of service (disallowing new
connections) via a certain sequence of TCP/IP packets.
Modifications:
20040811 ADDREF CERT-VN:VU#982630
20040811 ADDREF BID:9825
20040811 ADDREF XF:win-media-services-dos(15038)
20040824 ADDREF OVAL:OVAL842
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0905 ACCEPT (6 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Baker, Balinsky, Wall, Cole, Armstrong
MODIFY(1) Frech
NOOP(1) Cox
Voter Comments:
Frech> XF:win-media-services-dos(15038)
http://xforce.iss.net/xforce/xfdb/15038
======================================================
Candidate: CAN-2003-0924
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0924
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20031104
Category: SF
Reference: DEBIAN:DSA-426
Reference: URL:http://www.debian.org/security/2004/dsa-426
Reference: REDHAT:RHSA-2004:030
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-030.html
Reference: REDHAT:RHSA-2004:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-031.html
Reference: SGI:20040201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Reference: MANDRAKE:MDKSA-2004:011
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011
Reference: CERT-VN:VU#487102
Reference: URL:http://www.kb.cert.org/vuls/id/487102
Reference: BID:9442
Reference: URL:http://www.securityfocus.com/bid/9442
Reference: XF:netpbm-temp-insecure-file(14874)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14874
Reference: OVAL:OVAL804
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL804.html
Reference: OVAL:OVAL810
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL810.html
netpbm 9.25 and earlier does not properly create temporary files,
which allows local users to overwrite arbitrary files.
Modifications:
20040811 ADDREF BID:9442
20040811 ADDREF XF:netpbm-temp-insecure-file(14874)
20040811 [desc] fix affected version
20040824 ADDREF OVAL:OVAL804
20040824 ADDREF OVAL:OVAL810
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0924 ACCEPT (6 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(5) Baker, Wall, Cole, Armstrong, Green
MODIFY(1) Cox
Voter Comments:
Cox> 2:9.25 is a Mandrake-specific version identifier
======================================================
Candidate: CAN-2003-0966
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0966
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20040318
Assigned: 20031126
Category: SF
Reference: REDHAT:RHSA-2004:009
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-009.html
Reference: SGI:20040103-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
Reference: MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078
Reference: BID:9430
Reference: URL:http://www.securityfocus.com/bid/9430
Reference: XF:elm-frm-subject-bo(14840)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14840
Buffer overflow in the frm command in elm 2.5.6 and earlier, and
possibly later versions, allows remote attackers to execute arbitrary
code via a long Subject line.
Modifications:
20040811 ADDREF MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078
20040811 ADDREF BID:9430
20040811 ADDREF XF:elm-frm-subject-bo(14840)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0966 ACCEPT (6 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Baker, Wall, Cole, Armstrong, Green
MODIFY(1) Cox
Voter Comments:
Cox> ADDREF: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078
add "and later versions" because this isn't fixed upstream.
======================================================
Candidate: CAN-2003-0969
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0969
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20031201
Category: SF
Reference: DEBIAN:DSA-411
Reference: URL:http://www.debian.org/security/2004/dsa-411
Reference: SUSE:SuSE-SA:2004:002
Reference: URL:http://www.suse.com/de/security/2004_02_tcpdump.html
Reference: BID:9364
Reference: URL:http://www.securityfocus.com/bid/9364
Reference: XF:mpg321-mp3-format-string(14148)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14148
Reference: OSVDB:3331
Reference: URL:http://www.osvdb.org/3331
mpg321 0.2.10 allows remote attackers to overwrite memory and possibly
execute arbitrary code via an mp3 file that passes certain strings to
the printf function, possibly triggering a format string
vulnerability.
Modifications:
20040811 ADDREF SUSE:SuSE-SA:2004:002
20040811 ADDREF BID:9364
20040818 ADDREF OSVDB:3331
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0969 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Baker, Cox, Williams, Cole, Armstrong
NOOP(1) Wall
Voter Comments:
Williams> http://www.suse.com/de/security/2004_02_tcpdump.html
http://www.debian.org/security/2004/dsa-411
======================================================
Candidate: CAN-2003-0985
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20031216
Category: SF
Reference: BUGTRAQ:20040105 Linux kernel mremap vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107332782121916&w=2
Reference: MISC:http://isec.pl/vulnerabilities/isec-0013-mremap.txt
Reference: BUGTRAQ:20040105 Linux kernel do_mremap() proof-of-concept exploit code
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340358402129&w=2
Reference: BUGTRAQ:20040106 Linux mremap bug correction
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340814409017&w=2
Reference: DEBIAN:DSA-423
Reference: URL:http://www.debian.org/security/2004/dsa-423
Reference: DEBIAN:DSA-450
Reference: URL:http://www.debian.org/security/2004/dsa-450
Reference: SUSE:SuSE-SA:2004:001
Reference: SUSE:SuSE-SA:2004:003
Reference: URL:http://www.suse.com/de/security/2004_03_linux_kernel.html
Reference: CONECTIVA:CLA-2004:799
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799
Reference: ENGARDE:ESA-20040105-001
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
Reference: REDHAT:RHSA-2003:416
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-416.html
Reference: REDHAT:RHSA-2003:417
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-417.html
Reference: REDHAT:RHSA-2003:418
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-418.html
Reference: REDHAT:RHSA-2003:419
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-419.html
Reference: DEBIAN:DSA-413
Reference: URL:http://www.debian.org/security/2004/dsa-413
Reference: DEBIAN:DSA-417
Reference: URL:http://www.debian.org/security/2004/dsa-417
Reference: DEBIAN:DSA-427
Reference: URL:http://www.debian.org/security/2004/dsa-427
Reference: DEBIAN:DSA-439
Reference: URL:http://www.debian.org/security/2004/dsa-439
Reference: DEBIAN:DSA-440
Reference: URL:http://www.debian.org/security/2004/dsa-440
Reference: DEBIAN:DSA-442
Reference: URL:http://www.debian.org/security/2004/dsa-442
Reference: DEBIAN:DSA-470
Reference: URL:http://www.debian.org/security/2004/dsa-470
Reference: DEBIAN:DSA-475
Reference: URL:http://www.debian.org/security/2004/dsa-475
Reference: IMMUNIX:IMNX-2004-73-001-01
Reference: MANDRAKE:MDKSA-2004:001
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001
Reference: SGI:20040102-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040102-01-U
Reference: TRUSTIX:2004-0001
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107332754521495&w=2
Reference: BUGTRAQ:20040107 [slackware-security] Kernel security update (SSA:2004-006-01)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107350348418373&w=2
Reference: BUGTRAQ:20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-01/0070.html
Reference: BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2
Reference: XF:linux-domremap-gain-privileges(14135)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14135
Reference: OSVDB:3315
Reference: URL:http://www.osvdb.org/3315
Reference: OVAL:OVAL860
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL860.html
Reference: OVAL:OVAL867
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL867.html
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21
does not properly perform bounds checks, which allows local users to
cause a denial of service and possibly gain privileges by causing a
remapping of a virtual memory area (VMA) to create a zero length VMA,
a different vulnerability than CAN-2004-0077.
Modifications:
20040811 ADDREF DEBIAN:DSA-470
20040811 ADDREF DEBIAN:DSA-475
20040811 ADDREF REDHAT:RHSA-2003:418
20040811 [refs] normalize TRUSTIX
20040811 [desc] fix affected versions
20040818 ADDREF DEBIAN:DSA-423
20040818 ADDREF DEBIAN:DSA-450
20040818 ADDREF OSVDB:3315
20040824 ADDREF OVAL:OVAL860
20040824 ADDREF OVAL:OVAL867
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0985 ACCEPT (6 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Wall, Cole, Armstrong
MODIFY(2) Cox, Williams
NOOP(1) Christey
Voter Comments:
Cox> This issue was fixed in 2.4.21 (proof at URL below)
Addref: http://linux.bkbits.net:8080/linux-2.4/cset@rusty@rustcorp.com.au|ChangeSet|20030421172337|61834
This issue did not affect 2.6 (proof: rusty@rustcorp.com.au|ChangeSet|20030506080426|32903)
Addref: REDHAT:RHSA-2003:418
Williams> Modify in accordance with Cox comments.
Christey> DEBIAN:DSA-470
URL:http://www.debian.org/security/2004/dsa-470
Christey> DEBIAN:DSA-475
URL:http://www.debian.org/security/2004/dsa-475
Christey> Normalize Trustix reference to TRUSTIX:2004-0001
======================================================
Candidate: CAN-2003-0988
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20031216
Category: SF
Reference: BUGTRAQ:20040114 KDE Security Advisory: VCF file information reader vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107412130407906&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20040114-1.txt
Reference: CONECTIVA:CLA-2004:810
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810
Reference: GENTOO:GLSA-200404-02
Reference: URL:http://security.gentoo.org/glsa/glsa-200404-02.xml
Reference: MANDRAKE:MDKSA-2004:003
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003
Reference: REDHAT:RHSA-2004:005
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-005.html
Reference: REDHAT:RHSA-2004:006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-006.html
Reference: CERT-VN:VU#820798
Reference: URL:http://www.kb.cert.org/vuls/id/820798
Reference: BID:9419
Reference: URL:http://www.securityfocus.com/bid/9419
Reference: XF:kde-kdepim-bo(14833)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14833
Reference: OVAL:OVAL858
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL858.html
Reference: OVAL:OVAL865
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL865.html
Buffer overflow in the VCF file information reader for KDE Personal
Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4
allows attackers to execute arbitrary code via a VCF file.
Modifications:
20040811 ADDREF REDHAT:RHSA-2004:006
20040811 ADDREF CERT-VN:VU#820798
20040811 ADDREF BID:9419
20040811 ADDREF XF:kde-kdepim-bo(14833)
20040824 ADDREF OVAL:OVAL858
20040824 ADDREF OVAL:OVAL865
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0988 ACCEPT (6 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(6) Baker, Cox, Wall, Cole, Armstrong, Green
NOOP(1) Christey
Voter Comments:
Cox> Addref: REDHAT:RHSA-2004:006
Christey> BUGTRAQ:20040406 [ GLSA 200404-02 ] KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108127782900563&w=2
======================================================
Candidate: CAN-2003-0991
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0991
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20040318
Assigned: 20031216
Category: SF
Reference: MLIST:[Mailman-Announce] 20040208 RELEASED: Mailman 2.0.14 patch-only release
Reference: URL:http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html
Reference: CONECTIVA:CLA-2004:842
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842
Reference: DEBIAN:DSA-436
Reference: URL:http://www.debian.org/security/2004/dsa-436
Reference: REDHAT:RHSA-2004:019
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-019.html
Reference: SGI:20040201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Reference: MANDRAKE:MDKSA-2004:013
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013
Reference: XF:mailman-command-handler-dos(15106)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15106
Reference: BID:9620
Reference: URL:http://www.securityfocus.com/bid/9620
Unknown vulnerability in the mail command handler in Mailman before
2.0.14 allows remote attackers to cause a denial of service (crash)
via malformed e-mail commands.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-0991 ACCEPT (5 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(5) Baker, Cox, Wall, Cole, Armstrong
NOOP(1) Christey
Voter Comments:
Christey> CONECTIVA:CLA-2004:842
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842
======================================================
Candidate: CAN-2003-0993
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20040318
Assigned: 20031216
Category: SF
Reference: CONFIRM:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850
Reference: MLIST:[apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c
Reference: URL:http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722
Reference: CONFIRM:http://www.apacheweek.com/features/security-13
Reference: GENTOO:GLSA-200405-22
Reference: URL:http://security.gentoo.org/glsa/glsa-200405-22.xml
Reference: MANDRAKE:MDKSA-2004:046
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:046
Reference: SLACKWARE:SSA:2004-133
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
Reference: TRUSTIX:2004-0027
Reference: URL:http://www.trustix.org/errata/2004/0027
Reference: BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108437852004207&w=2
Reference: XF:apache-modaccess-obtain-information(15422)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15422
Reference: BID:9829
Reference: URL:http://www.securityfocus.com/bid/9829
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit
platforms, does not properly parse Allow/Deny rules using IP addresses
without a netmask, which could allow remote attackers to bypass
intended access restrictions.
Modifications:
20040811 ADDREF BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
20040811 ADDREF SLACKWARE:SSA:2004-133
20040811 ADDREF TRUSTIX:2004-0027
20040811 ADDREF MANDRAKE:MDKSA-2004:046
20040811 ADDREF GENTOO:GLSA-200405-22
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2003-0993 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Baker, Cox, Balinsky, Cole, Armstrong
NOOP(2) Wall, Christey
Voter Comments:
Christey> BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108437852004207&w=2
Christey> SLACKWARE:SSA:2004-133
URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
TRUSTIX:2004-0027
URL:http://www.trustix.org/errata/2004/0027
Christey> MANDRAKE:MDKSA-2004:046
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:046
Christey> BUGTRAQ:20040526 [ GLSA 200405-22 ] Apache 1.3: Multiple vulnerabilities
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108559521611694&w=2
======================================================
Candidate: CAN-2003-0994
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0994
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20031216
Category: SF
Reference: FULLDISC:20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-January/015510.html
Reference: BUGTRAQ:20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-January/015510.html
Reference: BUGTRAQ:20040112 Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107393473928245&w=2
Reference: MISC:http://www.secnetops.biz/research/SRT2004-01-09-1022.txt
Reference: OSVDB:3428
Reference: URL:http://www.osvdb.org/3428
The GUI functionality for an interactive session in Symantec
LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security
2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and
Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0,
allows local users to gain SYSTEM privileges.
Modifications:
20040818 ADDREF OSVDB:3428
Analysis
--------
Vendor Acknowledgement: yes followup
INFERRED ACTION: CAN-2003-0994 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Baker, Williams, Wall, Cole, Armstrong
NOOP(1) Cox
======================================================
Candidate: CAN-2003-1022
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1022
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20031219
Category: SF
Reference: DEBIAN:DSA-416
Reference: URL:http://www.debian.org/security/2004/dsa-416
Reference: CIAC:O-048
Reference: URL:http://www.ciac.org/ciac/bulletins/o-048.shtml
Reference: XF:fspsuite-dot-directory-traversal(14154)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14154
Reference: BID:9377
Reference: URL:http://www.securityfocus.com/bid/9377
Reference: OSVDB:3346
Reference: URL:http://www.osvdb.org/3346
Directory traversal vulnerability in fsp before 2.81.b18 allows remote
users to access files outside the FSP root directory.
Modifications:
20040818 ADDREF OSVDB:3346
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-1022 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Williams, Wall, Cole, Armstrong, Baker
NOOP(1) Cox
======================================================
Candidate: CAN-2003-1326
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1326
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20030206
Category: SF
Reference: MS:MS03-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-004.asp
Reference: CIAC:N-038
Reference: URL:http://www.ciac.org/ciac/bulletins/n-038.shtml
Reference: BID:6779
Reference: URL:http://www.securityfocus.com/bid/6779
Reference: XF:ie-dialog-zone-bypass(11258)
Reference: URL:http://www.iss.net/security_center/static/11258.php
Reference: OVAL:OVAL126
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL126.html
Reference: OVAL:OVAL178
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL178.html
Reference: OVAL:OVAL49
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL49.html
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers
to bypass the cross-domain security model to run malicious script or
arbitrary programs via dialog boxes, aka "Improper Cross Domain
Security Validation with dialog box."
Modifications:
20040811 [desc] fix affected versions
20040811 ADDREF CIAC:N-038
20040811 ADDREF BID:6779
20040824 ADDREF OVAL:OVAL126
20040824 ADDREF OVAL:OVAL178
20040824 ADDREF OVAL:OVAL49
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-1326 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Cole, Green
NOOP(2) Cox, Christey
Voter Comments:
Christey> Need to remove 5.01 from the affected versions list; MS03-004
says "Internet Explorer 5.01 users are not affected by the
first vulnerability," which is this issue.
Christey> CIAC:N-038
URL:http://www.ciac.org/ciac/bulletins/n-038.shtml
BID:6779
URL:http://www.securityfocus.com/bid/6779
======================================================
Candidate: CAN-2003-1328
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1328
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20030317
Assigned: 20030206
Category: SF
Reference: BUGTRAQ:20030206 showHelp("file:") disables security in IE - Sandblad advisory #11
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html
Reference: MS:MS03-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-004.asp
Reference: CERT-VN:VU#400577
Reference: URL:http://www.kb.cert.org/vuls/id/400577
Reference: CIAC:N-038
Reference: URL:http://www.ciac.org/ciac/bulletins/n-038.shtml
Reference: BID:6780
Reference: URL:http://www.securityfocus.com/bid/6780
Reference: XF:ie-showhelp-zone-bypass(11259)
Reference: URL:http://www.iss.net/security_center/static/11259.php
Reference: OVAL:OVAL57
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL57.html
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and
6.0 supports certain types of pluggable protocols that allow remote
attackers to bypass the cross-domain security model and execute
arbitrary code, aka "Improper Cross Domain Security Validation with
ShowHelp functionality."
Modifications:
20040811 [desc] fix affected versions
20040811 ADDREF BUGTRAQ:20030206 showHelp("file:") disables security in IE - Sandblad advisory #11
20040811 ADDREF CIAC:N-038
20040811 ADDREF CERT-VN:VU#400577
20040811 ADDREF BID:6780
20040824 ADDREF OVAL:OVAL57
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2003-1328 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Cole, Green
NOOP(2) Cox, Christey
Voter Comments:
Christey> Need to add 5.01 to the affected versions list.
Christey> BUGTRAQ:20030206 showHelp("file:") disables security in IE - Sandblad advisory #11
URL:http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html
CIAC:N-038
URL:http://www.ciac.org/ciac/bulletins/n-038.shtml
CERT-VN:VU#400577
URL:http://www.kb.cert.org/vuls/id/400577
BID:6780
URL:http://www.securityfocus.com/bid/6780
======================================================
Candidate: CAN-2004-0001
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0001
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: REDHAT:RHSA-2004:017
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-017.html
Reference: GENTOO:GLSA-200402-06
Reference: URL:http://security.gentoo.org/glsa/glsa-200402-06.xml
Reference: CERT-VN:VU#337238
Reference: URL:http://www.kb.cert.org/vuls/id/337238
Reference: XF:linux-ptrace-gain-privilege(14888)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14888
Reference: BID:9429
Reference: URL:http://www.securityfocus.com/bid/9429
Reference: OVAL:OVAL868
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL868.html
Unknown vulnerability in the eflags checking in the 32-bit ptrace
emulation for the Linux kernel on AMD64 systems allows local users to
gain privileges.
Modifications:
20040824 ADDREF OVAL:OVAL868
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0001 ACCEPT (6 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(6) Cole, Armstrong, Green, Baker, Cox, Wall
======================================================
Candidate: CAN-2004-0004
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0004
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: BUGTRAQ:20040116 [OpenCA Advisory] Vulnerability in signature verification
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107427313700554&w=2
Reference: CONFIRM:http://www.openca.org/news/CAN-2004-0004.txt
Reference: CERT-VN:VU#336446
Reference: URL:http://www.kb.cert.org/vuls/id/336446
Reference: BID:9435
Reference: URL:http://www.securityfocus.com/bid/9435
Reference: XF:openca-improper-signature-verification(14847)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14847
Reference: OSVDB:3615
Reference: URL:http://www.osvdb.org/3615
The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6
and earlier only compares the serial of the signer's certificate and
the one in the database, which can cause OpenCA to incorrectly accept
a signature if the certificate's chain is trusted by OpenCA's chain
directory, allowing remote attackers to spoof requests from other
users.
Modifications:
20040811 ADDREF CERT-VN:VU#336446
20040811 ADDREF BID:9435
20040811 ADDREF XF:openca-improper-signature-verification(14847)
20040818 ADDREF OSVDB:3615
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0004 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0009
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0009
Final-Decision:
Interim-Decision: 20040825
Modified: 20040820
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: BUGTRAQ:20040206 Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107619127531765&w=2
Reference: FULLDISC:20040206 [apache-ssl] Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016870.html
Reference: CONFIRM:http://www.apache-ssl.org/advisory-20040206.txt
Reference: XF:apachessl-default-password(15065)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15065
Reference: BID:9590
Reference: URL:http://www.securityfocus.com/bid/9590
Reference: OSVDB:3877
Reference: URL:http://www.osvdb.org/3877
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3
and SSLFakeBasicAuth enabled, allows remote attackers to forge a
client certificate by using basic authentication with the "one-line
DN" of the target user.
Modifications:
20040818 ADDREF OSVDB:3877
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2004-0009 ACCEPT_REV (4 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Cox
REVIEWING(1) Wall
======================================================
Candidate: CAN-2004-0011
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0011
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: DEBIAN:DSA-416
Reference: URL:http://www.debian.org/security/2003/dsa-416
Reference: CIAC:O-048
Reference: URL:http://www.ciac.org/ciac/bulletins/o-048.shtml
Reference: BID:9377
Reference: URL:http://www.securityfocus.com/bid/9377
Reference: XF:fsp-boundry-error-bo(14155)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14155
Buffer overflow in fsp before 2.81.b18 allows remote users to execute
arbitrary code.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0011 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Baker, Williams, Wall
NOOP(1) Cox
Voter Comments:
Williams> http://cvs.sourceforge.net/viewcvs.py/fsp/fsp/ChangeLog?view=auto
======================================================
Candidate: CAN-2004-0013
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0013
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: DEBIAN:DSA-414
Reference: URL:http://www.debian.org/security/2004/dsa-414
Reference: MANDRAKE:MDKSA-2004:005
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:005
Reference: BID:9376
Reference: URL:http://www.securityfocus.com/bid/9376
Reference: XF:jabber-ssl-connections-dos(14158)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14158
Reference: OSVDB:3345
Reference: URL:http://www.osvdb.org/3345
jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly
handle SSL connections, which allows remote attackers to cause a
denial of service (crash).
Modifications:
20040811 ADDREF BID:9376
20040811 ADDREF XF:jabber-ssl-connections-dos(14158)
20040811 [desc] fix versions
20040818 ADDREF OSVDB:3345
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0013 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Wall
MODIFY(1) Williams
NOOP(1) Cox
Voter Comments:
Williams> http://jabberd.jabberstudio.org/1.4/release-1.4.3.shtml
versions currently listed in desc may be wrong (fixed in 1.4.3?).
======================================================
Candidate: CAN-2004-0015
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0015
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: DEBIAN:DSA-418
Reference: URL:http://www.debian.org/security/2004/dsa-418
Reference: BID:9381
Reference: URL:http://www.securityfocus.com/bid/9381
Reference: XF:vbox3-gain-privileges(14170)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14170
vbox3 0.1.8 and earlier does not properly drop privileges before
executing a user-provided TCL script, which allows local users to gain
privileges.
Modifications:
20040811 ADDREF BID:9381
20040811 ADDREF XF:vbox3-gain-privileges(14170)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0015 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Williams
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0016
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040105
Category: SF
Reference: DEBIAN:DSA-419
Reference: URL:http://www.debian.org/security/2004/dsa-419
Reference: BID:9387
Reference: URL:http://www.securityfocus.com/bid/9387
Reference: XF:phpgroupware-calendar-file-include(13489)
Reference: URL:http://xforce.iss.net/xforce/xfdb/13489
Reference: OSVDB:6860
Reference: URL:http://www.osvdb.org/6860
The calendar module for phpgroupware 0.9.14 does not enforce the "save
extension" feature for holiday files, which allows remote attackers to
create and execute PHP files.
Modifications:
20040811 ADDREF BID:9387
20040811 ADDREF XF:phpgroupware-calendar-file-include(13489)
20040818 ADDREF OSVDB:6860
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0016 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
MODIFY(1) Williams
NOOP(2) Cox, Wall
Voter Comments:
Williams> i believe this affects phpGroupWare 0.9.14.006 and earlier. fixed in 0.9.14.007.
http://phpgroupware.org/downloads
======================================================
Candidate: CAN-2004-0028
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0028
Final-Decision:
Interim-Decision: 20040825
Modified: 20040811
Proposed: 20040318
Assigned: 20040106
Category: SF
Reference: DEBIAN:DSA-420
Reference: URL:http://www.debian.org/security/2004/dsa-420
Reference: BID:9397
Reference: URL:http://www.securityfocus.com/bid/9397
Reference: XF:jitterbug-execute-code(14207)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14207
jitterbug 1.6.2 does not properly sanitize inputs, which allows remote
authenticated users to execute arbitrary commands.
Modifications:
20040811 ADDREF BID:9397
20040811 ADDREF XF:jitterbug-execute-code(14207)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0028 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Williams
NOOP(2) Cox, Wall
Voter Comments:
Williams> note that this software is no longer supported.
http://samba.anu.edu.au/jitterbug/
======================================================
Candidate: CAN-2004-0031
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0031
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040106
Category: SF
Reference: BUGTRAQ:20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340840209453&w=2
Reference: XF:phpgedview-modify-admin-password(14161)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14161
Reference: OSVDB:3403
Reference: URL:http://www.osvdb.org/3403
PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and
change the administrator password via a direct HTTP request to
editconfig.php.
Modifications:
20040818 ADDREF OSVDB:3403
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2004-0031 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Armstrong, Baker, Williams
NOOP(3) Cole, Cox, Wall
Voter Comments:
Williams> http://phpgedview.sourceforge.net/
======================================================
Candidate: CAN-2004-0032
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0032
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040106
Category: SF
Reference: BUGTRAQ:20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340840209453&w=2
Reference: BID:9369
Reference: URL:http://www.securityfocus.com/bid/9369
Reference: XF:phpgedview-search-xss(14160)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14160
Reference: OSVDB:3402
Reference: URL:http://www.osvdb.org/3402
Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW
2.61 allows remote attackers to inject arbitrary HTML and web script
via the firstname parameter.
Modifications:
20040811 ADDREF BID:9369
20040818 ADDREF OSVDB:3402
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2004-0032 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Armstrong, Baker, Williams
NOOP(3) Cole, Cox, Wall
Voter Comments:
Williams> http://phpgedview.sourceforge.net/
======================================================
Candidate: CAN-2004-0033
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0033
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040106
Category: SF
Reference: BUGTRAQ:20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340840209453&w=2
Reference: XF:phpgedview-admin-info-disclosure(14162)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14162
Reference: OSVDB:3404
Reference: URL:http://www.osvdb.org/3404
admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain
sensitive information via an action parameter with a phpinfo command.
Modifications:
20040818 ADDREF OSVDB:3404
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2004-0033 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Armstrong, Baker, Williams
NOOP(3) Cole, Cox, Wall
Voter Comments:
Williams> http://phpgedview.sourceforge.net/
======================================================
Candidate: CAN-2004-0035
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0035
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040107
Category: SF
Reference: BUGTRAQ:20040105 Multiple Vulnerabilities in Phorum 3.4.5
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340481804110&w=2
Reference: BID:9363
Reference: URL:http://www.securityfocus.com/bid/9363
Reference: XF:phorum-register-sql-injection(14146)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14146
Reference: OSVDB:3508
Reference: URL:http://www.osvdb.org/3508
SQL injection vulnerability in register.php for Phorum 3.4.5 and
earlier allows remote attackers to execute arbitrary SQL commands via
the hide_email parameter.
Modifications:
20040811 ADDREF BID:9363
20040818 ADDREF OSVDB:3508
Analysis
--------
Vendor Acknowledgement: yes advisory
ACKNOWLEDGEMENT: The Phorum home page includes a news item for Phorum
3.4.6 that says it fixed some "cross sight scripting issues that were
found by Calum Power [the Bugtraq poster]... [including]
register.php." While the Phorum announcement implies it's an XSS
issue, the coincidence with Power's post is sufficient enough to
reasonably assume that Phorum's statement is erroneous with respect to
implying that it's XSS instead of SQL injection.
INFERRED ACTION: CAN-2004-0035 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Williams
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0036
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0036
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040107
Category: SF
Reference: BUGTRAQ:20040105 vBulletin Forum 2.3.xx calendar.php SQL Injection
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107340358202123&w=2
Reference: CONFIRM:http://www.vbulletin.com/forum/showthread.php?postid=588825
Reference: BID:9360
Reference: URL:http://www.securityfocus.com/bid/9360
Reference: XF:vbulletin-calendar-sql-injection(14144)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14144
Reference: OSVDB:3344
Reference: URL:http://www.osvdb.org/3344
SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x
before 2.3.4 allows remote attackers to steal sensitive information
via the eventid parameter.
Modifications:
20040811 ADDREF BID:9360
20040812 ADDREF CONFIRM:http://www.vbulletin.com/forum/showthread.php?postid=588825
20040818 ADDREF OSVDB:3344
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0036 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Williams
NOOP(2) Cox, Wall
Voter Comments:
Williams> http://www.vbulletin.com/forum/showthread.php?postid=588825
======================================================
Candidate: CAN-2004-0040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0040
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040107
Category: SF
Reference: ISS:20040204 Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow
Reference: URL:http://xforce.iss.net/xforce/alerts/id/163
Reference: BUGTRAQ:20040205 Two checkpoint fw-1/vpn-1 vulns
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107604682227031&w=2
Reference: MISC:http://www.us-cert.gov/cas/techalerts/TA04-036A.html
Reference: CERT-VN:VU#873334
Reference: URL:http://www.kb.cert.org/vuls/id/873334
Reference: CIAC:O-073
Reference: URL:http://www.ciac.org/ciac/bulletins/o-073.shtml
Reference: XF:vpn1-ike-bo(14150)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14150
Reference: BID:9582
Reference: URL:http://www.securityfocus.com/bid/9582
Reference: OSVDB:3821
Reference: URL:http://www.osvdb.org/3821
Reference: OSVDB:4432
Reference: URL:http://www.osvdb.org/4432
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through
4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build
4200 allows remote attackers to execute arbitrary code via an ISAKMP
packet with a large Certificate Request packet.
Modifications:
20040818 ADDREF OSVDB:3821
20040818 ADDREF OSVDB:4432
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0040 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Wall
NOOP(1) Cox
======================================================
Candidate: CAN-2004-0044
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0044
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040112
Category: SF
Reference: CISCO:20040108 Cisco Personal Assistant User Password Bypass Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml
Reference: BID:9384
Reference: URL:http://www.securityfocus.com/bid/9384
Reference: XF:ciscopersonalassistant-config-file-access(14172)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14172
Reference: OSVDB:3430
Reference: URL:http://www.osvdb.org/3430
Cisco Personal Assistant 1.4(1) and 1.4(2) disables password
authentication when "Allow Only Cisco CallManager Users" is enabled
and the Corporate Directory settings refer to the directory service
being used by Cisco CallManager, which allows remote attackers to gain
access with a valid username.
Modifications:
20040812 ADDREF BID:9384
20040812 ADDREF XF:ciscopersonalassistant-config-file-access(14172)
20040818 ADDREF OSVDB:3430
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0044 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Baker, Williams, Wall
NOOP(1) Cox
======================================================
Candidate: CAN-2004-0045
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0045
Final-Decision:
Interim-Decision: 20040825
Modified: 20040812
Proposed: 20040318
Assigned: 20040112
Category: SF
Reference: BUGTRAQ:20040107 [SECURITY] INN: Buffer overflow in control message handling
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-01/0063.html
Reference: SLACKWARE:SSA:2004-014-02
Reference: URL:http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.365791
Reference: BUGTRAQ:20040108 [OpenPKG-SA-2004.001] OpenPKG Security Advisory (inn)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-01/0064.html
Reference: BID:9382
Reference: URL:http://www.securityfocus.com/bid/9382
Reference: XF:inn-artpost-control-message-bo(14190)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14190
Buffer overflow in the ARTpost function in art.c in the control
message handling code for INN 2.4.0 may allow remote attackers to
execute arbitrary code.
Modifications:
20040812 [desc] add ARTpost function
20040812 ADDREF SLACKWARE:SSA:2004-014-02
20040812 ADDREF BID:9382
20040812 ADDREF XF:inn-artpost-control-message-bo(14190)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0045 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Baker, Cox, Williams
NOOP(1) Wall
Voter Comments:
Williams> http://www.isc.org/products/INN/
======================================================
Candidate: CAN-2004-0049
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0049
Final-Decision:
Interim-Decision: 20040825
Modified: 20040812
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: VULNWATCH:20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow
Reference: URL:http://seclists.org/lists/vulnwatch/2004/Jan-Mar/0057.html
Reference: BUGTRAQ:20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow
Reference: URL:http://www.securityfocus.com/archive/1/357834
Reference: CONFIRM:http://service.real.com/help/faq/security/040112_dos/
Reference: CONFIRM:http://service.real.com/help/faq/security/security022604.html
Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote
attackers to cause a denial of service via certain HTTP POST messages
to the Administration System port.
Modifications:
20040812 ADDREF VULNWATCH:20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow
20040812 ADDREF BUGTRAQ:20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow
20040812 ADDREF CONFIRM:http://service.real.com/help/faq/security/security022604.html
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0049 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Wall
MODIFY(1) Williams
NOOP(2) Christey, Cox
Voter Comments:
Christey> The following post has more details, stating that it's a
buffer overflow and that code execution is possible:
VULNWATCH:20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow
Williams> vendor conf on the bof w/ code exec issue.
http://service.real.com/help/faq/security/security022604.html
======================================================
Candidate: CAN-2004-0063
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0063
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040114
Category: SF
Reference: CONFIRM:http://www.ncipher.com/support/advisories/advisory8_payshield.html
Reference: BUGTRAQ:20040114 nCipher Advisory #8: payShield library may verify bad requests
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107411819503569&w=2
Reference: BID:9422
Reference: URL:http://www.securityfocus.com/bid/9422
Reference: XF:payshield-incorrect-request-verification(14832)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14832
Reference: OSVDB:3537
Reference: URL:http://www.osvdb.org/3537
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12,
1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a
different status code, which could cause applications to make
incorrect security-critical decisions, e.g. by accepting an invalid
PIN number.
Modifications:
20040812 ADDREF BID:9422
20040812 ADDREF XF:payshield-incorrect-request-verification(14832)
20040818 ADDREF OSVDB:3537
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0063 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0068
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0068
Final-Decision:
Interim-Decision: 20040825
Modified: 20040812
Proposed: 20040318
Assigned: 20040115
Category: SF
Reference: BUGTRAQ:20040114 PhpDig 1.6.x: remote command execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107412194008671&w=2
Reference: CONFIRM:http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393
Reference: BID:9424
Reference: URL:http://www.securityfocus.com/bid/9424
Reference: XF:phpdig-config-file-include(14826)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14826
PHP remote code injection vulnerability in config.php for PhpDig 1.6.5
and earlier allows remote attackers to execute arbitrary PHP code by
modifying the $relative_script_path parameter to reference a URL on a
remote web server that contains the code.
Modifications:
20040812 ADDREF BID:9424
20040812 ADDREF XF:phpdig-config-file-include(14826)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0068 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0070
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0070
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040115
Category: SF
Reference: BUGTRAQ:20040110 Remote Code Execution in ezContents
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107392588915627&w=2
Reference: CONFIRM:http://www.ezcontents.org/forum/viewtopic.php?t=361
Reference: BID:9396
Reference: URL:http://www.securityfocus.com/bid/9396
Reference: XF:ezcontents-php-file-include(14199)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14199
Reference: OSVDB:6878
Reference: URL:http://www.osvdb.org/6878
PHP remote code injection vulnerability in module.php for ezContents
allows remote attackers to execute arbitrary PHP code by modifying the
link parameter to reference a URL on a remote web server that contains
the code.
Modifications:
20040812 ADDREF BID:9396
20040812 ADDREF XF:ezcontents-php-file-include(14199)
20040818 ADDREF OSVDB:6878
Analysis
--------
Vendor Acknowledgement: yes
ACKNOWLEDGEMENT: the vendor's web site includes an item "Wed Feb 04,
2004 9:48 am" which explicitly lists CAN-2004-0070.
INFERRED ACTION: CAN-2004-0070 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Armstrong, Baker, Williams
NOOP(3) Cole, Cox, Wall
======================================================
Candidate: CAN-2004-0075
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0075
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20040119
Category: SF
Reference: CONECTIVA:CLA-2004:846
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
Reference: MANDRAKE:MDKSA-2004:015
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:015
Reference: REDHAT:RHSA-2004:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-065.html
Reference: SUSE:SuSE-SA:2004:005
Reference: URL:http://www.suse.de/de/security/2004_05_linux_kernel.html
Reference: XF:linux-vicam-dos(15246)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15246
Reference: OVAL:OVAL836
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL836.html
The Vicam USB driver in Linux before 2.4.25 does not use the
copy_from_user function when copying data from userspace to kernel
space, which crosses security boundaries and allows local users to
cause a denial of service.
Modifications:
20040812 ADDREF CONECTIVA:CLA-2004:846
20040812 ADDREF BID:9690
20040824 ADDREF OVAL:OVAL836
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2004-0075 ACCEPT_REV (3 accept, 2 ack, 1 review)
Current Votes:
ACCEPT(3) Armstrong, Baker, Cox
NOOP(2) Cole, Christey
REVIEWING(1) Wall
Voter Comments:
Christey> CONECTIVA:CLA-2004:846
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
======================================================
Candidate: CAN-2004-0077
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20040119
Category: SF
Reference: BUGTRAQ:20040218 Second critical mremap() bug found in all Linux kernels
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107711762014175&w=2
Reference: VULNWATCH:20040218 Second critical mremap() bug found in all Linux kernels
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html
Reference: MISC:http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
Reference: CONECTIVA:CLA-2004:820
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
Reference: DEBIAN:DSA-438
Reference: URL:http://www.debian.org/security/2004/dsa-438
Reference: DEBIAN:DSA-439
Reference: URL:http://www.debian.org/security/2004/dsa-439
Reference: DEBIAN:DSA-440
Reference: URL:http://www.debian.org/security/2004/dsa-440
Reference: DEBIAN:DSA-441
Reference: URL:http://www.debian.org/security/2004/dsa-441
Reference: DEBIAN:DSA-442
Reference: URL:http://www.debian.org/security/2004/dsa-442
Reference: DEBIAN:DSA-444
Reference: URL:http://www.debian.org/security/2004/dsa-444
Reference: DEBIAN:DSA-450
Reference: URL:http://www.debian.org/security/2004/dsa-450
Reference: DEBIAN:DSA-453
Reference: URL:http://www.debian.org/security/2004/dsa-453
Reference: DEBIAN:DSA-454
Reference: URL:http://www.debian.org/security/2004/dsa-454
Reference: DEBIAN:DSA-456
Reference: URL:http://www.debian.org/security/2004/dsa-456
Reference: DEBIAN:DSA-466
Reference: URL:http://www.debian.org/security/2004/dsa-466
Reference: DEBIAN:DSA-470
Reference: URL:http://www.debian.org/security/2004/dsa-470
Reference: DEBIAN:DSA-514
Reference: URL:http://www.debian.org/security/2004/dsa-514
Reference: DEBIAN:DSA-475
Reference: URL:http://www.debian.org/security/2004/dsa-475
Reference: REDHAT:RHSA-2004:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-065.html
Reference: REDHAT:RHSA-2004:066
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-066.html
Reference: REDHAT:RHSA-2004:069
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-069.html
Reference: REDHAT:RHSA-2004:106
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-106.html
Reference: SLACKWARE:SSA:2004-049
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.541911
Reference: SUSE:SuSE-SA:2004:005
Reference: URL:http://www.suse.de/de/security/2004_05_linux_kernel.html
Reference: TRUSTIX:2004-0007
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107712137732553&w=2
Reference: TRUSTIX:2004-0008
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755871932680&w=2
Reference: GENTOO:GLSA-200403-02
Reference: URL:http://security.gentoo.org/glsa/glsa-200403-02.xml
Reference: CERT-VN:VU#981222
Reference: URL:http://www.kb.cert.org/vuls/id/981222
Reference: XF:linux-mremap-gain-privileges(15244)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15244
Reference: BID:9686
Reference: URL:http://www.securityfocus.com/bid/9686
Reference: OSVDB:3986
Reference: URL:http://www.osvdb.org/3986
Reference: OVAL:OVAL825
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL825.html
Reference: OVAL:OVAL837
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL837.html
The do_mremap function for the mremap system call in Linux 2.2 to
2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the
return value from the do_munmap function when the maximum number of
VMA descriptors is exceeded, which allows local users to gain root
privileges, a different vulnerability than CAN-2003-0985.
Modifications:
20040812 ADDREF DEBIAN:DSA-466
20040812 ADDREF DEBIAN:DSA-470
20040812 ADDREF DEBIAN:DSA-475
20040812 ADDREF DEBIAN:DSA-514
20040812 ADDREF REDHAT:RHSA-2004:069
20040812 ADDREF CERT-VN:VU#981222
20040812 [refs] Normalize Trustix references
20040818 ADDREF REDHAT:RHSA-2004:106
20040818 ADDREF DEBIAN:DSA-450
20040818 ADDREF DEBIAN:DSA-453
20040818 ADDREF DEBIAN:DSA-454
20040818 ADDREF OSVDB:3986
20040824 ADDREF OVAL:OVAL825
20040824 ADDREF OVAL:OVAL837
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0077 ACCEPT (5 accept, 5 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Baker, Cox, Wall
NOOP(1) Christey
Voter Comments:
Christey> DEBIAN:DSA-466
URL:http://www.debian.org/security/2004/dsa-466
CERT-VN:VU#981222
URL:http://www.kb.cert.org/vuls/id/981222
Cox> Addref: REDHAT:RHSA-2004:069
Christey> DEBIAN:DSA-470
URL:http://www.debian.org/security/2004/dsa-470
Christey> DEBIAN:DSA-475
URL:http://www.debian.org/security/2004/dsa-475
Christey> Normalize Trustix references
Christey> DEBIAN:DSA-514
URL:http://www.debian.org/security/2004/dsa-514
======================================================
Candidate: CAN-2004-0078
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0078
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20040119
Category: SF
Reference: BUGTRAQ:20040211 Mutt-1.4.2 fixes buffer overflow.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107651677817933&w=2
Reference: CALDERA:CSSA-2004-013.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt
Reference: REDHAT:RHSA-2004:050
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-050.html
Reference: REDHAT:RHSA-2004:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-051.html
Reference: MANDRAKE:MDKSA-2004:010
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010
Reference: SLACKWARE:SSA:2004-043
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405607
Reference: CONFIRM:http://bugs.debian.org/126336
Reference: BUGTRAQ:20040215 LNSA-#2004-0001: mutt remote crash
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107696262905039&w=2
Reference: BUGTRAQ:20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107884956930903&w=2
Reference: XF:mutt-index-menu-bo(15134)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15134
Reference: BID:9641
Reference: URL:http://www.securityfocus.com/bid/9641
Reference: OSVDB:3918
Reference: URL:http://www.osvdb.org/3918
Reference: OVAL:OVAL811
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL811.html
Reference: OVAL:OVAL838
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL838.html
Buffer overflow in the index menu code (menu_pad_string of menu.c) for
Mutt 1.4.1 and earlier allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via certain mail
messages.
Modifications:
20040812 ADDREF CALDERA:CSSA-2004-013.0
20040818 ADDREF OSVDB:3918
20040824 ADDREF OVAL:OVAL811
20040824 ADDREF OVAL:OVAL838
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0078 ACCEPT (5 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Baker, Cox, Wall
NOOP(1) Christey
Voter Comments:
Christey> CALDERA:CSSA-2004-013.0
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt
======================================================
Candidate: CAN-2004-0080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0080
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040119
Category: SF
Reference: GENTOO:GLSA-200404-06
Reference: URL:http://security.gentoo.org/glsa/glsa-200404-06.xml
Reference: REDHAT:RHSA-2004:056
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-056.html
Reference: SGI:20040201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Reference: SGI:20040406-01-U
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108318777829802&w=2
Reference: BUGTRAQ:20040331 OpenLinux: util-linux could leak sensitive data
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108077689801698&w=2
Reference: BUGTRAQ:20040408 LNSA-#2004-0010: login may leak sensitive data
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108144719532385&w=2
Reference: CERT-VN:VU#801526
Reference: URL:http://www.kb.cert.org/vuls/id/801526
Reference: BID:9558
Reference: URL:http://www.securityfocus.com/bid/9558
Reference: XF:utillinux-information-leak(15016)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15016
Reference: OSVDB:3796
Reference: URL:http://www.osvdb.org/3796
The login program in util-linux 2.11 and earlier uses a pointer after
it has been freed and reallocated, which could cause login to leak
sensitive data.
Modifications:
20040812 ADDREF BUGTRAQ:20040331 OpenLinux: util-linux could leak sensitive data
20040812 ADDREF BUGTRAQ:20040408 LNSA-#2004-0010: login may leak sensitive data
20040812 ADDREF GENTOO:GLSA-200404-06
20040812 ADDREF SGI:20040406-01-U
20040812 ADDREF CERT-VN:VU#801526
20040812 ADDREF BID:9558
20040812 ADDREF XF:utillinux-information-leak(15016)
20040818 ADDREF OSVDB:3796
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0080 ACCEPT (5 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Baker, Cox, Wall
NOOP(1) Christey
Voter Comments:
Christey> BUGTRAQ:20040331 OpenLinux: util-linux could leak sensitive data
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108077689801698&w=2
Christey> BUGTRAQ:20040408 LNSA-#2004-0010: login may leak sensitive data
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108144719532385&w=2
Christey> SGI:20040406-01-U
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108318777829802&w=2
======================================================
Candidate: CAN-2004-0082
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0082
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20040119
Category: SF
Reference: REDHAT:RHSA-2004:064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-064.html
Reference: CONFIRM:http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt
Reference: CONFIRM:http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html
Reference: CIAC:O-078
Reference: URL:http://www.ciac.org/ciac/bulletins/o-078.shtml
Reference: BID:9637
Reference: URL:http://www.securityfocus.com/bid/9637
Reference: XF:samba-mksmbpasswd-gain-access(15132)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15132
Reference: OSVDB:3919
Reference: URL:http://www.osvdb.org/3919
Reference: OVAL:OVAL827
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL827.html
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and
3.0.1, when creating an account but marking it as disabled, may
overwrite the user password with an uninitialized buffer, which could
enable the account with a more easily guessable password.
Modifications:
20040812 ADDREF CIAC:O-078
20040812 ADDREF BID:9637
20040812 ADDREF CONFIRM:http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html
20040818 ADDREF OSVDB:3919
20040824 ADDREF OVAL:OVAL827
Analysis
--------
Vendor Acknowledgement: yes advisory
ACKNOWLEDGEMENT: The release notes for Samba 3.02, dated February 9,
2004, explicitly reference this identifier.
INFERRED ACTION: CAN-2004-0082 ACCEPT (5 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Baker, Cox, Wall
NOOP(1) Christey
Voter Comments:
Christey> CIAC:O-078
URL:http://www.ciac.org/ciac/bulletins/o-078.shtml
BID:9637
URL:http://www.securityfocus.com/bid/9637
======================================================
Candidate: CAN-2004-0089
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0089
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040120
Category: SF
Reference: ATSTAKE:A012704-1
Reference: URL:http://www.atstake.com/research/advisories/2004/a012704-1.txt
Reference: APPLE:APPLE-SA-2004-01-26
Reference: URL:http://www.securityfocus.com/advisories/6269
Reference: CERT-VN:VU#902374
Reference: URL:http://www.kb.cert.org/vuls/id/902374
Reference: BID:9731
Reference: URL:http://www.securityfocus.com/bid/9731
Reference: XF:macosx-trublue-environmentvariable-bo(14968)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14968
Reference: OSVDB:6821
Reference: URL:http://www.osvdb.org/6821
Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x
allows local users to gain privileges via a long environment variable.
Modifications:
20040812 ADDREF APPLE:APPLE-SA-2004-01-26
20040812 ADDREF CERT-VN:VU#902374
20040812 ADDREF BID:9731
20040812 ADDREF XF:macosx-trublue-environmentvariable-bo(14968)
20040812 DELREF CONFIRM's - normalize to APPLE instead
20040818 ADDREF OSVDB:6821
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2004-0089 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Armstrong, Green, Baker
NOOP(3) Cole, Cox, Wall
Voter Comments:
Green> Ack'ed by CAN# in Apple bulletin at
http://docs.info.apple.com/article.html?artnum=61798
======================================================
Candidate: CAN-2004-0093
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0093
Final-Decision:
Interim-Decision: 20040825
Modified: 20040812
Proposed: 20040318
Assigned: 20040123
Category: SF
Reference: CONECTIVA:CLSA-2004:824
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824
Reference: DEBIAN:DSA-443
Reference: URL:http://www.debian.org/security/2004/dsa-443
Reference: REDHAT:RHSA-2004:152
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-152.html
Reference: SGI:20040406-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U
Reference: BID:9701
Reference: URL:http://www.securityfocus.com/bid/9701
Reference: XF:xfree86-glx-array-dos(15272)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15272
XFree86 4.1.0 allows remote attackers to cause a denial of service and
possibly execute arbitrary code via an out-of-bounds array index when
using the GLX extension and Direct Rendering Infrastructure (DRI).
Modifications:
20040812 ADDREF CONECTIVA:CLSA-2004:824
20040812 ADDREF SGI:20040406-01-U
20040812 ADDREF REDHAT:RHSA-2004:152
20040812 ADDREF BID:9701
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2004-0093 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Cox
NOOP(2) Christey, Wall
Voter Comments:
Christey> SGI:20040406-01-U
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108318777829802&w=2
======================================================
Candidate: CAN-2004-0094
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0094
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20040318
Assigned: 20040123
Category: SF
Reference: CONECTIVA:CLSA-2004:824
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824
Reference: DEBIAN:DSA-443
Reference: URL:http://www.debian.org/security/2004/dsa-443
Reference: REDHAT:RHSA-2004:152
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-152.html
Reference: SGI:20040406-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U
Reference: BID:9701
Reference: URL:http://www.securityfocus.com/bid/9701
Reference: XF:xfree86-glx-integer-dos(15273)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15273
Integer signedness errors in XFree86 4.1.0 allow remote attackers to
cause a denial of service and possibly execute arbitrary code when
using the GLX extension and Direct Rendering Infrastructure (DRI).
Modifications:
20040812 ADDREF CONECTIVA:CLSA-2004:824
20040812 ADDREF SGI:20040406-01-U
20040812 ADDREF REDHAT:RHSA-2004:152
20040812 ADDREF BID:9701
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0094 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Cox
NOOP(2) Christey, Wall
Voter Comments:
Christey> SGI:20040406-01-U
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108318777829802&w=2
======================================================
Candidate: CAN-2004-0095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0095
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040126
Category: SF
Reference: CONFIRM:http://download.nai.com/products/patches/ePO/v3.1.0/EPO3013.zip
Reference: BID:9476
Reference: URL:http://www.securityfocus.com/bid/9476
Reference: XF:epolicy-contentlength-post-dos(14989)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14989
Reference: OSVDB:3744
Reference: URL:http://www.osvdb.org/3744
McAfee ePolicy Orchestrator agent allows remote attackers to cause a
denial of service (memory consumption and crash) and possibly execute
arbitrary code via an HTTP POST request with an invalid Content-Length
value, possibly triggering a buffer overflow.
Modifications:
20040812 ADDREF CONFIRM
20040812 ADDREF XF:epolicy-contentlength-post-dos(14989)
20040818 ADDREF OSVDB:3744
Analysis
--------
Vendor Acknowledgement: yes patch
ACKNOWLEDGEMENT: NAI patch EPO3013 includes a Patch3.txt file that
specifically mentions this CVE item.
INFERRED ACTION: CAN-2004-0095 ACCEPT_REV (3 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(3) Armstrong, Green, Baker
NOOP(2) Cole, Cox
REVIEWING(1) Wall
Voter Comments:
Green> Vendor ack'ed by CAN # in
Network Associates Patch EPO3013
======================================================
Candidate: CAN-2004-0096
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0096
Final-Decision:
Interim-Decision: 20040825
Modified: 20040812
Proposed: 20040318
Assigned: 20040126
Category: SF
Reference: MLIST:[mod_python] 20040122 [ANNOUNCE] Mod_python 2.7.10
Reference: URL:http://www.modpython.org/pipermail/mod_python/2004-January/014879.html
Reference: GENTOO:GLSA-200401-03
Reference: URL:http://security.gentoo.org/glsa/glsa-200401-03.xml
Reference: REDHAT:RHSA-2004:058
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-058.html
Reference: REDHAT:RHSA-2004:063
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-063.html
Unknown vulnerability in mod_python 2.7.9 allows remote attackers to
cause a denial of service (httpd crash) via a certain query string, a
variant of CAN-2003-0973.
Modifications:
20040812 ADDREF GENTOO:GLSA-200401-03
20040812 ADDREF REDHAT:RHSA-2004:058
20040812 ADDREF REDHAT:RHSA-2004:063
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0096 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Green, Baker, Cox
NOOP(2) Christey, Wall
Voter Comments:
Christey> BUGTRAQ:20040127 [ GLSA 200401-03 ] Apache mod_python Denial of Service vulnerability
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107522658715931&w=2
Green> http://www.modpython.org/pipermail/mod_python/2004-January/014879.html
CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
======================================================
Candidate: CAN-2004-0099
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0099
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040129
Category: SF
Reference: FREEBSD:FreeBSD-SA-04:01
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc
Reference: BID:9533
Reference: URL:http://www.securityfocus.com/bid/9533
Reference: XF:freebsd-mksnapffs-bypass-security(15005)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15005
Reference: OSVDB:3790
Reference: URL:http://www.osvdb.org/3790
mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when
creating a snapshot for a file system, which causes default values for
other flags to be used, possibly disabling security-critical settings
and allowing a local user to bypass intended access restrictions.
Modifications:
20040812 ADDREF BID:9533
20040812 ADDREF XF:freebsd-mksnapffs-bypass-security(15005)
20040818 ADDREF OSVDB:3790
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0099 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0108
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0108
Final-Decision:
Interim-Decision: 20040825
Modified: 20040812
Proposed: 20040318
Assigned: 20040202
Category: SF
Reference: REDHAT:RHSA-2004:053
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-053.html
Reference: DEBIAN:DSA-460
Reference: URL:http://www.debian.org/security/2004/dsa-460
Reference: SGI:20040302-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc
Reference: BID:9844
Reference: URL:http://www.securityfocus.com/bid/9844
Reference: XF:sysstat-isag-symlink(15437)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15437
The isag utility, which processes sysstat data, allows local users to
overwrite arbitrary files via a symlink attack on temporary files, a
different vulnerability than CAN-2004-0107.
Modifications:
20040812 ADDREF BID:9844
20040812 ADDREF XF:sysstat-isag-symlink(15437)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0108 ACCEPT (7 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(6) Cole, Armstrong, Baker, Cox, Balinsky, Wall
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:sysstat-isag-symlink(15437)
http://xforce.iss.net/xforce/xfdb/15437
Christey> BID:9844
URL:http://www.securityfocus.com/bid/9844
XF:sysstat-isag-symlink(15437)
URL:http://xforce.iss.net/xforce/xfdb/15437
======================================================
Candidate: CAN-2004-0111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0111
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20040202
Category: SF
Reference: DEBIAN:DSA-464
Reference: URL:http://www.debian.org/security/2004/dsa-464
Reference: MANDRAKE:MDKSA-2004:020
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:020
Reference: REDHAT:RHSA-2004:102
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-102.html
Reference: REDHAT:RHSA-2004:103
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-103.html
Reference: BID:9842
Reference: URL:http://www.securityfocus.com/bid/9842
Reference: XF:gdk-pixbuf-bitmap-dos(15426)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15426
Reference: OVAL:OVAL845
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL845.html
Reference: OVAL:OVAL846
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL846.html
gdk-pixbuf before 0.20 allows attackers to cause a denial of service
(crash) via a malformed bitmap (BMP) file.
Modifications:
20040812 ADDREF DEBIAN:DSA-464
20040812 ADDREF REDHAT:RHSA-2004:102
20040812 ADDREF BID:9842
20040812 ADDREF XF:gdk-pixbuf-bitmap-dos(15426)
20040824 ADDREF OVAL:OVAL845
20040824 ADDREF OVAL:OVAL846
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2004-0111 ACCEPT_REV (6 accept, 2 ack, 1 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Baker, Cox, Balinsky
MODIFY(1) Frech
NOOP(1) Christey
REVIEWING(1) Wall
Voter Comments:
Christey> DEBIAN:DSA-464
URL:http://www.debian.org/security/2004/dsa-464
Frech> XF:gdk-pixbuf-bitmap-dos(15426)
http://xforce.iss.net/xforce/xfdb/15426
Cox> Addref: REDHAT:RHSA-2004:102
Christey> XF:gdk-pixbuf-bitmap-dos(15426)
URL:http://xforce.iss.net/xforce/xfdb/15426
BID:9842
URL:http://www.securityfocus.com/bid/9842
======================================================
Candidate: CAN-2004-0113
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20040202
Category: SF
Reference: MISC:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27106
Reference: MLIST:[apache-cvs] 20040307 cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c
Reference: URL:http://marc.theaimsgroup.com/?l=apache-cvs&m=107869699329638
Reference: CONFIRM:http://www.apacheweek.com/features/security-20
Reference: APPLE:APPLE-SA-2004-05-03
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108369640424244&w=2
Reference: CONECTIVA:CLSA-2004:839
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000839
Reference: GENTOO:GLSA-200403-04
Reference: URL:http://security.gentoo.org/glsa/glsa-200403-04.xml
Reference: HP:SSRT4717
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108731648532365&w=2
Reference: MANDRAKE:MDKSA-2004:043
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:043
Reference: REDHAT:RHSA-2004:084
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-084.html
Reference: REDHAT:RHSA-2004:182
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-182.html
Reference: TRUSTIX:2004-0017
Reference: URL:http://www.trustix.org/errata/2004/0017
Reference: BUGTRAQ:20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108034113406858&w=2
Reference: XF:apache-modssl-plain-dos(15419)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15419
Reference: BID:9826
Reference: URL:http://www.securityfocus.com/bid/9826
Reference: OSVDB:4182
Reference: URL:http://www.osvdb.org/4182
Reference: OVAL:OVAL876
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL876.html
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49
allows remote attackers to cause a denial of service (memory
consumption) via plain HTTP requests to the SSL port of an SSL-enabled
server.
Modifications:
20040812 ADDREF CONECTIVA:CLSA-2004:839
20040812 ADDREF GENTOO:GLSA-200403-04
20040812 ADDREF MANDRAKE:MDKSA-2004:043
20040812 ADDREF REDHAT:RHSA-2004:084
20040812 ADDREF REDHAT:RHSA-2004:182
20040812 ADDREF TRUSTIX:2004-0017
20040812 ADDREF HP:SSRT4717
20040812 ADDREF APPLE:APPLE-SA-2004-05-03
20040812 ADDREF BUGTRAQ:20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48
20040818 ADDREF OSVDB:4182
20040824 ADDREF OVAL:OVAL876
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2004-0113 ACCEPT (6 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(6) Cole, Armstrong, Baker, Cox, Balinsky, Wall
NOOP(1) Christey
Voter Comments:
Christey> REDHAT:RHSA-2004:084
URL:http://www.redhat.com/support/errata/RHSA-2004-084.html
Christey> BUGTRAQ:20040330 TSLSA-2004-0017 - apache
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108066914830552&w=2
Christey> BUGTRAQ:20040325 GLSA200403-04 Multiple security vulnerabilities in Apache 2
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108024081011678&w=2
BUGTRAQ:20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108034113406858&w=2
Christey> REDHAT:RHSA-2004:182
URL:http://www.redhat.com/support/errata/RHSA-2004-182.html
Christey> APPLE:APPLE-SA-2004-05-03
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108369640424244&w=2
Christey> MANDRAKE:MDKSA-2004:043
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:043
Christey> HP:SSRT4717
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108731648532365&w=2
======================================================
Candidate: CAN-2004-0114
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0114
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040203
Category: SF
Reference: BUGTRAQ:20040205 [PINE-CERT-20040201] reference count overflow in shmat()
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107608375207601&w=2
Reference: MISC:http://www.pine.nl/press/pine-cert-20040201.txt
Reference: FREEBSD:FreeBSD-SA-04:02
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc
Reference: NETBSD:NetBSD-SA2004-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-004.txt.asc
Reference: BID:9586
Reference: URL:http://www.securityfocus.com/bid/9586
Reference: XF:bsd-shmat-gain-privileges(15061)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15061
Reference: OSVDB:3836
Reference: URL:http://www.osvdb.org/3836
The shmat system call in the System V Shared Memory interface for
FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and
earlier, does not properly decrement a shared memory segment's
reference count when the vm_map_find function fails, which could allow
local users to gain read or write access to a portion of kernel memory
and gain privileges.
Modifications:
20040818 ADDREF OSVDB:3836
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0114 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0115
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0115
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040203
Category: SF
Reference: ATSTAKE:A021004-1
Reference: URL:http://www.atstake.com/research/advisories/2004/a021004-1.txt
Reference: MS:MS04-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-005.asp
Reference: CIAC:O-076
Reference: URL:http://www.ciac.org/ciac/bulletins/o-076.shtml
Reference: BID:9632
Reference: URL:http://www.securityfocus.com/bid/9632
Reference: XF:virtual-pc-gain-privileges(15113)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15113
Reference: OSVDB:3893
Reference: URL:http://www.osvdb.org/3893
VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1
allows local attackers to truncate and overwrite arbitrary files, and
execute arbitrary code, via a symlink attack on the VPCServices_Log
temporary file.
Modifications:
20040812 ADDREF CIAC:O-076
20040812 ADDREF BID:9632
20040812 ADDREF XF:virtual-pc-gain-privileges(15113)
20040818 ADDREF OSVDB:3893
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0115 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Wall
NOOP(2) Christey, Cox
Voter Comments:
Christey> CIAC:O-076
URL:http://www.ciac.org/ciac/bulletins/o-076.shtml
XF:virtual-pc-gain-privileges(15113)
URL:http://xforce.iss.net/xforce/xfdb/15113
BID:9632
URL:http://www.securityfocus.com/bid/9632
======================================================
Candidate: CAN-2004-0121
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0121
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20040203
Category: SF
Reference: IDEFENSE:20040309 Microsoft Outlook "mailto:" Parameter Passing Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities
Reference: BUGTRAQ:20040310 Outlook mailto: URL argument injection vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107893704602842&w=2
Reference: MS:MS04-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-009.asp
Reference: CERT-VN:VU#305206
Reference: URL:http://www.kb.cert.org/vuls/id/305206
Reference: BID:9827
Reference: URL:http://www.securityfocus.com/bid/9827
Reference: XF:outlook-mailtourl-execute-code(15414)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15414
Reference: OVAL:OVAL843
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL843.html
Argument injection vulnerability in Microsoft Outlook 2002 does not
sufficiently filter parameters of mailto: URLs when using them as
arguments when calling OUTLOOK.EXE, which allows remote attackers to
use script code in the Local Machine zone and execute arbitrary
programs.
Modifications:
20040812 ADDREF CERT-VN:VU#305206
20040812 ADDREF XF:outlook-mailtourl-execute-code(15414)
20040812 ADDREF BID:9827
20040812 CHANGEREF MISC - normalize to IDEFENSE
20040812 [desc] say "argument injection vulnerability"
20040824 ADDREF OVAL:OVAL843
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0121 ACCEPT (6 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Baker, Balinsky, Wall
MODIFY(1) Frech
NOOP(2) Christey, Cox
Voter Comments:
Frech> XF:outlook-mailtourl-execute-code(15414)
http://xforce.iss.net/xforce/xfdb/15414
Christey> modify desc to say "argument injection vulnerability"
======================================================
Candidate: CAN-2004-0122
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0122
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20040203
Category: SF
Reference: MS:MS04-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms04-010.asp
Reference: CERT-VN:VU#688094
Reference: URL:http://www.kb.cert.org/vuls/id/688094
Reference: XF:msn-request-view-files(15415)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15415
Reference: OVAL:OVAL844
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL844.html
Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain
requests, which allows remote attackers to read arbitrary files.
Modifications:
20040812 ADDREF CERT-VN:VU#688094
20040812 ADDREF XF:msn-request-view-files(15415)
20040824 ADDREF OVAL:OVAL844
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0122 ACCEPT (6 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Baker, Balinsky, Wall
MODIFY(1) Frech
NOOP(1) Cox
Voter Comments:
Frech> XF:msn-request-view-files(15415)
http://xforce.iss.net/xforce/xfdb/15415
======================================================
Candidate: CAN-2004-0126
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0126
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040203
Category: SF
Reference: FREEBSD:FreeBSD-SA-04:03
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc
Reference: XF:freebsd-jailattach-gain-privileges(15344)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15344
Reference: BID:9762
Reference: URL:http://www.securityfocus.com/bid/9762
Reference: OSVDB:4101
Reference: URL:http://www.osvdb.org/4101
The jail_attach system call in FreeBSD 5.1 and 5.2 changes the
directory of a calling process even if the process doesn't have
permission to change directory, which allows local users to gain
read/write privileges to files and directories within another jail.
Modifications:
20040818 ADDREF OSVDB:4101
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0126 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0128
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0128
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040204
Category: SF
Reference: BUGTRAQ:20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior
Reference: URL:http://www.securityfocus.com/archive/1/352355
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=141517
Reference: BID:9531
Reference: URL:http://www.securityfocus.com/bid/9531
Reference: XF:phpgedview-gedfilconf-file-include(14987)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14987
Reference: OSVDB:3769
Reference: URL:http://www.osvdb.org/3769
PHP remote code injection vulnerability in the GEDCOM configuration
script for phpGedView 2.65.1 and earlier allows remote attackers to
execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY
parameter to reference a URL on a remote web server that contains a
malicious theme.php script.
Modifications:
20040812 ADDREF BID:9531
20040812 ADDREF XF:phpgedview-gedfilconf-file-include(14987)
20040818 ADDREF OSVDB:3769
Analysis
--------
Vendor Acknowledgement: yes changelog
ACKNOWLEDGEMENT: the changelog for PhpGedView v2.65.2, dated January
28, 2004, includes an item that says the developer "Fixed
vulnerability in $INDEX_DIRECTORY/gedcom.ged_conf.php."
INFERRED ACTION: CAN-2004-0128 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0129
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0129
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040204
Category: SF
Reference: BUGTRAQ:20040203 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107582619125932&w=2
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=350228
Reference: CONFIRM:http://www.phpmyadmin.net/home_page/relnotes.php?rel=0
Reference: GENTOO:GLSA-200402-05
Reference: URL:http://security.gentoo.org/glsa/glsa-200402-05.xml
Reference: BID:9564
Reference: URL:http://www.securityfocus.com/bid/9564
Reference: XF:phpmyadmin-dotdot-directory-traversal(15021)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15021
Reference: OSVDB:3800
Reference: URL:http://www.osvdb.org/3800
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5
and earlier allows remote attackers to read arbitrary files via
.. (dot dot) sequences in the what parameter.
Modifications:
20040611 Normalize Gentoo reference
20040813 ADDREF BID:9564
20040813 ADDREF XF:phpmyadmin-dotdot-directory-traversal(15021)
20040818 ADDREF OSVDB:3800
Analysis
--------
Vendor Acknowledgement: unknown discloser-claimed
ACKNOWLEDGEMENT: the Changelog for version 2.5.6-rc1 states that "a
security fix" was made, and a diff of export.php with an earlier
version confirms it.
INFERRED ACTION: CAN-2004-0129 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Armstrong, Baker
NOOP(4) Cole, Christey, Cox, Wall
Voter Comments:
Christey> Normalize Gentoo reference
======================================================
Candidate: CAN-2004-0131
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0131
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040210
Category: SF
Reference: IDEFENSE:20040204 GNU Radius Remote Denial of Service Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=71&type=vulnerabilities&flashstatus=true
Reference: CONFIRM:http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz
Reference: CERT-VN:VU#277396
Reference: URL:http://www.kb.cert.org/vuls/id/277396
Reference: BID:9578
Reference: URL:http://www.securityfocus.com/bid/9578
Reference: XF:radius-radprintrequest-dos(15046)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15046
Reference: OSVDB:3824
Reference: URL:http://www.osvdb.org/3824
The rad_print_request function in logger.c for GNU Radius daemon
(radiusd) before 1.2 allows remote atackers to cause a denial of
service (crash) via a UDP packet with an Acct-Status-Type attribute
without a value and no Acct-Session-Id attribute, which causes a null
dereference.
Modifications:
20040813 CHANGEREF IDEFENSE normalize from FULLDISC
20040818 ADDREF OSVDB:3824
Analysis
--------
Vendor Acknowledgement: unknown
ACKNOWLEDGEMENT: the ChangeLog for Radius 1.2 includes an item dated
2003-11-26 which says "(rad_print_request): Removed."
INFERRED ACTION: CAN-2004-0131 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Armstrong, Baker
NOOP(3) Cole, Cox, Wall
======================================================
Candidate: CAN-2004-0148
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0148
Final-Decision:
Interim-Decision: 20040825
Modified: 20040813
Proposed: 20040318
Assigned: 20040213
Category: SF
Reference: DEBIAN:DSA-457
Reference: URL:http://www.debian.org/security/2004/dsa-457
Reference: HP:SSRT4704
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108999466902690&w=2
Reference: REDHAT:RHSA-2004:096
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-096.html
Reference: BID:9832
Reference: URL:http://www.securityfocus.com/bid/9832
Reference: XF:wuftpd-restrictedgid-gain-access(15423)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15423
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled,
allows local users to bypass access restrictions by changing the
permissions to prevent access to their home directory, which causes
wu-ftpd to use the root directory instead.
Modifications:
20040813 ADDREF BID:9832
20040813 ADDREF XF:wuftpd-restrictedgid-gain-access(15423)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0148 ACCEPT (7 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(6) Cole, Armstrong, Baker, Cox, Balinsky, Wall
MODIFY(1) Frech
Voter Comments:
Frech> XF:wuftpd-restrictedgid-gain-access(15423)
http://xforce.iss.net/xforce/xfdb/15423
======================================================
Candidate: CAN-2004-0150
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0150
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040213
Category: SF
Reference: DEBIAN:DSA-458
Reference: URL:http://www.debian.org/security/2004/dsa-458
Reference: MANDRAKE:MDKSA-2004:019
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:019
Reference: BID:9836
Reference: URL:http://www.securityfocus.com/bid/9836
Reference: XF:python-getaddrinfo-bo(15409)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15409
Reference: OSVDB:4172
Reference: URL:http://www.osvdb.org/4172
Buffer overflow in the getaddrinfo function in Python 2.2 before
2.2.2, when IPv6 support is disabled, allows remote attackers to
execute arbitrary code via an IPv6 address that is obtained using DNS.
Modifications:
20040813 ADDREF BID:9836
20040813 ADDREF XF:python-getaddrinfo-bo(15409)
20040818 ADDREF OSVDB:4172
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0150 ACCEPT (6 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Balinsky
MODIFY(2) Frech, Cox
NOOP(1) Wall
Voter Comments:
Frech> XF:python-getaddrinfo-bo(15409)
http://xforce.iss.net/xforce/xfdb/15409
Cox> Fixed in 2.2.2, does not affect servers which have IPv6 support
enabled. Suggested replacement text: "Buffer overflow in the
getaddrinfo in Python 2.2 before 2.2.2 where IPv6 support is disabled
allows remote attackers to executer arbitrary code via an IPv6 address
that is obtained using DNS."
======================================================
Candidate: CAN-2004-0159
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0159
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040213
Category: SF
Reference: DEBIAN:DSA-447
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755803218677&w=2
Reference: FULLDISC:20040223 Re: [SECURITY] [DSA 447-1] New hsftp packages fix format string vulnerability
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/017737.html
Reference: BID:9715
Reference: URL:http://www.securityfocus.com/bid/9715
Reference: XF:hsftp-format-string(15276)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15276
Reference: OSVDB:4029
Reference: URL:http://www.osvdb.org/4029
Format string vulnerability in hsftp 1.11 allows remote authenticated
users to cause a denial of service and possibly execute arbitrary code
via file names containing format string characters that are not
properly handled when executing an "ls" command.
Modifications:
20040813 ADDREF BID:9715
20040818 ADDREF OSVDB:4029
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0159 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0160
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0160
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20040318
Assigned: 20040213
Category: SF
Reference: DEBIAN:DSA-446
Reference: URL:http://www.debian.org/security/2004/dsa-446
Reference: XF:synaesthesia-configuration-symlink-attack(15279)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15279
Reference: BID:9713
Reference: URL:http://www.securityfocus.com/bid/9713
Synaesthesia 2.2 and earlier allows local users to execute arbitrary
code via a symlink attack on the configuration file.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0160 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0165
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0165
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040218
Category: SF
Reference: ATSTAKE:A022304-1
Reference: URL:http://www.atstake.com/research/advisories/2004/a022304-1.txt
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html
Reference: CERT-VN:VU#841742
Reference: URL:http://www.kb.cert.org/vuls/id/841742
Reference: XF:macos-pppd-format-string(15297)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15297
Reference: BID:9730
Reference: URL:http://www.securityfocus.com/bid/9730
Reference: OSVDB:6822
Reference: URL:http://www.osvdb.org/6822
Format string vulnerability in Point-to-Point Protocol (PPP) daemon
(pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers
to read arbitrary pppd process data, including PAP or CHAP
authentication credentials, to gain privileges.
Modifications:
20040818 ADDREF OSVDB:6822
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0165 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0167
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0167
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040218
Category: SF
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html
Reference: CERT-VN:VU#578886
Reference: URL:http://www.kb.cert.org/vuls/id/578886
Reference: BID:9731
Reference: URL:http://www.securityfocus.com/bid/9731
Reference: XF:macos-diskarbitration-unknown(15300)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15300
Reference: OSVDB:6824
Reference: URL:http://www.osvdb.org/6824
DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly
initialize writeable removable media.
Modifications:
20040818 ADDREF OSVDB:6824
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0167 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0169
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0169
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040218
Category: SF
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00046.html
Reference: IDEFENSE:20040223 Darwin Streaming Server Remote Denial of Service Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=75&type=vulnerabilities
Reference: CERT-VN:VU#460350
Reference: URL:http://www.kb.cert.org/vuls/id/460350
Reference: XF:darwin-describe-request-dos(15291)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15291
Reference: BID:9735
Reference: URL:http://www.securityfocus.com/bid/9735
Reference: OSVDB:6826
Reference: URL:http://www.osvdb.org/6826
Reference: OSVDB:6837
Reference: URL:http://www.osvdb.org/6837
QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote
attackers to cause a denial of service (crash) via DESCRIBE requests
with long User-Agent fields, which causes an Assert error to be
triggered in the BufferIsFull function.
Modifications:
20040813 CHANGEREF IDEFENSE [normalize from BUGTRAQ]
20040818 ADDREF OSVDB:6826
20040818 ADDREF OSVDB:6837
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0169 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0171
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0171
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040219
Category: SF
Reference: IDEFENSE:20040302 FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=78&type=vulnerabilities
Reference: APPLE:APPLE-SA-2004-05-28
Reference: URL:http://lists.seifried.org/pipermail/security/2004-May/003743.html
Reference: FREEBSD:FreeBSD-SA-04:04
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc
Reference: CERT-VN:VU#395670
Reference: URL:http://www.kb.cert.org/vuls/id/395670
Reference: BID:9792
Reference: URL:http://www.securityfocus.com/bid/9792
Reference: XF:freebsd-mbuf-dos(15369)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15369
Reference: OSVDB:4124
Reference: URL:http://www.osvdb.org/4124
FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote
attackers to cause a denial of service (resource exhaustion of memory
buffers and system crash) via a large number of out-of-sequence TCP
packets, which prevents the operating system from creating new
connections.
Modifications:
20040813 ADDREF APPLE:APPLE-SA-2004-05-28
20040813 ADDREF CERT-VN:VU#395670
20040813 ADDREF BID:9792
20040813 CHANGEREF IDEFENSE [normalize from FULLDISC]
20040813 [desc] add system crash impact
20040818 ADDREF OSVDB:4124
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2004-0171 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
MODIFY(1) Balinsky
NOOP(3) Christey, Cox, Wall
Voter Comments:
Balinsky> Advisory says that the bug can cause a system crash. Add this to the description.
Christey> APPLE:APPLE-SA-2004-05-28
URL:http://docs.info.apple.com/article.html?artnum=61798
======================================================
Candidate: CAN-2004-0173
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0173
Final-Decision:
Interim-Decision: 20040825
Modified: 20040813
Proposed: 20040318
Assigned: 20040225
Category: SF
Reference: BUGTRAQ:20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107765545431387&w=2
Reference: FULLDISC:20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory traversal vulnerability
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/017740.html
Reference: CONFIRM:http://www.apacheweek.com/issues/04-03-12
Reference: CONFIRM:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26152
Reference: BID:9733
Reference: URL:http://www.securityfocus.com/bid/9733
Reference: XF:apache-cygwin-directory-traversal(15293)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15293
Directory traversal vulnerability in Apache 1.3.29 and earlier, and
Apache 2.0.48 and earlier, when running on Cygwin, allows remote
attackers to read arbitrary files via a URL containing "..%5C" (dot
dot encoded backslash) sequences.
Modifications:
20040813 ADDREF CONFIRM:http://www.apacheweek.com/issues/04-03-12
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2004-0173 ACCEPT_REV (5 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Cox
MODIFY(1) Frech
REVIEWING(1) Wall
Voter Comments:
Frech> XF:apache-cygwin-directory-traversal(15293)
http://xforce.iss.net/xforce/xfdb/15293
======================================================
Candidate: CAN-2004-0185
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0185
Final-Decision:
Interim-Decision: 20040825
Modified: 20040813
Proposed: 20040318
Assigned: 20040302
Category: SF
Reference: MISC:http://www.securiteam.com/unixfocus/6X00Q1P8KC.html
Reference: CONFIRM:ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch
Reference: MISC:http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt
Reference: DEBIAN:DSA-457
Reference: URL:http://www.debian.org/security/2004/dsa-457
Reference: REDHAT:RHSA-2004:096
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-096.html
Reference: BID:8893
Reference: URL:http://www.securityfocus.com/bid/8893
Reference: XF:wuftpd-skey-bo(13518)
Reference: URL:http://xforce.iss.net/xforce/xfdb/13518
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp
daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of
service and possibly execute arbitrary code via a s/key (SKEY) request
with a long name.
Modifications:
20040813 ADDREF BID:8893
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2004-0185 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Armstrong, Baker, Cox
NOOP(2) Cole, Wall
======================================================
Candidate: CAN-2004-0186
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0186
Final-Decision:
Interim-Decision: 20040825
Modified: 20040820
Proposed: 20040318
Assigned: 20040302
Category: SF
Reference: BUGTRAQ:20040209 Samba 3.x + kernel 2.6.x local root vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107636290906296&w=2
Reference: BUGTRAQ:20040211 Re: Samba 3.x + kernel 2.6.x local root vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107657505718743&w=2
Reference: DEBIAN:DSA-463
Reference: URL:http://www.debian.org/security/2004/dsa-463
Reference: XF:samba-smbmnt-gain-privileges(15131)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15131
Reference: BID:9619
Reference: URL:http://www.securityfocus.com/bid/9619
Reference: OSVDB:3916
Reference: URL:http://www.osvdb.org/3916
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid,
allows local users to gain root privileges by mounting a Samba share
that contains a setuid root program, whose setuid attributes are not
cleared when the share is mounted.
Modifications:
20040818 ADDREF OSVDB:3916
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2004-0186 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Cox
NOOP(1) Wall
======================================================
Candidate: CAN-2004-0188
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0188
Final-Decision:
Interim-Decision: 20040825
Modified: 20040813
Proposed: 20040318
Assigned: 20040302
Category: SF
Reference: BUGTRAQ:20040227 Calife heap corrupt / potential local root exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107789737832092&w=2
Reference: DEBIAN:DSA-461
Reference: URL:http://www.debian.org/security/2004/dsa-461
Reference: BID:9756
Reference: URL:http://www.securityfocus.com/bid/9756
Reference: XF:calife-long-password-bo(15335)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15335
Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local
users to execute arbitrary code via a long password.
Modifications:
20040813 ADDREF BID:9756
Analysis
--------
Vendor Acknowledgement: yes followup
INFERRED ACTION: CAN-2004-0188 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0189
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20040303
Category: SF
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2004_1.txt
Reference: CONECTIVA:CLA-2004:838
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838
Reference: DEBIAN:DSA-474
Reference: URL:http://www.debian.org/security/2004/dsa-474
Reference: GENTOO:GLSA-200403-11
Reference: URL:http://security.gentoo.org/glsa/glsa-200403-11.xml
Reference: MANDRAKE:MDKSA-2004:025
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025
Reference: REDHAT:RHSA-2004:133
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-133.html
Reference: REDHAT:RHSA-2004:134
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-134.html
Reference: SGI:20040404-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U
Reference: BUGTRAQ:20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108084935904110&w=2
Reference: BID:9778
Reference: URL:http://www.securityfocus.com/bid/9778
Reference: XF:squid-urlregex-acl-bypass(15366)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15366
Reference: OSVDB:5916
Reference: URL:http://www.osvdb.org/5916
Reference: OVAL:OVAL877
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL877.html
Reference: OVAL:OVAL941
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL941.html
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows
remote attackers to bypass url_regex ACLs via a URL with a NULL
("%00") characterm, which causes Squid to use only a portion of the
requested URL when comparing it against the access control lists.
Modifications:
20040813 ADDREF CONECTIVA:CLA-2004:838
20040813 ADDREF DEBIAN:DSA-474
20040813 ADDREF GENTOO:GLSA-200403-11
20040813 ADDREF MANDRAKE:MDKSA-2004:025
20040813 ADDREF REDHAT:RHSA-2004:133
20040813 ADDREF REDHAT:RHSA-2004:134
20040813 ADDREF SGI:20040404-01-U
20040813 ADDREF BUGTRAQ:20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)
20040818 ADDREF OSVDB:5916
20040824 ADDREF OVAL:OVAL877
20040824 ADDREF OVAL:OVAL941
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2004-0189 ACCEPT (3 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(3) Armstrong, Baker, Cox
NOOP(3) Cole, Christey, Wall
Voter Comments:
Christey> REDHAT:RHSA-2004:134
URL:http://www.redhat.com/support/errata/RHSA-2004-134.html
Christey> MANDRAKE:MDKSA-2004:025
Christey> BUGTRAQ:20040331 [ GLSA 200403-11 ] Squid ACL [url_regex] bypass vulnerability
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108075225114097&w=2
BUGTRAQ:20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108084935904110&w=2
Christey> DEBIAN:DSA-474
URL:http://www.debian.org/security/2004/dsa-474
Christey> CONECTIVA:CLA-2004:838
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838
Christey> REDHAT:RHSA-2004:133
URL:http://www.redhat.com/support/errata/RHSA-2004-133.html
Christey> SGI:20040404-01-U
URL:ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
======================================================
Candidate: CAN-2004-0190
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0190
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040303
Category: SF
Reference: BUGTRAQ:20040216 Symantec FireWall/VPN Appliance model 200 leak of security
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107694794031839&w=2
Reference: FULLDISC:20040216 Symantec FireWall/VPN Appliance model 200 leak of security
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/017414.html
Reference: XF:symantec-firewallvpn-password-plaintext(15212)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15212
Reference: OSVDB:4117
Reference: URL:http://www.osvdb.org/4117
Symantec FireWall/VPN Appliance model 200 records a cleartext
password for the password administration page, which may be cached on
the administrator's local system or in a proxy, which allows attackers
to steal the password and gain privileges.
Modifications:
20040818 ADDREF OSVDB:4117
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2004-0190 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0191
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0191
Final-Decision:
Interim-Decision: 20040825
Modified: 20040824
Proposed: 20040318
Assigned: 20040303
Category: SF
Reference: BUGTRAQ:20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107774710729469&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=227417
Reference: REDHAT:RHSA-2004:110
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-110.html
Reference: REDHAT:RHSA-2004:112
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-112.html
Reference: HP:SSRT4722
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108448379429944&w=2
Reference: XF:mozilla-event-handler-xss(15322)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15322
Reference: BID:9747
Reference: URL:http://www.securityfocus.com/bid/9747
Reference: OSVDB:4062
Reference: URL:http://www.osvdb.org/4062
Reference: OVAL:OVAL874
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL874.html
Reference: OVAL:OVAL937
Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL937.html
Mozilla before 1.4.2 executes Javascript events in the context of a
new page while it is being loaded, allowing it to interact with the
previous page (zombie document) and enable cross-domain and cross-site
scripting (XSS) attacks, as demonstrated using onmousemove events.
Modifications:
20040813 ADDREF REDHAT:RHSA-2004:112
20040813 ADDREF HP:SSRT4722
20040818 ADDREF REDHAT:RHSA-2004:110
20040818 ADDREF OSVDB:4062
20040824 ADDREF OVAL:OVAL874
20040824 ADDREF OVAL:OVAL937
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0191 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Armstrong, Baker, Cox
NOOP(3) Cole, Christey, Wall
Voter Comments:
Christey> REDHAT:RHSA-2004:112
URL:http://www.redhat.com/support/errata/RHSA-2004-112.html
Cox> Addref: RHSA-2004:112
Christey> URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108448379429944&w=2
HP:SSRT4722
======================================================
Candidate: CAN-2004-0193
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0193
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20040318
Assigned: 20040304
Category: SF
Reference: BUGTRAQ:20040227 EEYE: RealSecure/BlackICE Server Message Block (SMB) Processing Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107789851117176&w=2
Reference: MISC:http://www.eeye.com/html/Research/Upcoming/20040213.html
Reference: ISS:20040226 Vulnerability in SMB Parsing in ISS Products
Reference: URL:http://xforce.iss.net/xforce/alerts/id/165
Reference: CERT-VN:VU#150326
Reference: URL:http://www.kb.cert.org/vuls/id/150326
Reference: XF:pam-smb-protocol-bo(15207)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15207
Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM),
as used in certain versions of RealSecure Network 7.0 and Server
Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and
3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC
Protection 3.6, and BlackICE Server Protection 3.6, allows remote
attackers to execute arbitrary code via an SMB packet containing an
authentication request with a long username.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0193 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Wall
NOOP(1) Cox
======================================================
Candidate: CAN-2004-0194
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0194
Final-Decision:
Interim-Decision: 20040825
Modified: 20040820
Proposed: 20040318
Assigned: 20040304
Category: SF
Reference: BUGTRAQ:20040303 Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107842545022724&w=2
Reference: FULLDISC:20040303 Adobe Acrobat Reader XML Forms Data Format Buffer Overflow
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018227.html
Reference: MISC:http://www.nextgenss.com/advisories/adobexfdf.txt
Reference: BID:9802
Reference: URL:http://www.securityfocus.com/bid/9802
Reference: XF:acrobatreader-xfdf-bo(15384)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15384
Reference: OSVDB:4135
Reference: URL:http://www.osvdb.org/4135
Stack-based buffer overflow in the OutputDebugString function for
Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary
code via a PDF document with XML Forms Data Format (XFDF) data.
Modifications:
20040813 ADDREF BID:9802
20040818 ADDREF OSVDB:4135
Analysis
--------
Vendor Acknowledgement: unknown
INFERRED ACTION: CAN-2004-0194 ACCEPT_REV (3 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(3) Armstrong, Baker, Balinsky
NOOP(2) Cole, Cox
REVIEWING(1) Wall
======================================================
Candidate: CAN-2004-0256
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0256
Final-Decision:
Interim-Decision: 20040825
Modified: 20040820
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040130 Symlink Vulnerability in GNU libtool <1.5.2
Reference: URL:http://www.securityfocus.com/archive/1/352333
Reference: CONECTIVA:CLA-2004:811
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000811
Reference: MISC:http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405
Reference: BID:9530
Reference: URL:http://www.securityfocus.com/bid/9530
Reference: XF:libtool-insecure-temp-directory(15017)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15017
Reference: OSVDB:3795
Reference: URL:http://www.osvdb.org/3795
GNU libtool before 1.5.2, during compile time, allows local users to
overwrite arbitrary files via a symlink attack on libtool directories
in /tmp.
Modifications:
20040818 ADDREF OSVDB:3795
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0256 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Green, Baker, Cox
NOOP(1) Wall
======================================================
Candidate: CAN-2004-0257
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0257
Final-Decision:
Interim-Decision: 20040825
Modified: 20040820
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040205 OpenBSD IPv6 remote kernel crash
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107604603226564&w=2
Reference: FULLDISC:20040204 Remote openbsd crash with ip6, yet still openbsd much better than windows
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-February/016704.html
Reference: MISC:http://www.guninski.com/obsdmtu.html
Reference: CONFIRM:http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet6/ip6_output.c
Reference: NETBSD:NetBSD-SA2004-002
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-002.txt.asc
Reference: XF:openbsd-ipv6-dos(15044)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15044
Reference: BID:9577
Reference: URL:http://www.securityfocus.com/bid/9577
Reference: OSVDB:3825
Reference: URL:http://www.osvdb.org/3825
OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a
denial of service (crash) by sending an IPv6 packet with a small MTU
to a listening port and then issuing a TCP connect to that port.
Modifications:
20040813 CHANGEREF FULLDISC [normalize]
20040818 ADDREF OSVDB:3825
Analysis
--------
Vendor Acknowledgement: yes changelog
INFERRED ACTION: CAN-2004-0257 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0261
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0261
Final-Decision:
Interim-Decision: 20040825
Modified: 20040820
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040206 Open Journal Blog Authenticaion Bypassing Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107619136600713&w=2
Reference: CONFIRM:http://www.grohol.com/downloads/oj/latest/changelog.txt
Reference: BID:9598
Reference: URL:http://www.securityfocus.com/bid/9598
Reference: XF:openjournal-uid-admin-access(15069)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15069
Reference: OSVDB:3872
Reference: URL:http://www.osvdb.org/3872
oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to
bypass authentication and access the control panel via a 0 in the uid
parameter.
Modifications:
20040818 ADDREF OSVDB:3872
Analysis
--------
Vendor Acknowledgement: yes changelog
ACKNOWLEDGEMENT: the vendor changelog's entry under v2.06 - 05 Feb
2004 says "Fixed security issue in oj.cgi and oj.cfg"
INFERRED ACTION: CAN-2004-0261 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0263
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0263
Final-Decision:
Interim-Decision: 20040825
Modified: 20040820
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: GENTOO:GLSA-200402-01
Reference: URL:http://http://security.gentoo.org/glsa/glsa-200402-01.xml
Reference: BID:9599
Reference: URL:http://www.securityfocus.com/bid/9599
Reference: XF:php-virtualhost-info-disclosure(15072)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15072
Reference: OSVDB:3878
Reference: URL:http://www.osvdb.org/3878
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global
variables between virtual hosts that are handled by the same Apache
child process but have different settings, which could allow remote
attackers to obtain sensitive information.
Modifications:
20040611 normalize Gentoo reference
20040813 ADDREF BID:9599
20040818 ADDREF OSVDB:3878
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0263 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Cole, Armstrong, Baker, Cox, Wall
NOOP(1) Christey
Voter Comments:
Christey> BID:9599
Christey> Normalize Gentoo reference
CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
======================================================
Candidate: CAN-2004-0270
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0270
Final-Decision:
Interim-Decision: 20040825
Modified: 20040820
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040209 clamav 0.65 remote DOS exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634700823822&w=2
Reference: CONFIRM:http://www.freebsd.org/cgi/query-pr.cgi?pr=62586
Reference: GENTOO:GLSA-200402-07
Reference: URL:http://security.gentoo.org/glsa/glsa-200402-07.xml
Reference: XF:clam-antivirus-uuencoded-dos(15077)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15077
Reference: BID:9610
Reference: URL:http://www.securityfocus.com/bid/9610
Reference: OSVDB:3894
Reference: URL:http://www.osvdb.org/3894
libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a
denial of service (crash) via a uuencoded e-mail message with an
invalid line length (e.g., a lowercase character), which causes an
assert error in clamd that terminates the calling program.
Modifications:
20040611 Normalize Gentoo reference
20040818 ADDREF OSVDB:3894
Analysis
--------
Vendor Acknowledgement: yes
INFERRED ACTION: CAN-2004-0270 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(3) Christey, Cox, Wall
Voter Comments:
Christey> Normalize Gentoo reference
======================================================
Candidate: CAN-2004-0273
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0273
Final-Decision:
Interim-Decision: 20040825
Modified: 20040813
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040210 Directory traversal in RealPlayer allows code execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107642978524321&w=2
Reference: CONFIRM:http://service.real.com/help/faq/security/040123_player/EN/
Reference: CERT-VN:VU#514734
Reference: URL:http://www.kb.cert.org/vuls/id/514734
Reference: XF:realoneplayer-rmp-directory-traversal(15123)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15123
Directory traversal vulnerability in RealOne Player, RealOne Player
2.0, and RealOne Enterprise Desktop allows remote attackers to upload
arbitrary files via an RMP file that contains .. (dot dot) sequences
in a .rjs skin file.
Modifications:
20040813 ADDREF CERT-VN:VU#514734
20040813 ADDREF XF:realoneplayer-rmp-directory-traversal(15123)
Analysis
--------
Vendor Acknowledgement: yes
ACKNOWLEDGEMENT:at
http://service.real.com/help/faq/security/040123_player/EN/ under
exploit 2 it says "To fashion RMP files which allow an attacker to
download and execute arbitrary code on a user's machine."
INFERRED ACTION: CAN-2004-0273 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Wall
NOOP(2) Christey, Cox
Voter Comments:
Christey> CERT-VN:VU#514734
URL:http://www.kb.cert.org/vuls/id/514734
======================================================
Candidate: CAN-2004-0274
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0274
Final-Decision:
Interim-Decision: 20040825
Modified: 20040820
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040208 Eggrop bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107634593827102&w=2
Reference: BUGTRAQ:20040210 Re: Eggrop bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107643315623958&w=2
Reference: MISC:http://mogan.nonsoloirc.com/egg_advisory.txt
Reference: XF:eggdrop-sharemod-gain-access(15084)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15084
Reference: BID:9606
Reference: URL:http://www.securityfocus.com/bid/9606
Reference: OSVDB:3928
Reference: URL:http://www.osvdb.org/3928
Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can
mistakenly assign STAT_OFFERED status to a bot that is not a sharebot,
which allows remote attackers to use STAT_OFFERED to promote a bot to
a sharebot and conduct unauthorized activities.
Modifications:
20040818 ADDREF OSVDB:3928
Analysis
--------
Vendor Acknowledgement: yes followup
INFERRED ACTION: CAN-2004-0274 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0276
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0276
Final-Decision:
Interim-Decision: 20040825
Modified: 20040820
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040211 Denial of Service in Monkey httpd <= 0.8.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107652610506968&w=2
Reference: MISC:http://aluigi.altervista.org/poc/monkeydos.zip
Reference: CONFIRM:http://monkeyd.sourceforge.net/
Reference: XF:monkey-getrealstring-dos(15187)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15187
Reference: BID:9642
Reference: URL:http://www.securityfocus.com/bid/9642
Reference: OSVDB:3921
Reference: URL:http://www.osvdb.org/3921
The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and
earlier allows remote attackers to cause a denial of service (crash)
via an HTTP request with a sequence of "%" characters and a missing
Host field.
Modifications:
20040818 ADDREF OSVDB:3921
Analysis
--------
Vendor Acknowledgement: yes
ACKNOWLEDGEMENT: the announcement for Monkey 0.8.2 says that there are
"a lot of bug fixes (including a fix for a DoS). Thanks to Luigi
A."
INFERRED ACTION: CAN-2004-0276 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Cox, Wall
======================================================
Candidate: CAN-2004-0297
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0297
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: IDEFENSE:20040217 Ipswitch IMail LDAP Daemon Remote Buffer Overflow
Reference: URL:http://www.idefense.com/application/poi/display?id=74
Reference: CONFIRM:http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html
Reference: CERT-VN:VU#972334
Reference: URL:http://www.kb.cert.org/vuls/id/972334
Reference: BID:9682
Reference: URL:http://www.securityfocus.com/bid/9682
Reference: XF:imail-ldap-tag-bo(15243)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15243
Reference: OSVDB:3984
Reference: URL:http://www.osvdb.org/3984
Buffer overflow in the Lightweight Directory Access Protocol (LDAP)
daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows
remote attackers to cause a denial of service (crash) and execute
arbitrary code via an LDAP message with a large tag length.
Modifications:
20040813 CHANGEREF IDEFENSE [normalize from BUGTRAQ]
20040818 ADDREF OSVDB:3984
Analysis
--------
Vendor Acknowledgement: yes
ACKNOWLEDGEMENT: at
http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html
it says "fixes a possible LDAP Denial of Service vulnerability" and
the poster refers to this patch and the patch is dated Feb 17.
INFERRED ACTION: CAN-2004-0297 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Wall
NOOP(1) Cox
======================================================
Candidate: CAN-2004-0306
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0306
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20040318
Assigned: 20040317
Category: CF
Reference: CISCO:20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml
Reference: XF:cisco-ons-file-upload(15264)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15264
Reference: BID:9699
Reference: URL:http://www.securityfocus.com/bid/9699
Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD
before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service
on UDP port 69 by default, which allows remote attackers to GET or PUT
ONS system files on the current active TCC in the /flash0 or /flash1
directories.
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0306 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Wall
NOOP(1) Cox
======================================================
Candidate: CAN-2004-0307
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0307
Final-Decision:
Interim-Decision: 20040825
Modified: 20040820
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: CISCO:20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml
Reference: BID:9699
Reference: URL:http://www.securityfocus.com/bid/9699
Reference: XF:cisco-ons-ack-dos(15265)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15265
Reference: OSVDB:4009
Reference: URL:http://www.osvdb.org/4009
Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454
SD before 4.1(3) allows remote attackers to cause a denial of service
(reset) by not sending the ACK portion of the TCP three-way handshake
and sending an invalid response instead.
Modifications:
20040818 ADDREF OSVDB:4009
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0307 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Wall
NOOP(1) Cox
======================================================
Candidate: CAN-2004-0309
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0309
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040219 EEYE: ZoneLabs SMTP Processing Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107722656827427&w=2
Reference: CERT-VN:VU#619982
Reference: URL:http://www.kb.cert.org/vuls/id/619982
Reference: CIAC:O-084
Reference: URL:http://www.ciac.org/ciac/bulletins/o-084.shtml
Reference: CONFIRM:http://download.zonelabs.com/bin/free/securityAlert/8.html
Reference: XF:zonelabs-multiple-products-bo(14991)
Reference: URL:http://xforce.iss.net/xforce/xfdb/14991
Reference: BID:9696
Reference: URL:http://www.securityfocus.com/bid/9696
Reference: OSVDB:3991
Reference: URL:http://www.osvdb.org/3991
Stack-based buffer overflow in the SMTP service support in vsmon.exe
in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client
4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote
attackers to execute arbitrary code via a long RCPT TO argument.
Modifications:
20040818 ADDREF OSVDB:3991
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0309 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(4) Cole, Armstrong, Baker, Wall
NOOP(1) Cox
======================================================
Candidate: CAN-2004-0320
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0320
Final-Decision:
Interim-Decision: 20040825
Modified: 20040818
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040223 nCipher Advisory #9: Host-side attackers can access secret data
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107755899018249&w=2
Reference: XF:ncipher-hsm-obtain-info(15281)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15281
Reference: BID:9717
Reference: URL:http://www.securityfocus.com/bid/9717
Reference: OSVDB:4055
Reference: URL:http://www.osvdb.org/4055
Unknown vulnerability in nCipher Hardware Security Modules (HSM)
1.67.x through 1.99.x allows local users to access secrets stored in
the module's run-time memory via certain sequences of commands.
Modifications:
20040818 ADDREF OSVDB:4055
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0320 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Wall, Cox
======================================================
Candidate: CAN-2004-0336
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0336
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107799540630302&w=2
Reference: BUGTRAQ:20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html
Reference: XF:602pro-path-disclosure(15350)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15350
Reference: BID:9781
Reference: URL:http://www.securityfocus.com/bid/9781
LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive
information via the mail login form, which contains the path to the
mail directory.
Analysis
--------
Vendor Acknowledgement: yes followup
INFERRED ACTION: CAN-2004-0336 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Wall, Cox
======================================================
Candidate: CAN-2004-0347
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0347
Final-Decision:
Interim-Decision: 20040825
Modified: 20040813
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107826362024112&w=2
Reference: FULLDISC:20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance
Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2004-March/018120.html
Reference: BUGTRAQ:20040304 NetScreen Advisory 58412: XSS Bug in NetScreen-SA SSL VPN
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107850564102190&w=2
Reference: CERT-VN:VU#114070
Reference: URL:http://www.kb.cert.org/vuls/id/114070
Reference: BID:9791
Reference: URL:http://www.securityfocus.com/bid/9791
Reference: XF:netscreen-delhomepagecgi-xss(15368)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15368
Cross-site scripting (XSS) vulnerability in delhomepage.cgi in
NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797)
allows remote authenticated users to execute arbitrary script as other
users via the row parameter.
Modifications:
20040813 ADDREF CERT-VN:VU#114070
20040813 ADDREF BID:9791
20040813 ADDREF XF:netscreen-delhomepagecgi-xss(15368)
Analysis
--------
Vendor Acknowledgement: yes advisory
INFERRED ACTION: CAN-2004-0347 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Wall, Cox
======================================================
Candidate: CAN-2004-0356
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0356
Final-Decision:
Interim-Decision: 20040825
Modified:
Proposed: 20040318
Assigned: 20040317
Category: SF
Reference: BUGTRAQ:20040305 SLMail Pro Supervisor Report Center Buffer Overflow (#NISR05022004a)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107850488326232&w=2
Reference: CONFIRM:http://216.26.170.92/Download/webfiles/Patches/SLMPPatch-2.0.14.pdf
Reference: MISC:http://www.nextgenss.com/advisories/slmailsrc.txt
Reference: XF:slmail-src-stack-bo(15398)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15398
Reference: BID:9809
Reference: URL:http://www.securityfocus.com/bid/9809
Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro
2.0.9 and earlier allows remote attackers to execute arbitrary code
via an HTTP request with a long HTTP sub-version.
Analysis
--------
Vendor Acknowledgement: yes
ACKNOWLEDGEMENT: the patch document for SL Mail 2.0.14 includes the
item: "Security Issues: SL Supervisor buffer overflow"
INFERRED ACTION: CAN-2004-0356 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Armstrong, Baker
NOOP(2) Wall, Cox