Name: CVE-2002-0001
Description:
Vulnerability in RFC822 address parser in mutt before
1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote
attackers to execute arbitrary commands via an
improperly terminated comment or phrase in the address
list.
Status: Candidate
Phase: Modified (20050707)
Reference: BUGTRAQ:20020101 [Announce] SECURITY:
mutt-1.2.5.1 and mutt-1.3.25 released.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100994648918287&w=2
Reference:
CONFIRM:http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html
Reference: DEBIAN:DSA-096
Reference:
URL:http://www.debian.org/security/2002/dsa-096
Reference: REDHAT:RHSA-2002:003
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2002-003.html
Reference: SUSE:SuSE-SA:2002:001
Reference:
URL:http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html
Reference: CONECTIVA:CLA-2002:449
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449
Reference: FREEBSD:FreeBSD-SA-02:04
Reference:
URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc
Reference: HP:HPSBTL0201-011
Reference:
URL:http://online.securityfocus.com/advisories/3778
Reference: CALDERA:CSSA-2002-002.0
Reference:
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt
Reference: BID:3774
Reference:
URL:http://www.securityfocus.com/bid/3774
Reference: XF:mutt-address-handling-bo(7759)
Reference:
URL:http://www.iss.net/security_center/static/7759.php
Votes:
ACCEPT(4) Baker, Cole, Green, Wall
MODIFY(1) Frech
NOOP(2) Foat, Christey
Voter Comments:
Christey> I need to review this for accuracy; is it just a buffer
overflow? See Mark Cox' comments in his "Chinese Whisper"
article.
Frech> XF:mutt-address-handling-bo(7759)
Christey> See Caldera advisory for a good, short description of the
issue.
BID:3774
URL:http://www.securityfocus.com/bid/3774
SUSE:SuSE-SA:2002:001
URL:http://www.suse.de/de/support/security/2002_001_mutt_txt.html
CONECTIVA:CLA-2002:449
DEBIAN:DSA-096
FREEBSD:FreeBSD-SA-02:04
HP:HPSBTL0201-011
URL:http://online.securityfocus.com/advisories/3778
CALDERA:CSSA-2002-002.0
URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-002.0.txt
Name: CVE-2002-0008
Description:
Bugzilla before 2.14.1 allows remote attackers to (1)
spoof a user comment via an HTTP request to
process_bug.cgi using the "who" parameter, instead of
the Bugzilla_login cookie, or (2) post a bug as another
user by modifying the reporter parameter to
enter_bug.cgi, which is passed to post_bug.cgi.
Status: Candidate
Phase: Modified (20050703)
Reference: BUGTRAQ:20020105 Security Advisory for
Bugzilla v2.15 (cvs20020103) and older
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference:
CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: REDHAT:RHSA-2002:001
Reference:
URL:http://rhn.redhat.com/errata/RHSA-2002-001.html
Reference:
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108385
Reference:
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108516
Reference: BID:3793
Reference:
URL:http://www.securityfocus.com/bid/3793
Reference: BID:3794
Reference:
URL:http://www.securityfocus.com/bid/3794
Reference:
XF:bugzilla-postbug-report-spoofing(7804)
Reference:
URL:http://www.iss.net/security_center/static/7804.php
Reference:
XF:bugzilla-processbug-comment-spoofing(7805)
Reference:
URL:http://www.iss.net/security_center/static/7805.php
Votes:
ACCEPT(3) Baker, Cole, Green
MODIFY(1) Frech
NOOP(2) Foat, Wall
Voter Comments:
Frech> XF:bugzilla-processbug-comment-spoofing(7805)
XF:bugzilla-postbug-report-spoofing(7804)
Name: CVE-2002-0010
Description:
Bugzilla before 2.14.1 allows remote attackers to inject
arbitrary SQL code and create files or gain privileges
via (1) the sql parameter in buglist.cgi, (2) invalid
field names from the "boolean chart" query in
buglist.cgi, (3) the mybugslink parameter in
userprefs.cgi, (4) a malformed bug ID in the buglist
parameter in long_list.cgi, and (5) the value parameter
in editusers.cgi, which allows groupset privileges to be
modified by attackers with blessgroupset privileges.
Status: Candidate
Phase: Modified (20050703)
Reference: BUGTRAQ:20020105 Security Advisory for
Bugzilla v2.15 (cvs20020103) and older
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: BUGTRAQ:20020106 Inproper input
validation in Bugzilla <=2.14 - exploit
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0052.html
Reference:
CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: REDHAT:RHSA-2002:001
Reference:
URL:http://rhn.redhat.com/errata/RHSA-2002-001.html
Reference:
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108812
Reference:
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108822
Reference:
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108821
Reference:
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=109690
Reference:
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=109679
Reference:
MISC:http://www.bugzilla.org/bugzilla2.14to2.14.1.patch
Reference: BID:3801
Reference:
URL:http://www.securityfocus.com/bid/3801
Reference: BID:3802
Reference:
URL:http://www.securityfocus.com/bid/3802
Reference: BID:3804
Reference:
URL:http://www.securityfocus.com/bid/3804
Reference: BID:3805
Reference:
URL:http://www.securityfocus.com/bid/3805
Reference: XF:bugzilla-buglist-modify-sql(7807)
Reference:
URL:http://www.iss.net/security_center/static/7807.php
Reference:
XF:bugzilla-editusers-change-groupset(7814)
Reference:
URL:http://www.iss.net/security_center/static/7814.php
Reference: XF:bugzilla-buglist-sql-logic(7813)
Reference:
URL:http://www.iss.net/security_center/static/7813.php
Reference: XF:bugzilla-longlist-modify-sql(7811)
Reference:
URL:http://www.iss.net/security_center/static/7811.php
Reference:
XF:bugzilla-userprefs-change-groupset(7809)
Reference:
URL:http://www.iss.net/security_center/static/7809.php
Votes:
ACCEPT(3) Baker, Cole, Green
NOOP(2) Foat, Wall
REVIEWING(1) Frech
Voter Comments:
Frech> XF:bugzilla-buglist-modify-sql(7807)
XF:bugzilla-userprefs-change-groupset(7809)
XF:bugzilla-longlist-modify-sql(7811)
XF:bugzilla-editusers-change-groupset(7814)
XF:bugzilla-buglist-sql-logic(7813)
Name: CVE-2002-0012
Description:
Vulnerabilities in a large number of SNMP
implementations allow remote attackers to cause a denial
of service or gain privileges via SNMPv1 trap handling,
as demonstrated by the PROTOS c06-SNMPv1 test suite.
NOTE: It is highly likely that this candidate will be
SPLIT into multiple candidates, one or more for each
vendor. This and other SNMP-related candidates will be
updated when more accurate information is available.
Status: Candidate
Phase: Modified (20061101)
Reference:
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
Reference: CERT:CA-2002-03
Reference:
URL:http://www.cert.org/advisories/CA-2002-03.html
Reference: ISS:20020212 PROTOS Remote SNMP Attack
Tool
Reference:
URL:http://www.iss.net/security_center/alerts/advise110.php
Reference: CERT-VN:VU#107186
Reference:
URL:http://www.kb.cert.org/vuls/id/107186
Reference: REDHAT:RHSA-2001:163
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2001-163.html
Reference: CALDERA:CSSA-2002-SCO.4
Reference: HP:HPSBMP0206-015
Reference:
URL:http://www.securityfocus.com/advisories/4211
Reference: SGI:20020201-01-A
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A
Reference: MS:MS02-006
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/MS02-006.asp
Reference: BID:5043
Reference:
URL:http://www.securityfocus.com/bid/5043
Reference: OVAL:oval:org.mitre.oval:def:144
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:144
Reference: OVAL:oval:org.mitre.oval:def:161
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:161
Reference: OVAL:oval:org.mitre.oval:def:298
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:298
Reference: OVAL:oval:org.mitre.oval:def:1048
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1048
Votes:
ACCEPT(6) Foat, Cole, Ziese, Jones, Green, Wall
REVIEWING(1) Christey
Voter Comments:
Christey> This candidate is at a higher level of abstraction (more
general) than most other candidates. CVE's content
decisions suggest that we should provide different candidates
for each implementation and type of bug that is affected by
the PROTOS suite.
However, as of this writing (Feb 12, 2002), there is
insufficient information to assign the proper number of
candidates. This high-level candidate will serve as a
"catch-all," but we will be assigning lower-level (more
specific) candidates when there is more information.
Due to the size and extent of this problem, it is better to
have a high-level candidate than no candidate at all.
Ziese> ACKNOWLEDGED-BY-VENDOR
Christey> DEBIAN:DSA-111
MANDRAKE:MDKSA-2002:014
CHANGE> [Christey changed vote from NOOP to REVIEWING]
Christey> CALDERA:CSSA-2002-004.0
Christey> Consider adding BID:4088
Christey> ADDREF SGI:20020404-01-P, which discusses the "hpsnmpd" daemon.
Christey> COMPAQ:SSRT0799
CONECTIVA:CLA-2002:462
BID:4088
DEBIAN:DSA-111
HP:HPSBUX0202-184
URL:http://online.securityfocus.com/advisories/4032
CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities
CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products
MANDRAKE:MDKSA-2002:014
FREEBSD:FreeBSD-SA-02:11
Christey> SUSE:SuSE-SA:2002:012
Should also mention ucd-snmp package by name.
BUGTRAQ:20020824 NOVL-2002-2961546 - SNMPv1 Trap and Request Handling Vulnerabilities
URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0295.html
HP:HPSBMP0206-015
URL:http://archives.neohapsis.com/archives/hp/2002-q4/0010.html
CALDERA:CSSA-2002-SCO.25
URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q2/0024.html
CALDERA:CSSA-2002-004.1
URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-004.1
BUGTRAQ:20020227 nCipher Security Advisory #2: SNMP vulnerabilities
URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0353.html
Christey> REDHAT:RHSA-2002:036
URL:http://www.redhat.com/support/errata/RHSA-2002-036.html
Name: CVE-2002-0013
Description:
Vulnerabilities in the SNMPv1 request handling of a
large number of SNMP implementations allow remote
attackers to cause a denial of service or gain
privileges via (1) GetRequest, (2) GetNextRequest, and
(3) SetRequest messages, as demonstrated by the PROTOS
c06-SNMPv1 test suite. NOTE: It is highly likely that
this candidate will be SPLIT into multiple candidates,
one or more for each vendor. This and other SNMP-related
candidates will be updated when more accurate
information is available.
Status: Candidate
Phase: Modified (20061101)
Reference:
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
Reference: CERT:CA-2002-03
Reference:
URL:http://www.cert.org/advisories/CA-2002-03.html
Reference: ISS:20020212 PROTOS Remote SNMP Attack
Tool
Reference:
URL:http://www.iss.net/security_center/alerts/advise110.php
Reference: CERT-VN:VU#854306
Reference:
URL:http://www.kb.cert.org/vuls/id/854306
Reference: REDHAT:RHSA-2001:163
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2001-163.html
Reference: CALDERA:CSSA-2002-SCO.4
Reference: SGI:20020201-01-A
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A
Reference: MS:MS02-006
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/MS02-006.asp
Reference: SUNALERT:57404
Reference:
URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57404-1
Reference: OVAL:oval:org.mitre.oval:def:87
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:87
Reference: OVAL:oval:org.mitre.oval:def:298
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:298
Votes:
ACCEPT(6) Foat, Cole, Ziese, Jones, Green, Wall
REVIEWING(1) Christey
Voter Comments:
Christey> This candidate is at a higher level of abstraction (more
general) than most other candidates. CVE's content
decisions suggest that we should provide different candidates
for each implementation and type of bug that is affected by
the PROTOS suite.
However, as of this writing (Feb 12, 2002), there is
insufficient information to assign the proper number of
candidates. This high-level candidate will serve as a
"catch-all," but we will be assigning lower-level (more
specific) candidates when there is more information.
Due to the size and extent of this problem, it is better to
have a high-level candidate than no candidate at all.
Christey> BID:4089
Christey> DEBIAN:DSA-111
MANDRAKE:MDKSA-2002:014
CHANGE> [Christey changed vote from NOOP to REVIEWING]
Christey> CALDERA:CSSA-2002-004.0
Christey> ADDREF SGI:20020404-01-P, which discusses the "hpsnmpd" daemon.
Christey> COMPAQ:SSRT0799
CONECTIVA:CLA-2002:462
DEBIAN:DSA-111
HP:HPSBUX0202-184
URL:http://online.securityfocus.com/advisories/4032
CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities
CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products
MANDRAKE:MDKSA-2002:014
FREEBSD:FreeBSD-SA-02:11
Christey> SUSE:SuSE-SA:2002:012
Should also mention ucd-snmp package by name.
BUGTRAQ:20020824 NOVL-2002-2961546 - SNMPv1 Trap and Request Handling Vulnerabilities
URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0295.html
HP:HPSBMP0206-015
URL:http://archives.neohapsis.com/archives/hp/2002-q4/0010.html
CALDERA:CSSA-2002-SCO.25
URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q2/0024.html
CALDERA:CSSA-2002-004.1
URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-004.1
BUGTRAQ:20020227 nCipher Security Advisory #2: SNMP vulnerabilities
URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0353.html
Christey> SUNALERT:57404
Christey> REDHAT:RHSA-2002:036
URL:http://www.redhat.com/support/errata/RHSA-2002-036.html
Name: CVE-2002-0015
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020111)
Votes:
Name: CVE-2002-0016
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020111)
Votes:
Name: CVE-2002-0019
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020114)
Votes:
Name: CVE-2002-0029
Description:
Buffer overflows in the DNS stub resolver library in ISC
BIND 4.9.2 through 4.9.10, and other derived libraries
such as BSD libc and GNU glibc, allow remote attackers
to execute arbitrary code via DNS server responses that
trigger the overflow in the (1) getnetbyname, or (2)
getnetbyaddr functions, aka "LIBRESOLV: buffer overrun"
and a different vulnerability than CVE-2002-0684.
Status: Candidate
Phase: Modified (20060523)
Reference:
CONFIRM:http://www.isc.org/products/BIND/bind-security.html
Reference: CERT:CA-2002-31
Reference:
URL:http://www.cert.org/advisories/CA-2002-31.html
Reference: CERT-VN:VU#844360
Reference:
URL:http://www.kb.cert.org/vuls/id/844360
Reference: APPLE:2002-11-21
Reference:
URL:http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
Reference: NETBSD:NetBSD-SA2002-028
Reference:
URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc
Reference: SGI:20021201-01-P
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P
Reference: XF:bind-dns-libresolv-bo(10624)
Reference:
URL:http://www.iss.net/security_center/static/10624.php
Reference: BID:6186
Reference:
URL:http://www.securityfocus.com/bid/6186
Votes:
ACCEPT(3) Baker, Cole, Frech
MODIFY(1) Cox
NOOP(2) Christey, Wall
Voter Comments:
CHANGE> [Cox changed vote from REVIEWING to MODIFY]
Cox> ADDREF: REDHAT: http://rhn.redhat.com/cve/CVE-2002-0029.html
Christey> the redhat reference is REDHAT:RHSA-2004:383
Name: CVE-2002-0030
Description:
The digital signature mechanism for the Adobe Acrobat
PDF viewer only verifies the PE header of executable
code for a plug-in, which can allow attackers to execute
arbitrary code in certified mode by making the plug-in
appear to be signed by Adobe.
Status: Candidate
Phase: Assigned (20020116)
Reference: FULLDISC:20030324 Vulnerability
(critical): Digital signature for Adobe Acrobat/Reader
plug-in can be forged
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004230.html
Reference: VULNWATCH:20030324 Vulnerability
(critical): Digital signature for Adobe Acrobat/Reader
plug-in can be forged
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0148.html
Reference: CERT-VN:VU#549913
Reference:
URL:http://www.kb.cert.org/vuls/id/549913
Reference:
CONFIRM:http://www.kb.cert.org/vuls/id/JSHA-5EZQGZ
Votes:
Name: CVE-2002-0031
Description:
Buffer overflows in Yahoo! Messenger 5,0,0,1064 and
earlier allows remote attackers to execute arbitrary
code via a ymsgr URI with long arguments to (1) call,
(2) sendim, (3) getimv, (4) chat, (5) addview, or (6)
addfriend.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020527 Yahoo Messenger -
Multiple Vulnerabilities
Reference:
URL:http://online.securityfocus.com/archive/1/274223
Reference: CERT:CA-2002-16
Reference:
URL:http://www.cert.org/advisories/CA-2002-16.html
Reference: CERT-VN:VU#137115
Reference:
URL:http://www.kb.cert.org/vuls/id/137115
Reference: BID:4837
Reference:
URL:http://www.securityfocus.com/bid/4837
Votes:
ACCEPT(4) Baker, Cole, Armstrong, Wall
MODIFY(1) Frech
NOOP(3) Foat, Cox, Christey
Voter Comments:
Christey> XF:yahoo-messenger-ymsgr-bo(9183)
URL:http://www.iss.net/security_center/static/9183.php
Frech> XF:yahoo-messenger-ymsgr-bo(9183)
Name: CVE-2002-0034
Description:
The Microsoft CONVERT.EXE program, when used on Windows
2000 and Windows XP systems, does not apply the default
NTFS permissions when converting a FAT32 file system,
which could cause the conversion to produce a file
system with less secure permissions than expected.
Status: Candidate
Phase: Assigned (20020116)
Reference: CERT-VN:VU#361065
Reference:
URL:http://www.kb.cert.org/vuls/id/361065
Reference: MS:Q237399
Reference:
URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];237399
Votes:
Name: CVE-2002-0035
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020116)
Votes:
Name: CVE-2002-0037
Description:
Lotus Domino Servers 5.x, 4.6x, and 4.5x allows
attackers to bypass the intended Reader and Author
access list for a document's object via a Notes API call
(NSFDbReadObject) that directly accesses the object.
Status: Candidate
Phase: Modified (20050528)
Reference: BUGTRAQ:20010917 Lotus Notes: File
attachments may be extracted regardless of document
security
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0147.html
Reference: BUGTRAQ:20010917 Re: Lotus Notes: File
attachments may be extracted regardless of document
security
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0150.html
Reference: CERT-VN:VU#657899
Reference:
URL:http://www.kb.cert.org/vuls/id/657899
Reference: XF:lotus-domino-nsfdbreadobject(10095)
Reference:
URL:http://www.iss.net/security_center/static/10095.php
Votes:
ACCEPT(3) Cole, Green, Wall
MODIFY(1) Frech
NOOP(4) Foat, Armstrong, Cox, Christey
Voter Comments:
Christey> Need to find some references for these... probably in
the CERT/CC vulnerability notes.
Frech> XF:lotus-domino-nsfdbreadobject(10095)
http://www.kb.cert.org/vuls/id/657899
CONFIRM:
http://www-1.ibm.com/support/docview.wss?rs=1&org=sims&doc=CCA46CF459B
A6E4A85256AE3007C92C1
Christey> Is this the same issue here?
BUGTRAQ:20011217 Lotus Notes: File attachments may be extracted regardless of document security
URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0147.html
Name: CVE-2002-0039
Description:
rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly
earlier versions, allows remote attackers to cause a
denial of service (crash) via malformed RPC packets with
invalid lengths.
Status: Candidate
Phase: Proposed (20020502)
Reference: SGI:20020306-01-P
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20020306-01-P
Votes:
ACCEPT(2) Cole, Green
MODIFY(1) Frech
NOOP(4) Foat, Armstrong, Cox, Wall
RECAST(3) Baker, Levy, Christey
Voter Comments:
Christey> CVE-2002-0039 (SGI rpcbind) is the same problem as
CVE-2001-1124 (HP rpcbind). These 2 candidates need to be
merged.
Christey> Consider adding BID:4386
Christey> XF:irix-invalid-rpc-dos(8668)
URL:http://www.iss.net/security_center/static/8668.php
BID:4386
URL:http://www.securityfocus.com/bid/4386
Levy> BID 4386 will be merged into BID 3400.
Frech> XF:irix-invalid-rpc-dos(8668)
Name: CVE-2002-0041
Description:
Unknown vulnerability in Mail for SGI IRIX 6.5 through
6.5.15f, and possibly earlier versions, when running
with the -R option, allows local and remote attackers to
cause a core dump.
Status: Candidate
Phase: Modified (20050707)
Reference: SGI:20020401-01-P
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20020401-01-P
Reference: CIAC:M-067
Reference:
URL:http://www.ciac.org/ciac/bulletins/m-067.shtml
Reference: BID:4499
Reference:
URL:http://www.securityfocus.com/bid/4499
Reference: XF:irix-mail-core-dump(8835)
Reference:
URL:http://www.iss.net/security_center/static/8835.php
Votes:
ACCEPT(3) Cole, Armstrong, Green
MODIFY(1) Frech
NOOP(3) Foat, Cox, Wall
Voter Comments:
Frech> XF:irix-mail-core-dump(8835)
Name: CVE-2002-0048
Description:
Multiple signedness errors (mixed signed and unsigned
numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and
other versions allow remote attackers to cause a denial
of service and execute arbitrary code in the rsync
client or server.
Status: Candidate
Phase: Modified (20050510)
Reference: SUSE:SuSE-SA:2002:004
Reference:
URL:http://lists.suse.com/archives/suse-security-announce/2002-Jan/0003.html
Reference: DEBIAN:DSA-106
Reference:
URL:http://www.debian.org/security/2002/dsa-106
Reference: MANDRAKE:MDKSA-2002:009
Reference:
URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-009.php
Reference: REDHAT:RHSA-2002:018
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2002-018.html
Reference: BUGTRAQ:20020128 TSLSA-2002-0025 -
rsync
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101223214906963&w=2
Reference: BUGTRAQ:20020127 rsync-2.5.2 has
security fix (was: Re: [RHSA-2002:018-05] New rsync
packages available)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101223603321315&w=2
Reference: CONECTIVA:CLA-2002:458
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000458
Reference: ENGARDE:ESA-20020125-004
Reference:
URL:http://www.linuxsecurity.com/advisories/other_advisory-1853.html
Reference: CALDERA:CSSA-2002-003.0
Reference:
URL:http://www.caldera.com/support/security/advisories/CSSA-2002-003.0.txt
Reference: FREEBSD:FreeBSD-SA-02:10
Reference:
URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:10.rsync.asc
Reference: HP:HPSBTL0201-022
Reference:
URL:http://online.securityfocus.com/advisories/3839
Reference: CERT-VN:VU#800635
Reference:
URL:http://www.kb.cert.org/vuls/id/800635
Reference: XF:linux-rsync-root-access(7993)
Reference:
URL:http://www.iss.net/security_center/static/7993.php
Reference: BID:3958
Reference:
URL:http://www.securityfocus.com/bid/3958
Votes:
ACCEPT(4) Baker, Cole, Green, Wall
MODIFY(1) Frech
NOOP(2) Foat, Christey
Voter Comments:
Frech> XF:linux-rsync-root-access(7993)
Christey> CALDERA:CSSA-2002-003.0
Christey> Consider adding BID:3958
Name: CVE-2002-0053
Description:
Buffer overflow in SNMP agent service in Windows
95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP
allows remote attackers to cause a denial of service or
execute arbitrary code via a malformed management
request. NOTE: this candidate may be split or merged
with other candidates. This and other PROTOS-related
candidates, especially CVE-2002-0012 and CVE-2002-0013,
will be updated when more accurate information is
available.
Status: Candidate
Phase: Modified (20061101)
Reference:
MISC:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0012
Reference:
MISC:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0013
Reference:
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
Reference: MS:MS02-006
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/MS02-006.asp
Reference: CERT:CA-2002-03
Reference:
URL:http://www.cert.org/advisories/CA-2002-03.html
Reference: CERT-VN:VU#854306
Reference:
URL:http://www.kb.cert.org/vuls/id/854306
Reference: CERT-VN:VU#107186
Reference:
URL:http://www.kb.cert.org/vuls/id/107186
Reference: OVAL:oval:org.mitre.oval:def:209
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:209
Reference: OVAL:oval:org.mitre.oval:def:402
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:402
Votes:
ACCEPT(5) Foat, Cole, Ziese, Green, Wall
Name: CVE-2002-0056
Description:
Buffer overflow in SQL Server 7.0 and 2000 allows remote
attackers to execute arbitrary code via a long OLE DB
provider name to (1) OpenDataSource or (2) OpenRowset in
an ad hoc connection.
Status: Candidate
Phase: Modified (20061101)
Reference: MS:MS02-007
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/MS02-007.asp
Reference: BUGTRAQ:20020219 MSDE, Sql Server 7 &
2000 Adhoc Heterogenous Queries Buffer Overflow and DOS
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101422555428036&w=2
Reference: VULN-DEV:20020219 MSDE, Sql Server 7 &
2000 Adhoc Heterogenous Queries Buffer Overflow and DOS
Reference:
URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101413924631329&w=2
Reference: CERT-VN:VU#619707
Reference:
URL:http://www.kb.cert.org/vuls/id/619707
Reference: BID:4135
Reference:
URL:http://www.securityfocus.com/bid/4135
Reference: OVAL:oval:org.mitre.oval:def:271
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:271
Votes:
ACCEPT(5) Foat, Cole, Ziese, Green, Wall
MODIFY(1) Christey
Voter Comments:
Christey> Consider adding BID:4135
CHANGE> [Christey changed vote from NOOP to MODIFY]
Christey> ADDREF BID:4135
XF:mssql-oledb-adhoc-bo(8243)
URL:http://www.iss.net/security_center/static/8243.php
Christey> CIAC:M-044
URL:http://www.ciac.org/ciac/bulletins/m-044.shtml
CERT-VN:VU#619707
URL:http://www.kb.cert.org/vuls/id/619707
Name: CVE-2002-0058
Description:
Vulnerability in Java Runtime Environment (JRE) allows
remote malicious web sites to hijack or sniff a web
client's sessions, when an HTTP proxy is being used, via
a Java applet that redirects the session to another
server, as seen in (1) Netscape 6.0 through 6.1 and 4.79
and earlier, (2) Microsoft VM build 3802 and earlier as
used in Internet Explorer 4.x and 5.x, and possibly
other implementations that use vulnerable versions of
SDK or JDK.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020305 Java HTTP proxy
vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101534535304228&w=2
Reference: SUN:00216
Reference:
URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/216
Reference: MS:MS02-013
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms02-013.asp
Votes:
ACCEPT(5) Foat, Cole, Ziese, Green, Wall
NOOP(1) Christey
Voter Comments:
Christey> Consider adding BID:4228
Christey> XF:java-vm-session-hijacking(8351)
URL:http://www.iss.net/security_center/static/8351.php
HP:HPSBUX0203-186
URL:http://online.securityfocus.com/advisories/3930
BID:4228
URL:http://www.securityfocus.com/bid/4228
Need to add "HttpURLConnection" to description (commonly used word)
Christey> ADDREF COMPAQ:SSRT0822
Christey> COMPAQ:SSRT0822
Christey> SGI:20020807-01-I
URL:ftp://patches.sgi.com/support/free/security/advisories/20020807-01-I
Christey> BID:4228
URL:http://www.securityfocus.com/bid/4228
Name: CVE-2002-0077
Description:
Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats
objects invoked on an HTML page with the codebase
property as part of Local Computer zone, which allows
remote attackers to invoke executables present on the
local system through objects such as the popup object,
aka the "Local Executable Invocation via Object tag"
vulnerability.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020113 Internet Explorer
Pop-Up OBJECT Tag Bug
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101103188711920&w=2
Reference: MS:MS02-015
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms02-015.asp
Votes:
ACCEPT(5) Foat, Cole, Armstrong, Green, Wall
MODIFY(1) Frech
NOOP(2) Cox, Christey
Voter Comments:
Christey> Consider adding BID:3867
Christey> According to Microsoft, the fix for this issue also addresses:
BUGTRAQ:20020227 IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101496184505815&w=2
Need to add this reference (and/or double-check to make sure
this is the right issue) and consider modifying the
description accordingly, though on the surface there
does not appear to be any close relation, since the
GreyMagic bug deals with Data Source (DSO)
for Data Binding with the dataFormatAs attribute set to HTML, then
using innerHTML for script injection.
Frech> XF:ie-codebase-execute-programs(7941)
Christey> Add BID:3867
Name: CVE-2002-0084
Description:
Buffer overflow in the fscache_setup function of
cachefsd in Solaris 2.6, 7, and 8 allows local users to
gain root privileges via a long mount argument.
Status: Candidate
Phase: Modified (20061101)
Reference:
MISC:http://www.esecurityonline.com/advisories/eSO4198.asp
Reference: CERT-VN:VU#161931
Reference:
URL:http://www.kb.cert.org/vuls/id/161931
Reference:
CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309
Reference: BUGTRAQ:20020429 eSecurityOnline
Security Advisory 4198 - Sun Solaris cachefsd mount file
buffer overflow vulnerability
Reference:
URL:http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00416.html
Reference: OVAL:oval:org.mitre.oval:def:43
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:43
Reference: OVAL:oval:org.mitre.oval:def:97
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:97
Votes:
ACCEPT(3) Cole, Green, Wall
NOOP(3) Foat, Ziese, Christey
Voter Comments:
Christey> CERT:CA-2002-11
CERT-VN:VU#635811
AUSCERT:AA-2002.01
URL:http://www.auscert.org.au/Information/Advisories/advisory/AA-2002.01.txt
Christey> BUGTRAQ:20020429 eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mount file buffer overflow vulnerability
URL:http://online.securityfocus.com/archive/1/270135
Christey> ADDREF CERT-VN:VU#161931
ADDREF BUGTRAQ:20020429 eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mount file buffer overflow vulnerability
ADDREF CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309
Note: this is a different vulnerability than CVE-2002-0033.
However, if there are different patches for the 2 issues, then
they may need to be merged per CD:SF-LOC.
Add that the affected function is fscache_setup()
Christey> VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mou nt file buffer overflow vulnerability
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0048.html
BID:4631
URL:http://www.securityfocus.com/bid/4631
Name: CVE-2002-0085
Description:
cachefsd in Solaris 2.6, 7, and 8 allows remote
attackers to cause a denial of service (crash) via an
invalid procedure call in an RPC request.
Status: Candidate
Phase: Modified (20071019)
Reference: BUGTRAQ:20020429 eSecurityOnline
Security Advisory 2397 - Sun Solaris admintool -d and
PRODVERS buffer overflow vulnerabilities
Reference:
URL:http://online.securityfocus.com/archive/1/270122
Reference: VULNWATCH:20020429 eSecurityOnline
Security Advisory 4197 - Sun Solaris cachefsd denial of
service vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0047.html
Reference:
MISC:http://www.esecurityonline.com/advisories/eSO4197.asp
Reference: BID:4634
Reference:
URL:http://www.securityfocus.com/bid/4634
Reference: OVAL:oval:org.mitre.oval:def:4329
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4329
Reference: XF:solaris-cachefsd-rpc-dos(8956)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8956
Votes:
ACCEPT(3) Cole, Green, Wall
NOOP(3) Foat, Ziese, Christey
Voter Comments:
Christey> BUGTRAQ:20020429 eSecurityOnline Security Advisory 4197 - Sun Solaris cachefsd denial of service vulnerability
URL:http://online.securityfocus.com/archive/1/270134
BID:4634
URL:http://online.securityfocus.com/bid/4634
Name: CVE-2002-0086
Description:
Buffer overflow in bindsock in Lotus Domino 5.0.4 and
5.0.7 on Linux allows local users to gain root
privileges via a long (1) Notes_ExecDirectory or (2)
PATH environment variable.
Status: Candidate
Phase: Modified (20050528)
Reference:
MISC:http://www.esecurityonline.com/advisories/eSO4126.asp
Reference:
MISC:http://www.esecurityonline.com/advisories/eSO4124.asp
Reference:
CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21100441
Reference:
CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21095569
Reference: BID:4317
Reference:
URL:http://www.securityfocus.com/bid/4317
Reference: BID:4319
Reference:
URL:http://www.securityfocus.com/bid/4319
Reference:
XF:lotus-domino-notes-execdirectory-bo(8583)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8583
Reference: XF:lotus-domino-path-bo(8585)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8585
Votes:
ACCEPT(3) Foat, Cole, Green
MODIFY(1) Balinsky
NOOP(3) Ziese, Christey, Wall
Voter Comments:
Christey> Consider adding BID:4317
Christey> Consider adding BID:4319
CHANGE> [Balinsky changed vote from ACCEPT to MODIFY]
Balinsky> Should say 5.0.4 through 5.0.9 (not including version 5.0.9a, which includes the fix)
Balinsky> Additional Modification: Should say "Linux and Solaris"
CHANGE> [Foat changed vote from NOOP to ACCEPT]
Christey> CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=463&rt=0&org=sims&doc=92579CFD6F92B39A85256B7D006AC89B
CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=463&rt=0&org=sims&doc=D52DF997ABFFFC8385256B7D0062AD5C
VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 4126 - Lotus Domino bindsock Notes_ExecDirectory buffer overflow vulnerability
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0046.html
VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 4124 - Lotus Domino bindsock PATH buffer overflow vulnerability
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0044.html
Name: CVE-2002-0087
Description:
bindsock in Lotus Domino 5.07 on Solaris allows local
users to create arbitrary files via a symlink attack on
temporary files.
Status: Candidate
Phase: Modified (20050528)
Reference:
MISC:http://www.esecurityonline.com/advisories/eSO4125.asp
Reference:
CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21095671
Reference: BID:4318
Reference:
URL:http://www.securityfocus.com/bid/4318
Reference: XF:lotus-domino-tmpfile-symlink(8586)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8586
Votes:
ACCEPT(4) Foat, Cole, Green, Balinsky
NOOP(3) Ziese, Christey, Wall
Voter Comments:
Christey> Consider adding BID:4318
CHANGE> [Foat changed vote from NOOP to ACCEPT]
Christey> CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=463&rt=0&org=sims&doc=93B3ED336951525385256B7D006A3CE3
VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 4125 - Lotus Domino bindsock arbitrary file creation vulnerability
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0045.html
Name: CVE-2002-0088
Description:
Buffer overflow in admintool in Solaris 2.6, 7, and 8
allows local users to gain root privileges via a long
media installation path.
Status: Candidate
Phase: Modified (20061101)
Reference:
MISC:http://www.esecurityonline.com/advisories/eSO4123.asp
Reference: OVAL:oval:org.mitre.oval:def:48
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:48
Reference: OVAL:oval:org.mitre.oval:def:60
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:60
Votes:
ACCEPT(3) Cole, Green, Wall
NOOP(3) Foat, Ziese, Christey
Voter Comments:
Christey> BUGTRAQ:20020429 eSecurityOnline Security Advisory 4123 - Sun Solaris admintool media installation path buffer overflow vulnerability
URL:http://online.securityfocus.com/archive/1/270137
BID:4632
URL:http://www.securityfocus.com/bid/4632
VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 4123 - Sun Solaris admintool me dia installation path buffer overflow vulnerability
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0043.html
Christey> CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert%2F44541&zone_32=category%3Asecurity%20admintool
(thanks to Matt Wojcik for this info)
Name: CVE-2002-0089
Description:
Buffer overflow in admintool in Solaris 2.5 through 8
allows local users to gain root privileges via long
arguments to (1) the -d command line option, or (2) the
PRODVERS argument in the .cdtoc file.
Status: Candidate
Phase: Modified (20061101)
Reference: BUGTRAQ:20020429 eSecurityOnline
Security Advisory 2397 - Sun Solaris admintool -d and
PRODVERS buffer overflow vulnerabilities
Reference:
URL:http://online.securityfocus.com/archive/1/270122
Reference:
MISC:http://www.esecurityonline.com/advisories/eSO2397.asp
Reference: BID:4624
Reference:
URL:http://www.securityfocus.com/bid/4624
Reference: OVAL:oval:org.mitre.oval:def:67
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:67
Reference: OVAL:oval:org.mitre.oval:def:68
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:68
Reference: XF:solaris-admintool-d-bo(8954)
Reference:
URL:http://www.iss.net/security_center/static/8954.php
Reference: XF:solaris-admintool-prodvers-bo(8955)
Reference:
URL:http://www.iss.net/security_center/static/8955.php
Votes:
ACCEPT(3) Cole, Ziese, Green
NOOP(3) Foat, Christey, Wall
Voter Comments:
Christey> VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0035.html
BUGTRAQ:20020429 eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities
URL:http://online.securityfocus.com/archive/1/270122
BID:4624
URL:http://www.securityfocus.com/bid/4624
Christey> CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F27353
Name: CVE-2002-0091
Description:
Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows
remote attackers to execute arbitrary commands via
certain form fields.
Status: Candidate
Phase: Modified (20050707)
Reference: BUGTRAQ:20020429 eSecurityOnline
Security Advisory 2408 - CIDER SHADOW CGI
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0400.html
Reference:
MISC:http://www.esecurityonline.com/advisories/eSO2408.asp
Reference: BID:4625
Reference:
URL:http://www.securityfocus.com/bid/4625
Reference: XF:shadow-cgi-execute-commands(8953)
Reference:
URL:http://www.iss.net/security_center/static/8953.php
Votes:
ACCEPT(2) Cole, Green
NOOP(4) Foat, Ziese, Christey, Wall
Voter Comments:
Christey> VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0038.html
BID:4625
URL:http://www.securityfocus.com/bid/4625
BUGTRAQ:20020429 eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI
URL:http://online.securityfocus.com/archive/1/270111
Name: CVE-2002-0093
Description:
Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through
5.1a may allow attackers to execute arbitrary code, a
different vulnerability than CVE-2001-0423.
Status: Candidate
Phase: Modified (20050325)
Reference: HP:SSRT2275
Reference:
URL:http://archives.neohapsis.com/archives/compaq/2002-q3/0010.html
Reference: HP:SSRT0794U
Reference:
URL:http://archives.neohapsis.com/archives/compaq/2002-q3/0010.html
Reference: CERT-VN:VU#771155
Reference:
URL:http://www.kb.cert.org/vuls/id/771155
Reference: BID:5241
Reference:
URL:http://www.securityfocus.com/bid/5241
Reference: XF:tru64-ipcs-bo(9613)
Reference:
URL:http://www.iss.net/security_center/static/9613.php
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(3) Foat, Cox, Wall
Voter Comments:
Frech> Correction:
URL:http://archives.neohapsis.com/archives/compaq/2002-q3/0010.html
Name: CVE-2002-0099
Description:
Buffer overflow in Michael Lamont Savant Web Server 3.0
allows remote attackers to cause a denial of service
(crash) via a long HTTP request to the cgi-bin directory
in which the CGI program name contains a large number of
. (dot) characters.
Status: Candidate
Phase: Modified (20020911-01)
Reference: BUGTRAQ:20020105 Savant Webserver
Buffer Overflow Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101027722904078&w=2
Reference: NTBUGTRAQ:20020109 Savant Webserver
Buffer Overflow Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101062823305479&w=2
Reference: BID:3788
Reference:
URL:http://www.securityfocus.com/bid/3788
Reference: XF:savant-long-parameter-bo(7786)
Reference:
URL:http://www.iss.net/security_center/static/7786.php
Votes:
ACCEPT(2) Frech, Green
NOOP(4) Foat, Cole, Ziese, Wall
REVIEWING(1) Christey
Voter Comments:
Christey> Should CVE-2002-0099 and/or CVE-2001-0433 be MERGED with
CVE-2000-0641? All describe slightly different overflows
that, perhaps, should be merged according to CD:SF-LOC.
It depends on which versions are affected, which would require
some vendor acknowledgement or consultation.
A vague changelog for version 3.1 at
http://sourceforge.net/project/shownotes.php?release_id=75333 says
"security fixes" but it's not clear *which* security fixes
were made.
The description for CVE-2000-0641 is slightly incorrect. The
exploit is clearly due to a large number of headers, not
arguments to the GET request itself. So, CVE-2000-0641
clearly overlaps with CVE-2001-0433.
The exploit for CVE-2001-0433 also doesn't really have
anything to do with a "cgi-test.pl" program (which isn't in
the distribution). The discloser simply used that as an
example program of a long request.
Christey> Modify description so that overflow is described as being
part of the CGI module (so it appears).
Also, Tamer Sahin confirmed via email (9/11/02) that the
problem was explicitly exhibited using a large number of
. (dot) characters.
Name: CVE-2002-0100
Description:
AOL AOLserver 3.4.2 Win32 allows remote attackers to
bypass authentication and read password-protected files
via a URL that directly references the file.
Status: Candidate
Phase: Modified (20050710)
Reference: BUGTRAQ:20020106 AOLserver 3.4.2
Unauthorized File Disclosure Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101038936305397&w=2
Reference: NTBUGTRAQ:20020109 AOLserver 3.4.2
Unauthorized File Disclosure Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101062823205474&w=2
Reference: VULNWATCH:20020106 AOLserver 3.4.2
Unauthorized File Disclosure Vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0005.html
Reference: BID:3791
Reference:
URL:http://www.securityfocus.com/bid/3791
Reference:
XF:aolserver-protected-file-access(7825)
Reference:
URL:http://www.iss.net/security_center/static/7825.php
Votes:
ACCEPT(2) Frech, Green
NOOP(4) Foat, Cole, Ziese, Wall
Name: CVE-2002-0101
Description:
Microsoft Internet Explorer 6.0 and earlier allows local
users to cause a denial of service via an infinite loop
for modeless dialogs showModelessDialog, which causes
CPU usage while the focus for the dialog is not
released.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020106 Internet Explorer
Javascript Modeless Popup Local Denial of Service
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101039104608083&w=2
Reference: BID:3789
Reference:
URL:http://www.securityfocus.com/bid/3789
Reference: XF:ie-modeless-dialog-dos(7826)
Reference:
URL:http://www.iss.net/security_center/static/7826.php
Votes:
ACCEPT(4) Foat, Frech, Ziese, Green
NOOP(1) Cole
REVIEWING(1) Wall
Voter Comments:
Ziese> would seem appropriate as a CVE entry.
CHANGE> [Foat changed vote from NOOP to ACCEPT]
Name: CVE-2002-0102
Description:
Oracle9iAS Web Cache 2.0.0.x allows remote attackers to
cause a denial of service via (1) a request to TCP ports
1100, 4000, 4001, and 4002 with a large number of null
characters, and (2) a request to TCP port 4000 with a
large number of "." characters.
Status: Candidate
Phase: Modified (20050707)
Reference:
CONFIRM:http://otn.oracle.com/deploy/security/pdf/webcache2.pdf
Reference: BID:3760
Reference:
URL:http://www.securityfocus.com/bid/3760
Reference: BID:3762
Reference:
URL:http://www.securityfocus.com/bid/3762
Reference: XF:oracle-appserver-null-dos(7765)
Reference:
URL:http://xforce.iss.net/static/7765.php
Votes:
ACCEPT(4) Foat, Cole, Ziese, Green
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:oracle-appserver-admin-dos(7310)
XF:oracle-appserver-null-dos(7765)
CHANGE> [Foat changed vote from NOOP to ACCEPT]
Name: CVE-2002-0103
Description:
An installer program for Oracle9iAS Web Cache 2.0.0.x
creates executable and configuration files with insecure
permissions, which allows local users to gain privileges
by (1) running webcached or (2) obtaining the
administrator password from webcache.xml.
Status: Candidate
Phase: Modified (20050706)
Reference: BUGTRAQ:20020107 [PTL-2002-01]
Vulnerabilities in Oracle9iAS Web Cache
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101041510727937&w=2
Reference:
CONFIRM:http://otn.oracle.com/deploy/security/pdf/webcache2.pdf
Reference: BID:3761
Reference:
URL:http://www.securityfocus.com/bid/3761
Reference: BID:3764
Reference:
URL:http://www.securityfocus.com/bid/3764
Reference:
XF:oracle-appserver-webcached-privileges(7766)
Reference:
URL:http://www.iss.net/security_center/static/7766.php
Reference:
XF:oracle-appserver-webcache-password(7768)
Reference:
URL:http://www.iss.net/security_center/static/7768.php
Votes:
ACCEPT(5) Foat, Cole, Ziese, Green, Wall
MODIFY(1) Frech
Voter Comments:
Frech> XF:oracle-appserver-webcached-privileges(7766)
XF:oracle-appserver-webcache-password(7768)
CHANGE> [Foat changed vote from NOOP to ACCEPT]
Name: CVE-2002-0104
Description:
AFTPD 5.4.4 allows remote attackers to gain sensitive
information via a CD (CWD) ~ (tilde) command, which
causes a core dump.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020107 Aftpd core dump
vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101041333323486&w=2
Reference: BID:3806
Reference:
URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3806
Reference: XF:aftpd-crash-core-dump(7832)
Reference:
URL:http://www.iss.net/security_center/static/7832.php
Votes:
ACCEPT(2) Frech, Green
NOOP(4) Foat, Cole, Ziese, Wall
Name: CVE-2002-0105
Description:
CDE dtlogin in Caldera UnixWare 7.1.0, and possibly
other operating systems, allows local users to gain
privileges via a symlink attack on /var/dt/Xerrors since
/var/dt is world-writable.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020108 CDE bug in Unixware
7.1
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101060400802428&w=2
Reference: BID:3818
Reference:
URL:http://www.securityfocus.com/bid/3818
Reference: XF:unixware-dtlogin-log-symlink(7864)
Reference:
URL:http://www.iss.net/security_center/static/7864.php
Votes:
ACCEPT(2) Frech, Green
NOOP(4) Foat, Cole, Ziese, Wall
REVIEWING(1) Christey
Voter Comments:
Christey> CALDERA:CSSA-2002-SCO.18
XF:cde-dt-world-writable(9045)
URL:http://www.iss.net/security_center/static/9045.php
Note: the advisory sort-of implies that world-write
permissions were the key problem, so the fact that a symlink
attack could take place did not necessarily mean that a
symlink following vulnerability really existed, in the sense
that symlink attacks don't exist in directories that are
not writable by other users (well, without those users
exploiting some *other* vulnerability to allow them to create
the symlink!)
CHANGE> [Christey changed vote from NOOP to REVIEWING]
Christey> Hmmm... should XF:cde-dt-world-writable(9045) really be added
here? ISS may have "split" between the permissions issue
and the symlink problem.
Name: CVE-2002-0106
Description:
BEA Systems Weblogic Server 6.1 allows remote attackers
to cause a denial of service via a series of requests to
.JSP files that contain an MS-DOS device name.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020108 KPMG-2002003: Bea
Weblogic DOS-device Denial of Service
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101050440629269&w=2
Reference: BID:3816
Reference:
URL:http://www.securityfocus.com/bid/3816
Reference: XF:weblogic-dos-jsp-dos(7808)
Reference:
URL:http://www.iss.net/security_center/static/7808.php
Votes:
ACCEPT(2) Frech, Green
NOOP(4) Foat, Cole, Ziese, Wall
Name: CVE-2002-0108
Description:
Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1
allows remote authenticated users to spoof messages as
other users by modifying the hidden form fields for the
name and e-mail address.
Status: Candidate
Phase: Modified (20050313)
Reference: BUGTRAQ:20020108 Allaire Forums
Vulnerability
Reference:
URL:http://online.securityfocus.com/archive/1/249026
Reference: CERT-VN:VU#575619
Reference:
URL:http://www.kb.cert.org/vuls/id/575619
Reference: BID:3827
Reference:
URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3827
Reference:
XF:allaire-forums-message-spoofing(7841)
Reference:
URL:http://www.iss.net/security_center/static/7841.php
Votes:
ACCEPT(2) Frech, Green
NOOP(4) Foat, Cole, Ziese, Wall
Name: CVE-2002-0109
Description:
Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81
Routers, and possibly other products, allow remote
attackers to gain sensitive information and cause a
denial of service via an SNMP query for the default
community string "public," which causes the router to
change its configuration and send SNMP trap information
back to the system that initiated the query.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020106 Linksys 'routers',
SNMP issues
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101039288111680&w=2
Reference: BID:3795
Reference:
URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3795
Reference: BID:3797
Reference:
URL:http://www.securityfocus.com/bid/3797
Reference:
XF:linksys-etherfast-default-snmp(7827)
Reference:
URL:http://www.iss.net/security_center/static/7827.php
Votes:
ACCEPT(2) Frech, Green
MODIFY(1) Foat
NOOP(2) Cole, Wall
Voter Comments:
Foat> Our testing showed that this vulnerabiltiy did not apply to BEFSR41
routers.
Name: CVE-2002-0110
Description:
Nevrona Designs MiraMail 1.04 and earlier stores
authentication information such as POP usernames and
passwords in plaintext in a .ini file, which allows an
attacker to gain privileges by reading the passwords
from the file.
Status: Candidate
Phase: Modified (20050328)
Reference: BUGTRAQ:20020109 MiraMail 1.04 can
give POP account access and details
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101063476715154&w=2
Reference: CERT-VN:VU#245707
Reference:
URL:http://www.kb.cert.org/vuls/id/245707
Reference: BID:3843
Reference:
URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3843
Reference: XF:miramail-plaintext-auth-info(7855)
Reference:
URL:http://www.iss.net/security_center/static/7855.php
Votes:
ACCEPT(4) Cole, Frech, Green, Balinsky
NOOP(2) Foat, Wall
Name: CVE-2002-0112
Description:
Etype Eserv 2.97 allows remote attackers to view
password protected files via /./ in the URL.
Status: Candidate
Phase: Modified (20050707)
Reference: BUGTRAQ:20020109 Eserv 2.97 Password
Protected File Arbitrary Read Access Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101062172226812&w=2
Reference: NTBUGTRAQ:20020109 Eserv 2.97 Password
Protected File Arbitrary Read Access Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101062823505486&w=2
Reference: VULNWATCH:20020109 Eserv 2.97 Password
Protected File Arbitrary Read Access Vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0010.html
Reference: BUGTRAQ:20020111 Eserv 2.97 Password
Protected File Arbitrary Read Access Vulnerability
(Solution)
Reference:
URL:http://online.securityfocus.com/archive/1/249734
Reference: BID:3838
Reference:
URL:http://www.securityfocus.com/bid/3838
Reference: XF:eserv-protected-file-access(7849)
Reference:
URL:http://www.iss.net/security_center/static/7849.php
Votes:
ACCEPT(1) Green
MODIFY(1) Frech
NOOP(3) Foat, Cole, Wall
Voter Comments:
Green> Vendor has released upgrades
Frech> XF:eserv-protected-file-access(7849)
ADDREF:http://online.securityfocus.com/archive/1/249210
Name: CVE-2002-0113
Description:
Legato NetWorker 6.1 stores log files in the /nsr/logs/
directory with world-readable permissions, which allows
local users to read sensitive information and possibly
gain privileges.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020110 Legato Vulnerable
Reference:
URL:http://online.securityfocus.com/archive/1/249420
Reference: BID:3840
Reference:
URL:http://www.securityfocus.com/bid/3840
Reference: XF:legato-nsrd-log-permissions(7897)
Reference:
URL:http://www.iss.net/security_center/static/7897.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Name: CVE-2002-0114
Description:
Legato NetWorker 6.1 stores passwords in plaintext in
the daemon.log file, which allows local users to gain
privileges by reading the password from the file.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020110 Legato Vulnerable
Reference:
URL:http://online.securityfocus.com/archive/1/249420
Reference: BID:3842
Reference:
URL:http://www.securityfocus.com/bid/3842
Reference: XF:legato-nsrd-log-plaintext(7898)
Reference:
URL:http://www.iss.net/security_center/static/7898.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Name: CVE-2002-0116
Description:
Palm OS 3.5h and possibly other versions, as used in
Handspring Visor and Xircom products, allows remote
attackers to cause a denial of service via a TCP connect
scan, e.g. from nmap.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020110 Handspring Visor
D.O.S
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101069677929208&w=2
Reference: BUGTRAQ:20020110 Re: Handspring Visor
D.O.S
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101070523119956&w=2
Reference: BID:3847
Reference:
URL:http://www.securityfocus.com/bid/3847
Reference: XF:palmos-nmap-dos(7865)
Reference:
URL:http://www.iss.net/security_center/static/7865.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Voter Comments:
Green> Caused a full reset on a Visor
Name: CVE-2002-0118
Description:
Cross-site scripting vulnerability in Infopop Ultimate
Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows
remote attackers to execute arbitrary script and steal
cookies via a message containing encoded Javascript in
an IMG tag.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020108 CSS vulnerabilities
in YaBB and UBB allow account hijack [Multiple Vendor]
Reference:
URL:http://online.securityfocus.com/archive/1/249031
Reference: BID:3829
Reference:
URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3829
Reference: XF:ultimatebb-encoded-css(7838)
Reference:
URL:http://www.iss.net/security_center/static/7838.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Name: CVE-2002-0119
Description:
Alcatel Speed Touch Home ADSL Modem allows remote
attackers to cause a denial of service (reboot) via a
network scan with unusual packets, such as nmap with OS
detection.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020111 Bug in alcatel speed
touch home adsl modem
Reference:
URL:http://online.securityfocus.com/archive/1/249746
Reference: BID:3851
Reference:
URL:http://www.securityfocus.com/bid/3851
Reference: XF:alcatel-speedtouch-nmap-dos(7893)
Reference:
URL:http://www.iss.net/security_center/static/7893.php
Votes:
ACCEPT(2) Frech, Green
NOOP(4) Foat, Cole, Christey, Wall
Voter Comments:
Christey> According to an email from Alcatel personnel, the ADSL modem
business was sold to TMM (Thomson Multi Media) in 2001;
therefore TMM should be consulted for acknowledgement.
Name: CVE-2002-0122
Description:
Siemens 3568i WAP mobile phones allows remote attackers
to cause a denial of service (crash) via an SMS message
containing unusual characters.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020114 Siemens Mobie SMS
Exceptional Character Vulnerability
Reference:
URL:http://online.securityfocus.com/archive/1/250115
Reference: BID:3870
Reference:
URL:http://www.securityfocus.com/bid/3870
Reference: XF:siemens-invalid-sms-dos(7902)
Reference:
URL:http://www.iss.net/security_center/static/7902.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Name: CVE-2002-0124
Description:
MDG Computer Services Web Server 4D/eCommerce 3.5.3
allows remote attackers to exploit directory traversal
vulnerability via a ../ (dot dot) containing URL-encoded
slashes in the HTTP request.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020114 Web Server
4D/eCommerce 3.5.3 Directory Traversal Vulnerability
Reference:
URL:http://online.securityfocus.com/archive/1/250231
Reference: BID:3872
Reference:
URL:http://www.securityfocus.com/bid/3872
Reference: XF:ws4d-dot-directory-traversal(7878)
Reference:
URL:http://www.iss.net/security_center/static/7878.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Voter Comments:
Frech> ADDREF:http://www.mdg.com/(MDG Web site)
Name: CVE-2002-0125
Description:
Buffer overflow in ClanLib library 0.5 may allow local
users to execute arbitrary code in games that use the
library, such as (1) Super Methane Brothers, (2) Star
War, (3) Kwirk, (4) Clankanoid, and others, via a long
HOME environment variable.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020114 Clanlib overflow /
Super Methane Brothers overflow
Reference:
URL:http://online.securityfocus.com/archive/1/250414
Reference: BID:3877
Reference:
URL:http://www.securityfocus.com/bid/3877
Reference: XF:clanlib-long-env-bo(7905)
Reference:
URL:http://www.iss.net/security_center/static/7905.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Name: CVE-2002-0126
Description:
Buffer overflow in BlackMoon FTP Server 1.0 through 1.5
allows remote attackers to execute arbitrary code via a
long argument to (1) USER, (2) PASS, or (3) CWD.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020115 BlackMoon FTPd Buffer
Overflow Vulnerability
Reference:
URL:http://online.securityfocus.com/archive/1/250543
Reference: BID:3884
Reference:
URL:http://www.securityfocus.com/bid/3884
Reference:
MISC:http://members.rogers.com/blackmoon2k/pages/news_page.html
Reference: XF:blackmoon-ftpd-static-bo(7895)
Reference:
URL:http://www.iss.net/security_center/static/7895.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Name: CVE-2002-0127
Description:
Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26,
when configured to block traffic below port 1024, allows
remote attackers to cause a denial of service (hang) via
a port scan of the WAN port.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020115 Vulnerability Netgear
RP-114 Router - nmap causes DOS
Reference:
URL:http://online.securityfocus.com/archive/1/250405
Reference: BID:3876
Reference:
URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3876
Votes:
ACCEPT(1) Green
MODIFY(1) Frech
NOOP(3) Foat, Cole, Wall
Voter Comments:
Frech> XF:netgear-wan-scan-dos(7903)
Name: CVE-2002-0129
Description:
efax 0.9 and earlier, when installed setuid root, allows
local users to read arbitrary files via the -d option,
which prints the contents of the file in a warning
message.
Status: Candidate
Phase: Proposed (20020315)
Reference: VULN-DEV:20020116 efax
Reference:
URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101114350330912&w=2
Reference: BUGTRAQ:20020116 Re: efax
Reference:
URL:http://seclists.org/bugtraq/2002/Jan/0212.html
Reference: BID:3895
Reference:
URL:http://www.securityfocus.com/bid/3895
Reference: XF:efax-d-read-files(7921)
Reference:
URL:http://www.iss.net/security_center/static/7921.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Name: CVE-2002-0130
Description:
Buffer overflow in efax 0.9 and earlier, when installed
setuid root, allows local users to execute arbitrary
code via a long -x argument.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020116 Re: efax
Reference:
URL:http://seclists.org/bugtraq/2002/Jan/0212.html
Reference: VULN-DEV:20020117 Re: efax -
Exploitation info
Reference:
URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101133782204289&w=2
Reference: BID:3894
Reference:
URL:http://www.securityfocus.com/bid/3894
Reference: XF:efax-x-bo(7920)
Reference:
URL:http://www.iss.net/security_center/static/7920.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Name: CVE-2002-0131
Description:
ActivePython ActiveX control for Python in the AXScript
package, when used in Internet Explorer, does not
prevent a script from reading files from the client's
filesystem, which allows remote attackers to read
arbitrary files via a malicious web page containing
Python script.
Status: Candidate
Phase: Modified (20050527)
Reference: BUGTRAQ:20020115 Serious privacy leak
in Python for Windows
Reference:
URL:http://marc.theaimsgroup.com/?t=101113015900001&r=1&w=2
Reference: BUGTRAQ:20020116 Re: Serious privacy
leak in Python for Windows
Reference:
URL:http://www.securityfocus.com/archive/1/250814
Reference: BID:3893
Reference:
URL:http://www.securityfocus.com/bid/3893
Reference:
XF:activepython-activex-read-files(7910)
Reference:
URL:http://www.iss.net/security_center/static/7910.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Name: CVE-2002-0132
Description:
Buffer overflow in Chinput 3.0 allows local users to
execute arbitrary code via a long HOME environment
variable.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020116 Chinput Buffer
Overflow Vulnerability
Reference:
URL:http://online.securityfocus.com/archive/1/250815
Reference: BID:3896
Reference:
URL:http://www.securityfocus.com/bid/3896
Reference: XF:chinput-long-env-bo(7911)
Reference:
URL:http://www.iss.net/security_center/static/7911.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Name: CVE-2002-0133
Description:
Buffer overflows in Avirt Gateway Suite 4.2 allow remote
attackers to cause a denial of service and possibly
execute arbitrary code via (1) long header fields to the
HTTP proxy, or (2) a long string to the telnet proxy.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020117 Avirt Proxy Buffer
Overflow Vulnerabilities
Reference:
URL:http://online.securityfocus.com/archive/1/251055
Reference: BUGTRAQ:20020121 [resend] Avirt
Gateway Telnet Vulnerability (and more?)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101164598828092&w=2
Reference: BUGTRAQ:20020220 Avirt 4.2 question
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424723728817&w=2
Reference: BUGTRAQ:20020212 Avirt Gateway 4.2
remote buffer overflow: proof of concept
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101366658112809&w=2
Reference: BID:3904
Reference:
URL:http://www.securityfocus.com/bid/3904
Reference: BID:3905
Reference:
URL:http://www.securityfocus.com/bid/3905
Reference: XF:avirt-http-proxy-bo(7916)
Reference:
URL:http://www.iss.net/security_center/static/7916.php
Reference: XF:avirt-telnet-proxy-bo(7918)
Reference:
URL:http://www.iss.net/security_center/static/7918.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Name: CVE-2002-0134
Description:
Telnet proxy in Avirt Gateway Suite 4.2 does not require
authentication for connecting to the proxy system
itself, which allows remote attackers to list file
contents of the proxy and execute arbitrary commands via
a "dos" command.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020117 Avirt Gateway Suite
Remote SYSTEM Level Compromise
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101131669102843&w=2
Reference: BUGTRAQ:20020220 Avirt 4.2 question
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424723728817&w=2
Reference: BID:3901
Reference:
URL:http://www.securityfocus.com/bid/3901
Reference: XF:avirt-gateway-telnet-access(7915)
Reference:
URL:http://www.iss.net/security_center/static/7915.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Name: CVE-2002-0135
Description:
Netopia Timbuktu Pro 6.0.1 and earlier allows remote
attackers to cause a denial of service (crash) via a
series of connections to one of the ports (1417 - 1420).
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020118 Timbuktu 6.0.1 and
Older DoS Advisory
Reference:
URL:http://online.securityfocus.com/archive/1/251582
Reference: BID:3918
Reference:
URL:http://www.securityfocus.com/bid/3918
Reference: XF:timbuktu-multiple-conn-dos(7935)
Reference:
URL:http://www.iss.net/security_center/static/7935.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Name: CVE-2002-0136
Description:
Microsoft Internet Explorer 5.5 on Windows 98 allows
remote web pages to cause a denial of service (hang) via
extremely long values for form fields such as INPUT and
TEXTAREA, which can be automatically filled via
Javascript.
Status: Candidate
Phase: Modified (20050528)
Reference: BUGTRAQ:20020115 IE FORM DOS
Reference:
URL:http://online.securityfocus.com/archive/1/250592
Reference: BID:3892
Reference:
URL:http://www.securityfocus.com/bid/3892
Reference: XF:ie-html-form-dos(7938)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/7938
Votes:
ACCEPT(1) Green
MODIFY(1) Frech
NOOP(2) Foat, Cole
REVIEWING(1) Wall
Voter Comments:
Frech> XF:ie-html-form-dos(7938)
Name: CVE-2002-0137
Description:
CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite
arbitrary files via a symlink attack on the
$HOME/.cdrdao configuration file.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020112 cdrdao insecure
filehandling
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101102759631000&w=2
Reference: BID:3865
Reference:
URL:http://www.securityfocus.com/bid/3865
Votes:
ACCEPT(1) Green
MODIFY(1) Frech
NOOP(3) Foat, Cole, Wall
Voter Comments:
Frech> XF:cdrdao-home-symlink(7934)
Name: CVE-2002-0138
Description:
CDRDAO 1.1.4 and 1.1.5 allows local users to read
arbitrary files via the show-data command.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020112 cdrdao insecure
filehandling
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101102759631000&w=2
Reference: BUGTRAQ:20020115 Re: cdrdao insecure
filehandling
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101111688819855&w=2
Votes:
ACCEPT(1) Green
NOOP(3) Foat, Cole, Wall
REVIEWING(1) Frech
Name: CVE-2002-0140
Description:
Domain Name Relay Daemon (dnrd) 2.10 and earlier allows
remote malicious DNS sites to cause a denial of service
and possibly execute arbitrary code via a long or
malformed DNS reply, which is not handled properly by
parse_query, get_objectname, and possibly other
functions.
Status: Candidate
Phase: Modified (20050707)
Reference: BUGTRAQ:20020120 dnrd 2.10 dos
Reference:
URL:http://online.securityfocus.com/archive/1/251619
Reference: BID:3928
Reference:
URL:http://www.securityfocus.com/bid/3928
Reference: XF:dnrd-dns-dos(7957)
Reference:
URL:http://www.iss.net/security_center/static/7957.php
Votes:
ACCEPT(2) Foat, Green
MODIFY(1) Frech
NOOP(2) Cole, Wall
Voter Comments:
Frech> XF:dnrd-dns-dos(7957)
Name: CVE-2002-0141
Description:
Maelstrom GPL 3.0.1 allows local users to overwrite
arbitrary files of other Maelstrom users via a symlink
attack on the /tmp/f file.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020120 Maelstrom 1.4.3
abartity file overwrite
Reference:
URL:http://online.securityfocus.com/archive/1/251419
Reference: BID:3911
Reference:
URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3911
Reference: XF:maelstrom-tmp-symlink(7939)
Reference:
URL:http://www.iss.net/security_center/static/7939.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Wall
Name: CVE-2002-0142
Description:
CGI handler in John Roy Pi3Web for Windows 2.0 beta 1
and 2 allows remote attackers to cause a denial of
service (crash) via a series of requests whose physical
path is exactly 260 characters long and ends in a series
of . (dot) characters.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020114 Pi3Web Webserver v2.0
Buffer Overflow Vulnerability
Reference:
URL:http://online.securityfocus.com/archive/1/250126
Reference: BUGTRAQ:20020121 Re: Pi3Web Webserver
v2.0 Buffer Overflow Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101164598828093&w=2
Reference: NTBUGTRAQ:20020113 Pi3Web Webserver
v2.0 Buffer Overflow Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101102275316307&w=2
Reference:
CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=505583&group_id=17753&atid=317753
Reference: BID:3866
Reference:
URL:http://www.securityfocus.com/bid/3866
Reference: XF:pi3web-long-parameter-bo(7880)
Reference:
URL:http://www.iss.net/security_center/static/7880.php
Votes:
ACCEPT(3) Cole, Frech, Green
NOOP(4) Foat, Balinsky, Christey, Wall
Voter Comments:
Christey> VULNWATCH:20020113 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0015.html
Name: CVE-2002-0144
Description:
Directory traversal vulnerability in chuid 1.2 and
earlier allows remote attackers to change the ownership
of files outside of the upload directory via a .. (dot
dot) attack.
Status: Candidate
Phase: Proposed (20020315)
Reference: BUGTRAQ:20020121 security
vulnerability in chuid
Reference:
URL:http://online.securityfocus.com/archive/1/251763
Reference: BID:3937
Reference:
URL:http://www.securityfocus.com/bid/3937
Reference:
XF:chuid-unauthorized-ownership-change(7976)
Reference:
URL:http://www.iss.net/security_center/static/7976.php
Votes:
ACCEPT(4) Cole, Frech, Green, Balinsky
NOOP(2) Foat, Wall
Name: CVE-2002-0145
Description:
chuid 1.2 and earlier does not properly verify the
ownership of files that will be changed, which allows
remote attackers to change files owned by other users,
such as root.
Status: Candidate
Phase: Modified (20050527)
Reference: BUGTRAQ:20020121 security
vulnerability in chuid
Reference:
URL:http://online.securityfocus.com/archive/1/251763
Reference: BID:3938
Reference:
URL:http://www.securityfocus.com/bid/3938
Reference:
XF:chuid-unauthorized-ownership-change(7976)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/7976
Votes:
ACCEPT(3) Cole, Green, Balinsky
MODIFY(1) Frech
NOOP(3) Foat, Ziese, Wall
Voter Comments:
Frech> XF:chuid-unauthorized-ownership-change(7976)
Name: CVE-2002-0154
Description:
Buffer overflows in extended stored procedures for
Microsoft SQL Server 7.0 and 2000 allow remote attackers
to cause a denial of service or execute arbitrary code
via a database query with certain long arguments.
Status: Candidate
Phase: Modified (20061101)
Reference: BUGTRAQ:20020305 Another Sql Server 7
Buffer Overflow
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101535353331625&w=2
Reference: BUGTRAQ:20020312 Many, many, many Sql
Server 7 & 2000 Buffer Overflows
Reference:
URL:http://www.securityfocus.com/archive/1/261775
Reference: MS:MS02-020
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms02-020.asp
Reference: CERT:CA-2002-22
Reference:
URL:http://www.cert.org/advisories/CA-2002-22.html
Reference: CERT-VN:VU#627275
Reference:
URL:http://www.kb.cert.org/vuls/id/627275
Reference: OVAL:oval:org.mitre.oval:def:121
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:121
Votes:
ACCEPT(5) Wall, Foat, Cole, Armstrong, Green
MODIFY(1) Frech
NOOP(2) Cox, Christey
Voter Comments:
Christey> BID:4231
URL:http://www.securityfocus.com/bid/4231
XF:mssql-xp-dirtree-bo(8359)
URL:http://www.iss.net/security_center/static/8359.php
Need to specifically mention xp_dirtree.
Christey> CERT:CA-2002-22
CERT-VN:VU#627275
Frech> XF:mssql-multiple-xp-bo(8359)
Name: CVE-2002-0161
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020327)
Votes:
Name: CVE-2002-0162
Description:
LogWatch before 2.5 allows local users to execute
arbitrary code via a symlink attack on the logwatch
temporary directory.
Status: Candidate
Phase: Modified (20020817-01)
Reference: BUGTRAQ:20020327 Root compromise
through LogWatch 2.1.1
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101724766216872
Reference: VULN-DEV:20020327 Root compromise
through LogWatch 2.1.1
Reference:
URL:http://online.securityfocus.com/archive/82/264233
Reference:
CONFIRM:http://list.kaybee.org/archives/logwatch-announce/2002-March/000002.html
Reference: REDHAT:RHSA-2002:053
Reference: REDHAT:RHSA-2002:054
Reference: XF:logwatch-tmp-race-condition(8652)
Reference:
URL:http://www.iss.net/security_center/static/8652.php
Reference: BID:4374
Reference:
URL:http://www.securityfocus.com/bid/4374
Votes:
ACCEPT(4) Cole, Armstrong, Cox, Green
MODIFY(1) Frech
NOOP(3) Wall, Foat, Christey
Voter Comments:
Christey> Modify the desc: it's temporary *directory* creation.
XF:logwatch-tmp-race-condition(8652)
URL:http://www.iss.net/security_center/static/8652.php
BID:4374
URL:http://online.securityfocus.com/bid/4374
Frech> XF:logwatch-tmp-race-condition(8652)
Name: CVE-2002-0164
Description:
Vulnerability in the MIT-SHM extension of the X server
on Linux (XFree86) 4.2.1 and earlier allows local users
to read and write arbitrary shared memory, possibly to
cause a denial of service or gain privileges.
Status: Candidate
Phase: Modified (20030904-01)
Reference: CALDERA:CSSA-2002-009.0
Reference:
URL:http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html
Reference: CALDERA:CSSA-2002-SCO.14
Reference:
URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt
Reference: REDHAT:RHSA-2003:067
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-067.html
Reference: SGI:20021001-01-P
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20021001-01-P
Reference: CONECTIVA:CLSA-2002:529
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529
Reference: BUGTRAQ:20021024 GLSA: xfree
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103547625009363&w=2
Reference: XF:xfree86-mitshm-memory-access(8706)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8706
Reference: BID:4396
Reference:
URL:http://www.securityfocus.com/bid/4396
Votes:
ACCEPT(5) Wall, Cole, Armstrong, Cox, Green
MODIFY(1) Frech
NOOP(2) Foat, Christey
Voter Comments:
Christey> SGI:20021001-01-P
Christey> BUGTRAQ:20021024 GLSA: xfree
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103547625009363&w=2
This Gentoo advisory mentions XFree86 4.2.0-r12 and earlier.
Frech> XF:xfree86-mitshm-memory-access(8706)
Christey> REDHAT:RHSA-2003:067
URL:http://www.redhat.com/support/errata/RHSA-2003-067.html
Christey> Add something like "Xfree86 before 4.2.1" to the description.
The affected versions aren't quite clear, as various vendor
advisories list different versions.
Christey> DEBIAN:DSA-380
Christey> CALDERA:CSSA-2003-SCO.26
Name: CVE-2002-0165
Description:
LogWatch 2.5 allows local users to gain root privileges
via a symlink attack, a different vulnerability than
CVE-2002-0162.
Status: Candidate
Phase: Modified (20020817-01)
Reference: BUGTRAQ:20020403 LogWatch 2.5 still
vulnerable
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101787227513000&w=2
Reference: REDHAT:RHSA-2002:053
Reference: REDHAT:RHSA-2002:054
Reference:
CONFIRM:http://list.kaybee.org/archives/logwatch-announce/2002-March/000003.html
Reference: XF:logwatch-tmp-race-condition(8652)
Reference:
URL:http://www.iss.net/security_center/static/8652.php
Votes:
ACCEPT(4) Cole, Armstrong, Cox, Green
MODIFY(1) Frech
NOOP(3) Wall, Foat, Christey
Voter Comments:
Christey> XF:logwatch-tmp-race-condition(8652)
URL:http://www.iss.net/security_center/static/8652.php
CONFIRM:http://list.kaybee.org/archives/logwatch-announce/2002-March/000003.html
(notice how this is a different announcement than CVE-2002-0162)
Frech> XF:logwatch-tmp-race-condition(8652)
Name: CVE-2002-0177
Description:
Buffer overflows in icecast 1.3.11 and earlier allows
remote attackers to execute arbitrary code via a long
HTTP GET request from an MP3 client.
Status: Candidate
Phase: Modified (20050510)
Reference: BUGTRAQ:20020402 icecast 1.3.11 remote
shell/root exploit - #temp
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101780890326179&w=2
Reference: BUGTRAQ:20020403 Icecast temp patch
(OR: Patches? We DO need stinkin' patches!!@$!)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101786838300906&w=2
Reference: BUGTRAQ:20020404 Full analysis of
multiple remotely exploitable bugs in Icecast 1.3.11
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101793704306035&w=2
Reference:
CONFIRM:http://www.xiph.org/archives/icecast/2616.html
Reference: CERT-VN:VU#596387
Reference:
URL:http://www.kb.cert.org/vuls/id/596387
Reference: BID:4415
Reference:
URL:http://www.securityfocus.com/bid/4415
Votes:
ACCEPT(3) Cole, Cox, Green
MODIFY(1) Frech
NOOP(4) Wall, Foat, Armstrong, Christey
Voter Comments:
Christey> CALDERA:CSSA-2002-020.0
Christey> Change "allows" to "allow," and add "as exploited through the
client_login function" (to facilitate matching).
REDHAT:RHSA-2002:063
Frech> XF:icecast-clientlogin-bo(8741)
Name: CVE-2002-0180
Description:
Buffer overflow in Webalizer 2.01-06, when configured to
use reverse DNS lookups, allows remote attackers to
execute arbitrary code by connecting to the monitored
web server from an IP address that resolves to a long
hostname.
Status: Candidate
Phase: Modified (20050510)
Reference: BUGTRAQ:20020415 Remote buffer
overflow in Webalizer
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101888467527673&w=2
Reference:
CONFIRM:http://www.mrunix.net/webalizer/news.html
Reference: CERT-VN:VU#582923
Reference:
URL:http://www.kb.cert.org/vuls/id/582923
Reference: BID:4504
Reference:
URL:http://www.securityfocus.com/bid/4504
Reference: XF:webalizer-reverse-dns-bo(8837)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8837
Votes:
ACCEPT(4) Baker, Cole, Cox, Green
MODIFY(2) Frech, Jones
NOOP(4) Wall, Foat, Armstrong, Christey
Voter Comments:
Cox> According to the author of Webalizer the issue is not remotely
exploitable, but this hasn't been confirmed by us yet. Needs
investigation.
http://www.mrunix.net/webalizer/news.html
CHANGE> [Cox changed vote from MODIFY to REVIEWING]
Cox> Author says this cannot be exploited to execute arbitrary code
Jones> Description of acknowledged vulnerability indicates remotely
exploitable (buffer overflow is in code which is processing
input from a remote system (a DNS server)); root or non-root
depends on privileges of resolver process (which is likely
same as privileges of Webalizer process). So, remotely
exploitable to run arbitrary code with privileges of the
Webalizer process.
Cox> I actually meant that the author doesn't think this is an exploitable
overflow at all, see
---------- Forwarded message ----------
Date: Wed, 17 Apr 2002 02:19:37 -0400 (EDT)
From: Bradford L. Barrett <brad@mrunix.net>
To: Franck Coppola <franck@hosting42.com>
Cc: Spybreak <spybreak@host.sk>, bugtraq@securityfocus.com,
vulnwatch@vulnwatch.org
Subject: Re: Remote buffer overflow in Webalizer
> Here is a patch to fix the vulnerability (tested against webalizer-2.01-06).
Bad fix.. while it will prevent the buffer from overflowing (which I still
fail to see how can be used to execute a 'root' exploit, even with a LOT
of imagination), but will cause the buffer to be filled with a non-null
terminated string which will do all sorts of nasty things to your output,
not to mention wreak havoc on the stats since you are cutting off the
domain portion, not the hostname part, and adding random garbage at the
end.
Anyway, Version 2.01-10 has been released, which fixes this and a few
other buglets that have been discovered in the last month or so. Get it
at the usual place (web: www.mrunix.net/webalizer/ or www.webalizer.org
or ftp: ftp.mrunix.net/pub/webalizer/), and should be on the mirror sites
soon.
--
Bradford L. Barrett brad@mrunix.net
A free electron in a sea of neutrons DoD#1750 KD4NAW
Christey> XF:webalizer-reverse-dns-bo(8837)
URL:http://www.iss.net/security_center/static/8837.php
BID:4504
URL:http://www.securityfocus.com/bid/4504
VULNWATCH:20020415 [VulnWatch] Remote buffer overflow in Webalizer
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0017.html
ENGARDE:ESA-20020423-009
CONECTIVA:CLA-2002:476
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000476
CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
Cox> after reviewing I agree with the description given
Frech> XF: webalizer-reverse-dns-bo(8837)
Christey> REDHAT:RHSA-2002:254
Christey> CALDERA:CSSA-2002-036.0
(note: CVE-2002-1234 was accidentally assigned to that Caldera
advisory, but this is the correct CAN to use)
Name: CVE-2002-0182
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020417)
Votes:
Name: CVE-2002-0189
Description:
Cross-site scripting vulnerability in Internet Explorer
6.0 allows remote attackers to execute scripts in the
Local Computer zone via a URL that exploits a local HTML
resource file, aka the "Cross-Site Scripting in Local
HTML Resource" vulnerability.
Status: Candidate
Phase: Modified (20061101)
Reference: MS:MS02-023
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp
Reference: OVAL:oval:org.mitre.oval:def:19
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:19
Votes:
ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
MODIFY(1) Frech
NOOP(1) Cox
REVIEWING(1) Christey
Voter Comments:
Christey> NOTE: As of 5/20/2002, there is a lack of clarity regarding
the details of this vulnerability and other vulnerabilities
being reported by GreyMagic and Thor Larholm. Additional
details will be added to this candidate if/when they become
available. This candidate is solely for the issue that is
being addressed by Microsoft in MS:MS02-023. Its relationship
with other reported issues is currently unproven.
This candidate is subject to CD:VAGUE.
Christey> XF:ie-dialog-window-css(8868)
URL:http://www.iss.net/security_center/static/8868.php
Frech> XF:ie-dialog-window-css(8868)
Baker> I agree some of the information appears vague, but seems to be legitimate.
Name: CVE-2002-0192
Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER.
ConsultIDs: CVE-2002-0193, CVE-2002-1564. Reason: This
candidate was published with a description that
identified a different vulnerability than what was
identified in the original authoritative reference.
Notes: Consult CVE-2002-0193 or CVE-2002-1564 to find
the identifier for the proper issue.
Status: Candidate
Phase: Modified (20050204)
Votes:
ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
MODIFY(1) Frech
NOOP(1) Cox
REJECT(1) Christey
Voter Comments:
Frech> XF:ie-content-disposition-variant(9085)
Christey> Hrmmm... the MS advisory says this is the "Script within
Cookies Reading Cookies" vulnerability... This description
was also used for CVE-2002-0193.
CHANGE> [Christey changed vote from NOOP to REJECT]
Christey> This CAN had the wrong description added to it, which made
it look like a different vulnerability than the one identified
by Microsoft in MS:MS02-023. Therefore this CAN should be
REJECTed.
Name: CVE-2002-0194
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020420)
Votes:
Name: CVE-2002-0195
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020420)
Votes:
Name: CVE-2002-0198
Description:
Buffer overflow in plDaniels ripMime 1.2.6 and earlier,
as used in other programs such as xamime and inflex,
allows remote attackers to execute arbitrary code via an
attachment in a long filename.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020122 pldaniels - ripMime
1.2.6 and lower?
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101182636812381&w=2
Reference:
CONFIRM:http://pldaniels.org/ripmime/CHANGELOG
Reference: BID:3941
Reference:
URL:http://www.securityfocus.com/bid/3941
Reference: XF:ripmime-long-filename-bo(7983)
Reference:
URL:http://www.iss.net/security_center/static/7983.php
Votes:
ACCEPT(2) Cole, Green
NOOP(2) Wall, Foat
Name: CVE-2002-0199
Description:
Buffer overflow in admin.cgi for Nullsoft Shoutcast
Server 1.8.3 allows remote attackers to cause a denial
of service and possibly execute arbitrary code via an
argument with a large number of backslashes.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020119 Shoutcast server
1.8.3 win32
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101167484012724&w=2
Reference: BID:3934
Reference:
URL:http://www.securityfocus.com/bid/3934
Votes:
ACCEPT(1) Green
NOOP(4) Wall, Foat, Cole, Christey
Voter Comments:
Christey> XF:shoutcast-admin-cgi-dos(7958)
URL:http://xforce.iss.net/static/7958.php
Name: CVE-2002-0200
Description:
Cyberstop Web Server for Windows 0.1 allows remote
attackers to cause a denial of service via an HTTP
request for an MS-DOS device name.
Status: Candidate
Phase: Modified (20040811)
Reference: BUGTRAQ:20020122
CyberStop-Server-DoS-remote-attacks
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101174569103289&w=2
Reference: BID:3929
Reference:
URL:http://www.securityfocus.com/bid/3929
Reference: XF:cyberstop-device-name-dos(7959)
Reference:
URL:http://www.iss.net/security_center/static/7959.php
Votes:
ACCEPT(1) Green
NOOP(4) Wall, Foat, Cole, Christey
Voter Comments:
Christey> Add period to the end of the description.
Name: CVE-2002-0201
Description:
Cyberstop Web Server for Windows 0.1 allows remote
attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a long HTTP GET
request, possibly triggering a buffer overflow.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020122
CyberStop-Server-DoS-remote-attacks
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101174569103289&w=2
Reference: BID:3930
Reference:
URL:http://www.securityfocus.com/bid/3930
Reference: XF:cyberstop-long-request-dos(7960)
Reference:
URL:http://www.iss.net/security_center/static/7960.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0202
Description:
PaintBBS 1.2 installs certain files and directories with
insecure permissions, which allows local users to (1)
obtain the encrypted server password via the
world-readable oekakibbs.conf file, or (2) modify the
server configuration via the world-writeable /oekaki/
folder.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020123 Vulnerabilty in
PaintBBS v1.2
Reference:
URL:http://online.securityfocus.com/archive/1/251985
Reference: BID:3948
Reference:
URL:http://www.securityfocus.com/bid/3948
Reference: XF:paintbbs-insecure-permissions(7982)
Reference:
URL:http://www.iss.net/security_center/static/7982.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0203
Description:
ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC
Solaris and Linux, and 3.1x and 3.0x including 3.11.903,
allows remote attackers to view directory contents via
an empty pg parameter.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020124 ISSTW Security
Advisory Tarantella Enterprise 3.11.903 Directory Index
Disclosure Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101190195430376&w=2
Reference:
CONFIRM:http://www.tarantella.com/security/bulletin-03.html
Votes:
ACCEPT(2) Cole, Green
NOOP(2) Wall, Foat
Name: CVE-2002-0204
Description:
Buffer overflow in GNU Chess (gnuchess) 5.02 and
earlier, if modified or used in a networked capacity
contrary to its own design as a single-user application,
may allow local or remote attackers to execute arbitrary
code via a long command.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020124 gnuchess buffer
overflow vulnerabilty
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101189688815514&w=2
Reference: BID:3949
Reference:
URL:http://www.securityfocus.com/bid/3949
Reference: XF:gnu-chess-bo(7991)
Reference:
URL:http://www.iss.net/security_center/static/7991.php
Votes:
NOOP(2) Foat, Cole
REJECT(1) Wall
REVIEWING(1) Green
Voter Comments:
Green> The issue of modifying code and/or using code for purposes other than intended raises the hypothetical (albeit ridiculous) prospect of having to classify vulnerabilities within gcc, since one could develop malicious code using the compiler.
Name: CVE-2002-0205
Description:
Cross-site scripting (CSS) vulnerability in error.asp
for Plumtree Corporate Portal 3.5 through 4.5 allows
remote attackers to execute arbitrary script on other
clients via the "Description" parameter.
Status: Candidate
Phase: Proposed (20020502)
Reference: VULN-DEV:20020104 Cross-Site Scripting
in PlumTree?
Reference:
URL:http://online.securityfocus.com/archive/82/248396
Reference: BUGTRAQ:20020124 Plumtree Corporate
Portal Cross-Site Scripting (Patch Available)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101189911121808&w=2
Reference: BID:3799
Reference:
URL:http://www.securityfocus.com/bid/3799
Reference: XF:plumtree-css-error(7817)
Reference:
URL:http://www.iss.net/security_center/static/7817.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0206
Description:
index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier,
and possibly other versions before 5.5, allows remote
attackers to execute arbitrary PHP code by specifying a
URL to the malicious code in the file parameter.
Status: Candidate
Phase: Modified (20050326)
Reference: BUGTRAQ:20020116 PHP-Nuke allows
Command Execution & Much more
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101121913914205&w=2
Reference: CERT-VN:VU#221683
Reference:
URL:http://www.kb.cert.org/vuls/id/221683
Reference: BID:3889
Reference:
URL:http://www.securityfocus.com/bid/3889
Reference:
XF:phpnuke-index-command-execution(7914)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/7914
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0208
Description:
PGP Security PGPfire 7.1 for Windows alters the system's
TCP/IP stack and modifies packets in ICMP error messages
in a way that allows remote attackers to determine that
the system is running PGPfire.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020125 Identifying PGP
Corporate Desktop 7.1 with PGPfire Personal Desktop
Firewall installed (no need to be enabled) on Microsoft
Windows Based OSs
Reference:
URL:http://online.securityfocus.com/archive/1/252407
Reference: BID:3961
Reference:
URL:http://www.securityfocus.com/bid/3961
Reference: XF:pgpfire-icmp-fingerprint(8008)
Reference:
URL:http://www.iss.net/security_center/static/8008.php
Votes:
ACCEPT(2) Cole, Green
NOOP(2) Wall, Foat
Name: CVE-2002-0210
Description:
setlicense for TOLIS Group Backup and Restore Utility
(BRU) 17.0 allows local users to overwrite arbitrary
files via a symlink attack on the /tmp/brutest.$$
temporary file.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020126 bru backup program
Reference:
URL:http://online.securityfocus.com/archive/1/252614
Reference: BID:3970
Reference:
URL:http://www.securityfocus.com/bid/3970
Reference: XF:bru-tmp-file-symlink(8003)
Reference:
URL:http://www.iss.net/security_center/static/8003.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0212
Description:
The login for Hosting Controller 1.1 through 1.4.1
returns different error messages when a valid or invalid
user is provided, which allows remote attackers to
determine the existence of valid usernames and makes it
easier to conduct a brute force attack.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020126 [ARL02-A01]
Vulnerability in Hosting Controller
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101224151705897&w=2
Reference:
MISC:http://hostingcontroller.com/English/patches/ForAll/index.html
Reference: BID:3971
Reference:
URL:http://www.securityfocus.com/bid/3971
Reference:
XF:hosting-controller-brute-force(8006)
Reference:
URL:http://www.iss.net/security_center/static/8006.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0214
Description:
Compaq Intel PRO/Wireless 2011B LAN USB Device Driver
1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired
Equivalent Privacy) key in plaintext in a registry key
with weak permissions, which allows local users to
decrypt network traffic by reading the WEP key from the
registry key.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020128 Intel WLAN Driver
storing 128bit WEP-Key in plain text!
Reference:
URL:http://online.securityfocus.com/archive/1/252607
Reference: BID:3968
Reference:
URL:http://www.securityfocus.com/bid/3968
Reference: XF:intel-wlan-wep-plaintext(8015)
Reference:
URL:http://www.iss.net/security_center/static/8015.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0215
Description:
Agora.cgi 3.2r through 4.0 while in debug mode allows
remote attackers to determine the full pathname of the
agora.cgi file by requesting a non-existent .html file,
which leaks the pathname in an error message.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020128 [SUPERPETZ ADVISORY
#001 - agora.cgi Secret Path Disclosure Vulnerability]
Reference:
URL:http://online.securityfocus.com/archive/1/252761
Reference: BID:3976
Reference:
URL:http://www.securityfocus.com/bid/3976
Reference: XF:agora-cgi-revel-path(8011)
Reference:
URL:http://www.iss.net/security_center/static/8011.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0216
Description:
userinfo.php in XOOPS 1.0 RC1 allows remote attackers to
obtain sensitive information via a SQL injection attack
in the "uid" parameter.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020129 Xoops SQL fragment
disclosure and SQL injection vulnerability
Reference:
URL:http://online.securityfocus.com/archive/1/252827
Reference: BID:3977
Reference:
URL:http://www.securityfocus.com/bid/3977
Reference:
XF:xoops-userinfo-information-disclosure(8028)
Reference:
URL:http://www.iss.net/security_center/static/8028.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0217
Description:
Cross-site scripting (CSS) vulnerabilities in the
Private Message System for XOOPS 1.0 RC1 allow remote
attackers to execute Javascript on other web clients via
(1) the Title field or a Private Message Box or (2) the
image field parameter in pmlite.php.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020129 Xoops Private Message
System Script injection
Reference:
URL:http://online.securityfocus.com/archive/1/252828
Reference: BID:3978
Reference:
URL:http://www.securityfocus.com/bid/3978
Reference: BID:3981
Reference:
URL:http://www.securityfocus.com/bid/3981
Reference: XF:xoops-private-message-css(8025)
Reference:
URL:http://www.iss.net/security_center/static/8025.php
Reference: XF:xoops-pmlite-image-css(8030)
Reference:
URL:http://www.iss.net/security_center/static/8030.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0218
Description:
Format string vulnerability in (1) sastcpd in SAS/Base
8.0 and 8.1 or (2) objspawn in SAS/Integration
Technologies 8.0 and 8.1 allows local users to execute
arbitrary code via format specifiers in a command line
argument.
Status: Candidate
Phase: Modified (20050703)
Reference: BUGTRAQ:20020129 sastcpd Buffer
Overflow and Format String Vulnerabilities
Reference:
URL:http://online.securityfocus.com/archive/1/252891
Reference: VULNWATCH:20020129 sastcpd Buffer
Overflow and Format String Vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0032.html
Reference: BUGTRAQ:20020129 Re: [VulnWatch]
sastcpd Buffer Overflow and Format String
Vulnerabilities
Reference:
URL:http://online.securityfocus.com/archive/1/252847
Reference:
MISC:http://www.sas.com/service/techsup/unotes/SN/004/004201.html
Reference: BID:3980
Reference:
URL:http://www.securityfocus.com/bid/3980
Reference:
XF:sas-sastcpd-spawner-format-string(8018)
Reference:
URL:http://www.iss.net/security_center/static/8018.php
Votes:
ACCEPT(2) Cole, Green
NOOP(2) Wall, Foat
Name: CVE-2002-0219
Description:
Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1
or (2) objspawn in SAS/Integration Technologies 8.0 and
8.1 allows local users to execute arbitrary code via
large command line argument.
Status: Candidate
Phase: Modified (20050703)
Reference: BUGTRAQ:20020129 sastcpd Buffer
Overflow and Format String Vulnerabilities
Reference:
URL:http://online.securityfocus.com/archive/1/252891
Reference: VULNWATCH:20020129 sastcpd Buffer
Overflow and Format String Vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0032.html
Reference: BUGTRAQ:20020129 Re: [VulnWatch]
sastcpd Buffer Overflow and Format String
Vulnerabilities
Reference:
URL:http://online.securityfocus.com/archive/1/252847
Reference:
MISC:http://www.sas.com/service/techsup/unotes/SN/004/004201.html
Reference: BID:3979
Reference:
URL:http://www.securityfocus.com/bid/3979
Reference: XF:sas-sastcpd-spawner-bo(8017)
Reference:
URL:http://www.iss.net/security_center/static/8017.php
Votes:
ACCEPT(2) Cole, Green
NOOP(2) Wall, Foat
Name: CVE-2002-0220
Description:
phpsmssend.php in PhpSmsSend 1.0 allows remote attackers
to execute arbitrary commands via an SMS message
containing shell metacharacters.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020129 PhpSmsSend remote
execute commands bug
Reference:
URL:http://online.securityfocus.com/archive/1/252918
Reference: BID:3982
Reference:
URL:http://www.securityfocus.com/bid/3982
Reference: XF:phpsmssend-command-execution(8019)
Reference:
URL:http://www.iss.net/security_center/static/8019.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0221
Description:
Etype Eserv 2.97 allows remote attackers to cause a
denial of service (resource exhaustion) via a large
number of PASV commands that consume ports 1024 through
5000, which prevents the server from accepting valid
PASV.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020129 Vulnerabilities in
EServ 2.97
Reference:
URL:http://online.securityfocus.com/archive/1/252944
Reference: BID:3983
Reference:
URL:http://www.securityfocus.com/bid/3983
Reference: XF:eserv-pasv-dos(8020)
Reference:
URL:http://www.iss.net/security_center/static/8020.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0222
Description:
Etype Eserv 2.97 allows remote attackers to redirect
traffic to other sites (aka FTP bounce) via the PORT
command.
Status: Candidate
Phase: Modified (20070122)
Reference: BUGTRAQ:20020129 Vulnerabilities in
EServ 2.97
Reference:
URL:http://online.securityfocus.com/archive/1/252944
Reference: BID:3986
Reference:
URL:http://www.securityfocus.com/bid/3986
Reference: XF:eserv-ftp-bounce(8021)
Reference:
URL:http://www.iss.net/security_center/static/8021.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0223
Description:
Infopop UBB.Threads 5.4 and Wired Community Software
WWWThreads 5.0 through 5.0.9 allows remote attackers to
upload arbitrary files by using a filename that contains
an accepted extension, but ends in a different
extension.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020130 [ WWWThreads,
UBBThreads ] Security Hole in upload system
Reference:
URL:http://online.securityfocus.com/archive/1/253172
Reference: XF:ubbthreads-file-upload(8022)
Reference:
URL:http://www.iss.net/security_center/static/8022.php
Reference: BID:3993
Reference:
URL:http://www.securityfocus.com/bid/3993
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0224
Description:
The MSDTC (Microsoft Distributed Transaction Service
Coordinator) for Microsoft Windows 2000, Microsoft IIS
5.0 and SQL Server 6.5 through SQL 2000 0.0 allows
remote attackers to cause a denial of service (crash or
hang) via malformed (random) input.
Status: Candidate
Phase: Modified (20050705)
Reference: BUGTRAQ:20020131 msdtc on 3372
Reference:
URL:http://online.securityfocus.com/archive/1/253360
Reference: BUGTRAQ:20020419 KPMG-2002015:
Microsoft Distributed Transaction Coordinator DoS
Reference:
URL:http://online.securityfocus.com/archive/1/268593
Reference: BID:4006
Reference:
URL:http://www.securityfocus.com/bid/4006
Reference: XF:msdtc-default-port-dos(8046)
Reference:
URL:http://www.iss.net/security_center/static/8046.php
Votes:
ACCEPT(1) Green
NOOP(2) Foat, Cole
REVIEWING(1) Wall
Name: CVE-2002-0225
Description:
tac_plus Tacacs+ daemon F4.0.4.alpha, originally
maintained by Cisco, creates files from the accounting
directive with world-readable and writable permissions,
which allows local users to access and modify sensitive
files.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020130 tac_plus version
F4.0.4.alpha on at least Solaris 8 sparc
Reference:
URL:http://online.securityfocus.com/archive/1/253288
Reference: BID:4003
Reference:
URL:http://www.securityfocus.com/bid/4003
Reference:
XF:tacplus-insecure-accounting-files(8061)
Reference:
URL:http://www.iss.net/security_center/static/8061.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0227
Description:
KICQ 2.0.0b1 allows remote attackers to cause a denial
of service (crash) via a malformed message.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020201 KICQ 2.0.0b1 can be
remotely crashed
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101266856410129&w=2
Reference: BID:4018
Reference:
URL:http://www.securityfocus.com/bid/4018
Reference: XF:kicq-telnet-dos(8064)
Reference:
URL:http://www.iss.net/security_center/static/8064.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0228
Description:
Microsoft MSN Messenger allows remote attackers to use
Javascript that references an ActiveX object to obtain
sensitive information such as display names and web site
navigation, and possibly more when the user is connected
to certain Microsoft sites (or DNS-spoofed sites).
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020202 MSN Messenger reveals
your name to websites (and can reveal email addresses
too)
Reference:
URL:http://online.securityfocus.com/archive/1/254021
Reference:
XF:msn-messenger-reveal-information(8084)
Reference:
URL:http://www.iss.net/security_center/static/8084.php
Reference: BID:4028
Reference:
URL:http://www.securityfocus.com/bid/4028
Votes:
ACCEPT(2) Cole, Green
NOOP(1) Foat
REVIEWING(1) Wall
Name: CVE-2002-0229
Description:
Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0
allows attackers with access to the MySQL database to
bypass Safe Mode access restrictions and read arbitrary
files using "LOAD DATA INFILE LOCAL" SQL statements.
Status: Candidate
Phase: Proposed (20020502)
Reference: NTBUGTRAQ:20020203 PHP Safe Mode
Filesystem Circumvention Problem
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101285016125377&w=2
Reference: BUGTRAQ:20020203 PHP Safe Mode
Filesystem Circumvention Problem
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101286577109716&w=2
Reference: NTBUGTRAQ:20020205 Re: PHP Safe Mode
Filesystem Circumvention Problem
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101303065423534&w=2
Reference: BUGTRAQ:20020206 DW020203-PHP
clarification
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101304702002321&w=2
Reference: NTBUGTRAQ:20020206 DW020203-PHP
clarification
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101303819613337&w=2
Reference: BID:4026
Reference:
URL:http://www.securityfocus.com/bid/4026
Reference: XF:php-mysql-safemode-bypass(8105)
Reference:
URL:http://www.iss.net/security_center/static/8105.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0230
Description:
Cross-site scripting vulnerability in fom.cgi of
Faq-O-Matic 2.712 allows remote attackers to execute
arbitrary Javascript on other clients via the cmd
parameter, which causes the script to be inserted into
an error message.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020204 [SUPERPETZ ADVISORY
#002- Faq-O-Matic Cross-Site Scripting Vulnerability]
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101285834018701&w=2
Reference: BUGTRAQ:20020205 Faq-O-Matic
Cross-Site Scripting
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101293973111873&w=2
Reference:
CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=464940&forum_id=6367
Reference: DEBIAN:DSA-109
Reference:
URL:http://www.debian.org/security/2002/dsa-109
Votes:
ACCEPT(2) Cole, Green
NOOP(2) Wall, Foat
RECAST(1) Christey
Voter Comments:
Christey> XF:faqomatic-cgi-css(8066)
URL:http://www.iss.net/security_center/static/8066.php
BID:4023
URL:http://www.securityfocus.com/bid/4023
A similar issue was discovered a few months afterward in the
"file" parameter, but it was already fixed by the vendor along
with the cmd parameter. Thus CD:SF-LOC suggests combining
these into a single item.
CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=477665&forum_id=6367
BID:4565
URL:http://www.securityfocus.com/bid/4565
Name: CVE-2002-0231
Description:
Buffer overflow in mIRC 5.91 and earlier allows a remote
server to execute arbitrary code on the client via a
long nickname.
Status: Candidate
Phase: Modified (20050528)
Reference: BUGTRAQ:20020203 Buffer overflow in
mIRC allowing arbitary code to be executed.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101286747013955&w=2
Reference: BUGTRAQ:20020204 Re: Buffer overflow
in mIRC allowing arbitary code to be executed.
Reference:
URL:http://online.securityfocus.com/archive/1/254105
Reference:
MISC:http://www.uuuppz.com/research/adv-001-mirc.htm
Reference: XF:mirc-nickname-bo(8083)
Reference:
URL:http://www.iss.net/security_center/static/8083.php
Reference: BID:4027
Reference:
URL:http://www.securityfocus.com/bid/4027
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0232
Description:
Directory traversal vulnerability in Multi Router
Traffic Grapher (MRTG) allows remote attackers to read
portions of arbitrary files via a .. (dot dot) in the
cfg parameter for (1) 14all.cgi, (2) 14all-1.1.cgi, (3)
traffic.cgi, or (4) mrtg.cgi.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020202 new advisory
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101266821909189&w=2
Reference: BID:4017
Reference:
URL:http://www.securityfocus.com/bid/4017
Reference: XF:mrtg-cgi-view-files(8062)
Reference:
URL:http://www.iss.net/security_center/static/8062.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0233
Description:
Directory traversal vulnerability in eshare Expressions
4 Web server allows remote attackers to read arbitrary
files via a .. (dot dot) in an HTTP request.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020205 Viewing arbitrary
file from the file system using Eshare Expressions 4
server
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101292885809975&w=2
Reference:
XF:expressions-dot-directory-traversal(8079)
Reference:
URL:http://www.iss.net/security_center/static/8079.php
Reference: BID:4029
Reference:
URL:http://www.securityfocus.com/bid/4029
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0234
Description:
NetScreen ScreenOS before 2.6.1 does not support a
maximum number of concurrent sessions for a system,
which allows an attacker on the trusted network to cause
a denial of service (resource exhaustion) via a port
scan to an external network, which consumes all
available connections.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020205 NetScreen Response to
ScreenOS Port Scan DoS Vulnerability
Reference:
URL:http://online.securityfocus.com/archive/1/254268
Reference: BUGTRAQ:20020201 NetScreen ScreenOS
2.6 Subject to Trust Interface DoS
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101258281818524&w=2
Reference: BUGTRAQ:20020201 RE: NetScreen
ScreenOS 2.6 Subject to Trust Interface DoS
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101258887105690&w=2
Reference: BID:4015
Reference:
URL:http://www.securityfocus.com/bid/4015
Reference: XF:netscreen-screenos-scan-dos(8057)
Reference:
URL:http://www.iss.net/security_center/static/8057.php
Votes:
ACCEPT(2) Cole, Green
NOOP(2) Wall, Foat
Name: CVE-2002-0235
Description:
Castelle FaxPress, possibly 6.3 and other versions, when
configured to use the Network print queue, allows
attackers to obtain the username and password by
submitting an incorrect login, which causes Faxpress to
leak the correct username and password in plaintext in
an error event.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020205 Castelle Faxpress:
Password used for NT Print queue can be discl osed in
Plain Text
Reference:
URL:http://online.securityfocus.com/archive/1/254168
Reference: BID:4030
Reference:
URL:http://www.securityfocus.com/bid/4030
Reference: XF:faxpress-plaintext-password(8086)
Reference:
URL:http://www.iss.net/security_center/static/8086.php
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0236
Description:
Lucent VitalSuite 8.0 through 8.2, including VitalNet,
VitalEvent, and VitalHelp/VitalAnalysis, allows remote
attackers to bypass authentication via a direct HTTP
request to the VsSetCookie.exe program, which returns a
valid cookie for the desired user.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020205 Published Report of
Vulnerability in Lucent VitalSuite Software
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101294507827698&w=2
Reference: XF:vitalnet-unauth-access(7936)
Reference:
URL:http://www.iss.net/security_center/static/7936.php
Reference: BID:3784
Reference:
URL:http://www.securityfocus.com/bid/3784
Votes:
ACCEPT(2) Cole, Green
NOOP(2) Wall, Foat
Name: CVE-2002-0238
Description:
Cross-site scripting vulnerability in web administration
interface for NetGear RT314 and RT311 Gateway Routers
allows remote attackers to execute arbitrary script on
another client via a URL that contains the script.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020203 Netgear RT311/RT314
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101286360203461&w=2
Reference: XF:netgear-web-interface-css(8082)
Reference:
URL:http://www.iss.net/security_center/static/8082.php
Reference: BID:4024
Reference:
URL:http://www.securityfocus.com/bid/4024
Votes:
ACCEPT(1) Green
NOOP(3) Wall, Foat, Cole
Name: CVE-2002-0239
Description:
Buffer overflow in hanterm 3.3.1 and earlier allows
local users to execute arbitrary code via a long string
in the (1) -fn, (2) -hfb, or (3) -hfn argument.
Status: Candidate
Phase: Modified (20050703)
Reference: BUGTRAQ:20020207 another hanterm
exploit
Reference:
URL:http://online.securityfocus.com/archive/1/255168
Reference: BUGTRAQ:20020207 Overflow
Vulnerabilities in hanterm
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101310874106455&w=2
Reference: DEBIAN:DSA-112
Reference:
URL:http://www.debian.org/security/2002/dsa-112
Reference: FREEBSD:FreeBSD-SA-01:41
Reference:
URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:41.hanterm.asc
Reference: SECTRACK:1001950
Reference:
URL:http://securitytracker.com/id?1001950
Reference: BID:4050
Reference:
URL:http://www.securityfocus.com/bid/4050
Reference: XF:hanterm-command-line-bo(8109)
Reference:
URL:http://www.iss.net/security_center/static/8109.php
Votes:
ACCEPT(4) Cole, Armstrong, Frech, Cox
NOOP(2) Wall, Foat
Voter Comments:
CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
Name: CVE-2002-0240
Description:
PHP, when installed with Apache and configured to search
for index.php as a default web page, allows remote
attackers to obtain the full pathname of the server via
the HTTP OPTIONS method, which reveals the pathname in
the resulting error message.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020207 PHP Advisory #2
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101311746611160&w=2
Reference: BID:4057
Reference:
URL:http://www.securityfocus.com/bid/4057
Reference:
XF:apache-php-options-information(8119)
Reference:
URL:http://www.iss.net/security_center/static/8119.php
Votes:
ACCEPT(2) Baker, Frech
MODIFY(1) Cox
NOOP(4) Wall, Foat, Cole, Armstrong
Voter Comments:
CHANGE> [Cox changed vote from REVIEWING to MODIFY]
Cox> Change to "....installed with Apache 2.0 for Windows"
Name: CVE-2002-0242
Description:
Cross-site scripting vulnerability in Internet Explorer
6 earlier allows remote attackers to execute arbitrary
script via an Extended HTML Form, whose output from the
remote server is not properly cleansed.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020207 Web Browsers
vulnerable to the Extended HTML Form Attack (IE and
OPERA)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101309907709138&w=2
Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(3) Foat, Armstrong, Cox
REVIEWING(1) Wall
Voter Comments:
Frech> XF:ie-opera-contenttype-css(8218)
Name: CVE-2002-0243
Description:
Cross-site scripting vulnerability in Opera 6.0 and
earlier allows remote attackers to execute arbitrary
script via an Extended HTML Form, whose output from the
remote server is not properly cleansed.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020207 Web Browsers
vulnerable to the Extended HTML Form Attack (IE and
OPERA)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101309907709138&w=2
Votes:
MODIFY(1) Frech
NOOP(4) Foat, Cole, Armstrong, Cox
REVIEWING(1) Wall
Voter Comments:
Frech> XF:ie-opera-contenttype-css(8218)
Name: CVE-2002-0244
Description:
Directory traversal vulnerability in chroot function in
AtheOS 0.3.7 allows attackers to escape the jail via a
.. (dot dot) in the pathname argument to chdir.
Status: Candidate
Phase: Modified (20050528)
Reference: BUGTRAQ:20020207 AtheOS: escaping from
a chroot jail
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101310622531303&w=2
Reference: BID:4051
Reference:
URL:http://www.securityfocus.com/bid/4051
Reference:
XF:atheos-dot-directory-traversal(8108)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8108
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Voter Comments:
Frech> XF:atheos-dot-directory-traversal(8108)
Name: CVE-2002-0245
Description:
Lotus Domino server 5.0.8 with NoBanner enabled allows
remote attackers to (1) determine the physical path of
the server via a request for a nonexistent file with a
.pl (Perl) extension, which leaks the pathname in the
error message, or (2) make any request that causes an
HTTP 500 error, which leaks the server's version name in
the HTTP error message.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020207 Re: KPMG-2002004:
Lotus Domino Webserver DOS-device Denial of Service
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101310812804716&w=2
Reference:
CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F
Reference: BID:4049
Reference:
URL:http://www.securityfocus.com/bid/4049
Reference:
XF:lotus-domino-reveal-information(8160)
Reference:
URL:http://www.iss.net/security_center/static/8160.php
Votes:
ACCEPT(4) Wall, Cole, Armstrong, Frech
NOOP(2) Foat, Cox
Name: CVE-2002-0247
Description:
Buffer overflows in wmtv 0.6.5 and earlier may allow
local users to gain privileges.
Status: Candidate
Phase: Proposed (20020502)
Reference: DEBIAN:DSA-108
Reference:
URL:http://www.debian.org/security/2002/dsa-108
Reference: BID:4054
Reference:
URL:http://www.securityfocus.com/bid/4054
Reference: XF:wmtv-local-bo(8111)
Reference:
URL:http://www.iss.net/security_center/static/8111.php
Votes:
ACCEPT(4) Wall, Cole, Armstrong, Frech
NOOP(2) Foat, Cox
Voter Comments:
Frech> CONFIRM:http://www.debian.org/security/2002/dsa-108
Name: CVE-2002-0248
Description:
wmtv 0.6.5 and earlier allows local users to modify
arbitrary files via a symlink attack on a configuration
file.
Status: Candidate
Phase: Proposed (20020502)
Reference: DEBIAN:DSA-108
Reference:
URL:http://www.debian.org/security/2002/dsa-108
Reference: BID:4052
Reference:
URL:http://www.securityfocus.com/bid/4052
Reference: XF:wmtv-config-file-symlink(8110)
Reference:
URL:http://www.iss.net/security_center/static/8110.php
Votes:
ACCEPT(3) Cole, Armstrong, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0249
Description:
PHP for Windows, when installed on Apache 2.0.28 beta as
a standalone CGI module, allows remote attackers to
obtain the physical path of the php.exe via a request
with malformed arguments such as /123, which leaks the
pathname in the error message.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020207 Security Advisory -
#1
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101311698909691&w=2
Reference: XF:php-123-path-information(8121)
Reference:
URL:http://www.iss.net/security_center/static/8121.php
Reference: BID:4056
Reference:
URL:http://www.securityfocus.com/bid/4056
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Name: CVE-2002-0252
Description:
Buffer overflow in Apple QuickTime Player 5.01 and 5.02
allows remote web servers to execute arbitrary code via
a response containing a long Content-Type MIME header.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020208 [SPSadvisory#46]Apple
QuickTime Player "Content-Type" Buffer Overflow
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101320742616105&w=2
Reference: XF:quicktime-content-header-bo(8126)
Reference:
URL:http://www.iss.net/security_center/static/8126.php
Reference: BID:4064
Reference:
URL:http://www.securityfocus.com/bid/4064
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Name: CVE-2002-0253
Description:
PHP, when not configured with the "display_errors = Off"
setting in php.ini, allows remote attackers to obtain
the physical path for an include file via a trailing
slash in a request to a directly accessible PHP program,
which modifies the base path, causes the include
directive to fail, and produces an error message that
contains the path.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020207 Advisory #3 - PHP &
JSP
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101318944130790&w=2
Reference: BID:4063
Reference:
URL:http://www.securityfocus.com/bid/4063
Reference: XF:php-slash-path-information(8122)
Reference:
URL:http://www.iss.net/security_center/static/8122.php
Votes:
ACCEPT(1) Frech
NOOP(6) Wall, Foat, Cole, Armstrong, Cox, Christey
Voter Comments:
Christey> Is this another case when PHP leaks path information by design,
as supported by "display_errors" option? Then the
vulnerability (rather, exposure) would be in the use of the
display_errors option itself, whose implications may include
this particular scenario.
CHANGE> [Cox changed vote from REVIEWING to NOOP]
Name: CVE-2002-0254
Description:
ICQ 2001b Build 3659 allows remote attackers to cause a
denial of service (crash) via a malformed picture that
contains large height and width values, which causes the
crash when viewed in Userdetails.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020208 -possible-
Bufferoverflow in ICQ 2001b
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101320492009565&w=2
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Voter Comments:
Frech> XF:icq-large-jpg-bo(8159)
Name: CVE-2002-0255
Description:
The default configuration of Arescom NetDSL 800 does not
require authentication, which allows remote attackers to
cause a denial of service or reconfigure the router.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020208 arescom 800
authentification flaw
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101323620111951&w=2
Reference:
XF:netdsl-telnet-bypass-authentication(8125)
Reference:
URL:http://www.iss.net/security_center/static/8125.php
Reference: BID:4066
Reference:
URL:http://www.securityfocus.com/bid/4066
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Name: CVE-2002-0256
Description:
The telnet port in Arescom NetDSL 1000 router allows
remote attackers to cause a denial of service via a
series of connections with long strings, which causes a
large number of login failures and causes the telnet
service to stop.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020209 Arescom NetDSL-1000
telnetd DoS
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101328827420630&w=2
Reference: BID:4067
Reference:
URL:http://www.securityfocus.com/bid/4067
Reference: XF:netdsl-telnet-dos(8123)
Reference:
URL:http://www.iss.net/security_center/static/8123.php
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Name: CVE-2002-0257
Description:
Cross-site scripting vulnerability in auction.pl of
MakeBid Auction Deluxe 3.30 allows remote attackers to
obtain information from other users via the form fields
(1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5)
ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9)
ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13)
PHONE4.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020209 Account theft
vulnerability in MakeBid Auction Deluxe 3.30
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101328880521775&w=2
Reference:
CONFIRM:http://www.netcreations.addr.com/dcforum/DCForumID2/126.html
Reference: XF:makebid-description-css(8161)
Reference:
URL:http://www.iss.net/security_center/static/8161.php
Reference: BID:4069
Reference:
URL:http://www.securityfocus.com/bid/4069
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0258
Description:
Merak Mail IceWarp Web Mail uses a static identifier as
a user session ID that does not change across sessions,
which could allow remote attackers with access to the ID
to gain privileges as that user, e.g. by extracting the
ID from the user's answer or forward URLs.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020209 Security Issue in
Icewarp
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101328887821909&w=2
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Voter Comments:
CHANGE> [Frech changed vote from REVIEWING to MODIFY]
Frech> XF:icewarp-static-sessionid(9807)
Name: CVE-2002-0259
Description:
InstantServers MiniPortal 1.1.5 and earlier stores
sensitive login and account data in plaintext in (1)
.pwd files in the miniportal/apache directory, or (2)
mplog.txt, which could allow local users to gain
privileges.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020209 InstantServers
MiniPortal Multiple Vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101329397901071&w=2
Reference:
CONFIRM:http://www.instantservers.com/releases.html
Reference:
XF:miniportal-plaintext-information(8170)
Reference:
URL:http://www.iss.net/security_center/static/8170.php
Reference: BID:4076
Reference:
URL:http://www.securityfocus.com/bid/4076
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0260
Description:
Buffer overflow in InstantServers MiniPortal 1.1.5 and
earlier allows remote attackers to execute arbitrary
code via a long login name, which is not properly
handled by the logging utility.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020209 InstantServers
MiniPortal Multiple Vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101329397901071&w=2
Reference:
CONFIRM:http://www.instantservers.com/releases.html
Reference: BID:4073
Reference:
URL:http://www.securityfocus.com/bid/4073
Reference: XF:miniportal-ftp-login-bo(8172)
Reference:
URL:http://www.iss.net/security_center/static/8172.php
Votes:
ACCEPT(3) Cole, Armstrong, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0261
Description:
Directory traversal vulnerability in InstantServers
MiniPortal 1.1.5 and earlier allows remote authenticated
users to read arbitrary files via a ... (modified dot
dot) in the GET command.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020209 InstantServers
MiniPortal Multiple Vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101329397901071&w=2
Reference:
CONFIRM:http://www.instantservers.com/releases.html
Reference: BID:4075
Reference:
URL:http://www.securityfocus.com/bid/4075
Reference:
XF:miniportal-ftp-directory-traversal(8171)
Reference:
URL:http://www.iss.net/security_center/static/8171.php
Votes:
ACCEPT(3) Cole, Armstrong, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0262
Description:
Directory traversal vulnerability in netget for Sybex
E-Trainer web server allows remote attackers to read
arbitrary files via a .. (dot dot) in the file
parameter.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020210 Sybex E-Trainer
Directory Traversal Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101344812311216&w=2
Reference: BID:4071
Reference:
URL:http://www.securityfocus.com/bid/4071
Reference:
XF:sybex-etrainer-directory-traversal(8175)
Reference:
URL:http://www.iss.net/security_center/static/8175.php
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Name: CVE-2002-0263
Description:
Buffer overflow in EasyBoard 2000 1.27 (aka EZboard)
allows remote attackers to execute arbitrary code via a
long boundary value in a multipart Content-Type header
to (1) ezboard.cgi, (2) ezman.cgi, or (3) ezadmin.cgi.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020211 EasyBoard 2000 Remote
Buffer Overflow Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101345069220199&w=2
Reference: XF:ezboard-bbs-contenttype-bo(8162)
Reference:
URL:http://www.iss.net/security_center/static/8162.php
Reference: BID:4068
Reference:
URL:http://www.securityfocus.com/bid/4068
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Name: CVE-2002-0264
Description:
PowerFTP Personal FTP Server 2.03 through 2.10 stores
sensitive account information in plaintext in the
ftpserver.ini file, which allows attackers with access
to the file to gain privileges.
Status: Candidate
Phase: Modified (20050707)
Reference: BUGTRAQ:20020211 PowerFTP Personal FTP
Server Multiple Vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101361745222207&w=2
Reference: BID:4074
Reference:
URL:http://www.securityfocus.com/bid/4074
Reference:
XF:powerftp-ftpserver-ini-plaintext(8183)
Reference:
URL:http://www.iss.net/security_center/static/8183.php
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Voter Comments:
Frech> XF:powerftp-ftpserver-ini-plaintext(8183)
Name: CVE-2002-0266
Description:
Thunderstone Texis CGI script allows remote attackers to
obtain the full path of the web root via a request for a
nonexistent file, which generates an error message that
includes the full pathname.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020211 Re: texis(CGI) Path
Disclosure Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101346478229431&w=2
Reference: BUGTRAQ:20020206 texis(CGI) Path
Disclosure Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301228031165&w=2
Reference:
XF:texis-cgi-information-disclosure(8103)
Reference:
URL:http://www.iss.net/security_center/static/8103.php
Reference: BID:4035
Reference:
URL:http://www.securityfocus.com/bid/4035
Votes:
ACCEPT(3) Cole, Armstrong, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0268
Description:
Identix BioLogon 3 allows users with physical access to
the system to gain administrative privileges by using
CTRL-ALT-DEL and running a "Browse" function, which runs
Explorer with SYSTEM privileges.
Status: Candidate
Phase: Modified (20050707)
Reference: BUGTRAQ:20020212 Identix BioLogon 3
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101366270807034&w=2
Reference: BID:4101
Reference:
URL:http://www.securityfocus.com/bid/4101
Reference:
XF:biologon3-gina-bypass-authentication(8201)
Reference:
URL:http://www.iss.net/security_center/static/8201.php
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Voter Comments:
Frech> XF:biologon3-gina-bypass-authentication(8201)
CONFIRM:http://www.identix.com/support/sp_it.html
Name: CVE-2002-0269
Description:
Internet Explorer 5.x and 6 interprets an object as an
HTML document even when its MIME Content-Type is
text/plain, which could allow remote attackers to
execute arbitrary script in documents that the user does
not expect, possibly through web applications that use a
text/plain type to prevent cross-site scripting attacks.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020212 [GSA2002-01] Web
browsers ignore the Content-Type header, thus allowing
cross-site scripting
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363764421623&w=2
Votes:
MODIFY(1) Frech
NOOP(4) Foat, Cole, Armstrong, Cox
REVIEWING(1) Wall
Voter Comments:
Frech> XF:ie-opera-contenttype-css(8218)
Name: CVE-2002-0270
Description:
Opera, when configured with the "Determine action by
MIME type" option disabled, interprets an object as an
HTML document even when its MIME Content-Type is
text/plain, which could allow remote attackers to
execute arbitrary script in documents that the user does
not expect, possibly through web applications that use a
text/plain type to prevent cross-site scripting attacks.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020212 [GSA2002-01] Web
browsers ignore the Content-Type header, thus allowing
cross-site scripting
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363764421623&w=2
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Cox, Christey
REJECT(1) Armstrong
Voter Comments:
Frech> XF:ie-opera-contenttype-css(8218)
Christey> BID:4098
URL:http://www.securityfocus.com/bid/4098
Name: CVE-2002-0271
Description:
Runtime library in GNU Ada compiler (GNAT) 3.12p through
3.14p allows local users to modify files of other users
via a symlink attack on temporary files.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020212 RUS-CERT Advisory
2002-02:01: Temporary file handling in GNAT
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101353440624007&w=2
Reference: BID:4086
Reference:
URL:http://www.securityfocus.com/bid/4086
Votes:
ACCEPT(1) Cox
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cole, Armstrong
Voter Comments:
CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
Frech> XF:gnat-temp-symlink(8178)
Name: CVE-2002-0272
Description:
Buffer overflows in mpg321 before 0.2.9 allows local and
possibly remote attackers to execute arbitrary code via
a long URL to (1) a command line option, (2) an HTTP
request, or (3) an FTP request.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020213 Re: mpg321
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101366518310823&w=2
Reference: VULN-DEV:20020212 mpg321
Reference:
URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101355590918475&w=2
Reference:
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=79237
Reference: BID:4091
Reference:
URL:http://www.securityfocus.com/bid/4091
Votes:
ACCEPT(2) Cole, Armstrong
MODIFY(2) Frech, Cox
NOOP(3) Wall, Foat, Christey
Voter Comments:
Cox> "possibly" is vague. It can be exploited by remote attackers
if doing network streaming.
Christey> REDHAT:RHSA-2002:078
CHANGE> [Frech changed vote from REVIEWING to MODIFY]
Frech> XF:mpg321-long-filename-bo(10032)
Name: CVE-2002-0273
Description:
Buffer overflow in CWMail.exe in NetWin before 2.8a
allows remote authenticated users to execute arbitrary
code via a long item parameter.
Status: Candidate
Phase: Modified (20050707)
Reference: BUGTRAQ:20020213 NetWin CWMail.exe
Buffer Overflow
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101362100602008&w=2
Reference: BID:4093
Reference:
URL:http://www.securityfocus.com/bid/4093
Reference: XF:cwmail-item-bo(8185)
Reference:
URL:http://www.iss.net/security_center/static/8185.php
Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Voter Comments:
Frech> XF:cwmail-item-bo(8185)
Name: CVE-2002-0277
Description:
Add2it Mailman Free 1.73 and earlier allows remote
attackers to execute arbitrary commands via shell
metacharacters in the list parameter.
Status: Candidate
Phase: Modified (20050707)
Reference: BUGTRAQ:20020214 Add2it Mailman
command execution
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101371994219708&w=2
Reference:
CONFIRM:http://www.add2it.com/scripts/mailman-free-history.shtml
Reference: BID:4105
Reference:
URL:http://www.securityfocus.com/bid/4105
Reference: XF:mailman-open-execute-commands(8202)
Reference:
URL:http://www.iss.net/security_center/static/8202.php
Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Voter Comments:
Frech> XF:mailman-open-execute-commands(8202)
Name: CVE-2002-0278
Description:
Directory traversal vulnerability in Add2it Mailman Free
1.73 and earlier allows remote attackers to modify
arbitrary files via a .. (dot dot) in the list
parameter.
Status: Candidate
Phase: Modified (20050707)
Reference: BUGTRAQ:20020214 Add2it Mailman
command execution
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101371994219708&w=2
Reference:
CONFIRM:http://www.add2it.com/scripts/mailman-free-history.shtml
Reference: XF:mailman-open-execute-commands(8202)
Reference:
URL:http://www.iss.net/security_center/static/8202.php
Votes:
ACCEPT(2) Cole, Armstrong
MODIFY(1) Frech
NOOP(3) Wall, Foat, Cox
Voter Comments:
CHANGE> [Frech changed vote from REVIEWING to MODIFY]
Frech> XF:mailman-open-directory-traversal(8202)
Name: CVE-2002-0279
Description:
The kernel in HP-UX 11.11 does not properly provide
arguments for setrlimit, which could allow local
attackers to cause a denial of service (kernel panic)
and possibly gain privileges.
Status: Candidate
Phase: Modified (20050703)
Reference: HP:HPSBUX0202-183
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101372194225046&w=2
Reference: CERT-VN:VU#726187
Reference:
URL:http://www.kb.cert.org/vuls/id/726187
Reference: BID:4094
Reference:
URL:http://www.securityfocus.com/bid/4094
Reference: XF:hpux-setrlimit-kernel-panic(8195)
Reference:
URL:http://www.iss.net/security_center/static/8195.php
Votes:
ACCEPT(2) Cole, Armstrong
MODIFY(1) Frech
NOOP(3) Wall, Foat, Cox
Voter Comments:
Frech> XF:hp-setrlimit-kernel-panic(8195)
Name: CVE-2002-0280
Description:
Buffer overflow in CodeBlue 4 and earlier, and possibly
other versions, allows remote attackers to execute
arbitrary code via a long string in an SMTP reply.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020215 codeblue remote root
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101392671306875&w=2
Reference:
MISC:http://freshmeat.net/releases/71514/
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Voter Comments:
Frech> May have been 'rediscovered' by VulnWatch Mailing List, Wed
Jul 24 2002 - 11:05:00 CDT, "Remote hole in Codeblue log scanner" at
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0037.html.
If these are the same issue, then v5 also contains this security
issue.
Name: CVE-2002-0281
Description:
Cross-site scripting vulnerability in DCP-Portal 4.2 and
earlier allows remote attackers to gain privileges of
other portal users by providing Javascript in the job
information field to user_update.php.
Status: Candidate
Phase: Modified (20050710)
Reference: BUGTRAQ:20020215 [ARL02-A03]
DCP-Portal Cross Site Scripting Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101379217032525&w=2
Reference:
MISC:http://www.dcp-portal.com/contents.php?id=18
Reference: BID:4112
Reference:
URL:http://www.securityfocus.com/bid/4112
Reference: XF:dcpportal-userupdate-css(8197)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8197
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Voter Comments:
Frech> XF:dcpportal-userupdate-css(8197)
Name: CVE-2002-0282
Description:
DCP-Portal 3.7 through 4.5 allows remote attackers to
obtain the physical path of the server via (1) a direct
request to add_user.php, or via an invalid new_language
parameter in (2) contents.php, (3) categories.php, or
(4) files.php, which leaks the path in an error message.
Status: Candidate
Phase: Modified (20050710)
Reference: BUGTRAQ:20020228 [ARL02-A04]
DCP-Portal System Information Path Disclosure
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494497608620&w=2
Reference: BUGTRAQ:20020215 [ARL02-A02]
DCP-Portal Root Path Disclosure Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101379160830631&w=2
Reference:
CONFIRM:http://www.dcp-portal.com/files.php?action=viewcat&fcat_id=1
Reference: BID:4113
Reference:
URL:http://www.securityfocus.com/bid/4113
Reference:
XF:dcpportal-adduser-path-disclosure(8196)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8196
Reference:
XF:dcpportal-language-path-disclosure(8310)
Reference:
URL:http://www.iss.net/security_center/static/8310.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0283
Description:
Windows XP with port 445 open allows remote attackers to
cause a denial of service (CPU consumption) via a flood
of TCP SYN packets containing possibly malformed data.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020215 Windows XP Remote DOS
attacks with SYN Flag. Make CPU 100%
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101408718030099&w=2
Votes:
MODIFY(1) Frech
NOOP(4) Foat, Cole, Armstrong, Cox
REVIEWING(1) Wall
Voter Comments:
Frech> XF:winxp-cifs-dos(8209)
Name: CVE-2002-0284
Description:
Winamp 2.78 and 2.77, when opening a wma file that
requires a license, sends the full path of the Temporary
Internet Files directory to the web page that is
processing the license, which could allow malicious web
servers to obtain the pathname.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020215 winamp and wma Song
Licenses
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101408781031527&w=2
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Voter Comments:
CHANGE> [Frech changed vote from REVIEWING to MODIFY]
Frech> XF:winamp-wma-pathname-disclosure(10030)
Name: CVE-2002-0285
Description:
Outlook Express 5.5 and 6.0 on Windows treats a carriage
return ("CR") in a message header as if it were a valid
carriage return/line feed combination (CR/LF), which
could allow remote attackers to bypass virus protection
and or other filtering mechanisms via a mail message
with headers that only contain the CR, which causes
Outlook to create separate headers.
Status: Candidate
Phase: Modified (20050707)
Reference: BUGTRAQ:20020212 Outlook will see
non-existing attachments
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101362077701164&w=2
Reference: BID:4092
Reference:
URL:http://www.securityfocus.com/bid/4092
Reference: XF:outlook-express-return-bypass(8198)
Reference:
URL:http://www.iss.net/security_center/static/8198.php
Votes:
MODIFY(1) Frech
NOOP(4) Foat, Cole, Armstrong, Cox
REVIEWING(1) Wall
Voter Comments:
Frech> XF:outlook-express-return-bypass(8198)
Name: CVE-2002-0286
Description:
The GetPassword function in function.php of SiteNews
0.10 and 0.11 allows remote attackers to gain privileges
and add users by providing a non-existent user name and
the MD5 checksum for an empty password to add_user.php,
which causes GetPassword to produce and compare a blank
password for the non-existent user.
Status: Candidate
Phase: Modified (20050526)
Reference: BUGTRAQ:20020216 SiteNews remote add
user exploit
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101388393808699&w=2
Reference: BID:4046
Reference:
URL:http://www.securityfocus.com/bid/4046
Reference:
XF:sitenews-getpassword-add-users(8181)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8181
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Voter Comments:
Frech> XF:sitenews-getpassword-add-users(8181)
CONFIRM:http://www.securitytracker.com/alerts/2002/Feb/100349
8.html
Name: CVE-2002-0288
Description:
Directory traversal vulnerability in Phusion web server
1.0 allows remote attackers to read arbitrary files via
a ... (triple dot dot) in the HTTP request.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020217
Phusion-Webserver-v1.0-Bugs&Exploits-Remotes
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101408906001958&w=2
Reference: BID:4117
Reference:
URL:http://www.securityfocus.com/bid/4117
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Voter Comments:
Frech> XF:phusion-dot-directoy-traversal(8212)
Name: CVE-2002-0289
Description:
Buffer overflow in Phusion web server 1.0 allows remote
attackers to cause a denial of service and execute
arbitrary code via a long HTTP request.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020217
Phusion-Webserver-v1.0-Bugs&Exploits-Remotes
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101408906001958&w=2
Reference: BID:4118
Reference:
URL:http://www.securityfocus.com/bid/4118
Reference: BID:4119
Reference:
URL:http://www.securityfocus.com/bid/4119
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Voter Comments:
Frech> XF:phusion-get-bo(8215)
XF:phusion-long-url-dos(8213)
Name: CVE-2002-0291
Description:
Dino's Webserver 1.2 allows remote attackers to cause a
denial of service (CPU consumption) and possibly execute
arbitrary code via several large HTTP requests within a
short time.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020218 Dino's Webserver v1.2
DoS, possible overflow
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101415416513746&w=2
Reference: XF:dino-log-tag-bo(8233)
Reference:
URL:http://www.iss.net/security_center/static/8233.php
Reference: BID:4123
Reference:
URL:http://www.securityfocus.com/bid/4123
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Name: CVE-2002-0293
Description:
FTP service in Alcatel OmniPCX 4400 allows the "halt"
user to gain root privileges by modifying root's
.profile file.
Status: Candidate
Phase: Modified (20050527)
Reference: BUGTRAQ:20020219 Security BugWare :
Alcatel 4400 PBX hack
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101413767925869&w=2
Reference: XF:omnipcx-ftp-root-access(8225)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8225
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Cox, Christey
Voter Comments:
Frech> XF:omnipcx-ftp-root-access(8225)
Christey> Acknowledged by Alcatel via email October 4, 2002
Name: CVE-2002-0294
Description:
Alcatel 4400 installs the /chetc/shutdown command with
setgid privileges, which allows many different local
users to shut down the system.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020219 Security BugWare :
Alcatel 4400 PBX hack
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101413767925869&w=2
Reference: BID:4130
Reference:
URL:http://www.securityfocus.com/bid/4130
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Cox, Christey
Voter Comments:
Frech> XF:omnipcx-shutdown-permissions(8226)
REASON: LIKELY
Christey> Acknowledged by Alcatel via email October 4, 2002
Name: CVE-2002-0295
Description:
Alcatel OmniPCX 4400 installs files with world-writable
permissions, which allows local users to reconfigure the
system and possibly gain privileges.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020219 Security BugWare :
Alcatel 4400 PBX hack
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101413767925869&w=2
Reference: BID:4133
Reference:
URL:http://www.securityfocus.com/bid/4133
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Cox, Christey
Voter Comments:
Frech> XF:omnipcx-insecure-groups(8227)
REASON: LIKELY
Christey> Acknowledged by Alcatel via email October 4, 2002
Name: CVE-2002-0296
Description:
The installation of Tarantella Enterprise 3 allows local
users to overwrite arbitrary files via a symlink attack
on the "spinning" temporary file.
Status: Candidate
Phase: Modified (20050527)
Reference: BUGTRAQ:20020219 Another local root
vulnerability during installation of Tarantella
Enterprise 3.
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0187.html
Reference: BUGTRAQ:20020224 Exploit for
Tarantella Enterprise installation (bid 4115)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101467193803592&w=2
Reference: BID:4115
Reference:
URL:http://www.securityfocus.com/bid/4115
Reference:
XF:tarantella-tmp-spinning-symlink(8223)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8223
Votes:
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Frech> XF:tarantella-tmp-spinning-symlink(8223)
Name: CVE-2002-0297
Description:
Buffer overflow in ScriptEase MiniWeb Server 0.95 allows
remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a long URL in an
HTTP request.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020219 ScriptEase MiniWeb
Server DoS Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101415883727615&w=2
Reference: BID:4128
Reference:
URL:http://www.securityfocus.com/bid/4128
Votes:
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Frech> XF:scriptease-long-http-dos(8236)
Name: CVE-2002-0298
Description:
ScriptEase MiniWeb Server 0.95 allows remote attackers
to cause a denial of service (crash) via certain HTTP
GET requests containing (1) a %2e%2e (encoded dot-dot),
(2) several /../ (dot dot) sequences, (3) a missing URI,
or (4) several ../ in a URI that does not begin with a /
(slash) character.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020219 Four More ScriptEase
MiniWeb Server v0.95 DoS Attacks
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424439220931&w=2
Reference: BID:4145
Reference:
URL:http://www.securityfocus.com/bid/4145
Votes:
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Frech> XF:scriptease-get-dos(8250)
Name: CVE-2002-0301
Description:
Citrix NFuse 1.6 allows remote attackers to bypass
authentication and obtain sensitive information by
directly calling launch.asp with invalid NFUSE_USER and
NFUSE_PASSWORD parameters.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020220 Re: Citrix NFuse 1.6
- additional network exposure
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424947801895&w=2
Reference: BID:4142
Reference:
URL:http://www.securityfocus.com/bid/4142
Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cox, Christey
Voter Comments:
Christey> XF:nfuse-user-information-disclosure(8257)
URL:http://www.iss.net/security_center/static/8257.php
Frech> XF:nfuse-user-information-disclosure(8257)
Name: CVE-2002-0303
Description:
GroupWise 6, when using LDAP authentication and when
Post Office has a blank username and password, allows
attackers to gain privileges of other users by logging
in without a password.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020220 Security issue with
GroupWise 6 and LDAP authentication in PostOffice
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101425369510983&w=2
Reference: BID:4154
Reference:
URL:http://www.securityfocus.com/bid/4154
Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(3) Wall, Foat, Cox
Voter Comments:
Frech> XF:groupwise-ldap-blank-password(8244)
Name: CVE-2002-0304
Description:
Lil HTTP Server 2.1 allows remote attackers to read
password-protected files via a /./ in the HTTP request.
Status: Candidate
Phase: Modified (20050705)
Reference: BUGTRAQ:20020220 SecurityOffice
Security Advisory:// LilHTTP Web Server Protected File
Access Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101432338000591&w=2
Reference: BUGTRAQ:20020320 LilHTTP Web Server
Protected File Access Vulnerability (Solution)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101665069500433&w=2
Reference:
MISC:http://www.summitcn.com/lilhttp/lildocs.html#WhatsNew
Reference: BID:4153
Reference:
URL:http://www.securityfocus.com/bid/4153
Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cox, Christey
Voter Comments:
Christey> VULNWATCH:20020222 [VulnWatch] SecurityOffice Security Advisories: Essentia and LilHTTP web servers
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0051.html
XF:lilhttp-protected-file-access(8247)
URL:http://www.iss.net/security_center/static/8247.php
BID:4153
URL:http://www.securityfocus.com/bid/4153
Frech> XF:lilhttp-protected-file-access(8247)
Name: CVE-2002-0305
Description:
Zero One Tech (ZOT) P100s print server does not properly
disable the SNMP service or change the default password,
which could leave the server open to attack without the
administrator's knowledge.
Status: Candidate
Phase: Modified (20050528)
Reference: BUGTRAQ:20020221 Zero One Tech (ZOT)
P100s PrintServer and SNMP
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101432416503293&w=2
Reference: BID:4155
Reference:
URL:http://www.securityfocus.com/bid/4155
Reference: XF:zot-default-snmp-string(8270)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8270
Votes:
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Frech> XF:zot-default-snmp-string(8270)
Name: CVE-2002-0306
Description:
ans.pl in Avenger's News System (ANS) 2.11 and earlier
allows remote attackers to execute arbitrary commands
via shell metacharacters in the p (plugin) parameter.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020221 "Cthulhu xhAze" -
Command execution in Ans.pl
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101430868616112&w=2
Reference: BID:4149
Reference:
URL:http://www.securityfocus.com/bid/4149
Votes:
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Frech> XF:ans-plugin-execute-commands(8256)
Name: CVE-2002-0307
Description:
Directory traversal vulnerability in ans.pl in Avenger's
News System (ANS) 2.11 and earlier allows remote
attackers to determine the existence of arbitrary files
or execute any Perl program on the system via a .. (dot
dot) in the p parameter, which reads the target file and
attempts to execute the line using Perl's eval function.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020221 "Cthulhu xhAze" -
Command execution in Ans.pl
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101430868616112&w=2
Reference: BID:4147
Reference:
URL:http://www.securityfocus.com/bid/4147
Votes:
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Frech> XF:ans-plugin-execute-commands(8256)
Name: CVE-2002-0308
Description:
admin.asp in AdMentor 2.11 allows remote attackers to
bypass authentication and gain privileges via a SQL
injection attack on the Login and Password arguments.
Status: Candidate
Phase: Modified (20050527)
Reference: BUGTRAQ:20020221 AdMentor Login Flaw
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101430885516675&w=2
Reference: BID:4152
Reference:
URL:http://www.securityfocus.com/bid/4152
Reference: XF:admentor-asp-gain-access(8245)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8245
Votes:
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Frech> XF:admentor-asp-gain-access(8245)
Name: CVE-2002-0310
Description:
Netwin WebNews 1.1k CGI program includes several default
usernames and cleartext passwords that cannot be deleted
by the administrator, which allows remote attackers to
gain privileges via the username/password combinations
(1) testweb/newstest, (2) alwn3845/imaptest, (3)
alwi3845/wtest3452, or (4) testweb2/wtest4879.
Status: Candidate
Phase: Modified (20050527)
Reference: BUGTRAQ:20020221 Netwin Webnews 1.1k
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101432236729631&w=2
Reference: BID:4156
Reference:
URL:http://www.securityfocus.com/bid/4156
Reference: XF:webnews-cgi-default-accounts(8255)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8255
Votes:
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Frech> XF:webnews-cgi-default-accounts(8255)
Name: CVE-2002-0311
Description:
Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX
8.0.0 allows local and possibly remote attackers to gain
root privileges via shell metacharacters in the -c
argument for (1) in scoadminreg.cgi or (2)
service_action.cgi.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020120 Unixware 7.1.1
scoadminreg.cgi local exploit
Reference:
URL:http://online.securityfocus.com/archive/1/251747
Reference: CALDERA:CSSA-2002-SCO.6
Reference:
URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.6/CSSA-2002-SCO.6.txt
Reference: BID:3936
Reference:
URL:http://www.securityfocus.com/bid/3936
Reference:
XF:unixware-webtop-execute-commands(7977)
Reference:
URL:http://www.iss.net/security_center/static/7977.php
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0312
Description:
Directory traversal vulnerability in Essentia Web Server
2.1 allows remote attackers to read arbitrary files via
a .. (dot dot) in a URL.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020226 SecurityOffice
Security Advisory:// Essentia Web Server Vulnerabilities
(Vendor Patch)
Reference:
URL:http://online.securityfocus.com/archive/1/258365
Reference: NTBUGTRAQ:20020222 SecurityOffice
Security Advisory:// Essentia Web Server Vulnerabilities
(Vendor Patch)
Reference:
URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0202&L=ntbugtraq&F=P&S=&P=10201
Reference: BUGTRAQ:20020221 SecurityOffice
Security Advisory:// Essentia Web Server Directory
Traversal Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101439734827908&w=2
Reference:
XF:essentia-server-directory-traversal(8248)
Reference:
URL:http://www.iss.net/security_center/static/8248.php
Reference: BID:4160
Reference:
URL:http://www.securityfocus.com/bid/4160
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0314
Description:
fasttrack p2p, as used in (1) KaZaA before 1.5, (2)
grokster, and (3) morpheus allows remote attackers to
cause a denial of service (memory exhaustion) via a
series of client-to-client messages, which pops up new
windows per message.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020222 Morpheus, Kazaa and
Grokster Remote DoS. Also Identity faking vulnerability.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101441689224760&w=2
Reference: BID:4122
Reference:
URL:http://www.securityfocus.com/bid/4122
Reference: XF:fasttrack-message-service-dos(8273)
Reference:
URL:http://www.iss.net/security_center/static/8273.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0315
Description:
fasttrack p2p, as used in (1) KaZaA, (2) grokster, and
(3) morpheus allows remote attackers to spoof other
users by modifying the username and network information
in the message header.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020222 Morpheus, Kazaa and
Grokster Remote DoS. Also Identity faking vulnerability.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101441689224760&w=2
Reference:
XF:fasttrack-message-service-spoof(8272)
Reference:
URL:http://www.iss.net/security_center/static/8272.php
Reference: BID:4121
Reference:
URL:http://www.securityfocus.com/bid/4121
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0316
Description:
Cross-site scripting vulnerability in eXtreme message
board (XMB) 1.6x and earlier allows remote attackers to
execute script as other XMB users by inserting the
script into an IMG tag.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020222 XMB cross-scripting
vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101447886404876&w=2
Reference: XF:xmb-php-css(8262)
Reference:
URL:http://www.iss.net/security_center/static/8262.php
Reference: BID:4167
Reference:
URL:http://www.securityfocus.com/bid/4167
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0317
Description:
Gator ActiveX component (IEGator.dll) 3.0.6.1 allows
remote web sites to install arbitrary software by
specifying a Trojan Gator installation file (setup.ex_)
in the src parameter.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020220 Gator installer
Plugin allows any software to be installed
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101438671922874&w=2
Reference: MISC:http://www.gator.com/update/
Reference: XF:gator-activex-install(8266)
Reference:
URL:http://www.iss.net/security_center/static/8266.php
Reference: BID:4161
Reference:
URL:http://www.securityfocus.com/bid/4161
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0319
Description:
Cross-site scripting vulnerability in edituser.php for
pforum 1.14 and earlier allows remote attackers to
execute script and steal cookies from other users via
Javascript in a username.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020222 pforum:
cross-site-scripting bug
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101446366708757&w=2
Reference: BID:4165
Reference:
URL:http://www.securityfocus.com/bid/4165
Reference: XF:pforum-username-css(8263)
Reference:
URL:http://www.iss.net/security_center/static/8263.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0320
Description:
Buffer overflow in Yahoo! Messenger 5.0 allows remote
attackers to cause a denial of service and possibly
execute arbitrary code via a long (1) message or (2)
IMvironment field.
Status: Candidate
Phase: Modified (20050528)
Reference: BUGTRAQ:20020221 Remote crashes in
Yahoo messenger
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101439616623230&w=2
Reference: CERT:CA-2002-16
Reference:
URL:http://www.cert.org/advisories/CA-2002-16.html
Reference: CERT-VN:VU#419419
Reference:
URL:http://www.kb.cert.org/vuls/id/419419
Reference: CERT-VN:VU#887319
Reference:
URL:http://www.kb.cert.org/vuls/id/887319
Reference: XF:yahoo-messenger-message-bo(8264)
Reference:
URL:http://www.iss.net/security_center/static/8264.php
Reference:
XF:yahoo-messenger-imvironment-bo(8265)
Reference:
URL:http://www.iss.net/security_center/static/8265.php
Reference: BID:4162
Reference:
URL:http://www.securityfocus.com/bid/4162
Reference: BID:4163
Reference:
URL:http://www.securityfocus.com/bid/4163
Votes:
ACCEPT(2) Cole, Frech
NOOP(2) Foat, Cox
REVIEWING(1) Wall
Name: CVE-2002-0321
Description:
Yahoo! Messenger 5.0 allows remote attackers to spoof
other users by modifying the username and using the
spoofed username for social engineering or denial of
service (flooding) attacks.
Status: Candidate
Phase: Modified (20050528)
Reference: BUGTRAQ:20020221 Remote crashes in
Yahoo messenger
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101439616623230&w=2
Reference: CERT:CA-2002-16
Reference:
URL:http://www.cert.org/advisories/CA-2002-16.html
Reference: CERT-VN:VU#952875
Reference:
URL:http://www.kb.cert.org/vuls/id/952875
Reference:
XF:yahoo-messenger-username-spoof(8267)
Reference:
URL:http://www.iss.net/security_center/static/8267.php
Reference: BID:4164
Reference:
URL:http://www.securityfocus.com/bid/4164
Votes:
ACCEPT(2) Cole, Frech
NOOP(2) Foat, Cox
REVIEWING(1) Wall
Name: CVE-2002-0322
Description:
Yahoo! Messenger 4.0 sends user passwords in cleartext,
which could allow remote attackers to gain privileges of
other users via sniffing.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020223 Re: Remote crashes in
Yahoo messenger
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101466489113920&w=2
Reference: BUGTRAQ:20020223 Re: Re: Remote
crashes in Yahoo messenger
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101467298107635&w=2
Reference: BID:4173
Reference:
URL:http://www.securityfocus.com/bid/4173
Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(2) Foat, Cox
REVIEWING(1) Wall
Voter Comments:
Frech> XF:yahooim-plaintext-password(5943)
Name: CVE-2002-0323
Description:
comment2.jse in ScriptEase:WebServer allows remote
attackers to read arbitrary files by specifying the
target file as an argument in the URL.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020224 ScriptEase:WebServer
Edition vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101465709621105&w=2
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Cox, Christey
Voter Comments:
Frech> XF:netware-webserver-directory-traversal(7726)
Christey> Need to investigate why some information sources are combining
this with a Novell web server viewcode.asp issue (e.g. the ISS
reference).
Consider BID:3715
Name: CVE-2002-0324
Description:
Greymatter 1.21c and earlier with the Bookmarklet
feature enabled allows remote attackers to read a
cleartext password and gain administrative privileges by
guessing the name of a gmrightclick-*.reg file which
contains the administrator name and password in
cleartext, then retrieving the file from the web server
before the Greymatter administrator performs a "Clear
And Exit" action.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020224 Greymatter 1.21c and
earlier - remote login/pass exposure
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101465343308249&w=2
Reference:
MISC:http://www.dangerousmonkey.com/dangblog/dangarch/00000051.htm
Reference:
XF:greymatter-gmrightclick-account-information(8277)
Reference:
URL:http://www.iss.net/security_center/static/8277.php
Reference: BID:4169
Reference:
URL:http://www.securityfocus.com/bid/4169
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0325
Description:
Directory traversal vulnerability in BadBlue before
1.6.1 allows remote attackers to read arbitrary files
via a ... (modified dot dot) in the URL.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020226 BadBlue Yet Another
Directory Traversal
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101474689126219&w=2
Reference: BID:4179
Reference:
URL:http://www.securityfocus.com/bid/4179
Reference:
XF:badblue-dotdotdot-directory-traversal(8295)
Reference:
URL:http://www.iss.net/security_center/static/8295.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0326
Description:
Cross-site scripting vulnerability in BadBlue before
1.6.1 beta allows remote attackers to execute arbitrary
script and possibly additional commands via a URL that
contains Javascript.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020226 BadBlue XSS
vulnerabilities / Filesharing Server Worm
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101474387016066&w=2
Reference: BID:4180
Reference:
URL:http://www.securityfocus.com/bid/4180
Reference: XF:badblue-url-css(8294)
Reference:
URL:http://www.iss.net/security_center/static/8294.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0327
Description:
Buffer overflow in Century Software TERM allows local
users to gain root privileges via a long tty argument to
the callin program.
Status: Candidate
Phase: Proposed (20020502)
Reference: VULN-DEV:20020222 Censoft TERM Emu bOf
Reference:
URL:http://online.securityfocus.com/archive/82/257731
Reference: BUGTRAQ:20020227 Century Software Term
Exploit
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101477608215471&w=2
Reference: XF:term-tty-bo(8291)
Reference:
URL:http://www.iss.net/security_center/static/8291.php
Reference: BID:4174
Reference:
URL:http://www.securityfocus.com/bid/4174
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0328
Description:
Cross-site scripting vulnerability in Ikonboard 3.0.1
allows remote attackers to execute arbitrary script as
other Ikonboard users and steal cookies via Javascript
in an IMG tag.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020226 Re: Open Bulletin
Board javascript bug.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101475420818274&w=2
Reference: BID:4182
Reference:
URL:http://www.securityfocus.com/bid/4182
Votes:
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Frech> XF:ikonboard-img-css(7460)
Name: CVE-2002-0331
Description:
Directory traversal vulnerability in the HTTP server for
BPM Studio Pro 4.2 allows remote attackers to read
arbitrary files via a .. (dot dot) in the HTTP request.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020227 BPM STUDIO PRO 4.2
DIRECTORY ESCAPE VULNERABILITY
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101486044323352&w=2
Reference: XF:bpm-http-directory-traversal(8300)
Reference:
URL:http://www.iss.net/security_center/static/8300.php
Reference: BID:4198
Reference:
URL:http://www.securityfocus.com/bid/4198
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0332
Description:
Buffer overflows in xtell (xtelld) 1.91.1 and earlier,
and 2.x before 2.7, allows remote attackers to execute
arbitrary code via (1) a long DNS hostname that is
determined using reverse DNS lookups, (2) a long AUTH
string, or (3) certain data in the xtell request.
Status: Candidate
Phase: Modified (20020817-01)
Reference: BUGTRAQ:20020227 Remote exploit
against xtelld and other fun
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494896516467&w=2
Reference: DEBIAN:DSA-121
Reference:
URL:http://www.debian.org/security/2002/dsa-121
Reference: BID:4193
Reference:
URL:http://www.securityfocus.com/bid/4193
Reference: XF:xtell-bo(8312)
Reference:
URL:http://www.iss.net/security_center/static/8312.php
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(4) Wall, Foat, Cox, Christey
Voter Comments:
Christey> DELREF XF:xtell-tty-directory-traversal(8313)
ADDREF XF:xtell-bo(8312)
Name: CVE-2002-0333
Description:
Directory traversal vulnerability in xtell (xtelld)
1.91.1 and earlier, and 2.x before 2.7, allows remote
attackers to read files with short names, and local
users to read more files using a symlink with a short
name, via a .. in the TTY argument.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020227 Remote exploit
against xtelld and other fun
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494896516467&w=2
Reference: DEBIAN:DSA-121
Reference:
URL:http://www.debian.org/security/2002/dsa-121
Reference: BID:4194
Reference:
URL:http://www.securityfocus.com/bid/4194
Reference: XF:xtell-tty-directory-traversal(8313)
Reference:
URL:http://www.iss.net/security_center/static/8313.php
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0334
Description:
xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7,
allows local users to modify files via a symlink attack
on the .xtell-log file.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020227 Remote exploit
against xtelld and other fun
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494896516467&w=2
Reference: DEBIAN:DSA-121
Reference:
URL:http://www.debian.org/security/2002/dsa-121
Reference: BID:4197
Reference:
URL:http://www.securityfocus.com/bid/4197
Reference: XF:xtell-log-symlink(8314)
Reference:
URL:http://www.iss.net/security_center/static/8314.php
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0335
Description:
Buffer overflow in Galacticomm Worldgroup web server
3.20 and earlier allows remote attackers to cause a
denial of service, and possibly execute arbitrary code,
via a long HTTP GET request.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020227 LBYTE&SECURITY.NNOV:
Buffer overflows in Worldgroup
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101484128203523&w=2
Reference: BID:4186
Reference:
URL:http://www.securityfocus.com/bid/4186
Reference: XF:worldgroup-http-get-bo(8298)
Reference:
URL:http://www.iss.net/security_center/static/8298.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0336
Description:
Buffer overflow in Galacticomm Worldgroup FTP server
3.20 and earlier allows remote attackers to cause a
denial of service, and possibly execute arbitrary code,
via a LIST command containing a large number of /
(slash), * (wildcard), and .. characters.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020227 LBYTE&SECURITY.NNOV:
Buffer overflows in Worldgroup
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101484128203523&w=2
Reference: XF:worldgroup-ftp-list-bo(8297)
Reference:
URL:http://www.iss.net/security_center/static/8297.php
Reference: BID:4185
Reference:
URL:http://www.securityfocus.com/bid/4185
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0337
Description:
RealPlayer 8 allows remote attackers to cause a denial
of service (CPU utilization) via malformed .mp3 files.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020227 2K, with RealPlayer
Installed 100 % CPU utilization
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101495354424868&w=2
Reference: XF:realplayer-mp3-invalid-dos(8320)
Reference:
URL:http://www.iss.net/security_center/static/8320.php
Reference: BID:4200
Reference:
URL:http://www.securityfocus.com/bid/4200
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0338
Description:
The Bat! 1.53d and 1.54beta, and possibly other
versions, allows remote attackers to cause a denial of
service (crash) via an attachment whose name includes an
MS-DOS device name.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020227 SECURITY.NNOV:
Special device access in The Bat!
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101483832026841&w=2
Reference: BID:4187
Reference:
URL:http://www.securityfocus.com/bid/4187
Reference: XF:thebat-msdos-device-dos(8303)
Reference:
URL:http://www.iss.net/security_center/static/8303.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0340
Description:
Windows Media Player (WMP) 8.00.00.4477, and possibly
other versions, automatically detects and executes .wmf
and other content, even when the file's extension or
content type does not specify .wmf, which could make it
easier for attackers to conduct unauthorized activities
via Trojan horse files containing .wmf content.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020222 Windows Media Player
executes WMF content in .MP3 files.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101447771102582&w=2
Votes:
MODIFY(1) Frech
NOOP(3) Foat, Cole, Cox
REVIEWING(1) Wall
Voter Comments:
CHANGE> [Frech changed vote from REVIEWING to MODIFY]
Frech> XF:mediaplayer-wmf-file-spoof(9971)
Name: CVE-2002-0341
Description:
GWWEB.EXE in GroupWise Web Access 5.5, and possibly
other versions, allows remote attackers to determine the
full pathname of the web server via an HTTP request with
an invalid HTMLVER parameter.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020227 SecurityOffice
Security Advisory:// Novell GroupWise Web Access Path
Disclosure Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494830315071&w=2
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Cox, Christey
Voter Comments:
Frech> XF:groupwise-arg-path-disclosure(8311)
Christey> Desc: "... which leaks the pathname in an error message."
Name: CVE-2002-0342
Description:
Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause
a denial of service (crash) via an email message whose
body is approximately 55 K long.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020226 BUG: Kmail client DoS
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101475683425671&w=2
Reference: XF:kmail-message-body-dos(8283)
Reference:
URL:http://www.iss.net/security_center/static/8283.php
Reference: BID:4177
Reference:
URL:http://www.securityfocus.com/bid/4177
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0343
Description:
Hotline Client 1.8.5 stores sensitive user information,
including passwords, in plaintext in the bookmarks file,
which could allow local users with access to the
bookmarks file to gain privileges by extracting the
passwords.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020228 Hotline Client Plain
password vuln.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101495128121299&w=2
Reference:
XF:hotline-connect-plaintext-password(8327)
Reference:
URL:http://www.iss.net/security_center/static/8327.php
Reference: BID:4210
Reference:
URL:http://www.securityfocus.com/bid/4210
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0344
Description:
Symantec LiveUpdate 1.5 and earlier in Norton Antivirus
stores usernames and passwords for a local LiveUpdate
server in cleartext in the registry, which may allow
remote attackers to impersonate the LiveUpdate server.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020225 Symantec LiveUpdate
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101466781122312&w=2
Reference: BUGTRAQ:20020228 Re: "Javier Sanchez"
jsanchez157@hotmail.com 02/25/2002 11:14 AM, Symantec
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101496301307285&w=2
Reference: BID:4170
Reference:
URL:http://www.securityfocus.com/bid/4170
Reference:
XF:nav-liveupdate-plaintext-account(8282)
Reference:
URL:http://www.iss.net/security_center/static/8282.php
Votes:
ACCEPT(4) Prosser, Baker, Cole, Frech
NOOP(3) Wall, Foat, Cox
Voter Comments:
Prosser> http://securityresponse.symantec.com/avcenter/security/Content/2002.02.28a.html
Name: CVE-2002-0345
Description:
Symantec Ghost 7.0 stores usernames and passwords in
plaintext in the NGServer\params registry key, which
could allow an attacker to gain privileges.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020301 Re: "Peter Miller"
pcmiller61@yahoo.com, 02/26/2002 03:48 AM RE: Symantec
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101529792821615&w=2
Reference: BUGTRAQ:20020226 RE: Symantec
LiveUpdate
Reference:
URL:http://online.securityfocus.com/archive/1/258293
Reference: BID:4181
Reference:
URL:http://www.securityfocus.com/bid/4181
Reference: XF:ghost-plaintext-account(8305)
Reference:
URL:http://www.iss.net/security_center/static/8305.php
Votes:
ACCEPT(2) Prosser, Frech
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Prosser> This was verified and responded to via BugTraq and fixed via
LiveUpdate http://online.securityfocus.com/archive/1/259559
Name: CVE-2002-0346
Description:
Cross-site scripting vulnerability in Cobalt RAQ 4
allows remote attackers to execute arbitrary script as
other Cobalt users via Javascript in a URL to (1)
service.cgi or (2) alert.cgi.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020228
Colbalt-RAQ-v4-Bugs&Vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101495944202452&w=2
Reference: BID:4211
Reference:
URL:http://www.securityfocus.com/bid/4211
Reference: XF:cobalt-raq-css(8321)
Reference:
URL:http://www.iss.net/security_center/static/8321.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0347
Description:
Directory traversal vulnerability in Cobalt RAQ 4 allows
remote attackers to read password-protected files, and
possibly files outside the web root, via a .. (dot dot)
in an HTTP request.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020228
Colbalt-RAQ-v4-Bugs&Vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101495944202452&w=2
Reference: BID:4208
Reference:
URL:http://www.securityfocus.com/bid/4208
Reference:
XF:cobalt-raq-directory-traversal(8322)
Reference:
URL:http://www.iss.net/security_center/static/8322.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0348
Description:
service.cgi in Cobalt RAQ 4 allows remote attackers to
cause a denial of service, and possibly execute
arbitrary code, via a long service argument.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020228
Colbalt-RAQ-v4-Bugs&Vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101495944202452&w=2
Reference: XF:cobalt-raq-service-dos(8323)
Reference:
URL:http://www.iss.net/security_center/static/8323.php
Reference: BID:4209
Reference:
URL:http://www.securityfocus.com/bid/4209
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0349
Description:
Tiny Personal Firewall (TPF) 2.0.15, under certain
configurations, will pop up an alert to the system even
when the screen is locked, which could allow an attacker
with physical access to the machine to hide activities
or bypass access restrictions.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020228 ... Tiny Personal
Firewall ...
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494587110288&w=2
Reference: BID:4207
Reference:
URL:http://www.securityfocus.com/bid/4207
Reference: XF:tinyfw-popup-gain-access(8324)
Reference:
URL:http://www.iss.net/security_center/static/8324.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0350
Description:
HP Procurve Switch 4000M running firmware C.08.22 and
C.09.09 allows remote attackers to cause a denial of
service via a port scan of the management IP address,
which disables the telnet service.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020301 DoS on HP ProCurve
4000M switch (possibly others)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101500123900612&w=2
Reference: BID:4212
Reference:
URL:http://www.securityfocus.com/bid/4212
Reference: XF:hp-procurve-portscan-dos(8329)
Reference:
URL:http://www.iss.net/security_center/static/8329.php
Votes:
ACCEPT(1) Frech
NOOP(6) Wall, Foat, Cole, Armstrong, Cox, Green
Name: CVE-2002-0351
Description:
Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1,
and 1.4x before 1.4.1-5, allow remote attackers to cause
a denial of service and possibly execute arbitrary code.
Status: Candidate
Phase: Proposed (20020502)
Reference: DEBIAN:DSA-116
Reference:
URL:http://www.debian.org/security/2002/dsa-116
Reference: XF:cfs-bo(8330)
Reference:
URL:http://www.iss.net/security_center/static/8330.php
Reference: BID:4219
Reference:
URL:http://www.securityfocus.com/bid/4219
Votes:
ACCEPT(4) Cole, Armstrong, Frech, Green
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0352
Description:
Phorum 3.3.2 allows remote attackers to determine the
email addresses of the 10 most active users via a direct
HTTP request to the stats.php program, which does not
require authentication.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020302 Phorum Discussion
Board Security Bug (Email Disclosure)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101508207206900&w=2
Reference: BID:4226
Reference:
URL:http://www.securityfocus.com/bid/4226
Reference:
XF:phorum-admin-users-information(8344)
Reference:
URL:http://www.iss.net/security_center/static/8344.php
Votes:
ACCEPT(2) Frech, Green
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Name: CVE-2002-0353
Description:
The ASN.1 parser in Ethereal 0.9.2 and earlier allows
remote attackers to cause a denial of service (crash)
via a certain malformed packet, which causes Ethereal to
allocate memory incorrectly, possibly due to zero-length
fields.
Status: Candidate
Phase: Modified (20020817-01)
Reference: CONECTIVA:CLA-2002:474
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000474
Reference:
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00003.html
Reference: DEBIAN:DSA-130
Reference:
URL:http://www.debian.org/security/2002/dsa-130
Reference: REDHAT:RHSA-2002:088
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2002-088.html
Reference: BID:4604
Reference:
URL:http://www.securityfocus.com/bid/4604
Reference: XF:ethereal-asn1-dos(8952)
Reference:
URL:http://www.iss.net/security_center/static/8952.php
Votes:
ACCEPT(4) Cole, Armstrong, Cox, Green
MODIFY(1) Frech
NOOP(3) Wall, Foat, Christey
Voter Comments:
Christey> DEBIAN:DSA-130
Christey> REDHAT:RHSA-2002:088
URL:http://www.redhat.com/support/errata/RHSA-2002-088.html
BID:4604
URL:http://www.securityfocus.com/bid/4604
Christey> XF:ethereal-asn1-dos(8952)
URL:http://www.iss.net/security_center/static/8952.php
Frech> XF:ethereal-asn1-dos(8952)
Christey> CALDERA:CSSA-2002-037.0
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
Christey> REDHAT:RHSA-2002:036
URL:http://www.redhat.com/support/errata/RHSA-2002-036.html
Name: CVE-2002-0354
Description:
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and
Mozilla 0.9.7 allows remote attackers to read arbitrary
files and list directories on a client system by opening
a URL that redirects the browser to the file on the
client, then reading the result using the responseText
property.
Status: Candidate
Phase: Proposed (20020502)
Reference: BUGTRAQ:20020430 Reading local files
in Netscape 6 and Mozilla (GM#001-NS)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102017952204097&w=2
Reference: NTBUGTRAQ:20020430 Reading local files
in Netscape 6 and Mozilla (GM#001-NS)
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102020343728766&w=2
Votes:
ACCEPT(3) Wall, Cole, Green
MODIFY(2) Frech, Cox
NOOP(3) Foat, Armstrong, Christey
Voter Comments:
CHANGE> [Cox changed vote from ACCEPT to MODIFY]
Cox> Mozilla 0.9.9 is also vulnerable
ADDREF: http://bugzilla.mozilla.org/show_bug.cgi?id=141061
Christey> REDHAT:RHSA-2002:079
Christey> BUGTRAQ:20020502 Fix for Mozilla XMLHttpRequest file disclosure vulnerability
URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0016.html
REDHAT:RHSA-2002:079
URL:http://www.redhat.com/support/errata/RHSA-2002-079.html
CONECTIVA:CLA-2002:490
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490
BID:4628
URL:http://www.securityfocus.com/bid/4628
BUGTRAQ:20020504 UPDATE (1-May-2002): Reading local files in Netscape 6 and Mozilla (GM#001-NS)
URL:http://online.securityfocus.com/archive/1/270948
Christey> XF:mozilla-netscape-xmlhttprequest-redirect(8963)
URL:http://www.iss.net/security_center/static/8963.php
Frech> XF:mozilla-netscape-xmlhttprequest-redirect(8963)
Name: CVE-2002-0360
Description:
Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3
allows remote attackers to execute arbitrary code via a
long filename argument to the gettransbitmap CGI
program.
Status: Candidate
Phase: Modified (20040725)
Reference: VULNWATCH:20020520 [VulnWatch]
eSecurityOnline advisory 5063 - Sun AnswerBook2
gettransbitmap buffer overflow vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=vulnwatch&m=102194510509450&w=2
Reference: BUGTRAQ:20020520 eSecurityOnline
advisory 5063 - Sun AnswerBook2 gettransbitmap buffer
overflow vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102198846905064&w=2
Reference:
MISC:http://www.eSecurityOnline.com/advisories/eSO5063.asp
Reference:
XF:sun-answerbook2-gettransbitmap-bo(9117)
Reference:
URL:http://www.iss.net/security_center/static/9117.php
Reference: BID:4784
Reference:
URL:http://www.securityfocus.com/bid/4784
Votes:
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(6) Wall, Foat, Cole, Armstrong, Cox, Christey
Voter Comments:
Christey> XF:sun-answerbook2-gettransbitmap-bo(9117)
URL:http://www.iss.net/security_center/static/9117.php
BID:4784
URL:http://www.securityfocus.com/bid/4784
Frech> XF:sun-answerbook2-gettransbitmap-bo(9117)
Name: CVE-2002-0361
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020503)
Votes:
Name: CVE-2002-0365
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020508)
Votes:
Name: CVE-2002-0370
Description:
Buffer overflow in the ZIP capability for multiple
products allows remote attackers to cause a denial of
service or execute arbitrary code via ZIP files
containing entries with long filenames, including (1)
Microsoft Windows 98 with Plus! Pack, (2) Windows XP,
(3) Windows ME, (4) Lotus Notes R4 through R6
(pre-gold), (5) Verity KeyView, and (6) Stuffit Expander
before 7.0.
Status: Candidate
Phase: Modified (20070821)
Reference: VULNWATCH:20021002 R7-0004: Multiple
Vendor Long ZIP Entry Filename Processing Issues
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html
Reference: BUGTRAQ:20021002 R7-0004: Multiple
Vendor Long ZIP Entry Filename Processing Issues
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103428193409223&w=2
Reference: MS:MS02-054
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms02-054.asp
Reference: CERT-VN:VU#383779
Reference:
URL:http://www.kb.cert.org/vuls/id/383779
Reference:
CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Reference: SREASON:587
Reference:
URL:http://securityreason.com/securityalert/587
Reference: XF:win-zip-decompression-bo(10251)
Reference:
URL:http://www.iss.net/security_center/static/10251.php
Reference: BID:5873
Reference:
URL:http://www.securityfocus.com/bid/5873
Votes:
ACCEPT(4) Wall, Baker, Cole, Frech
NOOP(1) Cox
Name: CVE-2002-0371
Description:
Buffer overflow in gopher client for Microsoft Internet
Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA
Server 2000 allows remote attackers to execute arbitrary
code via a gopher:// URL that redirects the user to a
real or simulated gopher server that sends a long
response.
Status: Candidate
Phase: Modified (20061101)
Reference: BUGTRAQ:20020604 Buffer overflow in
MSIE gopher code
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102320516707940&w=2
Reference: MS:MS02-027
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms02-027.asp
Reference: BUGTRAQ:20020613 Microsoft releases
critical fix that breaks their own software!
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102397955217618&w=2
Reference: BUGTRAQ:20020613 Flawed workaround in
MS02-027 -- gopher can run on _any_ port, not just 70
Reference:
URL:http://online.securityfocus.com/archive/1/276848
Reference: CERT-VN:VU#440275
Reference:
URL:http://www.kb.cert.org/vuls/id/440275
Reference:
MISC:http://www.pivx.com/workaround_fail.html
Reference: XF:ie-gopher-bo(9247)
Reference:
URL:http://www.iss.net/security_center/static/9247.php
Reference: BID:4930
Reference:
URL:http://www.securityfocus.com/bid/4930
Reference: OVAL:oval:org.mitre.oval:def:98
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:98
Votes:
ACCEPT(4) Wall, Baker, Foat, Cole
NOOP(2) Cox, Christey
Voter Comments:
Christey> XF:ie-gopher-bo(9247)
URL:http://www.iss.net/security_center/static/9247.php
CERT-VN:VU#440275
URL:http://www.kb.cert.org/vuls/id/440275
BID:4930
URL:http://www.securityfocus.com/bid/4930
Christey> Investigate: should this include IE 5.01?
Christey> Note: CVE-2002-0646 was accidentally assigned to this issue.
That candidate will be rejected in favor of this one.
ADDREF MS:MS02-047
ADDREF BUGTRAQ:20020729 Re: Eat gopher!
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102796732424646&w=2
Name: CVE-2002-0375
Description:
Cross-site scripting vulnerability in sgdynamo.exe for
Sgdynamo allows remote attackers to execute arbitrary
Javascript via a URL with the script in the HTNAME
parameter.
Status: Candidate
Phase: Modified (20040818)
Reference: VULN-DEV:20020417 Smalls holes on 5
products #1
Reference:
URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101908986415768&w=2
Reference: BUGTRAQ:20020510 Fix available for
Sgdynamo
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102107488402057&w=2
Reference: XF:sgdynamo-htname-parameter-xss(9830)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/9830
Reference: OSVDB:3458
Reference: URL:http://www.osvdb.org/3458
Votes:
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Frech> XF:sgdynamo-htname-parameter-xss(9830)
Name: CVE-2002-0378
Description:
The default configuration of LPRng print spooler in Red
Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and
other operating systems, accepts print jobs from
arbitrary remote hosts.
Status: Candidate
Phase: Modified (20020817-01)
Reference: REDHAT:RHSA-2002:089
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2002-089.html
Reference: MANDRAKE:MDKSA-2002:042
Reference:
URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-042.php
Reference: HP:HPSBTL0206-048
Reference:
URL:http://online.securityfocus.com/advisories/4205
Reference: XF:lprng-remote-jobs-dos(9322)
Reference:
URL:http://www.iss.net/security_center/static/9322.php
Reference: BID:4980
Reference:
URL:http://www.securityfocus.com/bid/4980
Votes:
ACCEPT(5) Wall, Baker, Foat, Cole, Cox
NOOP(1) Christey
Voter Comments:
Christey> Also affects HP.
XF:lprng-remote-jobs-dos(9322)
URL:http://www.iss.net/security_center/static/9322.php
BID:4980
URL:http://www.securityfocus.com/bid/4980
HP:HPSBTL0206-048
URL:http://online.securityfocus.com/advisories/4205
Name: CVE-2002-0383
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020521)
Votes:
Name: CVE-2002-0385
Description:
Vignette Story Server 4.1 and 6.0 allows remote
attackers to obtain sensitive information via a request
that contains a large number of '"' (double quote) and
and '>' characters, which causes the TCL interpreter to
crash and include stack data in the output.
Status: Candidate
Phase: Assigned (20020522)
Reference: ATSTAKE:A040703-1
Reference:
URL:http://www.atstake.com/research/advisories/2003/a040703-1.txt
Reference:
XF:storyserver-tcl-information-disclosure(11725)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11725
Reference: BID:7296
Reference:
URL:http://www.securityfocus.com/bid/7296
Votes:
Name: CVE-2002-0386
Description:
The administration module for Oracle Web Cache in
Oracle9iAS (9i Application Suite) 9.0.2 allows remote
attackers to cause a denial of service (crash) via (1)
an HTTP GET request containing a ".." (dot dot)
sequence, or (2) a malformed HTTP GET request with a
chunked Transfer-Encoding with missing data.
Status: Candidate
Phase: Modified (20050610)
Reference: ATSTAKE:A102802-1
Reference:
URL:http://www.atstake.com/research/advisories/2002/a102802-1.txt
Reference:
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert43rev1.pdf
Reference: BID:5902
Reference:
URL:http://www.securityfocus.com/bid/5902
Reference:
XF:oracle-appserver-webcachemanager-dos(10284)
Reference:
URL:http://www.iss.net/security_center/static/10284.php
Votes:
ACCEPT(4) Wall, Baker, Cole, Green
NOOP(1) Cox
Name: CVE-2002-0388
Description:
Cross-site scripting vulnerabilities in Mailman before
2.0.11 allow remote attackers to execute script via (1)
the admin login page, or (2) the Pipermail index
summaries.
Status: Candidate
Phase: Proposed (20020611)
Reference:
CONFIRM:http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html
Votes:
ACCEPT(3) Baker, Cole, Armstrong
MODIFY(2) Frech, Cox
NOOP(3) Wall, Foat, Christey
Voter Comments:
Christey> REDHAT:RHSA-2002:099
Cox> ADDREF: RHSA-2002:099 RHSA-2002:100 RHSA-2002:101
Christey> CONECTIVA:CLA-2002:489
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000489
BID:4825
URL:http://www.securityfocus.com/bid/4825
BID:4826
URL:http://www.securityfocus.com/bid/4826
XF:mailman-pipermail-index-css(9173)
URL:http://www.iss.net/security_center/static/9173.php
XF:mailman-admin-login-css(9172)
URL:http://www.iss.net/security_center/static/9172.php
Christey> DEBIAN:DSA-147
Frech> XF:mailman-pipermail-index-css(9173)
Christey>
It's not clear whether DEBIAN:DSA-147-2 addresses this issue
in addition to, or instead of, CVE-2002-0855
Name: CVE-2002-0390
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020528)
Votes:
Name: CVE-2002-0393
Description:
Buffer overflow in Red-M 1050 (Bluetooth Access Point)
management web interface allows remote attackers to
cause a denial of service and possibly execute arbitrary
code via a long administration password.
Status: Candidate
Phase: Modified (20050518)
Reference: ATSTAKE:A060502-1
Reference:
URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: BID:4942
Reference:
URL:http://www.securityfocus.com/bid/4942
Reference: XF:redm-1050ap-web-dos(9262)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/9262
Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(3) Wall, Armstrong, Cox
REJECT(1) Foat
Voter Comments:
Foat> Unable to duplicate vulnerability
Frech> XF:redm-1050ap-web-dos(9262)
Name: CVE-2002-0399
Description:
Directory traversal vulnerability in GNU tar 1.13.19
through 1.13.25, and possibly later versions, allows
attackers to overwrite arbitrary files during archive
extraction via a (1) "/.." or (2) "./.." string, which
removes the leading slash but leaves the "..", a variant
of CVE-2001-1267.
Status: Candidate
Phase: Modified (20071006)
Reference: BUGTRAQ:20020928 GNU tar (Re: Allot
Netenforcer problems, GNU TAR flaw)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103419290219680&w=2
Reference: BUGTRAQ:20070825 rPSA-2007-0172-1 tar
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/477731/100/0/threaded
Reference: BUGTRAQ:20070827 FLEA-2007-0049-1 tar
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/477865/100/0/threaded
Reference:
CONFIRM:https://issues.rpath.com/browse/RPL-1631
Reference: REDHAT:RHSA-2002:096
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2002-096.html
Reference: MANDRAKE:MDKSA-2002:066
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2002:066
Reference: CONECTIVA:CLA-2002:538
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538
Reference: ENGARDE:ESA-20021003-022
Reference:
URL:http://www.linuxsecurity.com/advisories/other_advisory-2400.html
Reference: SUNALERT:47800
Reference:
URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1
Reference: SUSE:SUSE-SR:2006:005
Reference:
URL:http://www.novell.com/linux/security/advisories/2006_05_sr.html
Reference: SUSE:SUSE-SR:2007:019
Reference:
URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html
Reference: BID:5834
Reference:
URL:http://www.securityfocus.com/bid/5834
Reference: SECUNIA:19130
Reference:
URL:http://secunia.com/advisories/19130
Reference: SECUNIA:26604
Reference:
URL:http://secunia.com/advisories/26604
Reference: SECUNIA:26673
Reference:
URL:http://secunia.com/advisories/26673
Reference: SECUNIA:26987
Reference:
URL:http://secunia.com/advisories/26987
Reference:
XF:archive-extraction-directory-traversal(10224)
Reference:
URL:http://www.iss.net/security_center/static/10224.php
Votes:
ACCEPT(3) Cole, Armstrong, Green
MODIFY(1) Cox
NOOP(1) Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2002:066
Cox> Addref: RHSA-2002:138
Name: CVE-2002-0405
Description:
Buffer overflow in Transsoft Broker FTP Server 5.0
evaluation allows remote attackers to cause a denial of
service and possibly execute arbitrary code via a CWD
command with a large number of . (dot) characters.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020527 Problems with various
windows FTP servers
Reference:
URL:http://online.securityfocus.com/archive/1/274279
Reference: XF:broker-ftp-dot-bo(6673)
Reference:
URL:http://xforce.iss.net/static/6673.php
Reference: BID:4864
Reference:
URL:http://www.securityfocus.com/bid/4864
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Name: CVE-2002-0407
Description:
htcgibin.exe in Lotus Domino server 5.0.9a and earlier
allows remote attackers to determine the physical
pathname for the server via requests that contain
certain MS-DOS device names such as com5, such as (1) a
request with a .pl or .java extension, or (2) a request
containing a large number of periods, which causes
htcgibin.exe to leak the pathname in an error message.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020207 Re: KPMG-2002004:
Lotus Domino Webserver DOS-device Denial of Service
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101310812804716&w=2
Reference: BUGTRAQ:20020402 KPMG-2002006: Lotus
Domino Physical Path Revealed
Reference:
URL:http://www.securityfocus.com/archive/1/265380
Reference: BID:4406
Reference:
URL:http://www.securityfocus.com/bid/4406
Reference:
XF:lotus-domino-reveal-information(8160)
Reference:
URL:http://www.iss.net/security_center/static/8160.php
Votes:
ACCEPT(4) Baker, Cole, Frech, Alderson
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0408
Description:
htcgibin.exe in Lotus Domino server 5.0.9a and earlier,
when configured with the NoBanner setting, allows remote
attackers to determine the version number of the server
via a request that generates an HTTP 500 error code,
which leaks the version in a hard-coded error message.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020207 Re: KPMG-2002004:
Lotus Domino Webserver DOS-device Denial of Service
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101310812804716&w=2
Reference: BUGTRAQ:20020303 Re: KPMG-2002006:
Lotus Domino Physical Path Revealed
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101785616526383&w=2
Reference: BID:4049
Reference:
URL:http://www.securityfocus.com/bid/4049
Votes:
ACCEPT(1) Alderson
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Frech> XF:lotus-domino-reveal-information(8160)
Name: CVE-2002-0409
Description:
orderdetails.aspx, as made available to Microsoft .NET
developers as example code and demonstrated on
www.ibuyspystore.com, allows remote attackers to view
the orders of other users by modifying the OrderID
parameter.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020303 iBuySpy store hole
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101518860823788&w=2
Votes:
ACCEPT(2) Wall, Alderson
NOOP(3) Foat, Cole, Cox
REVIEWING(1) Frech
Voter Comments:
Alderson> This is a whole new breed of exposure... vulnerable example code
leading to cross industry and application exposure. This to a point made by
Gene Kim recently "they keep deploying problems faster than we can deploy
solutions".
Name: CVE-2002-0410
Description:
send_message.php in AeroMail before 1.45 allows remote
attackers to read arbitrary files on the server, instead
of just uploaded files, via an attachment that modifies
the filename to be uploaded.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020303 AeroMail multiple
vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0004.html
Reference:
CONFIRM:http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz
Reference:
MISC:http://the.cushman.net/projects/aeromail/download/
Reference: XF:aeromail-obtain-files(8345)
Reference:
URL:http://www.iss.net/security_center/static/8345.php
Reference: BID:4214
Reference:
URL:http://www.securityfocus.com/bid/4214
Votes:
ACCEPT(4) Baker, Cole, Frech, Alderson
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0411
Description:
Cross-site scripting vulnerability in message.php for
AeroMail before 1.45 allows remote attackers to execute
Javascript as an AeroMail user via an email message with
the script in the Subject line.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020303 AeroMail multiple
vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0004.html
Reference:
CONFIRM:http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz
Reference: BID:4215
Reference:
URL:http://www.securityfocus.com/bid/4215
Reference: XF:aeromail-subject-css(8346)
Reference:
URL:http://www.iss.net/security_center/static/8346.php
Votes:
ACCEPT(4) Baker, Cole, Frech, Alderson
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0413
Description:
Cross-site scripting vulnerability in ReBB allows remote
attackers to execute arbitrary Javascript and steal
cookies via an IMG tag whose URL includes the malicious
script.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020304 ReBB javascripts
vulnerability
Reference:
URL:http://online.securityfocus.com/archive/1/259464
Reference: BID:4220
Reference:
URL:http://www.securityfocus.com/bid/4220
Reference: XF:rebb-img-css(8353)
Reference:
URL:http://www.iss.net/security_center/static/8353.php
Votes:
ACCEPT(2) Frech, Alderson
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0415
Description:
Directory traversal vulnerability in the web server used
in RealPlayer 6.0.7, and possibly other versions, may
allow local users to read files that are accessible to
RealPlayer via a .. (dot dot) in an HTTP GET request to
port 1275.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020302 RealPlayer bug
Reference:
URL:http://www.securityfocus.com/archive/1/259333
Reference: BID:4221
Reference:
URL:http://www.securityfocus.com/bid/4221
Reference:
XF:realplayer-http-directory-traversal(8336)
Reference:
URL:http://www.iss.net/security_center/static/8336.php
Votes:
ACCEPT(2) Frech, Alderson
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0416
Description:
Buffer overflow in SH39 MailServer 1.21 and earlier
allows remote attackers to cause a denial of service,
and possibly execute arbitrary code, via a long command
to the SMTP port.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020305 Buffer Overflows in
sh39.com
Reference:
URL:http://www.securityfocus.com/archive/1/259818
Reference: BID:4232
Reference:
URL:http://www.securityfocus.com/bid/4232
Reference: XF:sh39-mailserver-dos(8379)
Reference:
URL:http://www.iss.net/security_center/static/8379.php
Votes:
ACCEPT(2) Frech, Alderson
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Frech> Article title for BUGTRAQ:20020305 is "Buffer Overflows in
sh39.com's mailserver 1.21".
Name: CVE-2002-0417
Description:
Directory traversal vulnerability in Endymion MailMan
before 3.1 allows remote attackers to read arbitrary
files via a .. (dot dot) and a null character in the
ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi
programs.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020305 Endymion SakeMail and
MailMan File Disclosure Vulnerability
Reference:
URL:http://online.securityfocus.com/archive/1/259730
Reference:
CONFIRM:http://www.endymion.com/products/mailman/history.htm
Reference:
XF:mailman-alternate-templates-traversal(8357)
Reference:
URL:http://www.iss.net/security_center/static/8357.php
Reference: BID:4222
Reference:
URL:http://www.securityfocus.com/bid/4222
Votes:
ACCEPT(4) Baker, Cole, Frech, Alderson
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0418
Description:
Directory traversal vulnerability in the
com.endymion.sake.servlet.mail.MailServlet servlet for
Endymion SakeMail 1.0.36 and earlier allows remote
attackers to read arbitrary files via a .. (dot dot) and
a null character in the param_name parameter.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020305 Endymion SakeMail and
MailMan File Disclosure Vulnerability
Reference:
URL:http://online.securityfocus.com/archive/1/259730
Reference: BID:4223
Reference:
URL:http://www.securityfocus.com/bid/4223
Reference:
XF:sakemail-paramname-directory-traversal(8358)
Reference:
URL:http://www.iss.net/security_center/static/8358.php
Votes:
ACCEPT(2) Frech, Alderson
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0419
Description:
Information leaks in IIS 4 through 5.1 allow remote
attackers to obtain potentially sensitive information or
more easily conduct brute force attacks via responses
from the server in which (1) the server reveals whether
it supports Basic or NTLM authentication through 401
Access Denied error messages, (2) in certain
configurations, the server IP address is provided as the
realm for Basic authentication, which could reveal real
IP addresses that were obscured by NAT, or (3) when NTLM
authentication is used, the NetBIOS name of the server
and its Windows NT domain are revealed in response to an
Authorization request.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020305 Considerations for
IIS Authentication (#NISR05032002C)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101535399100534&w=2
Reference: BID:4235
Reference:
URL:http://www.securityfocus.com/bid/4235
Reference:
XF:iis-authentication-error-messages(8382)
Reference:
URL:http://www.iss.net/security_center/static/8382.php
Votes:
ACCEPT(2) Frech, Alderson
NOOP(3) Foat, Cole, Cox
REVIEWING(1) Wall
Name: CVE-2002-0420
Description:
Vulnerability in PureTLS before 0.9b2 related to
injection attacks, which could possibly allow remote
attackers to corrupt or hijack user sessions.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020305 PureTLS Security
Announcement: Upgrade to 0.9b2
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0056.html
Reference: BID:4237
Reference:
URL:http://www.securityfocus.com/bid/4237
Reference: XF:puretls-injection-attack(8386)
Reference:
URL:http://www.iss.net/security_center/static/8386.php
Votes:
ACCEPT(4) Baker, Cole, Frech, Alderson
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0421
Description:
IIS 4.0 allows local users to bypass the "User cannot
change password" policy for Windows NT by directly
calling .htr password changing programs in the
/iisadmpwd directory, including (1) aexp2.htr, (2)
aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020306 NT user (who is
locked changing his/her password by administrator ) can
bypass the security policy and Change the password.
Reference:
URL:http://online.securityfocus.com/archive/1/259963
Reference: BID:4236
Reference:
URL:http://www.securityfocus.com/bid/4236
Reference: XF:winnt-pw-policy-bypass(8388)
Reference:
URL:http://www.iss.net/security_center/static/8388.php
Votes:
ACCEPT(3) Cole, Frech, Alderson
NOOP(2) Foat, Cox
REVIEWING(1) Wall
Name: CVE-2002-0422
Description:
IIS 5 and 5.1 supporting WebDAV methods allows remote
attackers to determine the internal IP address of the
system (which may be obscured by NAT) via (1) a PROPFIND
HTTP request with a blank Host header, which leaks the
address in an HREF property in a 207 Multi-Status
response, or (2) via the WRITE or MKCOL method, which
leaks the IP in the Location server header.
Status: Candidate
Phase: Modified (20070919)
Reference: BUGTRAQ:20020305 IIS Internal IP
Address Disclosure (#NISR05032002B)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101536634207324&w=2
Reference: NTBUGTRAQ:20020305 IIS Internal IP
Address Disclosure (#NISR05032002B)
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101535147125320&w=2
Reference: OSVDB:13431
Reference: URL:http://www.osvdb.org/13431
Reference: XF:iis-request-ip-disclosure(8385)
Reference:
URL:http://www.iss.net/security_center/static/8385.php
Votes:
ACCEPT(1) Alderson
MODIFY(1) Frech
NOOP(3) Foat, Cole, Cox
REVIEWING(1) Wall
Voter Comments:
Frech> XF:iis-request-ip-disclosure(8385)
Name: CVE-2002-0426
Description:
VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL
VPN Router before 1.40.1 reduces the key lengths for
keys that are supplied via manual key entry, which makes
it easier for attackers to crack the keys.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020308 Linksys BEFVP41 VPN
Server does not follow proper VPN standards
Reference:
URL:http://online.securityfocus.com/archive/1/260613
Reference:
MISC:ftp://ftp.linksys.com/pub/befsr41/befvp41-1402.zip
Reference:
XF:linksys-etherfast-weak-encryption(8397)
Reference:
URL:http://www.iss.net/security_center/static/8397.php
Reference: BID:4250
Reference:
URL:http://www.securityfocus.com/bid/4250
Votes:
ACCEPT(2) Cole, Frech
NOOP(3) Wall, Foat, Cox
REVIEWING(1) Alderson
Name: CVE-2002-0427
Description:
Buffer overflows in fpexec in mod_frontpage before 1.6.1
may allow attackers to gain root privileges.
Status: Candidate
Phase: Proposed (20020611)
Reference: MANDRAKE:MDKSA-2002:021
Reference:
URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-021.php
Reference: FREEBSD:FreeBSD-SA-02:17
Reference:
URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:17.mod_frontpage.asc
Reference: BID:4251
Reference:
URL:http://www.securityfocus.com/bid/4251
Reference: XF:apache-modfrontpage-bo(8400)
Reference:
URL:http://www.iss.net/security_center/static/8400.php
Votes:
ACCEPT(4) Baker, Cole, Frech, Alderson
MODIFY(1) Cox
NOOP(2) Wall, Foat
Voter Comments:
Cox> The description should say "improved mod_frontpage" as there
are two Frontpage modules for Apache, the offical one and this one.
Name: CVE-2002-0428
Description:
Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1
allows clients to bypass the "authentication timeout" by
modifying the to_expire or expire values in the client's
users.C configuration file.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020308 Checkpoint FW1
SecuRemote/SecureClient "re-authentication" (client side
hacks of users.C)
Reference:
URL:http://online.securityfocus.com/archive/1/260662
Reference: BID:4253
Reference:
URL:http://www.securityfocus.com/bid/4253
Reference:
XF:fw1-authentication-bypass-timeouts(8423)
Reference:
URL:http://www.iss.net/security_center/static/8423.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(3) Wall, Foat, Cox
REVIEWING(1) Alderson
Name: CVE-2002-0430
Description:
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR
administration interface allows local users to bypass
authentication and overwrite arbitrary files via a
symlink attack on a temporary file, followed by a
request to MultiFileUpload.php.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020308 Remote Cobalt Raq XTR
vulns
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0081.html
Reference: BID:4252
Reference:
URL:http://www.securityfocus.com/bid/4252
Votes:
MODIFY(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
REVIEWING(1) Alderson
Voter Comments:
Frech> XF:cobalt-multifileupload-bypass-auth(8395)
Name: CVE-2002-0432
Description:
Buffer overflow in (1) lprintf and (2) cprintf in
sysdep.c of Citadel/UX 5.90 and earlier allows remote
attackers to cause a denial of service (crash) and
possibly execute arbitrary code via attacks such as a
long HELO command to the SMTP server.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020309 Citadel/UX Server
Remote DoS attack Vulnerability
Reference:
URL:http://online.securityfocus.com/archive/1/260934
Reference:
CONFIRM:http://uncensored.citadel.org/pub/citadel/citadel-ux-5.91.tar.gz
Reference: XF:citadel-helo-bo(8426)
Reference:
URL:http://www.iss.net/security_center/static/8426.php
Reference: BID:4263
Reference:
URL:http://www.securityfocus.com/bid/4263
Votes:
ACCEPT(4) Baker, Cole, Frech, Alderson
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0433
Description:
Pi3Web 2.0.0 allows remote attackers to view restricted
files via an HTTP request containing a "*" (wildcard or
asterisk) character.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020310 Pi3Web/2.0.0
File-Disclosure/Path Disclosure vuln
Reference:
URL:http://online.securityfocus.com/archive/1/260734
Reference: XF:pi3web-asterisk-view-files(8429)
Reference:
URL:http://www.iss.net/security_center/static/8429.php
Reference: BID:4262
Reference:
URL:http://www.securityfocus.com/bid/4262
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Cox, Green
REVIEWING(1) Christey
Voter Comments:
Christey> The Pi3Web author, Holger Zimmermann, sent an email on
20041125 disputing this claim. Therefore, this candidate may need to
be REJECTed.
Name: CVE-2002-0434
Description:
Marcus S. Xenakis directory.php script allows remote
attackers to execute arbitrary commands via shell
metacharacters in the dir parameter.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020310 Marcus S. Xenakis
"directory.php" allows arbitrary code execution
Reference:
URL:http://www.securityfocus.com/archive/1/261512
Reference: BID:4278
Reference:
URL:http://www.securityfocus.com/bid/4278
Reference:
XF:xenakis-directory-execute-commands(8440)
Reference:
URL:http://www.iss.net/security_center/static/8440.php
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Cox, Green
Name: CVE-2002-0436
Description:
sscd_suncourier.pl CGI script in the Sun Sunsolve CD
pack allows remote attackers to execute arbitrary
commands via shell metacharacters in the email address
parameter.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020311 SunSolve CD cgi
scripts...
Reference:
URL:http://www.securityfocus.com/archive/1/261544
Reference: BID:4269
Reference:
URL:http://www.securityfocus.com/bid/4269
Reference: XF:sunsolve-cd-command-execution(8435)
Reference:
URL:http://www.iss.net/security_center/static/8435.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
REVIEWING(1) Green
Name: CVE-2002-0438
Description:
ZyXEL ZyWALL 10 before 3.50 allows remote attackers to
cause a denial of service via an ARP packet with the
firewall's IP address and an incorrect MAC address,
which causes the firewall to disable the LAN interface.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020311 ZyXEL ZyWALL10 DoS
Reference:
URL:http://www.securityfocus.com/archive/1/261411
Reference:
MISC:ftp://ftp.zyxel.com/public/zywall10/firmware/zywall10_V3.50(WA.2)C0_Standard.zip
Reference: XF:zyxel-zywall10-arp-dos(8436)
Reference:
URL:http://www.iss.net/security_center/static/8436.php
Reference: BID:4272
Reference:
URL:http://www.securityfocus.com/bid/4272
Reference: VULNWATCH:20020312 [VulnWatch] ZyXEL
ZyWALL10 DoS
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0067.html
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
REVIEWING(1) Green
Name: CVE-2002-0439
Description:
Cross-site scripting vulnerability in CaupoShop 1.30a
and earlier, and possibly CaupoShopPro, allows remote
attackers to execute arbitrary Javascript and steal
credit card numbers or delete items by injecting the
script into new customer information fields such as the
message field.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020311 CaupoShop:
cross-site-scripting bug
Reference:
URL:http://www.securityfocus.com/archive/1/261218
Reference: XF:cauposhop-user-info-css(8431)
Reference:
URL:http://www.iss.net/security_center/static/8431.php
Reference: BID:4270
Reference:
URL:http://www.securityfocus.com/bid/4270
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
REVIEWING(1) Green
Name: CVE-2002-0440
Description:
Trend Micro InterScan VirusWall HTTP proxy 3.6 with the
"Skip scanning if Content-length equals 0" option
enabled allows malicious web servers to bypass content
scanning via a Content-length header set to 0, which is
often ignored by HTTP clients.
Status: Candidate
Phase: Modified (20050707)
Reference: BUGTRAQ:20020311 VirusWall HTTP proxy
content scanning circumvention
Reference:
URL:http://seclists.org/lists/bugtraq/2002/Mar/0162.html
Reference:
MISC:http://www.inside-security.de/vwall_cl0.html
Reference: BID:4265
Reference:
URL:http://www.securityfocus.com/bid/4265
Reference:
XF:interscan-viruswall-http-proxy-bypass(8425)
Reference:
URL:http://www.iss.net/security_center/static/8425.php
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Cox, Green
Voter Comments:
Frech> XF:interscan-viruswall-http-proxy-bypass(8425)
Name: CVE-2002-0446
Description:
categorie.php3 in Black Tie Project (BTP) 0.4b through
0.5b allows remote attackers to determine the absolute
path of the web server via an invalid category ID (cid)
parameter, which leaks the pathname in an error message.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020312 [ARL02-A06] Black Tie
Project System Information Path Disclosure Vulnerability
Reference:
URL:http://www.securityfocus.com/archive/1/261681
Reference: BID:4275
Reference:
URL:http://www.securityfocus.com/bid/4275
Reference: XF:btp-cid-path-disclosure(8439)
Reference:
URL:http://www.iss.net/security_center/static/8439.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(3) Wall, Foat, Cox
REVIEWING(1) Green
Name: CVE-2002-0447
Description:
Directory traversal vulnerability in Xerver Free Web
Server 2.10 and earlier allows remote attackers to list
arbitrary directories via a .. (dot dot) in an HTTP GET
request.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020308
Xerver-2.10-File-Disclousure&DoS-attack
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0091.html
Reference: BUGTRAQ:20020312 Xerver Free Web
Server 2.10 file Disclosure & DoS PATCH (update version)
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0155.html
Reference:
XF:xerver-dot-directory-traversal(8421)
Reference:
URL:http://www.iss.net/security_center/static/8421.php
Reference: BID:4255
Reference:
URL:http://www.securityfocus.com/bid/4255
Votes:
ACCEPT(4) Baker, Cole, Frech, Alderson
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0448
Description:
Xerver Free Web Server 2.10 and earlier allows remote
attackers to cause a denial of service (crash) via an
HTTP request that contains many "C:/" sequences.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020308
Xerver-2.10-File-Disclousure&DoS-attack
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0091.html
Reference: BUGTRAQ:20020312 Xerver Free Web
Server 2.10 file Disclosure & DoS PATCH (update version)
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0155.html
Reference: XF:xerver-multiple-request-dos(8419)
Reference:
URL:http://www.iss.net/security_center/static/8419.php
Reference: BID:4254
Reference:
URL:http://www.securityfocus.com/bid/4254
Votes:
ACCEPT(4) Baker, Cole, Frech, Alderson
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0449
Description:
Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0
and earlier allows remote attackers execute arbitrary
code via a long argument to webplus.exe program, which
triggers the overflow in webpsvc.exe.
Status: Candidate
Phase: Modified (20050328)
Reference: BUGTRAQ:20020305 Buffer Overrun in
Talentsoft's Web+ (#NISR01032002A)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101535141925150&w=2
Reference:
CONFIRM:http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943
Reference: CERT-VN:VU#159907
Reference:
URL:http://www.kb.cert.org/vuls/id/159907
Reference: BID:4233
Reference:
URL:http://www.securityfocus.com/bid/4233
Reference: XF:webplus-webpsvc-bo(8361)
Reference:
URL:http://www.iss.net/security_center/static/8361.php
Votes:
ACCEPT(4) Baker, Cole, Frech, Alderson
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0450
Description:
Buffer overflow in Talentsoft Web+ 5.0 and earlier
allows remote attackers to execute arbitrary code via a
long Web Markup Language (wml) file name to (1)
webplus.dll or (2) webplus.exe.
Status: Candidate
Phase: Modified (20050707)
Reference: BUGTRAQ:20020313 2nd Buffer Overflow
in Talentsoft's Web+ (#NISR13032002)
Reference:
URL:http://cert.uni-stuttgart.de/archive/bugtraq/2002/03/msg00208.html
Reference:
CONFIRM:http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943
Reference: BID:4282
Reference:
URL:http://www.securityfocus.com/bid/4282
Reference: XF:webplus-wml-bo(8446)
Reference:
URL:http://www.iss.net/security_center/static/8446.php
Votes:
ACCEPT(3) Baker, Cole, Alderson
MODIFY(1) Frech
NOOP(3) Wall, Foat, Cox
Voter Comments:
Frech> XF:webplus-wml-bo(8446)
Name: CVE-2002-0452
Description:
Foundry Networks ServerIron switches do not decode URIs
when applying "url-map" rules, which could make it
easier for attackers to cause the switch to forward
traffic to a different server than intended and exploit
vulnerabilities that would otherwise be inaccessible.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020313 Foundry Networks
ServerIron don't decode URIs
Reference:
URL:http://www.securityfocus.com/archive/1/261834
Reference:
XF:foundry-serveriron-reveal-source(8459)
Reference:
URL:http://www.iss.net/security_center/static/8459.php
Reference: BID:4286
Reference:
URL:http://www.securityfocus.com/bid/4286
Votes:
ACCEPT(2) Frech, Green
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Green> INCLUSION
Name: CVE-2002-0453
Description:
The account lockout capability in Oblix NetPoint 5.2 and
earlier only locks out users once for the specified
lockout period, which makes it easier for remote
attackers to conduct brute force password guessing by
waiting until the lockout period ends, then guessing
passwords without being locked out again.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020314 Account Lockout
Vulnerability in Oblix NetPoint v5.2
Reference:
URL:http://www.securityfocus.com/archive/1/262066
Reference: BID:4288
Reference:
URL:http://www.securityfocus.com/bid/4288
Reference:
XF:netpoint-account-lockout-bypass(8461)
Reference:
URL:http://www.iss.net/security_center/static/8461.php
Votes:
ACCEPT(2) Frech, Green
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Green> A PATCH IS AVAILABLE, FINDING IT IS ANOTHER STORY
Name: CVE-2002-0455
Description:
IncrediMail stores attachments in a directory with a
fixed name, which could make it easier for attackers to
exploit vulnerabilities in other software that rely on
installing and reading files from directories with known
pathnames.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020315 MSIE vulnerability
exploitable with IncrediMail
Reference:
URL:http://www.securityfocus.com/archive/1/262262
Reference: BID:4297
Reference:
URL:http://www.securityfocus.com/bid/4297
Reference:
XF:incredimail-insecure-attachment-directory(8460)
Reference:
URL:http://www.iss.net/security_center/static/8460.php
Votes:
ACCEPT(2) Frech, Green
NOOP(4) Wall, Foat, Cole, Cox
Voter Comments:
Green> INCLUSION RATIONALE IS A REASONABLE APROACH
Name: CVE-2002-0456
Description:
Eudora 5.1 and earlier versions stores attachments in a
directory with a fixed name, which could make it easier
for attackers to exploit vulnerabilities in other
software that rely on installing and reading files from
directories with known pathnames.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020315 RE: MSIE
vulnerability exploitable with IncrediMail
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101622857703677&w=2
Reference: BUGTRAQ:20020316 MSIE vulnerability
exploitable with Eudora (was: IncrediMail)
Reference:
URL:http://www.securityfocus.com/archive/1/262704
Reference: BID:4306
Reference:
URL:http://www.securityfocus.com/bid/4306
Reference:
XF:eudora-insecure-attachment-directory(8487)
Reference:
URL:http://www.iss.net/security_center/static/8487.php
Votes:
ACCEPT(3) Cole, Frech, Green
NOOP(3) Wall, Foat, Cox
REVIEWING(1) Christey
Voter Comments:
Green> INCLUSION RATIONALE IS A REASONABLE APPROACH
Christey> Overlap CVE-2002-1210 ?
Name: CVE-2002-0457
Description:
Cross-site scripting vulnerability in signgbook.php for
BG GuestBook 1.0 allows remote attackers to execute
arbitrary Javascript via encoded tags such as <,
>, and & in fields such as (1) name, (2) email,
(3) AIM screen name, (4) website, (5) location, or (6)
message.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020316 [ARL02-A08] BG
Guestbook Cross Site Scripting Vulnerability
Reference:
URL:http://www.securityfocus.com/archive/1/262693
Reference: BID:4308
Reference:
URL:http://www.securityfocus.com/bid/4308
Reference: XF:bgguestbook-post-css(8474)
Reference:
URL:http://www.iss.net/security_center/static/8474.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Cox, Green
Name: CVE-2002-0458
Description:
Cross-site scripting vulnerability in News-TNK 1.2.1 and
earlier allows remote attackers to execute arbitrary
Javascript via the WEB parameter.
Status: Candidate
Phase: Modified (20050706)
Reference: BUGTRAQ:20020316 [ARL02-A10] News-TNK
Cross Site Scripting Vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0206.html
Reference:
CONFIRM:http://translate.google.com/translate?u=http%3A%2F%2Fwww.linux-sottises.net%2Findex.php%3Fnews_init%3D13%23newstag&langpair=fr%7Cen&hl=en&ie=UTF8&oe=UTF8&prev=%2Flanguage_tools
Reference:
CONFIRM:http://www.linux-sottises.net/software/news-tnk/CHANGES
Reference: BID:14145
Reference:
URL:http://www.securityfocus.com/bid/14145
Reference: XF:newstnk-web-css(8477)
Reference:
URL:http://www.iss.net/security_center/static/8477.php
Votes:
ACCEPT(4) Baker, Cole, Frech, Green
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0459
Description:
Cross-site scripting vulnerability in Board-TNK 1.3.1
and earlier allows remote attackers to execute arbitrary
Javascript via the WEB parameter.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020316 [ARL02-A09] Board-TNK
Cross Site Scripting Vulnerability
Reference:
URL:http://www.securityfocus.com/archive/1/262694
Reference:
CONFIRM:http://translate.google.com/translate?u=http%3A%2F%2Fwww.linux-sottises.net%2Findex.php%3Fnews_init%3D13%23newstag&langpair=fr%7Cen&hl=en&ie=UTF8&oe=UTF8&prev=%2Flanguage_tools
Reference: BID:4305
Reference:
URL:http://www.securityfocus.com/bid/4305
Reference: XF:boardtnk-web-css(8475)
Reference:
URL:http://www.iss.net/security_center/static/8475.php
Votes:
ACCEPT(4) Baker, Cole, Frech, Green
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0460
Description:
Bitvise WinSSHD before 2002-03-16 allows remote
attackers to cause a denial of service (resource
exhaustion) via a large number of incomplete connections
that are not properly terminated, which are not properly
freed by SSHd.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020318 KPMG-2002005: BitVise
WinSSH Denial of Service
Reference:
URL:http://online.securityfocus.com/archive/1/262681
Reference: BID:4300
Reference:
URL:http://www.securityfocus.com/bid/4300
Reference:
XF:winsshd-incomplete-connection-dos(8470)
Reference:
URL:http://www.iss.net/security_center/static/8470.php
Reference: VULNWATCH:20020318 [VulnWatch]
KPMG-2002005: BitVise WinSSH Denial of Service
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0068.html
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
REVIEWING(1) Green
Name: CVE-2002-0461
Description:
Internet Explorer 5.01 through 6 allows remote attackers
to cause a denial of service (application crash) via
Javascript in a web page that calls location.replace on
itself, causing a loop.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020318 Javascript loop
causes IE to crash
Reference:
URL:http://online.securityfocus.com/archive/1/262994
Reference: BID:4322
Reference:
URL:http://www.securityfocus.com/bid/4322
Reference: XF:ie-javascript-dos(8488)
Reference:
URL:http://www.iss.net/security_center/static/8488.php
Votes:
ACCEPT(2) Foat, Frech
NOOP(4) Wall, Cole, Cox, Green
Name: CVE-2002-0465
Description:
Directory traversal vulnerability in filemanager.asp for
Hosting Controller 1.4.1 and earlier allows remote
attackers to read and modify arbitrary files, and
execute commands, via a .. (dot dot) in the OpenPath
parameter.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020105 Hosting Controller's
- Multiple Security Vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0039.html
Reference:
CONFIRM:http://www.hostingcontroller.com/english/patches/ForAll/download/foldersecurity.zip
Reference:
XF:hosting-controller-dot-directory-traversal(7824)
Reference:
URL:http://xforce.iss.net/static/7824.php
Reference: BID:3811
Reference:
URL:http://www.securityfocus.com/bid/3811
Votes:
ACCEPT(4) Baker, Cole, Frech, Green
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0466
Description:
Hosting Controller 1.4.1 and earlier allows remote
attackers to browse arbitrary directories via a full C:
style pathname in the filepath arguments to (1)
Statsbrowse.asp, (2) servubrowse.asp, (3)
browsedisk.asp, (4) browsewebalizerexe.asp, or (5)
sqlbrowse.asp.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020105 Hosting Controller's
- Multiple Security Vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0039.html
Reference:
CONFIRM:http://www.hostingcontroller.com/english/patches/ForAll/download/foldersecurity.zip
Reference:
XF:hosting-controller-directory-browsing(7823)
Reference:
URL:http://xforce.iss.net/static/7823.php
Reference: BID:3808
Reference:
URL:http://www.securityfocus.com/bid/3808
Votes:
ACCEPT(4) Baker, Cole, Frech, Green
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0467
Description:
Buffer overflows in Ecartis (formerly Listar) 1.0.0
before snapshot 20020125 allows remote attackers to
execute arbitrary code via (1) address_match() of
mystring.c or (2) other functions in tolist.c.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020310 Ecartis/Listar
multiple vulnerabilities
Reference:
URL:http://www.securityfocus.com/archive/1/261209
Reference: DEBIAN:DSA-123
Reference:
URL:http://www.debian.org/security/2002/dsa-123
Reference: CONFIRM:http://www.ecartis.org/
Reference: XF:ecartis-mystring-bo(8284)
Reference:
URL:http://www.iss.net/security_center/static/8284.php
Reference: BID:4176
Reference:
URL:http://www.securityfocus.com/bid/4176
Reference: VULNWATCH:20020311 [VulnWatch]
Ecartis/Listar multiple vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0063.html
Votes:
ACCEPT(4) Baker, Cole, Frech, Green
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0468
Description:
Buffer overflows in Ecartis (formerly Listar) 1.0.0 in
snapshot 20020427 and earlier allow local users to gain
privileges via (1) a long command line argument, which
is not properly handled in core.c, or possibly via bad
uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4)
fileapi.c, (5) cookie.c, (6) codes.c, or other files.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020427 Response to KF about
Listar/Ecartis Vulnerability
Reference:
URL:http://online.securityfocus.com/archive/1/269879
Reference: VULN-DEV:20020227 listar / ecaris
remote or local?
Reference:
URL:http://online.securityfocus.com/archive/82/258763
Reference: BUGTRAQ:20020425 ecartis / listar PoC
Reference:
URL:http://online.securityfocus.com/archive/1/269658
Reference: BUGTRAQ:20020310 Ecartis/Listar
multiple vulnerabilities
Reference:
URL:http://www.securityfocus.com/archive/1/261209
Reference: CONFIRM:http://www.ecartis.org/
Reference:
MISC:http://marc.theaimsgroup.com/?l=listar-support&m=101590272221720&w=2
Reference: BID:4271
Reference:
URL:http://www.securityfocus.com/bid/4271
Reference: XF:ecartis-local-bo(8445)
Reference:
URL:http://www.iss.net/security_center/static/8445.php
Votes:
ACCEPT(4) Baker, Cole, Frech, Green
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0469
Description:
Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and
earlier does not properly drop privileges when Ecartis
is installed setuid-root, "lock-to-user" is not set, and
ecartis is called by certain MTA's, which could allow
local users to gain privileges.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020310 Ecartis/Listar
multiple vulnerabilities
Reference:
URL:http://www.securityfocus.com/archive/1/261209
Reference: BID:4277
Reference:
URL:http://www.securityfocus.com/bid/4277
Reference: XF:ecartis-root-privileges(8444)
Reference:
URL:http://www.iss.net/security_center/static/8444.php
Reference: VULNWATCH:20020311 [VulnWatch]
Ecartis/Listar multiple vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0063.html
Votes:
ACCEPT(2) Frech, Green
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0470
Description:
PHPNetToolpack 0.1 relies on its environment's PATH to
find and execute the traceroute program, which could
allow local users to gain privileges by inserting a
Trojan horse program into the search path.
Status: Candidate
Phase: Modified (20080918)
Reference: BUGTRAQ:20020318 PHP Net Toolpack:
input validation error
Reference:
URL:http://seclists.org/bugtraq/2002/Mar/0263.html
Reference: BID:4304
Reference:
URL:http://www.securityfocus.com/bid/4304
Reference:
XF:phpnettoolpack-traceroute-insecure-path(8484)
Reference:
URL:http://www.iss.net/security_center/static/8484.php
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Cox, Green
Name: CVE-2002-0471
Description:
PHPNetToolpack 0.1 allows remote attackers to execute
arbitrary code via shell metacharacters in the a_query
variable.
Status: Candidate
Phase: Modified (20080918)
Reference: BUGTRAQ:20020318 PHP Net Toolpack:
input validation error
Reference:
URL:http://seclists.org/bugtraq/2002/Mar/0263.html
Reference: BID:4303
Reference:
URL:http://www.securityfocus.com/bid/4303
Reference:
XF:phpnettoolpack-traceroute-command-execution(8482)
Reference:
URL:http://www.iss.net/security_center/static/8482.php
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Cox, Green
Name: CVE-2002-0472
Description:
MSN Messenger Service 3.6, and possibly other versions,
uses weak authentication when exchanging messages
between clients, which allows remote attackers to spoof
messages from other users.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020319 Potential
vulnerabilities of the Microsoft RVP-based Instant
Messaging
Reference:
URL:http://www.securityfocus.com/archive/1/262906
Reference:
MISC:http://www.encode-sec.com/esp0202.pdf
Reference: BID:4316
Reference:
URL:http://www.securityfocus.com/bid/4316
Reference:
XF:msn-messenger-message-spoofing(8582)
Reference:
URL:http://www.iss.net/security_center/static/8582.php
Votes:
ACCEPT(2) Frech, Green
NOOP(3) Foat, Cole, Cox
REVIEWING(1) Wall
Name: CVE-2002-0474
Description:
Cross-site scripting vulnerability in ZeroForum allows
remote attackers to execute arbitrary Javascript on web
clients by embedding the script within IMG image tag.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020329 Re:[Advisory] phpBB
1.4.4 still suffers from Cross Site Scripting
Vulnerability
Reference:
URL:http://www.securityfocus.com/archive/1/264897
Reference: BID:4394
Reference:
URL:http://www.securityfocus.com/bid/4394
Reference: XF:zeroforum-img-css(8702)
Reference:
URL:http://www.iss.net/security_center/static/8702.php
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Name: CVE-2002-0475
Description:
Cross-site scripting vulnerability in phpBB 1.4.4 and
earlier allows remote attackers to execute arbitrary
Javascript on web clients by embedding the script within
an IMG image tag while editing a message.
Status: Candidate
Phase: Proposed (20020611)
Reference:
MISC:http://www.securiteam.com/unixfocus/6W00Q202UM.html
Reference: XF:phpbb-cross-site-scripting(7459)
Reference:
URL:http://www.iss.net/security_center/static/7459.php
Reference: BID:4379
Reference:
URL:http://www.securityfocus.com/bid/4379
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Name: CVE-2002-0476
Description:
Standalone Macromedia Flash Player 5.0 allows remote
attackers to save arbitrary files and programs via a
.SWF file containing the undocumented "save" FSCommand.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020319 More SWF
vulnerabilities?
Reference:
URL:http://www.securityfocus.com/archive/1/262990
Reference:
CONFIRM:http://www.macromedia.com/support/flash/ts/documents/fs_save.htm
Reference: BID:4320
Reference:
URL:http://www.securityfocus.com/bid/4320
Reference: XF:flash-fscommand-save(8584)
Reference:
URL:http://www.iss.net/security_center/static/8584.php
Votes:
ACCEPT(5) Wall, Baker, Cole, Frech, Green
NOOP(2) Foat, Cox
REVIEWING(1) Christey
Voter Comments:
Christey> See comments for CVE-2002-0477.
Name: CVE-2002-0477
Description:
Standalone Macromedia Flash Player 5.0 before 5,0,30,2
allows remote attackers to execute arbitrary programs
via a .SWF file containing the "exec" FSCommand.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020109 Shockwave Flash
player issue
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101071988413107&w=2
Reference: BUGTRAQ:20020319 More SWF
vulnerabilities?
Reference:
URL:http://www.securityfocus.com/archive/1/262990
Reference:
CONFIRM:http://www.macromedia.com/support/flash/ts/documents/swf_clear.htm
Reference:
CONFIRM:http://www.macromedia.com/support/flash/ts/documents/standalone_update.htm
Reference: XF:flash-fscommand-exec(8587)
Reference:
URL:http://www.iss.net/security_center/static/8587.php
Reference: BID:4321
Reference:
URL:http://www.securityfocus.com/bid/4321
Votes:
ACCEPT(5) Wall, Baker, Cole, Frech, Green
NOOP(2) Foat, Cox
REVIEWING(1) Christey
Voter Comments:
Christey> Is swf_clear.html *really* related to standalone_update.htm?
Or is the former really talking about a third issue related to
a virus? standalone_update.htm is clearly fscommand ("exec").
It has an "Additional information" statement that says:
"For a description of the potential issue with the previous
stand-alone player, please refer to [swf_clear.htm]"
I interpret "the previous stand-alone player" as meaning "the player
that we are updating with this advisory." Since we know that
standalone_update.htm is exec, this implies that swf_clear.htm is
really the exec issue. However, swf_clear.html doesn't
mention fscommand ("exec") AT ALL, which casts doubt or at
least uncertainty as to my conclusions.
swf_clear.html links back to standalone_update.htm, so at
least the references are circular.
At least it's pretty clear that this issue is different from
CVE-2002-0476.
Email inquiry sent to Macromedia on June 13, 2002.
Name: CVE-2002-0478
Description:
The default configuration of Foundry Networks EdgeIron
4802F allows remote attackers to modify sensitive
information via arbitrary SNMP community strings.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020320 Default SNMP
configuration issue with Foundry Networks EdgeIron 4802F
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101666425609914&w=2
Reference: XF:edgelron-default-snmp-string(8592)
Reference:
URL:http://www.iss.net/security_center/static/8592.php
Reference: BID:4330
Reference:
URL:http://www.securityfocus.com/bid/4330
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
REVIEWING(1) Green
Name: CVE-2002-0479
Description:
Gravity Storm Service Pack Manager 2000 creates a hidden
share (SPM2000c$) mapped to the C drive, which may allow
local users to bypass access restrictions on certain
directories in the C drive, such as system32, by
accessing them through the hidden share.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020320 Gravity Storm Service
Pack Manager 2000 Share Vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0284.html
Reference:
XF:sp-manager-insecure-directories(8607)
Reference:
URL:http://www.iss.net/security_center/static/8607.php
Reference: BID:4347
Reference:
URL:http://www.securityfocus.com/bid/4347
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
REVIEWING(1) Green
Name: CVE-2002-0480
Description:
ISS RealSecure for Nokia devices before IPSO build
6.0.2001.141d is configured to allow a user "skank" on a
machine "starscream" to become a key manager when the
"first time connection" feature is enabled and before
any legitimate administrators have connected, which
could allow remote attackers to gain access to the
device during installation.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020320 NMRC Advisory -
KeyManager Issue in ISS RealSecure on Nokia Appliances
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101666833321138&w=2
Reference: BUGTRAQ:20020322 RE: NMRC Advisory:
RealSecure KeyManager Issue - Further Explanation
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101684141308876&w=2
Reference: BUGTRAQ:20020321 RE: [VulnWatch] NMRC
Advisory - KeyManager Issue in ISS RealSecure on Nokia
Appliances
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101675086010051&w=2
Reference: BID:4331
Reference:
URL:http://www.securityfocus.com/bid/4331
Votes:
ACCEPT(3) Baker, Cole, Green
NOOP(3) Wall, Foat, Cox
REVIEWING(1) Frech
Name: CVE-2002-0481
Description:
An interaction between Windows Media Player (WMP) and
Outlook 2002 allows remote attackers to bypass Outlook
security settings and execute Javascript via an IFRAME
in an HTML email message that references .WMS (Windows
Media Skin) or other WMP media files, whose onload
handlers execute the player.LaunchURL() Javascript
function.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020321 How Outlook 2002 can
still execute JavaScript in an HTML email message
Reference:
URL:http://online.securityfocus.com/archive/1/263429
Reference: BID:4340
Reference:
URL:http://www.securityfocus.com/bid/4340
Reference: XF:outlook-iframe-javascript(8604)
Reference:
URL:http://www.iss.net/security_center/static/8604.php
Votes:
ACCEPT(1) Frech
NOOP(4) Foat, Cole, Cox, Green
REVIEWING(1) Wall
Name: CVE-2002-0482
Description:
Directory traversal vulnerability in PCI Netsupport
Manager before version 7, when running web extensions,
allows remote attackers to read arbitrary files via a ..
(dot dot) in the HTTP GET request.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020321 Webtraversal in PCI
Netsupport Manager (all version up to 7 using web
extensions)
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0285.html
Reference: BID:4348
Reference:
URL:http://www.securityfocus.com/bid/4348
Reference:
XF:netsupport-manager-directory-traversal(8610)
Reference:
URL:http://www.iss.net/security_center/static/8610.php
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Name: CVE-2002-0483
Description:
index.php for PHP-Nuke 5.4 and earlier allows remote
attackers to determine the physical pathname of the web
server when the file parameter is set to index.php,
which triggers an error message that leaks the pathname.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020320 Fw: PHPNuke 5.4 Path
Disclosure Vulnerability?
Reference:
URL:http://online.securityfocus.com/archive/1/263337
Reference: BID:4333
Reference:
URL:http://www.securityfocus.com/bid/4333
Reference: XF:phpnuke-index-path-disclosure(8618)
Reference:
URL:http://www.iss.net/security_center/static/8618.php
Votes:
ACCEPT(2) Frech, Green
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0485
Description:
Norton Anti-Virus (NAV) allows remote attackers to
bypass content filtering via attachments whose
Content-Type and Content-Disposition headers are mixed
upper and lower case, which is ignored by some mail
clients.
Status: Candidate
Phase: Modified (20040811)
Reference: BUGTRAQ:20020322 One more way to
bypass NAV
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101684260510079&w=2
Reference: VULN-DEV:20020322 One more way to
bypass NAV
Reference:
URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101681724810317&w=2
Votes:
ACCEPT(1) Prosser
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Voter Comments:
CHANGE> [Frech changed vote from REVIEWING to MODIFY]
Frech> XF:nav-case-bypass-protection(9860)
Prosser> This issues was a continuation of an earlier reported issue
with non-RFC compliant MIME headers. The discover was testing a
non-updated version of NAV 2002 which was vulnerable to this and other
non-RFC compliant configurations. Updated and current releases are not
vulnerable to this problem
http://securityresponse.symantec.com/avcenter/security/Content/2002.04.03.html
is the posted response to this issue.
Name: CVE-2002-0486
Description:
Intellisol Xpede 4.1 uses weak encryption to store
authentication information in cookies, which could allow
local users with access to the cookies to gain
privileges.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020322 Xpede passwords
exposed (2 vuln.)
Reference:
URL:http://www.securityfocus.com/archive/1/263485
Reference: BID:4344
Reference:
URL:http://www.securityfocus.com/bid/4344
Reference:
XF:xpede-password-weak-encryption(8614)
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Voter Comments:
Frech> XF:xpede-password-weak-encryption(8614)
Name: CVE-2002-0487
Description:
Intellisol Xpede 4.1 stores passwords in plaintext in a
Javascript "session timeout" re-authentication
capability, which could allow local users with access to
gain privileges of other Xpede users by reading the
password from the source file, e.g. from the browser's
cache.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020322 Xpede passwords
exposed (2 vuln.)
Reference:
URL:http://www.securityfocus.com/archive/1/263485
Reference: BID:4346
Reference:
URL:http://www.securityfocus.com/bid/4346
Reference:
XF:xpede-reauth-plaintext-password(8612)
Reference:
URL:http://www.iss.net/security_center/static/8612.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0489
Description:
Linux Directory Penguin NsLookup CGI script
(nslookup.pl) 1.0 allows remote attackers to execute
arbitrary code via shell metacharacters in the (1) query
or (2) type parameters.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020322 Re: PHP script:
Penguin Traceroute, Remote Command Execution
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101684215209558&w=2
Reference:
XF:penguin-nslookup-command-execution(8601)
Reference:
URL:http://www.iss.net/security_center/static/8601.php
Reference: BID:4353
Reference:
URL:http://www.securityfocus.com/bid/4353
Votes:
ACCEPT(2) Foat, Frech
NOOP(4) Wall, Cole, Cox, Green
Name: CVE-2002-0491
Description:
admin.php in AlGuest 1.0 guestbook checks for the
existence of the admin cookie to authenticate the
AlGuest administrator, which allows remote attackers to
bypass the authentication and gain privileges by setting
the admin cookie to an arbitrary value.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020324 Cookie vulnerability
in Alguest guestbook (PHP)
Reference:
URL:http://www.securityfocus.com/archive/1/263902
Reference: XF:alguest-php-admin-access(8623)
Reference:
URL:http://www.iss.net/security_center/static/8623.php
Reference: BID:4355
Reference:
URL:http://www.securityfocus.com/bid/4355
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0492
Description:
dcshop.cgi in DCShop 1.002 Beta allows remote attackers
to delete arbitrary setup files via a null character in
the database parameter.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020325 dcshop.cgi anybody
can delete *.setup for database
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0302.html
Votes:
MODIFY(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Voter Comments:
CHANGE> [Frech changed vote from REVIEWING to MODIFY]
Frech> XF:dscshop-cgi-delete-setup(9854)
Name: CVE-2002-0496
Description:
The HTTP server for SouthWest Talker server 1.0.0 allows
remote attackers to cause a denial of service (server
crash) via a malformed URL to port 5002.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020326 SouthWest Telnet
talker server. DoS (Denial of Service Attack).
Reference:
URL:http://www.securityfocus.com/archive/1/264168
Reference: XF:southwest-http-port-dos(8626)
Reference:
URL:http://www.iss.net/security_center/static/8626.php
Reference: BID:4362
Reference:
URL:http://www.securityfocus.com/bid/4362
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0498
Description:
Etnus TotalView 5.0.0-4 installs certain files with UID
5039 and GID 59, which could allow local users with that
UID or GID to modify the files and gain privileges as
other TotalView users.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020326 Etnus TotalView 5.
Reference:
URL:http://www.securityfocus.com/archive/1/264085
Reference: BID:4365
Reference:
URL:http://www.securityfocus.com/bid/4365
Reference: XF:totalview-insecure-privileges(8635)
Reference:
URL:http://www.iss.net/security_center/static/8635.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0499
Description:
The d_path function in Linux kernel 2.2.20 and earlier,
and 2.4.18 and earlier, truncates long pathnames without
generating an error, which could allow local users to
force programs to perform inappropriate operations on
the wrong directories.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020326 d_path() truncating
excessive long path name vulnerability
Reference:
URL:http://www.securityfocus.com/archive/1/264117
Reference:
MISC:http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html
Reference: BID:4367
Reference:
URL:http://www.securityfocus.com/bid/4367
Reference: XF:linux-dpath-truncate-path(8634)
Reference:
URL:http://www.iss.net/security_center/static/8634.php
Reference: VULNWATCH:20020326 [VulnWatch]
d_path() truncating excessive long path name
vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html
Votes:
ACCEPT(3) Foat, Cole, Frech
NOOP(3) Wall, Armstrong, Cox
REVIEWING(1) Christey
Voter Comments:
CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
CHANGE> [Cox changed vote from ACCEPT to NOOP]
Christey> Need to investigate this more... is it the responsibility
of the kernel to address this, or the application
programmer?
Name: CVE-2002-0500
Description:
Internet Explorer 5.0 through 6.0 allows remote
attackers to determine the existence of files on the
client via an IMG tag with a dynsrc property that
references the target file, which sets certain elements
of the image object such as file size.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020326 Retrieving
information on local files in IE (GM#003-IE)
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0331.html
Reference: BID:4371
Reference:
URL:http://www.securityfocus.com/bid/4371
Reference:
XF:ie-dynsrc-information-disclosure(8658)
Reference:
URL:http://www.iss.net/security_center/static/8658.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(3) Foat, Armstrong, Cox
REVIEWING(1) Wall
Name: CVE-2002-0502
Description:
Citrix NFuse 1.6 may allow remote attackers to list
applications without authentication by accessing the
applist.asp page.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020123 RE: Citrix NFuse 1.6
Reference:
URL:http://www.securityfocus.com/archive/1/251923
Reference: BUGTRAQ:20020122 Citrix NFuse 1.6
Reference:
URL:http://www.securityfocus.com/archive/1/251737
Reference:
XF:nfuse-applist-information-disclosure(7984)
Reference:
URL:http://xforce.iss.net/static/7984.php
Reference: BID:3926
Reference:
URL:http://www.securityfocus.com/bid/3926
Votes:
ACCEPT(2) Cole, Frech
NOOP(3) Wall, Foat, Cox
REJECT(1) Alderson
Voter Comments:
Alderson> Too much FUD
Name: CVE-2002-0503
Description:
Directory traversal vulnerability in boilerplate.asp for
Citrix NFuse 1.5 allows remote authenticated users to
read arbitrary files via a .. (dot dot) in the
NFuse_Template parameter.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020327 Citrix Nfuse
directory traversal with boilerplate.asp
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0343.html
Reference: BID:4382
Reference:
URL:http://www.securityfocus.com/bid/4382
Reference:
XF:nfuse-boilerplate-directory-traversal(8654)
Reference:
URL:http://www.iss.net/security_center/static/8654.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0504
Description:
Cross-site scripting vulnerability in Citrix NFuse 1.6
and earlier does not quote results from the getLastError
method, which allows remote attackers to execute script
in other clients via the NFuse_Application parameter to
(1) launch.jsp or (2) launch.asp.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020327 NFuse Cross Site
Scripting vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0334.html
Reference: BID:4372
Reference:
URL:http://www.securityfocus.com/bid/4372
Reference: XF:nfuse-launch-css(8659)
Reference:
URL:http://www.iss.net/security_center/static/8659.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0507
Description:
An interaction between Microsoft Outlook Web Access
(OWA) with RSA SecurID allows local users to bypass the
SecurID authentication for a previous user via several
submissions of an OWA Authentication request with the
proper OWA password for the previous user, which is
eventually accepted by OWA.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020328 Authentication with
RSA SecurID and Outlook web access
Reference:
URL:http://online.securityfocus.com/archive/1/264705
Reference: BID:4390
Reference:
URL:http://www.securityfocus.com/bid/4390
Reference: XF:exchange-owa-securid-bypass(8681)
Reference:
URL:http://www.iss.net/security_center/static/8681.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(3) Foat, Armstrong, Cox
REVIEWING(1) Wall
Name: CVE-2002-0508
Description:
wwwisis 3.45 and earlier allows remote attackers to
execute arbitrary commands and read files via the
parameters (1) prolog or (2) epilog.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020328 vuln in wwwisis:
remote command execution and get files
Reference:
URL:http://online.securityfocus.com/archive/1/264682
Reference: BUGTRAQ:20020402 RE: [VulnWatch] vuln
in wwwisis: remote command execution and get files
Reference:
URL:http://online.securityfocus.com/archive/1/265456
Reference:
CONFIRM:http://www.bireme.br/security.htm
Reference: BID:4384
Reference:
URL:http://www.securityfocus.com/bid/4384
Reference:
XF:wwwisis-remote-command-execution(8660)
Reference:
URL:http://www.iss.net/security_center/static/8660.php
Reference: BID:4383
Reference:
URL:http://www.securityfocus.com/bid/4383
Reference: VULNWATCH:20020328 [VulnWatch] vuln in
wwwisis: remote command execution and get files
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0077.html
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0509
Description:
Transparent Network Substrate (TNS) Listener in Oracle
9i 9.0.1.1 allows remote attackers to cause a denial of
service (CPU consumption) via a single malformed TCP
packet to port 1521.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020328 Oracle9i TSN DoS
Attack
Reference:
URL:http://online.securityfocus.com/archive/1/264697
Reference: BID:4391
Reference:
URL:http://www.securityfocus.com/bid/4391
Reference: XF:oracle-tns-onetcp-dos(8657)
Reference:
URL:http://www.iss.net/security_center/static/8657.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0510
Description:
The UDP implementation in Linux 2.4.x kernels keeps the
IP Identification field at 0 for all non-fragmented
packets, which could allow remote attackers to determine
that a target system is running Linux.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020319 Identifying Kernel
2.4.x based Linux machines using UDP
Reference:
URL:http://www.securityfocus.com/archive/1/262840
Reference: BID:4314
Reference:
URL:http://www.securityfocus.com/bid/4314
Reference: XF:linux-udp-fingerprint(8588)
Reference:
URL:http://www.iss.net/security_center/static/8588.php
Votes:
ACCEPT(3) Foat, Frech, Green
NOOP(3) Wall, Cole, Cox
Voter Comments:
CHANGE> [Cox changed vote from REVIEWING to NOOP]
Cox> So I asked some kernel guys about this - it's not considered
an issue. There are several other ways to identify Linux on
the wire and people who care about this kind of thing rewrite
their packets in various ways via firewall technology to trick
the identifier programs.
Name: CVE-2002-0514
Description:
PF in OpenBSD 3.0 with the return-rst rule sets the TTL
to 128 in the RST packet, which allows remote attackers
to determine if a port is being filtered because the TTL
is different than the default TTL.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020331 packet filter
fingerprinting(open but closed, closed but filtered)
Reference:
URL:http://www.securityfocus.com/archive/1/265188
Reference: BID:4401
Reference:
URL:http://www.securityfocus.com/bid/4401
Reference: XF:firewall-rst-fingerprint(8738)
Reference:
URL:http://www.iss.net/security_center/static/8738.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0515
Description:
IPFilter 3.4.25 and earlier sets a different TTL when a
port is being filtered than when it is not being
filtered, which allows remote attackers to identify
filtered ports by comparing TTLs.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020331 packet filter
fingerprinting(open but closed, closed but filtered)
Reference:
URL:http://www.securityfocus.com/archive/1/265188
Reference: BID:4403
Reference:
URL:http://www.securityfocus.com/bid/4403
Reference: XF:firewall-rst-fingerprint(8738)
Reference:
URL:http://www.iss.net/security_center/static/8738.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0517
Description:
Buffer overflow in X11 library (libX11) on Caldera Open
UNIX 8.0.0, UnixWare 7.1.1, and possibly other operating
systems, allows local users to gain root privileges via
a long -xrm argument to programs such as (1) dtterm or
(2) xterm.
Status: Candidate
Phase: Modified (20050510)
Reference: BUGTRAQ:20020108 dtterm exploit in
Unixware 7.1.1
Reference:
URL:http://www.securityfocus.com/archive/1/249106
Reference: BUGTRAQ:20020108 xterm exploit in
Unixware 7.0.1
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0099.html
Reference: CALDERA:CSSA-2002-SCO.15
Reference:
URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.15/CSSA-2002-SCO.15.txt
Reference: CERT-VN:VU#169059
Reference:
URL:http://www.kb.cert.org/vuls/id/169059
Reference: BID:4502
Reference:
URL:http://www.securityfocus.com/bid/4502
Reference: XF:unixware-openunix-dtterm-bo(7282)
Reference:
URL:http://www.iss.net/security_center/static/7282.php
Reference: XF:x11-xrm-bo(8828)
Reference:
URL:http://www.iss.net/security_center/static/8828.php
Votes:
ACCEPT(4) Baker, Cole, Frech, Alderson
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0518
Description:
The SYN cache (syncache) and SYN cookie (syncookie)
mechanism in FreeBSD 4.5 and earlier allows remote
attackers to cause a denial of service (crash) (1) via a
SYN packet that is accepted using syncookies that causes
a null pointer to be referenced for the socket's TCP
options, or (2) by killing and restarting a process that
listens on the same socket, which does not properly
clear the old inpcb pointer on restart.
Status: Candidate
Phase: Modified (20050817)
Reference: FREEBSD:FreeBSD-SA-02:20
Reference:
URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc
Reference: BID:4524
Reference:
URL:http://www.securityfocus.com/bid/4524
Reference: OSVDB:6046
Reference: URL:http://www.osvdb.org/6046
Reference: XF:bsd-syncookie-pointer-dos(8873)
Reference:
URL:http://www.iss.net/security_center/static/8873.php
Reference: XF:bsd-syncache-inpcb-dos(8875)
Reference:
URL:http://www.iss.net/security_center/static/8875.php
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0520
Description:
Cross-site scripting vulnerability in functions-inc.asp
for ASP-Nuke RC1 allows remote attackers to execute
script as other ASP-Nuke users by embedding it within an
IMG tag.
Status: Candidate
Phase: Proposed (20020611)
Reference: VULN-DEV:20020409 Security holes in
ASP-Nuke
Reference:
URL:http://online.securityfocus.com/archive/82/266705
Reference:
CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11
Reference:
MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
Reference: BID:4475
Reference:
URL:http://www.securityfocus.com/bid/4475
Reference: XF:aspnuke-image-css(8829)
Reference:
URL:http://www.iss.net/security_center/static/8829.php
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0521
Description:
Cross-site scripting vulnerabilities in ASP-Nuke RC2 and
earlier allow remote attackers to execute script or gain
privileges as other ASP-Nuke users via script in (1) the
name parameter in downloads.asp, (2) the message
parameter in Post.asp, or (3) a web site URL in
profile.asp.
Status: Candidate
Phase: Proposed (20020611)
Reference: VULN-DEV:20020409 Security holes in
ASP-Nuke
Reference:
URL:http://online.securityfocus.com/archive/82/266705
Reference:
CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11
Reference:
MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
Reference: BID:4481
Reference:
URL:http://www.securityfocus.com/bid/4481
Reference: XF:aspnuke-downloads-post-css(8830)
Reference:
URL:http://www.iss.net/security_center/static/8830.php
Reference: XF:aspnuke-user-profile-css(8831)
Reference:
URL:http://www.iss.net/security_center/static/8831.php
Reference: BID:4477
Reference:
URL:http://www.securityfocus.com/bid/4477
Votes:
ACCEPT(4) Baker, Cole, Armstrong, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0522
Description:
ASP-Nuke RC2 and earlier allows remote attackers to
bypass authentication and gain privileges by modifying
the "pseudo" cookie.
Status: Candidate
Phase: Proposed (20020611)
Reference: VULN-DEV:20020409 Security holes in
ASP-Nuke
Reference:
URL:http://online.securityfocus.com/archive/82/266705
Reference:
CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11
Reference:
MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
Reference: XF:aspnuke-account-hijacking(8832)
Reference:
URL:http://www.iss.net/security_center/static/8832.php
Reference: BID:4484
Reference:
URL:http://www.securityfocus.com/bid/4484
Votes:
ACCEPT(4) Baker, Cole, Armstrong, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0523
Description:
ASP-Nuke RC2 and earlier allows remote attackers to list
all logged-in users by submitting an invalid "pseudo"
cookie.
Status: Candidate
Phase: Proposed (20020611)
Reference: VULN-DEV:20020409 Security holes in
ASP-Nuke
Reference:
URL:http://online.securityfocus.com/archive/82/266705
Reference:
CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11
Reference:
MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
Reference:
XF:aspnuke-cookie-reveal-information(8833)
Reference:
URL:http://www.iss.net/security_center/static/8833.php
Reference: BID:4489
Reference:
URL:http://www.securityfocus.com/bid/4489
Votes:
ACCEPT(4) Baker, Cole, Armstrong, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0524
Description:
ASP-Nuke RC2 and earlier allows remote attackers to
determine the absolute path of the server by (1) calling
database-inc.asp with incorrect cookies, or (2) calling
Post.asp with certain arguments, which leak the pathname
in an error message.
Status: Candidate
Phase: Proposed (20020611)
Reference: VULN-DEV:20020409 Security holes in
ASP-Nuke
Reference:
URL:http://online.securityfocus.com/archive/82/266705
Reference:
CONFIRM:http://www.asp-nuke.com/news.asp?date=20020412&cat=11
Reference:
MISC:http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt
Reference:
XF:aspnuke-cookie-reveal-information(8833)
Reference:
URL:http://www.iss.net/security_center/static/8833.php
Reference: BID:4489
Reference:
URL:http://www.securityfocus.com/bid/4489
Votes:
ACCEPT(4) Baker, Cole, Armstrong, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0525
Description:
Format string vulnerabilities in (1) inews or (2) rnews
for INN 2.2.3 and earlier allow local users and remote
malicious NNTP servers to gain privileges via format
string specifiers in NTTP responses.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020411 Inn (Inter Net News)
security problems
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html
Reference: BID:4501
Reference:
URL:http://www.securityfocus.com/bid/4501
Reference: XF:inn-rnews-inews-format-string(8834)
Reference:
URL:http://www.iss.net/security_center/static/8834.php
Votes:
ACCEPT(3) Cole, Frech, Cox
NOOP(2) Wall, Foat
REVIEWING(1) Christey
Voter Comments:
Christey> CALDERA:CSSA-2002-038.0
CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
CHANGE> [Christey changed vote from NOOP to REVIEWING]
Christey> Need to consult with Caldera on this.
Name: CVE-2002-0526
Description:
Vulnerability in (1) inews or (2) rnews for INN 2.2.3
and earlier, related to insecure open() calls.
Status: Candidate
Phase: Modified (20080610)
Reference: BUGTRAQ:20020411 Inn (Inter Net News)
security problems
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html
Reference:
XF:inn-inews-rnews-info-disclosure(42803)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/42803
Votes:
ACCEPT(1) Cox
MODIFY(1) Frech
NOOP(3) Wall, Foat, Cole
REVIEWING(1) Christey
Voter Comments:
Frech> XF:inn-rnews-inews-format-string(8834)
Christey> CALDERA:CSSA-2002-038.0
CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
CHANGE> [Christey changed vote from NOOP to REVIEWING]
Christey> Need to consult with Caldera on this.
Name: CVE-2002-0527
Description:
Watchguard SOHO firewall before 5.0.35 allows remote
attackers to cause a denial of service (crash and
reboot) when SOHO forwards a packet with bad IP options.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020408 KPMG-2002007:
Watchguard SOHO Denial of Service
Reference:
URL:http://online.securityfocus.com/archive/1/266380
Reference: VULNWATCH:20020408 [VulnWatch]
KPMG-2002007: Watchguard SOHO Denial of Service
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0006.html
Reference: BID:4447
Reference:
URL:http://www.securityfocus.com/bid/4447
Reference: XF:watchguard-soho-ipoptions-dos(8774)
Reference:
URL:http://www.iss.net/security_center/static/8774.php
Votes:
ACCEPT(1) Frech
NOOP(5) Wall, Foat, Cole, Armstrong, Cox
Name: CVE-2002-0528
Description:
Watchguard SOHO firewall 5.0.35 unpredictably disables
certain IP restrictions for customized services that
were set before the administrator upgrades to 5.0.35,
which could allow remote attackers to bypass the
intended access control rules.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020410 KPMG-2002008:
Watchguard SOHO IP Restrictions Flaw
Reference:
URL:http://online.securityfocus.com/archive/1/266948
Reference:
XF:watchguard-soho-bypass-restrictions(8814)
Reference:
URL:http://www.iss.net/security_center/static/8814.php
Reference: BID:4491
Reference:
URL:http://www.securityfocus.com/bid/4491
Reference: VULNWATCH:20020410 [VulnWatch]
KPMG-2002008: Watchguard SOHO IP Restrictions Flaw
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0009.html
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0529
Description:
HP Photosmart printer driver for Mac OS X installs the
hp_imaging_connectivity program and the
hp_imaging_connectivity.app directory with
world-writable permissions, which allows local users to
gain privileges of other Photosmart users by replacing
hp_imaging_connectivity with a Trojan horse.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020414 Vulnerability in HP
Photosmart/Deskjet Drivers for Mac OS X (root
compromise)
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0169.html
Reference: BID:4518
Reference:
URL:http://www.securityfocus.com/bid/4518
Reference:
XF:macos-photosmart-weak-permissions(8856)
Reference:
URL:http://www.iss.net/security_center/static/8856.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0530
Description:
Cross-site scripting vulnerability in Novell Web Search
2.0.1 allows remote attackers to execute arbitrary
script as other Web Search users via the search
parameter.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020410 Cgisecurity Advisory
#9: Novell Websearch, and Microsoft IIS XSS Issues
Reference:
URL:http://seclists.org/bugtraq/2002/Apr/0126.html
Reference: VULNWATCH:20020410 [VulnWatch]
Cgisecurity Advisory #9: Novell Websearch, and Microsoft
IIS XSS Issues
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0010.html
Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Voter Comments:
CHANGE> [Frech changed vote from REVIEWING to MODIFY]
Frech> XF:netware-web-search-xss(9867)
Name: CVE-2002-0533
Description:
phpBB 1.4.4 and earlier with BBcode allows remote
attackers to cause a denial of service (CPU consumption)
and corrupt the database via null \0 characters within
[code] tags.
Status: Candidate
Phase: Proposed (20020611)
Reference: VULN-DEV:20020404
(WSS-Advisories-02003) PHPBB BBcode Process
Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101794993119738&w=2
Reference: BUGTRAQ:20020404
(WSS-Advisories-02003) PHPBB BBcode Process
Vulnerability
Reference:
URL:http://online.securityfocus.com/archive/1/265798
Reference: XF:phpbb-bbcode-function-dos(8764)
Reference:
URL:http://www.iss.net/security_center/static/8764.php
Reference: BID:4432
Reference:
URL:http://www.securityfocus.com/bid/4432
Reference: BID:4434
Reference:
URL:http://www.securityfocus.com/bid/4434
Reference: VULNWATCH:20020404 [VulnWatch]
(WSS-Advisories-02003) PHPBB BBcode Process
Vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0005.html
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0534
Description:
PostBoard 2.0.1 and earlier with BBcode allows remote
attackers to cause a denial of service (CPU consumption)
and corrupt the database via null \0 characters within
[code] tags.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020416 Multiple
Vulnerabilities in PostBoard
Reference:
URL:http://online.securityfocus.com/archive/1/267936
Reference: XF:postboard-bbcode-dos(8883)
Reference:
URL:http://www.iss.net/security_center/static/8883.php
Reference: BID:4562
Reference:
URL:http://www.securityfocus.com/bid/4562
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0535
Description:
Cross-site scripting vulnerabilities in PostBoard 2.0.1
and earlier allows remote attackers to execute script as
other users via (1) an [IMG] tag when BBCode is enabled,
or (2) in a topic title.
Status: Candidate
Phase: Modified (20050527)
Reference: BUGTRAQ:20020416 Multiple
Vulnerabilities in PostBoard
Reference:
URL:http://online.securityfocus.com/archive/1/267936
Reference: BID:4559
Reference:
URL:http://www.securityfocus.com/bid/4559
Reference: BID:4561
Reference:
URL:http://www.securityfocus.com/bid/4561
Reference: XF:postboard-img-css(8881)
Reference:
URL:http://www.iss.net/security_center/static/8881.php
Reference: XF:postboard-title-css(8884)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8884
Votes:
ACCEPT(1) Frech
NOOP(5) Christey, Wall, Foat, Cole, Cox
Voter Comments:
Christey> ADDREF BID:4561
URL:http://www.securityfocus.com/bid/4561
Name: CVE-2002-0537
Description:
The admin.html file in StepWeb Search Engine (SWS) 2.5
stores passwords in links to manager.pl, which allows
remote attackers who can access the admin.html file to
gain administrative privileges to SWS.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020411 SWS Vuln (small but
important to those using it.)
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0148.html
Reference: XF:sws-insecure-admin-page(8849)
Reference:
URL:http://www.iss.net/security_center/static/8849.php
Reference: BID:4503
Reference:
URL:http://www.securityfocus.com/bid/4503
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0540
Description:
Nortel CVX 1800 is installed with a default "public"
community string, which allows remote attackers to read
usernames and passwords and modify the CVX
configuration.
Status: Candidate
Phase: Modified (20050510)
Reference: BUGTRAQ:20020419 Re: Nortel CVX 1800s
will dump all local user names and passwords via SNMP
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0272.html
Reference: BUGTRAQ:20020413 Nortel CVX 1800s will
dump all local user names and passwords via SNMP
Reference:
URL:http://online.securityfocus.com/archive/1/267627
Reference: CERT-VN:VU#403315
Reference:
URL:http://www.kb.cert.org/vuls/id/403315
Reference: XF:nortel-default-snmp-string(8848)
Reference:
URL:http://www.iss.net/security_center/static/8848.php
Reference: BID:4507
Reference:
URL:http://www.securityfocus.com/bid/4507
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0541
Description:
Buffer overflow in Tivoli Storage Manager TSM (1) Server
or Storage Agents 3.1 through 5.1, and (2) the TSM
Client Acceptor Service 4.2 and 5.1, allows remote
attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a long HTTP GET
request to port 1580 or port 1581.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020411
iXsecurity.20020328.tivoli_tsm_dsmsvc.a
Reference:
URL:http://online.securityfocus.com/archive/1/267143
Reference: BUGTRAQ:20020411
iXsecurity.20020327.tivoli_tsm_dsmcad.a
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0126.html
Reference: AIXAPAR:IC33211
Reference:
CONFIRM:http://www.tivoli.com/support/storage_mgr/flash_httpport.html
Reference: AIXAPAR:IC33212
Reference: BID:4500
Reference:
URL:http://www.securityfocus.com/bid/4500
Reference: BID:4492
Reference:
URL:http://www.securityfocus.com/bid/4492
Reference:
XF:tivoli-storagemanager-client-bo(8817)
Reference:
URL:http://www.iss.net/security_center/static/8817.php
Reference:
XF:tivoli-storagemanager-login-bo(8825)
Reference:
URL:http://www.iss.net/security_center/static/8825.php
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0544
Description:
Aprelium Abyss Web Server (abyssws) before 1.0.3 stores
the administrative console password in plaintext in the
abyss.conf file, which allows local users with access to
the file to gain privileges.
Status: Candidate
Phase: Proposed (20020611)
Reference:
CONFIRM:http://www.aprelium.com/news/abws103.html
Reference: BID:4467
Reference:
URL:http://www.securityfocus.com/bid/4467
Votes:
ACCEPT(3) Baker, Cole, Armstrong
MODIFY(1) Frech
NOOP(3) Wall, Foat, Cox
Voter Comments:
Frech> XF:abyss-unicode-directory-traversal(8805)
Name: CVE-2002-0547
Description:
Buffer overflow in the mini-browser for Winamp 2.79 and
earlier allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via
a long string in the title field of an ID3v2 tag.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020426 Mp3 file can execute
code in Winamp [Sandblad advisory #5]
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0373.html
Reference:
MISC:http://www.winamp.com/download/newfeatures.jhtml
Reference: BID:4609
Reference:
URL:http://www.securityfocus.com/bid/4609
Reference: XF:winamp-mp3-id3v2-bo(8946)
Reference:
URL:http://www.iss.net/security_center/static/8946.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0548
Description:
Anthill allows remote attackers to bypass authentication
and file bug reports by directly accessing the
postbug.php program instead of enterbug.php.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020406 Anthill login and
JavaScript vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0089.html
Reference: XF:anthill-postbug-auth-bypass(8771)
Reference:
URL:http://www.iss.net/security_center/static/8771.php
Reference: BID:4443
Reference:
URL:http://www.securityfocus.com/bid/4443
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0549
Description:
Cross-site scripting vulnerabilities in Anthill allow
remote attackers to execute script as other Anthill
users.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020406 Anthill login and
JavaScript vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0089.html
Reference: XF:anthill-bug-tracking-css(8770)
Reference:
URL:http://www.iss.net/security_center/static/8770.php
Reference: BID:4442
Reference:
URL:http://www.securityfocus.com/bid/4442
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0550
Description:
Dynamic Guestbook 3.0 allows remote attackers to execute
arbitrary code via shell metacharacters in the gbdaten
parameter.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020403 Dynamic Guestbook
V3.0 Cross Site Scripting and Arbitrary Command
Execution under certain circumstances
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0052.html
Reference:
XF:dynamic-guestbook-command-execution(8762)
Reference:
URL:http://www.iss.net/security_center/static/8762.php
Reference: BID:4423
Reference:
URL:http://www.securityfocus.com/bid/4423
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0551
Description:
Cross-site scripting vulnerability in Dynamic Guestbook
3.0 allows remote attackers to execute code in clients
who access guestbook pages via the parameters (1) name,
(2) mail, or (3) kommentar.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020403 Dynamic Guestbook
V3.0 Cross Site Scripting and Arbitrary Command
Execution under certain circumstances
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0052.html
Reference: XF:dynamic-guestbook-css(8763)
Reference:
URL:http://www.iss.net/security_center/static/8763.php
Reference: BID:4422
Reference:
URL:http://www.securityfocus.com/bid/4422
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0552
Description:
Multiple buffer overflows in Melange Chat server 2.02
allow remote or local attackers to cause a denial of
service (crash) and possibly execute arbitrary code via
(1) a long argument in the /yell command, (2) long lines
in the /etc/melange.conf configuration file, (3) long
file names, or possibly other attacks.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020414 Vulnerabilities in
the Melange Chat Server
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0157.html
Reference: BUGTRAQ:20020416 Melange Chat POC DOS
Reference:
URL:http://online.securityfocus.com/archive/1/267932
Reference: BID:4510
Reference:
URL:http://www.securityfocus.com/bid/4510
Reference: XF:melange-chat-config-bo(8845)
Reference:
URL:http://www.iss.net/security_center/static/8845.php
Reference: XF:melange-chat-yell-bo(8842)
Reference:
URL:http://www.iss.net/security_center/static/8842.php
Reference: BID:4508
Reference:
URL:http://www.securityfocus.com/bid/4508
Reference: BID:4509
Reference:
URL:http://www.securityfocus.com/bid/4509
Reference: XF:melange-chat-filename-bo(8846)
Reference:
URL:http://www.iss.net/security_center/static/8846.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0554
Description:
webdriver in IBM Informix Web DataBlade 4.12 allows
remote attackers to bypass user access levels or read
arbitrary files via a SQL injection attack in an HTTP
request.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020411 IBM Informix Web
DataBlade: SQL injection
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0135.html
Reference: BID:4496
Reference:
URL:http://www.securityfocus.com/bid/4496
Reference: XF:informix-wdm-sql-injection(8826)
Reference:
URL:http://www.iss.net/security_center/static/8826.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0555
Description:
IBM Informix Web DataBlade 4.12 unescapes user input
even if an application has escaped it, which could allow
remote attackers to execute SQL code in a web form even
when the developer has attempted to escape it.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020411 IBM Informix Web
DataBlade: Auto-decoding HTML entities
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0137.html
Reference: BID:4498
Reference:
URL:http://www.securityfocus.com/bid/4498
Reference: XF:informix-wbm-sql-decoding(8827)
Reference:
URL:http://www.iss.net/security_center/static/8827.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0556
Description:
Directory traversal vulnerability in Quik-Serv HTTP
server 1.1B allows remote attackers to read arbitrary
files via a .. (dot dot) in a URL.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020403 Quik-Serv Web Server
v1.1B Arbitrary File Disclosure
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0051.html
Reference: BID:4425
Reference:
URL:http://www.securityfocus.com/bid/4425
Reference:
XF:quikserv-dot-directory-traversal(8754)
Reference:
URL:http://www.iss.net/security_center/static/8754.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0557
Description:
Vulnerability in OpenBSD 3.0, when using YP with
netgroups in the password database, causes (1) rexec or
(2) rsh to run another user's shell, or (3) atrun to
change to a different user's directory, possibly due to
memory allocation failures or an incorrect call to
auth_approval().
Status: Candidate
Phase: Modified (20050310)
Reference: OPENBSD:20020319 016: SECURITY FIX:
March 19, 2002
Reference:
URL:http://www.openbsd.org/errata30.html#approval
Reference: BID:4338
Reference:
URL:http://www.securityfocus.com/bid/4338
Reference: XF:bsd-yp-execute-shell(8625)
Reference:
URL:http://www.iss.net/security_center/static/8625.php
Votes:
ACCEPT(4) Baker, Cole, Frech, Green
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0558
Description:
Directory traversal vulnerability in TYPSoft FTP server
0.97.1 and earlier allows a remote authenticated user
(possibly anonymous) to list arbitrary directories via a
.. in a LIST (ls) command ending in wildcard *.*
characters.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020407 Typsoft FTP Server:
yet another directory traversal vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0090.html
Reference:
XF:typsoft-ftp-directory-traversal(6165)
Reference:
URL:http://www.iss.net/security_center/static/6165.php
Reference: BID:2489
Reference:
URL:http://www.securityfocus.com/bid/2489
Votes:
ACCEPT(2) Cole, Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Name: CVE-2002-0559
Description:
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i
Application Server 1.0.2.x allow remote attackers to
cause a denial of service or execute arbitrary code via
(1) a long help page request without a dadname, which
overflows the resulting HTTP Location header, (2) a long
HTTP request to the plsql module, (3) a long password in
the HTTP Authorization, (4) a long Access Descriptor
(DAD) password in the addadd form, or (5) a long cache
directory name.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020206 Multiple Buffer
Overflows in Oracle 9iAS
Reference:
URL:http://online.securityfocus.com/archive/1/254426
Reference: CERT:CA-2002-08
Reference:
URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: CERT-VN:VU#750299
Reference:
URL:http://www.kb.cert.org/vuls/id/750299
Reference: CERT-VN:VU#878603
Reference:
URL:http://www.kb.cert.org/vuls/id/878603
Reference: CERT-VN:VU#659043
Reference:
URL:http://www.kb.cert.org/vuls/id/659043
Reference: CERT-VN:VU#313280
Reference:
URL:http://www.kb.cert.org/vuls/id/313280
Reference: CERT-VN:VU#923395
Reference:
URL:http://www.kb.cert.org/vuls/id/923395
Reference:
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
Reference:
MISC:http://www.nextgenss.com/papers/hpoas.pdf
Reference:
XF:oracle-appserver-plsql-adddad-bo(8098)
Reference:
URL:http://xforce.iss.net/static/8098.php
Reference: XF:oracle-appserver-plsql-bo(8095)
Reference:
URL:http://xforce.iss.net/static/8095.php
Reference:
XF:oracle-appserver-plsql-cache-bo(8097)
Reference:
URL:http://xforce.iss.net/static/8097.php
Reference:
XF:oracle-appserver-plsql-authclient-bo(8096)
Reference:
URL:http://xforce.iss.net/static/8096.php
Reference: BID:4032
Reference:
URL:http://www.securityfocus.com/bid/4032
Votes:
ACCEPT(3) Baker, Cole, Alderson
MODIFY(1) Frech
NOOP(3) Wall, Foat, Cox
Voter Comments:
Frech> ADDREF XF:oracle-appserver-location-bo(8457)
Name: CVE-2002-0560
Description:
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server
1.0.2.x allows remote attackers to obtain sensitive
information via the OWA_UTIL stored procedures (1)
OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3)
OWA_UTIL.show_query_columns.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020206 Hackproofing Oracle
Application Server paper
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301813117562&w=2
Reference:
MISC:http://www.nextgenss.com/papers/hpoas.pdf
Reference: CERT:CA-2002-08
Reference:
URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: CERT-VN:VU#307835
Reference:
URL:http://www.kb.cert.org/vuls/id/307835
Reference:
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
Reference: BID:4294
Reference:
URL:http://www.securityfocus.com/bid/4294
Votes:
ACCEPT(3) Baker, Cole, Alderson
MODIFY(1) Frech
NOOP(3) Wall, Foat, Cox
Voter Comments:
Frech> XF:oracle-appserver-owautil-gain-information(8451)
Name: CVE-2002-0561
Description:
The default configuration of the PL/SQL Gateway web
administration interface in Oracle 9i Application Server
1.0.2.x uses null authentication, which allows remote
attackers to gain privileges and modify DAD settings.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020206 Hackproofing Oracle
Application Server paper
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301813117562&w=2
Reference: CERT-VN:VU#611776
Reference:
URL:http://www.kb.cert.org/vuls/id/611776
Reference: CERT:CA-2002-08
Reference:
URL:http://www.cert.org/advisories/CA-2002-08.html
Reference:
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
Reference:
MISC:http://www.nextgenss.com/papers/hpoas.pdf
Reference: BID:4292
Reference:
URL:http://www.securityfocus.com/bid/4292
Votes:
ACCEPT(4) Wall, Baker, Cole, Alderson
MODIFY(1) Frech
NOOP(2) Foat, Cox
Voter Comments:
Frech> XF:oracle-appserver-plsql-web-interface(8452)
Name: CVE-2002-0562
Description:
The default configuration of Oracle 9i Application
Server 1.0.2.x running Oracle JSP or SQLJSP stores
globals.jsa under the web root, which allows remote
attackers to gain sensitive information including
usernames and passwords via a direct HTTP request to
globals.jsa.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020206 JSP translation file
access under Oracle 9iAS
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301440005580&w=2
Reference: CERT:CA-2002-08
Reference:
URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: CERT-VN:VU#698467
Reference:
URL:http://www.kb.cert.org/vuls/id/698467
Reference:
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
Reference: BID:4034
Reference:
URL:http://www.securityfocus.com/bid/4034
Votes:
ACCEPT(4) Wall, Baker, Cole, Alderson
MODIFY(1) Frech
NOOP(2) Foat, Cox
Voter Comments:
Frech> XF:oracle-appserver-oraclejsp-view-info(8100)
Name: CVE-2002-0563
Description:
The default configuration of Oracle 9i Application
Server 1.0.2.x allows remote anonymous users to access
sensitive services without authentication, including
Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump,
(3) servlet/DMSDump, (4) servlet/Spy, (5)
soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java
Process Manager (7) oprocmgr-status and (8)
oprocmgr-service, which can be used to control Java
processes.
Status: Candidate
Phase: Modified (20070207)
Reference: BUGTRAQ:20020206 Hackproofing Oracle
Application Server paper
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301813117562&w=2
Reference:
MISC:http://www.appsecinc.com/Policy/PolicyCheck7024.html
Reference: CERT:CA-2002-08
Reference:
URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: CERT-VN:VU#168795
Reference:
URL:http://www.kb.cert.org/vuls/id/168795
Reference:
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
Reference:
MISC:http://www.nextgenss.com/papers/hpoas.pdf
Reference: BID:4293
Reference:
URL:http://www.securityfocus.com/bid/4293
Reference: OSVDB:705
Reference: URL:http://www.osvdb.org/705
Reference: OSVDB:13152
Reference: URL:http://www.osvdb.org/13152
Reference: SECTRACK:1009167
Reference:
URL:http://securitytracker.com/id?1009167
Reference:
XF:oracle-appserver-apache-services(8455)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8455
Votes:
ACCEPT(3) Baker, Cole, Alderson
MODIFY(1) Frech
NOOP(3) Wall, Foat, Cox
Voter Comments:
Frech> XF:oracle-appserver-apache-services(8455)
Name: CVE-2002-0564
Description:
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server
1.0.2.x allows remote attackers to bypass authentication
for a Database Access Descriptor (DAD) by modifying the
URL to reference an alternate DAD that already has valid
credentials.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020206 Hackproofing Oracle
Application Server paper
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301813117562&w=2
Reference: CERT-VN:VU#193523
Reference:
URL:http://www.kb.cert.org/vuls/id/193523
Reference: CERT:CA-2002-08
Reference:
URL:http://www.cert.org/advisories/CA-2002-08.html
Reference:
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
Reference:
MISC:http://www.nextgenss.com/papers/hpoas.pdf
Votes:
ACCEPT(4) Wall, Baker, Cole, Alderson
MODIFY(1) Frech
NOOP(2) Foat, Cox
Voter Comments:
Frech> XF:oracle-appserver-alternate-dad-access(8456)
Name: CVE-2002-0565
Description:
Oracle 9iAS 1.0.2.x compiles JSP files in the _pages
directory with world-readable permissions under the web
root, which allows remote attackers to obtain sensitive
information derived from the JSP code, including
usernames and passwords, via a direct HTTP request to
_pages.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020206 JSP translation file
access under Oracle 9iAS
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301440005580&w=2
Reference: CERT:CA-2002-08
Reference:
URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: CERT-VN:VU#547459
Reference:
URL:http://www.kb.cert.org/vuls/id/547459
Reference:
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
Reference: BID:4034
Reference:
URL:http://www.securityfocus.com/bid/4034
Reference:
XF:oracle-appserver-oraclejsp-view-info(8100)
Reference:
URL:http://xforce.iss.net/static/8100.php
Votes:
ACCEPT(5) Wall, Baker, Cole, Frech, Alderson
NOOP(2) Foat, Cox
Name: CVE-2002-0566
Description:
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server
1.0.2.x allows remote attackers to cause a denial of
service (crash) via an HTTP Authorization header without
an authentication type.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020206 Multiple Buffer
Overflows in Oracle 9iAS
Reference: CERT-VN:VU#805915
Reference:
URL:http://www.kb.cert.org/vuls/id/805915
Reference: CERT:CA-2002-08
Reference:
URL:http://www.cert.org/advisories/CA-2002-08.html
Reference:
CONFIRM:http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf
Reference: BID:4037
Reference:
URL:http://www.securityfocus.com/bid/4037
Reference:
XF:oracle-appserver-plsql-pls-dos(8099)
Reference:
URL:http://xforce.iss.net/static/8099.php
Votes:
ACCEPT(5) Wall, Baker, Cole, Frech, Alderson
NOOP(2) Foat, Cox
Name: CVE-2002-0568
Description:
Oracle 9i Application Server stores XSQL and SOAP
configuration files insecurely, which allows local users
to obtain sensitive information including usernames and
passwords by requesting (1) XSQLConfig.xml or (2)
soapConfig.xml through a virtual directory.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020206 Hackproofing Oracle
Application Server paper
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301813117562&w=2
Reference: CERT:CA-2002-08
Reference:
URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: CERT-VN:VU#476619
Reference:
URL:http://www.kb.cert.org/vuls/id/476619
Reference:
MISC:http://www.nextgenss.com/papers/hpoas.pdf
Reference: BID:4290
Reference:
URL:http://www.securityfocus.com/bid/4290
Votes:
ACCEPT(4) Wall, Baker, Cole, Alderson
MODIFY(1) Frech
NOOP(2) Foat, Cox
Voter Comments:
Frech> XF:oracle-appserver-config-file-access(8453)
Name: CVE-2002-0570
Description:
The encrypted loop device in Linux kernel 2.4.10 and
earlier does not authenticate the entity that is
encrypting data, which allows local users to modify
encrypted data without knowing the key.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020102 Vulnerability in
encrypted loop device for linux
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0010.html
Reference: BID:3775
Reference:
URL:http://www.securityfocus.com/bid/3775
Reference: XF:linux-loop-device-encryption(7769)
Reference:
URL:http://xforce.iss.net/static/7769.php
Votes:
ACCEPT(3) Cole, Frech, Alderson
MODIFY(1) Foat
NOOP(2) Wall, Cox
Voter Comments:
Foat> A local user can not modify the data. The user needs to root the box
first or at least get UNIX permission to write to the encrypted file system.
This is different than being a local user.
CHANGE> [Cox changed vote from REVIEWING to NOOP]
Name: CVE-2002-0572
Description:
FreeBSD 4.5 and earlier, and possibly other BSD-based
operating systems, allows local users to write to or
read from restricted files by closing the file
descriptors 0 (standard input), 1 (standard output), or
2 (standard error), which may then be reused by a called
setuid process that intended to perform I/O on normal
files.
Status: Candidate
Phase: Modified (20051217)
Reference: BUGTRAQ:20020423 cheers
Reference:
URL:http://online.securityfocus.com/archive/1/269102
Reference: BUGTRAQ:20020422 Pine Internet
Advisory: Setuid application execution may give local
root in FreeBSD
Reference:
URL:http://online.securityfocus.com/archive/1/268970
Reference: VULNWATCH:20020422 Pine Internet
Advisory: Setuid application execution may give local
root in FreeBSD
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html
Reference: FREEBSD:FreeBSD-SA-02:23
Reference:
URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc
Reference: CERT-VN:VU#809347
Reference:
URL:http://www.kb.cert.org/vuls/id/809347
Reference: CIAC:M-072
Reference:
URL:http://www.ciac.org/ciac/bulletins/m-072.shtml
Reference: BID:4568
Reference:
URL:http://www.securityfocus.com/bid/4568
Reference: OSVDB:6095
Reference: URL:http://www.osvdb.org/6095
Reference: XF:bsd-suid-apps-gain-privileges(8920)
Reference:
URL:http://www.iss.net/security_center/static/8920.php
Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(4) Christey, Wall, Foat, Cox
Voter Comments:
Frech> XF:bsd-suid-apps-gain-privileges(8920)
Christey> BSA? Nope. BSD.
Take a closer look at XF:bsd-suid-apps-gain-privileges(8920),
which also references CVE-2002-0820.
Christey> Other OSes besides FreeBSD are affected.
HP:SSRT0845U
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104800750626108&w=2
Need to more closely examine the relationship between
CVE-2002-0820 and CVE-2002-0572, especially with respect to
references.
Christey> CERT-VN:VU#809347
URL:http://www.kb.cert.org/vuls/id/809347
HP:SSRT0845U
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104800750626108&w=2
Name: CVE-2002-0577
Description:
Vulnerability in passwd for HP-UX 11.00 and 11.11 allows
local users to corrupt the password file and cause a
denial of service.
Status: Candidate
Phase: Modified (20070821)
Reference: HP:HPSBUX0204-191
Reference:
URL:http://archives.neohapsis.com/archives/hp/2002-q2/0023.html
Reference: CERT-VN:VU#977779
Reference:
URL:http://www.kb.cert.org/vuls/id/977779
Reference: BID:4582
Reference:
URL:http://www.securityfocus.com/bid/4582
Reference: SREASON:656
Reference:
URL:http://securityreason.com/securityalert/656
Reference: XF:hpux-passwd-dos(8939)
Reference:
URL:http://www.iss.net/security_center/static/8939.php
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0578
Description:
Buffer overflow in 4D WebServer 6.7.3 allows remote
attackers to cause a denial of service and possibly
execute arbitrary code via an HTTP request with Basic
Authentication containing a long (1) user name or (2)
password.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020502
iXsecurity.20020404.4d_webserver.a
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0013.html
Reference: BID:4665
Reference:
URL:http://www.securityfocus.com/bid/4665
Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(5) Christey, Wall, Foat, Armstrong, Cox
Voter Comments:
Frech> XF:4d-webserver-authentication-bo(8996)
Christey> A very similar issue was reported in the same version:
BUGTRAQ:20020618 4D 6.7 DOS and Buffer Overflow Vulnerability
URL:http://online.securityfocus.com/archive/1/277481
That issue is being given a separate CAN, but it may in fact
be a "dupe" of this issue, or at least it may need to be
merged per CD:SF-LOC.
Name: CVE-2002-0579
Description:
WorkforceROI Xpede 4.1 allows remote attackers to gain
privileges as an Xpede administrator via a direct HTTP
request to the /admin/adminproc.asp script, which does
not prompt for a password.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020419 Xpede many
vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
Reference: BID:4552
Reference:
URL:http://www.securityfocus.com/bid/4552
Reference: XF:xpede-insecure-admin-scripts(8900)
Reference:
URL:http://www.iss.net/security_center/static/8900.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0580
Description:
WorkforceROI Xpede 4.1 allows remote attackers to obtain
the database username via a request to datasource.asp,
which leaks the username in a form and allows the
attacker to more easily conduct brute force password
guessing attacks.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020419 Xpede many
vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
Reference: BID:4553
Reference:
URL:http://www.securityfocus.com/bid/4553
Reference:
XF:xpede-datasource-reveal-account(8902)
Reference:
URL:http://www.iss.net/security_center/static/8902.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0581
Description:
WorkforceROI Xpede 4.1 allows remote attackers to
execute arbitrary SQL commands and read, modify, or
steal credentials from the database via the Qry
parameter in the sprc.asp script.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020419 Xpede many
vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
Reference: BID:4555
Reference:
URL:http://www.securityfocus.com/bid/4555
Reference: XF:xpede-sprc-sql-injection(8903)
Reference:
URL:http://www.iss.net/security_center/static/8903.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0582
Description:
WorkforceROI Xpede 4.1 stores temporary expense claim
reports in a world-readable and indexable /reports/temp
directory, which allows remote attackers to read the
reports by accessing the directory.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020419 Xpede many
vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
Reference: BID:4554
Reference:
URL:http://www.securityfocus.com/bid/4554
Reference:
XF:xpede-expense-directory-permissions(8905)
Reference:
URL:http://www.iss.net/security_center/static/8905.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0583
Description:
WorkforceROI Xpede 4.1 uses a small random namespace (5
alphanumeric characters) for temporary expense claim
reports in the /reports/temp directory, which allows
remote attackers to read the reports via a brute force
attack.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020419 Xpede many
vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
Reference: BID:4554
Reference:
URL:http://www.securityfocus.com/bid/4554
Reference:
XF:xpede-expense-directory-permissions(8905)
Reference:
URL:http://www.iss.net/security_center/static/8905.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0584
Description:
WorkforceROI Xpede 4.1 allows remote attackers to read
user timesheets by modifying the TSN ID parameter to the
ts_app_process.asp script, which is easily guessable
because it is incremented by 1 for each new timesheet.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020419 Xpede many
vulnerabilities
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
Reference: BID:4556
Reference:
URL:http://www.securityfocus.com/bid/4556
Reference: XF:xpede-timesheet-disclosure(8907)
Reference:
URL:http://www.iss.net/security_center/static/8907.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0585
Description:
Unknown vulnerability in ndd for HP-UX 11.11 with
certain TRANSPORT patches allows attackers to cause a
denial of service.
Status: Candidate
Phase: Modified (20050703)
Reference: HP:HPSBUX0205-192
Reference:
URL:http://archives.neohapsis.com/archives/hp/2002-q2/0034.html
Reference: BID:4680
Reference:
URL:http://www.securityfocus.com/bid/4680
Reference: XF:hpux-ndd-dos(9020)
Reference:
URL:http://www.iss.net/security_center/static/9020.php
Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(4) Wall, Foat, Armstrong, Cox
Voter Comments:
Frech> XF:hp-ndd-dos(9020)
Name: CVE-2002-0586
Description:
Format string vulnerability in Ns_PdLog function for the
external database driver proxy daemon library
(libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote
attackers to execute arbitrary code via the Error or
Notice parameters.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020416 [CERT-intexxia]
AOLServer DB Proxy Daemon Format String Vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html
Reference:
CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152
Reference: BID:4535
Reference:
URL:http://www.securityfocus.com/bid/4535
Reference:
XF:aolserver-dbproxy-format-string(8860)
Reference:
URL:http://www.iss.net/security_center/static/8860.php
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0587
Description:
Buffer overflow in Ns_PdLog function for the external
database driver proxy daemon library (libnspd.a) of
AOLServer 3.0 through 3.4.2 allows remote attackers to
cause a denial of service or execute arbitrary code via
the Error or Notice parameters.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020416 [CERT-intexxia]
AOLServer DB Proxy Daemon Format String Vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html
Reference:
CONFIRM:http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1
Reference:
CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152
Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(3) Wall, Foat, Cox
Voter Comments:
Frech> XF:aolserver-dbproxy-bo(9840)
Name: CVE-2002-0588
Description:
PVote before 1.9 does not authenticate users for
restricted operations, which allows remote attackers to
add or delete polls by modifying parameters to (1)
add.php or (2) del.php.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020418 [[ TH 026 Inc. ]] SA
#1 - Multiple vulnerabilities in PVote 1.5
Reference:
URL:http://online.securityfocus.com/archive/1/268231
Reference:
CONFIRM:http://orbit-net.net:8001/php/pvote/
Reference: XF:pvote-add-delete-polls(8877)
Reference:
URL:http://www.iss.net/security_center/static/8877.php
Reference: BID:4540
Reference:
URL:http://www.securityfocus.com/bid/4540
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0589
Description:
PVote before 1.9 allows remote attackers to change the
administrative password and gain privileges by directly
calling ch_info.php with the newpass and confirm
parameters both set to the new password.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020418 [[ TH 026 Inc. ]] SA
#1 - Multiple vulnerabilities in PVote 1.5
Reference:
URL:http://online.securityfocus.com/archive/1/268231
Reference:
CONFIRM:http://orbit-net.net:8001/php/pvote/
Reference: XF:pvote-change-admin-password(8878)
Reference:
URL:http://www.iss.net/security_center/static/8878.php
Reference: BID:4541
Reference:
URL:http://www.securityfocus.com/bid/4541
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0590
Description:
Cross-site scripting (CSS) vulnerability in IcrediBB 1.1
Beta allows remote attackers to execute arbitrary script
and steal cookies as other IcrediBB users via the (1)
title or (2) body of posts.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020419 [[ TH 026 Inc. ]] SA
#2 - IcrediBB 1.1, Cross Site Scripting vulnerability.
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0263.html
Reference: BID:4548
Reference:
URL:http://www.securityfocus.com/bid/4548
Reference: XF:incredibb-html-css(8879)
Reference:
URL:http://www.iss.net/security_center/static/8879.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0591
Description:
Directory traversal vulnerability in AOL Instant
Messenger (AIM) 4.8 beta and earlier allows remote
attackers to create arbitrary files and execute commands
via a Direct Connection with an IMG tag with a SRC
attribute that specifies the target filename.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020416 AIM's 'Direct
Connection' feature could lead to arbitrary file
creation
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0203.html
Reference: BID:4526
Reference:
URL:http://www.securityfocus.com/bid/4526
Reference: XF:aim-direct-connection-files(8870)
Reference:
URL:http://www.iss.net/security_center/static/8870.php
Votes:
ACCEPT(1) Frech
NOOP(3) Foat, Cole, Cox
REVIEWING(1) Wall
Name: CVE-2002-0592
Description:
AOL Instant Messenger (AIM) allows remote attackers to
steal files that are being transferred to other clients
by connecting to port 4443 (Direct Connection) or port
5190 (file transfer) before the intended user.
Status: Candidate
Phase: Modified (20050528)
Reference: BUGTRAQ:20020421 AIM Remote File
Transfer/Direct Connection Vulnerability
Reference:
URL:http://online.securityfocus.com/archive/1/269006
Reference: BID:4574
Reference:
URL:http://www.securityfocus.com/bid/4574
Reference: XF:aim-hijack-connection(8931)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/8931
Votes:
MODIFY(1) Frech
NOOP(3) Foat, Cole, Cox
REVIEWING(1) Wall
Voter Comments:
Frech> XF:aim-hijack-connection(8931)
Name: CVE-2002-0593
Description:
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and
earlier allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via
a long channel name in an IRC URI.
Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20020430 RE: Reading local
files in Netscape 6 and Mozilla (GM#001-NS)
Reference:
URL:http://online.securityfocus.com/archive/1/270249
Reference: CONECTIVA:CLA-2002:490
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490
Reference: BID:4637
Reference:
URL:http://www.securityfocus.com/bid/4637
Reference: SECUNIA:8039
Reference: URL:http://secunia.com/advisories/8039
Reference: XF:mozilla-netscape-irc-bo(8976)
Reference:
URL:http://www.iss.net/security_center/static/8976.php
Votes:
ACCEPT(3) Baker, Cole, Cox
MODIFY(1) Frech
NOOP(2) Wall, Foat
Voter Comments:
Frech> XF:mozilla-netscape-irc-bo(8976)
CHANGE> [Cox changed vote from REVIEWING to ACCEPT]
Name: CVE-2002-0595
Description:
Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for
WebTrends Reporting Center 4.0d allows remote attackers
to execute arbitrary code via a long HTTP GET request to
the /reports/ directory.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020416 Webtrends Reporting
Center Buffer Overflow (#NISR17042002C)
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0207.html
Reference: XF:webtrends-long-string-bo(8864)
Reference:
URL:http://www.iss.net/security_center/static/8864.php
Reference: BID:4531
Reference:
URL:http://www.securityfocus.com/bid/4531
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0596
Description:
WebTrends Reporting Center 4.0d allows remote attackers
to determine the realt path of the web server via a GET
request to get_od_toc.pl with an empty Profile
parameter, which leaks the pathname in an error message.
Status: Candidate
Phase: Modified (20070223)
Reference: BUGTRAQ:20020416 Webtrends Reporting
Center Buffer Overflow (#NISR17042002C)
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0207.html
Reference:
MISC:http://www.ngssoftware.com/advisories/wtr.txt
Reference: OSVDB:10447
Reference: URL:http://www.osvdb.org/10447
Reference:
XF:webtrends-profile-path-disclosure(8865)
Reference:
URL:http://www.iss.net/security_center/static/8865.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0600
Description:
Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1
allows remote malicious servers to execute arbitrary
code on the client via a long response to a passive
(PASV) mode request.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020424 A bug in the
Kerberos4 ftp client may cause heap overflow which leads
to remote code execution
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0339.html
Reference: XF:kerberos4-ftp-client-overflow(8938)
Reference:
URL:http://www.iss.net/security_center/static/8938.php
Reference: BID:4592
Reference:
URL:http://www.securityfocus.com/bid/4592
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0602
Description:
Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote
attackers to cause a denial of service (crash) via a
large number of connections to (1) the HTTP web
management port, or (2) the PPTP port.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020502 KPMG-2002017:
Snapgear Lite+ Firewall Denial of Service
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102035583114759&w=2
Reference: VULNWATCH:20020502 [VulnWatch]
KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html
Reference:
CONFIRM:http://www.snapgear.com/releases.html
Reference: XF:snapgear-vpn-pptp-dos(8986)
Reference: BID:4658
Reference: BID:4657
Reference: XF:snapgear-vpn-http-dos(8985)
Votes:
ACCEPT(4) Baker, Cole, Armstrong, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0603
Description:
Snapgear Lite+ firewall 1.5.3 allows remote attackers to
cause a denial of service (IPSEC crash) via a zero
length packet to UDP port 500.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020502 KPMG-2002017:
Snapgear Lite+ Firewall Denial of Service
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102035583114759&w=2
Reference: VULNWATCH:20020502 [VulnWatch]
KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html
Reference:
CONFIRM:http://www.snapgear.com/releases.html
Reference: XF:snapgear-vpn-ipsec-dos(8987)
Reference:
URL:http://www.iss.net/security_center/static/8987.php
Reference: BID:4659
Reference:
URL:http://www.securityfocus.com/bid/4659
Votes:
ACCEPT(4) Baker, Cole, Armstrong, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0604
Description:
Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote
attackers to cause a denial of service (crash) via a
large number of packets with malformed IP options.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020502 KPMG-2002017:
Snapgear Lite+ Firewall Denial of Service
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102035583114759&w=2
Reference: VULNWATCH:20020502 [VulnWatch]
KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html
Reference:
CONFIRM:http://www.snapgear.com/releases.html
Reference: XF:snapgear-vpn-ipoptions-dos(8988)
Reference:
URL:http://www.iss.net/security_center/static/8988.php
Reference: BID:4660
Reference:
URL:http://www.securityfocus.com/bid/4660
Votes:
ACCEPT(4) Baker, Cole, Armstrong, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0606
Description:
Buffer overflow in 3Cdaemon 2.0 FTP server allows remote
attackers to cause a denial of service (crash) and
possibly execute arbitrary code via long commands such
as login.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020429 3CDaemon DoS exploit
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0428.html
Reference: BID:4638
Reference:
URL:http://www.securityfocus.com/bid/4638
Reference: XF:3cdaemon-ftp-bo(8970)
Reference:
URL:http://www.iss.net/security_center/static/8970.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0607
Description:
members.asp in Snitz Forums 2000 version 3.3.03 and
earlier allows remote attackers to execute arbitrary
code via a SQL injection attack on the parameters (1)
M_NAME, (2) UserName, (3) FirstName, (4) LastName, or
(5) INITIAL.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020419 Snitz Forums 2000
remote SQL query manipulation vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0279.html
Reference:
CONFIRM:http://forum.snitz.com/forum/topic.asp?TOPIC_ID=26770
Reference: XF:snitz-members-sql-injection(8898)
Reference:
URL:http://www.iss.net/security_center/static/8898.php
Reference: BID:4558
Reference:
URL:http://www.securityfocus.com/bid/4558
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0608
Description:
Buffer overflow in Matu FTP client 1.74 allows remote
FTP servers to execute arbitrary code via a long "220"
banner.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020422 Matu FTP remote
buffer overflow vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0310.html
Reference: XF:matu-ftp-long-string-bo(8911)
Reference:
URL:http://www.iss.net/security_center/static/8911.php
Reference: BID:4572
Reference:
URL:http://www.securityfocus.com/bid/4572
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0609
Description:
Vulnerability in HP MPE/iX 6.0 through 7.0 allows
attackers to cause a denial of service (system failure
with "SA1457 out of
i_port_timeout.fix_up_message_frame") via malformed IP
packets.
Status: Candidate
Phase: Proposed (20020611)
Reference: HP:HPSBMP0204-013
Reference:
URL:http://online.securityfocus.com/advisories/4047
Reference: XF:hp-mpeix-ip-dos(8901)
Reference:
URL:http://www.iss.net/security_center/static/8901.php
Reference: BID:4536
Reference:
URL:http://www.securityfocus.com/bid/4536
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0610
Description:
Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0
does not properly validate certain FTP commands, which
allows attackers to gain privileges.
Status: Candidate
Phase: Modified (20050510)
Reference: CERT-VN:VU#551683
Reference:
URL:http://www.kb.cert.org/vuls/id/551683
Reference: CIAC:M-075
Reference:
URL:http://www.ciac.org/ciac/bulletins/m-075.shtml
Reference: HP:HPSBMP0204-014
Reference:
URL:http://online.securityfocus.com/advisories/4082
Reference: BID:4652
Reference:
URL:http://www.securityfocus.com/bid/4652
Reference: XF:hp-mpeix-ftp-access(8990)
Reference:
URL:http://www.iss.net/security_center/static/8990.php
Votes:
ACCEPT(3) Baker, Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0611
Description:
Directory traversal vulnerability in FileSeek.cgi allows
remote attackers to read arbitrary files via a ....//
(modified dot dot) in the (1) head or (2) foot
parameters, which are not properly filtered.
Status: Candidate
Phase: Proposed (20020611)
Reference: VULN-DEV:20020416 FileSeek cgi script
advisory
Reference:
URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0132.html
Reference:
XF:fileseek-cgi-directory-traversal(8858)
Reference:
URL:http://www.iss.net/security_center/static/8858.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0612
Description:
FileSeek.cgi allows remote attackers to execute
arbitrary commands via shell metacharacters in the (1)
head or (2) foot parameters.
Status: Candidate
Phase: Proposed (20020611)
Reference: VULN-DEV:20020416 FileSeek cgi script
advisory
Reference:
URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0132.html
Reference:
XF:fileseek-cgi-command-execution(8857)
Reference:
URL:http://www.iss.net/security_center/static/8857.php
Votes:
ACCEPT(1) Frech
NOOP(4) Wall, Foat, Cole, Cox
Name: CVE-2002-0614
Description:
PHP-Survey 20000615 and earlier stores the global.inc
file under the web root, which allows remote attackers
to obtain sensitive information, including database
credentials, if .inc files are not preprocessed by the
server.
Status: Candidate
Phase: Proposed (20020611)
Reference: BUGTRAQ:20020426 PHP-Survey Database
Access Vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0383.html
Reference: BID:4612
Reference:
URL:http://www.securityfocus.com/bid/4612
Reference: XF:phpsurvey-global-reveal-info(8950)
Reference:
URL:http://www.iss.net/security_center/static/8950.php
Votes:
ACCEPT(2) Cole, Frech
NOOP(3) Wall, Foat, Cox
Name: CVE-2002-0620
Description:
Buffer overflow in the Profile Service of Microsoft
Commerce Server 2000 allows remote attackers to cause
the server to fail or run arbitrary code in the
LocalSystem security context via an input field using an
affected API.
Status: Candidate
Phase: Proposed (20020726)
Reference: MS:MS02-033
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp
Reference: BID:4853
Reference:
URL:http://www.securityfocus.com/bid/4853
Votes:
ACCEPT(4) Wall, Baker, Foat, Cole
NOOP(2) Christey, Cox
Voter Comments:
Christey> XF:mscs-profile-service-bo(9423)
URL:http://www.iss.net/security_center/static/9423.php
Name: CVE-2002-0624
Description:
Buffer overflow in the password encryption function of
Microsoft SQL Server 2000, including Microsoft SQL
Server Desktop Engine (MSDE) 2000, allows remote
attackers to gain control of the database and execute
arbitrary code via SQL Server Authentication, aka
"Unchecked Buffer in Password Encryption Procedure."
Status: Candidate
Phase: Modified (20061101)
Reference: MS:MS02-034
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms02-034.asp
Reference: CERT:CA-2002-22
Reference:
URL:http://www.cert.org/advisories/CA-2002-22.html
Reference: OVAL:oval:org.mitre.oval:def:291
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:291
Votes:
ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
MODIFY(1) Frech
NOOP(2) Christey, Cox
Voter Comments:
Christey> BUGTRAQ:20020614 Microsoft SQL Server 2000 pwdencrypt() buffer overflow
URL:http://online.securityfocus.com/archive/1/276953
XF:mssql-pwdencrypt-bo(9345)
URL:http://www.iss.net/security_center/static/9345.php
BID:5014
URL:http://online.securityfocus.com/bid/5014
Christey> CERT:CA-2002-22
CERT-VN:VU#225555
Frech> XF:mssql-pwdencrypt-bo(9345)
Name: CVE-2002-0626
Description:
Polycom ViewStation before 7.2.4 has a default null
password for the administrator account, which allows
arbitrary users to conduct unauthorized activities.
Status: Candidate
Phase: Proposed (20030317)
Reference: ISS:20020904 Multiple Remote
Vulnerabilities in Polycom Videoconferencing Products
Reference:
URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
Reference:
CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
Reference: CIAC:M-123
Reference:
URL:http://www.ciac.org/ciac/bulletins/m-123.shtml
Reference:
XF:viewstation-default-blank-password(9347)
Reference:
URL:http://www.iss.net/security_center/static/9347.php
Reference: BID:5631
Reference:
URL:http://www.securityfocus.com/bid/5631
Votes:
ACCEPT(2) Baker, Cole
NOOP(2) Wall, Cox
Name: CVE-2002-0628
Description:
The Telnet service for Polycom ViewStation before 7.2.4
does not restrict the number of failed login attempts,
which makes it easier for remote attackers to guess
usernames and passwords via a brute force attack.
Status: Candidate
Phase: Modified (20080808)
Reference: ISS:20020904 Multiple Remote
Vulnerabilities in Polycom Videoconferencing Products
Reference:
URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
Reference:
CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
Reference: CIAC:M-123
Reference:
URL:http://www.ciac.org/ciac/bulletins/m-123.shtml
Reference: XF:viewstation-telnet-login-dos(9349)
Reference:
URL:http://www.iss.net/security_center/static/9349.php
Reference: BID:5635
Reference:
URL:http://www.securityfocus.com/bid/5635
Reference:
XF:viewstation-telnet-login-info-disclosure(44241)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/44241
Votes:
ACCEPT(2) Baker, Cole
NOOP(2) Wall, Cox
Name: CVE-2002-0629
Description:
The Telnet service for Polycom ViewStation before 7.2.4
allows remote attackers to cause a denial of service
(crash) via multiple connections to the server.
Status: Candidate
Phase: Proposed (20030317)
Reference: ISS:20020904 Multiple Remote
Vulnerabilities in Polycom Videoconferencing Products
Reference:
URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
Reference:
CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
Reference: CIAC:M-123
Reference:
URL:http://www.ciac.org/ciac/bulletins/m-123.shtml
Reference: XF:viewstation-telnet-login-dos(9349)
Reference:
URL:http://www.iss.net/security_center/static/9349.php
Reference: BID:5636
Reference:
URL:http://www.securityfocus.com/bid/5636
Votes:
ACCEPT(2) Baker, Cole
NOOP(2) Wall, Cox
Name: CVE-2002-0632
Description:
Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4
and earlier allows clients to read arbitrary files on a
BDS server.
Status: Candidate
Phase: Modified (20060626)
Reference: SGI:20020804-01-P
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20020804-01-P
Reference: BID:5448
Reference:
URL:http://www.securityfocus.com/bid/5448
Reference: OSVDB:11081
Reference: URL:http://www.osvdb.org/11081
Reference: XF:irix-bds-unauth-access(9825)
Reference:
URL:http://www.iss.net/security_center/static/9825.php
Votes:
ACCEPT(3) Baker, Cole, Armstrong
MODIFY(1) Frech
NOOP(4) Christey, Wall, Foat, Cox
Voter Comments:
Christey> BID:5448
URL:http://www.securityfocus.com/bid/5448
XF:irix-bds-unauth-access(9825)
URL:http://www.iss.net/security_center/static/9825.php
Change desc to "unknown vulnerability"
Frech> XF:irix-bds-unauth-access(9825)
Name: CVE-2002-0633
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020621)
Votes:
Name: CVE-2002-0634
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020621)
Votes:
Name: CVE-2002-0635
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020621)
Votes:
Name: CVE-2002-0636
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20020624)
Votes:
Name: CVE-2002-0637
Description:
InterScan VirusWall 3.52 build 1462 allows remote
attackers to bypass virus protection via e-mail messages
with headers that violate RFC specifications by having
(or missing) space characters in unexpected places (aka
"space gap"), such as (1) Content-Type :", (2)
"Content-Transfer-Encoding :", (3) no space before a
boundary declaration, or (4) "boundary= ", which is
processed by Outlook Express.
Status: Candidate
Phase: Modified (20071101)
Reference:
MISC:http://www.securiteam.com/securitynews/5KP000A7QE.html
Reference:
XF:interscan-viruswall-protection-bypass(9464)
Reference:
URL:http://www.iss.net/security_center/static/9464.php
Votes:
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(6) Christey, Wall, Foat, Cole, Armstrong, Cox
Voter Comments:
Christey> BID:5259
URL:http://online.securityfocus.com/bid/5259
CONFIRM:http://solutionbank.antivirus.com/solutions/solutionDetail.asp?solutionId=11948
According to Axel Pettinger, Solaris 3.7 build 1070
is affected by the "boundary space (trailing)" and "Boundary
Space (prefix)" problems, but not the content-type or transfer
encoding issues. That version clearly has some overlap with
this issue, but since a different build and version number are
affected, perhaps a separate candidate needs to be created.
More information on that issue is at:
http://solutionbank.antivirus.com/solutions/solutiondetail.asp?solutionID=12142
Baker> http://solutionbank.antivirus.com/solutions/solutionDetail.asp?solutionID=11948
Frech> XF:interscan-viruswall-protection-bypass(9464)
Name: CVE-2002-0641
Description:
Buffer overflow in bulk insert procedure of Microsoft
SQL Server 2000, including Microsoft SQL Server Desktop
Engine (MSDE) 2000, allows attackers with database
administration privileges to execute arbitrary code via
a long filename in the BULK INSERT query.
Status: Candidate
Phase: Modified (20061101)
Reference: BUGTRAQ:20020711 Microsoft SQL Server
2000 'BULK INSERT' Buffer Overflow (#NISR11072002)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102639885223746&w=2
Reference:
MISC:http://www.ngssoftware.com/advisories/ms-sqlbi.txt
Reference: CERT-VN:VU#682620
Reference:
URL:http://www.kb.cert.org/vuls/id/682620
Reference: BID:4847
Reference:
URL:http://www.securityfocus.com/bid/4847
Reference: MS:MS02-034
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms02-034.asp
Reference: OVAL:oval:org.mitre.oval:def:316
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:316
Votes:
ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
MODIFY(1) Frech
NOOP(2) Christey, Cox
Voter Comments:
Christey> XF:mssql-bulk-insert-bo(9522)
URL:http://www.iss.net/security_center/static/9522.php
BID:4847
URL:http://www.securityfocus.com/bid/4847
Frech> XF:mssql-bulk-insert-bo(9522)
Name: CVE-2002-0643
Description:
The installation of Microsoft Data Engine 1.0 (MSDE
1.0), and Microsoft SQL Server 2000 creates setup.iss
files with insecure permissions and does not delete them
after installation, which allows local users to obtain
sensitive data, including weakly encrypted passwords, to
gain privileges, aka "SQL Server Installation Process
May Leave Passwords on System."
Status: Candidate
Phase: Modified (20050510)
Reference: BUGTRAQ:20020711 SQL Server 7 & 2000
Installation process and Service Packs write encoded
passwords to a file
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102640092826731&w=2
Reference: VULN-DEV:20020711 SQL Server 7 & 2000
Installation process and Service Packs write encoded
passwords to a file
Reference:
URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102640394131103&w=2
Reference: CERT-VN:VU#338195
Reference:
URL:http://www.kb.cert.org/vuls/id/338195
Reference: BID:5203
Reference:
URL:http://www.securityfocus.com/bid/5203
Reference: MS:MS02-035
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms02-035.asp
Votes:
ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
MODIFY(1) Frech
NOOP(2) Christey, Cox
Voter Comments:
Wall> There may be a 4th type - clear-text passwords, which may be found in
other setup.iss files.
Christey> XF:mssql-insecure-password-storage(9524)
URL:http://www.iss.net/security_center/static/9524.php
BID:5203
URL:http://www.securityfocus.com/bid/5203
Frech> XF:mssql-insecure-password-storage(9524)
Name: CVE-2002-0644
Description:
Buffer overflow in several Database Consistency Checkers
(DBCCs) for Microsoft SQL Server 2000 and Microsoft
Desktop Engine (MSDE) 2000 allows members of the
db_owner and db_ddladmin roles to execute arbitrary
code.
Status: Candidate
Phase: Proposed (20020726)
Reference: MS:MS02-038
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms02-038.asp
Votes:
ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
MODIFY(1) Frech
NOOP(2) Christey, Cox
Voter Comments:
Christey> BUGTRAQ:20020725 SQL Server 2000 Buffer Overflows and SQL Inyection vulnerabilities.
URL:http://online.securityfocus.com/archive/1/284382
XF:mssql-dbcc-bo(9659)
URL:http://www.iss.net/security_center/static/9659.php
Add details to desc. Affected functions are:
(1)ADDEXTENDEDPROC, (2) INDEXFRAG, (3) UPDATEUSAGE, (4)
CHECKCONSTRAINTS, (5) SHOWCONTIG, and (6) CLEANTABLE.
Frech> XF:mssql-dbcc-bo(9659)
Name: CVE-2002-0645
Description:
SQL injection vulnerability in stored procedures for
Microsoft SQL Server 2000 and Microsoft Desktop Engine
(MSDE) 2000 may allow authenticated users to execute
arbitrary commands.
Status: Candidate
Phase: Proposed (20020726)
Reference: MS:MS02-038
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms02-038.asp
Votes:
ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
MODIFY(1) Frech
NOOP(2) Christey, Cox
Voter Comments:
Christey> XF:mssql-replication-sql-injection(9660)
URL:http://www.iss.net/security_center/static/9660.php
BUGTRAQ:20020725 SQL Server 2000 Buffer Overflows and SQL Inyection vulnerabilities.
URL:http://online.securityfocus.com/archive/1/284382
Mention that the function "sp_MScopyscript" is affected, along
with other functions.
Frech> XF:mssql-replication-sql-injection(9660)
Name: CVE-2002-0646
Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER.
ConsultIDs: CVE-2002-0371. Reason: This candidate is a
reservation duplicate of CVE-2002-0371. Notes:
CVE-2002-0371 should be used instead of this candidate.
All references and descriptions in this candidate have
been removed to prevent accidental usage.
Status: Candidate
Phase: Assigned (20020628)
Votes:
NOOP(1) Christey
Voter Comments:
Christey> DO NOT USE THIS CANDIDATE.
It is a "reservation duplicate" of CVE-2002-0371. CVE users
should use CVE-2002-0371 instead.
Name: CVE-2002-0649
Description:
Multiple buffer overflows in the Resolution Service for
Microsoft SQL Server 2000 and Microsoft Desktop Engine
2000 (MSDE) allow remote attackers to cause a denial of
service or execute arbitrary code via UDP packets to
port 1434 in which (1) a 0x04 byte that causes the SQL
Monitor thread to generate a long registry key name, or
(2) a 0x08 byte with a long string causes heap
corruption, as exploited by the Slammer/Sapphire worm.
Status: Candidate
Phase: Modified (20080207)
Reference: BUGTRAQ:20020725 Microsoft SQL Server
2000 Unauthenticated System Compromise (#NISR25072002)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102760196931518&w=2
Reference: BUGTRAQ:20030125 Fw: MS SQL WORM IS
DESTROYING INTERNET BLOCK PORT 1434!
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/308321/30/26180/threaded
Reference: BUGTRAQ:20030125 MS SQL WORM IS
DESTROYING INTERNET BLOCK PORT 1434!
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/308306/30/26180/threaded
Reference: BUGTRAQ:20030125 RE: MS SQL WORM IS
DESTROYING INTERNET BLOCK PORT 1434!
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/308393/30/26180/threaded
Reference: BUGTRAQ:20030125 Re: MS SQL WORM IS
DESTROYING INTERNET BLOCK PORT 1434!
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/308324/30/26180/threaded
Reference: BUGTRAQ:20030125 SQL Sapphire Worm
Analysis
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/308388/30/26180/threaded
Reference: BUGTRAQ:20030125 Sapphire SQL Worm
Analysis Complete
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/308418/30/26150/threaded
Reference: BUGTRAQ:20030126 RE: MS SQL WORM IS
DESTROYING INTERNET BLOCK PORT 1434!
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/308396/30/26150/threaded
Reference: BUGTRAQ:20030126 Tool: Sapphire SQL
Worm Scanner
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/308419/30/26150/threaded
Reference: BUGTRAQ:20030128 RE: MS SQL WORM IS
DESTROYING INTERNET BLOCK PORT 1434!
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/308760/30/26120/threaded
Reference: BUGTRAQ:20030128 Re: MSDE contained
in...
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/308806/30/26120/threaded
Reference: BUGTRAQ:20030129 Re: MSDE contained
in...
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/309096/30/26120/threaded
Reference: BUGTRAQ:20030130 RE: MSDE contained
in...
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/309324/30/26120/threaded
Reference: BUGTRAQ:20030201 The Spread of the
Sapphire/Slammer SQL Worm
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/309776/30/26090/threaded
Reference: NTBUGTRAQ:20020725 Microsoft SQL
Server 2000 Unauthenticated System Compromise
(#NISR25072002)
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102760479902411&w=2
Reference: MS:MS02-039
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms02-039.asp
Reference: CERT:CA-2002-22
Reference:
URL:http://www.cert.org/advisories/CA-2002-22.html
Reference: CERT:CA-2003-04
Reference:
URL:http://www.cert.org/advisories/CA-2003-04.html
Reference: CERT-VN:VU#399260
Reference:
URL:http://www.kb.cert.org/vuls/id/399260
Reference: CERT-VN:VU#484891
Reference:
URL:http://www.kb.cert.org/vuls/id/484891
Reference: BID:5310
Reference:
URL:http://www.securityfocus.com/bid/5310
Reference: OVAL:oval:org.mitre.oval:def:1077
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1077
Reference: SECUNIA:7945
Reference: URL:http://secunia.com/advisories/7945
Votes:
ACCEPT(4) Wall, Baker, Foat, Cole
MODIFY(1) Frech
NOOP(2) Christey, Cox
Voter Comments:
Christey> CERT:CA-2002-22
CERT-VN:VU#399260
CERT-VN:VU#484891
Christey> XF:mssql-resolution-service-bo(9661)
URL:http://www.iss.net/security_center/static/9661.php
BID:5310
URL:http://www.securityfocus.com/bid/5310
BID:5311
URL:http://www.securityfocus.com/bid/5311
Christey> add to desc: "as exploited by the SQL Slammer/Sapphire worm"
to facilitate matching.
Frech> XF:mssql-resolution-service-bo(9661)
Name: CVE-2002-0652
Description:
xfsmd for IRIX 6.5 through 6.5.16 allows remote
attackers to execute arbitrary code via shell
metacharacters that are not properly filtered from
several calls to the popen() function, such as
export_fs().
Status: Candidate
Phase: Proposed (20020726)
Reference: BUGTRAQ:20020620 [LSD] IRIX rpc.xfsmd
multiple remote root vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102459162909825&w=2
Reference: SGI:20020605-01-I
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I
Reference: SGI:20020606-01-I
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I
Votes:
ACCEPT(1) Baker
NOOP(5) Christey, Wall, Foat, Cole, Cox
Voter Comments:
Christey> XF:irix-xfsmd-execute-commands(9402)
URL:http://www.iss.net/security_center/static/9402.php
BID:5075
URL:http://www.securityfocus.com/bid/5075
Name: CVE-2002-0654
Description:
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware
allows remote attackers to determine the full pathname
of the server via (1) a request for a .var file, which
leaks the pathname in the resulting error message, or
(2) via an error message that occurs when a script
(child process) cannot be invoked.
Status: Candidate
Phase: Modified (20071101)
Reference: BUGTRAQ:20020816 Apache 2.0.39
directory traversal and path disclosure bug
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102951160411052&w=2
Reference:
CONFIRM:http://www.apache.org/dist/httpd/CHANGES_2.0
Reference: BID:5486
Reference:
URL:http://www.securityfocus.com/bid/5486
Reference: BID:5485
Reference:
URL:http://www.securityfocus.com/bid/5485
Reference: XF:apache-var-path-disclosure(9875)
Reference:
URL:http://www.iss.net/security_center/static/9875.php
Reference: XF:apache-cgi-path-disclosure(9876)
Reference:
URL:http://www.iss.net/security_center/static/9876.php
Votes:
ACCEPT(4) Baker, Foat, Armstrong, Cox
MODIFY(1) Frech
NOOP(1) Cole
REVIEWING(1) Wall
Voter Comments:
Frech> XF:apache-cgi-path-disclosure(9876)
XF:apache-var-path-disclosure(9875)
In description, correct product names to OS/2 and NetWare.
Name: CVE-2002-0655
Description:
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier,
does not properly handle ASCII representations of
integers on 64 bit platforms, which could allow
attackers to cause a denial of service and possibly
execute arbitrary code.
Status: Candidate
Phase: Proposed (20020830)
Reference: BUGTRAQ:20020730 OpenSSL Security
Altert - Remote Buffer Overflows
Reference: REDHAT:RHSA-2002:155
Reference: DEBIAN:DSA-136
Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.008]
OpenPKG Security Advisory (openssl)
Reference: BUGTRAQ:20020730 TSLSA-2002-0063 -
openssl
Reference: BUGTRAQ:20020730 OpenSSL patches for
other versions
Reference: ENGARDE:ESA-20020730-019
Reference: BUGTRAQ:20020730 GLSA: OpenSSL
Reference: SUSE:SuSE-SA:2002:027
Reference: CERT:CA-2002-23
Reference:
URL:http://www.cert.org/advisories/CA-2002-23.html
Reference: CERT-VN:VU#308891
Reference:
URL:http://www.kb.cert.org/vuls/id/308891
Reference: CALDERA:CSSA-2002-033.0
Reference:
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
Reference: CALDERA:CSSA-2002-033.1
Reference:
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
Reference: FREEBSD:FreeBSD-SA-02:33
Reference:
URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
Reference: MANDRAKE:MDKSA-2002:046
Reference:
URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php
Reference: CONECTIVA:CLA-2002:513
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
Reference: BID:5364
Reference:
URL:http://www.securityfocus.com/bid/5364
Votes:
ACCEPT(3) Wall, Baker, Cole
MODIFY(1) Cox
NOOP(2) Christey, Foat
Voter Comments:
Cox> ADDREF:RHSA-2002:163 RHSA-2002:164 RHSA-2002:157
This issue also affects SSLeay and BSAFE SSL-C
ADDREF: http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL_Products_Security_Bulletin_Aug_8_2002.pdf
Christey> CONFIRM:http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_sca/sca_320/v320b20.htm#xtocid13
Christey> I should probably create a separate CAN for the BSAFE issues,
unless there is a codebase relationship.
Name: CVE-2002-0656
Description:
Buffer overflows in OpenSSL 0.9.6d and earlier, and
0.9.7-beta2 and earlier, allow remote attackers to
execute arbitrary code via (1) a large client master key
in SSL2 or (2) a large session ID in SSL3.
Status: Candidate
Phase: Modified (20071016)
Reference: BUGTRAQ:20020730 OpenSSL Security
Altert - Remote Buffer Overflows
Reference: REDHAT:RHSA-2002:155
Reference: DEBIAN:DSA-136
Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.008]
OpenPKG Security Advisory (openssl)
Reference: BUGTRAQ:20020730 TSLSA-2002-0063 -
openssl
Reference: BUGTRAQ:20020730 OpenSSL patches for
other versions
Reference: ENGARDE:ESA-20020730-019
Reference: BUGTRAQ:20020730 GLSA: OpenSSL
Reference: SUSE:SuSE-SA:2002:027
Reference: CERT:CA-2002-23
Reference:
URL:http://www.cert.org/advisories/CA-2002-23.html
Reference: CERT-VN:VU#102795
Reference:
URL:http://www.kb.cert.org/vuls/id/102795
Reference: CERT-VN:VU#258555
Reference:
URL:http://www.kb.cert.org/vuls/id/258555
Reference: CALDERA:CSSA-2002-033.0
Reference:
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
Reference: CALDERA:CSSA-2002-033.1
Reference:
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
Reference: FREEBSD:FreeBSD-SA-02:33
Reference:
URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
Reference: MANDRAKE:MDKSA-2002:046
Reference:
URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php
Reference: CONECTIVA:CLA-2002:513
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
Reference: XF:openssl-ssl2-masterkey-bo(9714)
Reference:
URL:http://www.iss.net/security_center/static/9714.php
Reference: BID:5362
Reference:
URL:http://www.securityfocus.com/bid/5362
Reference: BID:5363
Reference:
URL:http://www.securityfocus.com/bid/5363
Reference: XF:openssl-ssl3-sessionid-bo(9716)
Reference:
URL:http://www.iss.net/security_center/static/9716.php
Votes:
ACCEPT(3) Wall, Baker, Cole
MODIFY(1) Cox
NOOP(2) Christey, Foat
Voter Comments:
Christey> The CVE content decision "CD:SF-LOC" recommends that multiple
bugs of the same type, in the same version of software, should
be combined. Content decisions such as CD:SF-LOC ensure the
long-term consistency of CVE across all vulnerability reports,
since the amount of detail can vary widely.
Cox> ADDREF:RHSA-2002:163 RHSA-2002:164 RHSA-2002:157
This issue also affects SSLeay and BSAFE SSL-C
ADDREF: http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL_Products_Security_Bulletin_Aug_8_2002.pdf
Christey> BUGTRAQ:20021003 Cisco Secure Content Accelerator vulnerable to SSL worm
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103374616018622&w=2
CONFIRM:http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_sca/sca_320/v320b20.htm#xtocid13
Christey> I should probably create a separate CAN for the BSAFE issues,
unless there is a codebase relationship.
Christey> XF:openssl-ssl3-sessionid-bo(9716)
URL:http://www.iss.net/security_center/static/9716.php
Name: CVE-2002-0657
Description:
Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3,
with Kerberos enabled, allows attackers to execute
arbitrary code via a long master key.
Status: Candidate
Phase: Proposed (20020830)
Reference: BUGTRAQ:20020730 OpenSSL Security
Altert - Remote Buffer Overflows:
Reference: DEBIAN:DSA-136
Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.008]
OpenPKG Security Advisory (openssl)
Reference: BUGTRAQ:20020730 OpenSSL patches for
other versions
Reference: SUSE:SuSE-SA:2002:027
Reference: CERT:CA-2002-23
Reference:
URL:http://www.cert.org/advisories/CA-2002-23.html
Reference: CERT-VN:VU#561275
Reference:
URL:http://www.kb.cert.org/vuls/id/561275
Reference: CALDERA:CSSA-2002-033.0
Reference:
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
Reference: CALDERA:CSSA-2002-033.1
Reference:
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
Reference: FREEBSD:FreeBSD-SA-02:33
Reference:
URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
Reference: MANDRAKE:MDKSA-2002:046
Reference:
URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php
Reference: CONECTIVA:CLA-2002:513
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
Reference: XF:openssl-ssl3-masterkey-bo(9715)
Reference:
URL:http://www.iss.net/security_center/static/9715.php
Reference: BID:5361
Reference:
URL:http://www.securityfocus.com/bid/5361
Votes:
ACCEPT(3) Wall, Baker, Cole
MODIFY(1) Cox
NOOP(2) Christey, Foat
Voter Comments:
Cox> The majority of the vendor references listed are incorrect, those vendors
did not ship 0.9.7. Each one should be checked for accuracy, those
not shipping 0.9.7 were not affected.
Christey> CONFIRM:http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_sca/sca_320/v320b20.htm#xtocid13
Name: CVE-2002-0659
Description:
The ASN1 library in OpenSSL 0.9.6d and earlier, and
0.9.7-beta2 and earlier, allows remote attackers to
cause a denial of service via invalid encodings.
Status: Candidate
Phase: Proposed (20020830)
Reference: BUGTRAQ:20020730 OpenSSL Security
Altert - Remote Buffer Overflows
Reference: DEBIAN:DSA-136
Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.008]
OpenPKG Security Advisory (openssl)
Reference: BUGTRAQ:20020730 TSLSA-2002-0063 -
openssl
Reference: BUGTRAQ:20020730 OpenSSL patches for
other versions
Reference: ENGARDE:ESA-20020730-019
Reference: BUGTRAQ:20020730 GLSA: OpenSSL
Reference: CERT:CA-2002-23
Reference:
URL:http://www.cert.org/advisories/CA-2002-23.html
Reference: CERT-VN:VU#748355
Reference:
URL:http://www.kb.cert.org/vuls/id/748355
Reference: REDHAT:RHSA-2002:164
Reference:
URL:http://rhn.redhat.com/errata/RHSA-2002-164.html
Reference: REDHAT:RHSA-2002:161
Reference:
URL:http://rhn.redhat.com/errata/RHSA-2002-161.html
Reference: REDHAT:RHSA-2002:160
Reference:
URL:http://rhn.redhat.com/errata/RHSA-2002-160.html
Reference: CALDERA:CSSA-2002-033.0
Reference:
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
Reference: CALDERA:CSSA-2002-033.1
Reference:
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
Reference: FREEBSD:FreeBSD-SA-02:33
Reference:
URL
| 
