Sax2 Network Intrusion Detection System

A professional intrusion detection and prevention  system (NIDS) which excels at real-time packet capture, 24/7 network monitor, advanced protocol analysis and automatic expert detection.  

Name: CVE-2003-0001

Description:
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

Status: Candidate
Phase: Modified (20080207)
Reference: ATSTAKE:A010603-1
Reference: URL:http://www.atstake.com/research/advisories/2003/a010603-1.txt
Reference: BUGTRAQ:20030110 More information regarding Etherleak
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104222046632243&w=2
Reference: BUGTRAQ:20030106 Etherleak: Ethernet frame padding information leakage (A010603-1)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/305335/30/26420/threaded
Reference: BUGTRAQ:20030117 Re: More information regarding Etherleak
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/307564/30/26270/threaded
Reference: VULNWATCH:20030110 More information regarding Etherleak
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
Reference: MISC:http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
Reference: REDHAT:RHSA-2003:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-088.html
Reference: CERT-VN:VU#412115
Reference: URL:http://www.kb.cert.org/vuls/id/412115
Reference: REDHAT:RHSA-2003:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-025.html
Reference: OSVDB:9962
Reference: URL:http://www.osvdb.org/9962
Reference: OVAL:oval:org.mitre.oval:def:2665
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2665
Reference: SECUNIA:7996
Reference: URL:http://secunia.com/advisories/7996
 

Votes:

   ACCEPT(3) Wall, Baker, Cole
   MODIFY(2) Frech, Cox
   NOOP(1) Christey

 Christey> ENGARDE:ESA-20030318-009
   URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html
 CHANGE> [Cox changed vote from ACCEPT to MODIFY]
 Cox> Addref: RHSA-2003:088
 Christey> MANDRAKE:MDKSA-2003:039
   URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:039
 Frech> XF:ethernet-driver-information-leak(10996)
 Christey> SGI:20030601-01-A
 Christey> DEBIAN:DSA-311
   URL:http://www.debian.org/security/2003/dsa-311
 Christey> MANDRAKE:MDKSA-2003:066
 Christey> DEBIAN:DSA-332
   URL:http://www.debian.org/security/2003/dsa-332
   DEBIAN:DSA-336
   URL:http://www.debian.org/security/2003/dsa-336
 Christey> HP:HPSBUX0305-261
   URL:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0708.1
   DEBIAN:DSA-312
   URL:http://www.debian.org/security/2003/dsa-312
   BID:6535
   URL:http://www.securityfocus.com/bid/6535
 Christey> MANDRAKE:MDKSA-2003:074
   URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:074
 Christey> DEBIAN:DSA-423
   URL:http://www.debian.org/security/2004/dsa-423
 Christey> BUGTRAQ:20040207 [Fwd: zyxel prestige ethernet information leakage]
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107618991322594&w=2
 Christey> DEBIAN:DSA-442
   URL:http://www.debian.org/security/2004/dsa-442
 Christey> SGI:20030601-01-I
   URL:ftp://patches.sgi.com/support/free/security/advisories/20030601-01-A
 Cox> Change description to say "in Linux 2.4 prior to 2.4.21" as
   this was fixed in Linux 2.4.21 by changesets committed by Alan Cox on
   5th Feb 2003.

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20030102)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20030102)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20030102)
 

Votes:

Description:
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.

Status: Candidate
Phase: Assigned (20030102)
Reference: IDEFENSE:20030319 Heap Overflow in Windows Script Engine
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=26
Reference: BUGTRAQ:20030319 iDEFENSE Security Advisory 03.19.03: Heap Overflow in Windows Script Engine
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104812108307645&w=2
Reference: MS:MS03-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-008.asp
Reference: VULNWATCH:20030319 Windows Scripting Engine issue
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0139.html
Reference: BID:7146
Reference: URL:http://www.securityfocus.com/bid/7146
Reference: OVAL:oval:org.mitre.oval:def:200
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:200
Reference: OVAL:oval:org.mitre.oval:def:794
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:794
Reference: OVAL:oval:org.mitre.oval:def:795
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:795
Reference: OVAL:oval:org.mitre.oval:def:134
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:134
 

Votes:

Description:
Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.

Status: Candidate
Phase: Assigned (20030102)
Reference: MS:MS03-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-009.asp
Reference: BID:7145
Reference: URL:http://www.securityfocus.com/bid/7145
 

Votes:

Description:
gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Status: Candidate
Phase: Assigned (20030106)
Reference: CONFIRM:http://packages.debian.org/changelogs/pool/main/b/bmv/bmv_1.2-14.2/changelog
Reference: DEBIAN:DSA-633
Reference: URL:http://www.debian.org/security/2005/dsa-633
Reference: BID:12229
Reference: URL:http://securityfocus.org/bid/12229
Reference: SECTRACK:1012847
Reference: URL:http://securitytracker.com/id?1012847
Reference: SECUNIA:13793
Reference: URL:http://secunia.com/advisories/13793
Reference: SECUNIA:13796
Reference: URL:http://secunia.com/advisories/13796
Reference: XF:bmv-symlink(18823)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18823
 

Votes:

Description:
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.

Status: Candidate
Phase: Modified (20071121)
Reference: BUGTRAQ:20030108 IMP 2.x SQL injection vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104204786206563&w=2
Reference: BUGTRAQ:20030108 Re: IMP 2.x SQL injection vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/306268
Reference: DEBIAN:DSA-229
Reference: URL:http://www.debian.org/security/2003/dsa-229
Reference: SUSE:SuSE-SA:2003:0008
Reference: BID:6559
Reference: URL:http://www.securityfocus.com/bid/6559
Reference: SECTRACK:1005904
Reference: URL:http://www.securitytracker.com/id?1005904
Reference: SECUNIA:8087
Reference: URL:http://secunia.com/advisories/8087
Reference: SECUNIA:8177
Reference: URL:http://secunia.com/advisories/8177
 

Votes:

   ACCEPT(3) Cole, Armstrong, Green
   MODIFY(1) Jones
   NOOP(2) Cox, Christey

 Jones> Change "...gain privileges..." to "...gain additional
   privileges..."
 Christey> BID:6559
   URL:http://www.securityfocus.com/bid/6559
   XF:imp-multiple-sql-injection(11028)
   URL:http://www.iss.net/security_center/static/11028.php
 Christey> CONECTIVA:CLA-2003:690
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000690

Description:
Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname.

Status: Candidate
Phase: Modified (20071129)
Reference: CONECTIVA:CLA-2003:562
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000562
Reference: DEBIAN:DSA-231
Reference: URL:http://www.debian.org/security/2003/dsa-231
Reference: MANDRAKE:MDKSA-2003:007
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:007
Reference: OPENPKG:OpenPKG-SA-2003.002
Reference: URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.html
Reference: REDHAT:RHSA-2003:011
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-011.html
Reference: SUSE:SuSE-SA:2003:0006
Reference: URL:http://www.suse.com/de/security/2003_006_dhcp.html
Reference: BUGTRAQ:20030122 [securityslackware.com: [slackware-security] New DHCP packages available]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2003-01/0250.html
Reference: SUSE:SuSE-SA:2003:006
Reference: URL:http://www.suse.com/de/security/2003_006_dhcp.html
Reference: CERT:CA-2003-01
Reference: URL:http://www.cert.org/advisories/CA-2003-01.html
Reference: CERT-VN:VU#284857
Reference: URL:http://www.kb.cert.org/vuls/id/284857
Reference: CIAC:N-031
Reference: URL:http://www.ciac.org/ciac/bulletins/n-031.shtml
Reference: BID:6627
Reference: URL:http://www.securityfocus.com/bid/6627
Reference: SECTRACK:1005924
Reference: URL:http://www.securitytracker.com/id?1005924
Reference: XF:dhcpd-minires-multiple-bo(11073)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11073
 

Votes:

   ACCEPT(4) Wall, Baker, Cole, Cox
   MODIFY(1) Frech
   NOOP(1) Christey

 Frech> XF:dhcpd-minires-multiple-bo(11073)
 Christey> MANDRAKE:MDKSA-2003:007
   URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:007
   SUSE:SUSE-SA:2003:0006
   URL:http://www.suse.de/de/security/2003_006_dhcp.html
   
   Since the SuSE advisory name is "malformed" according to
   SuSE's own convention, make sure that "SuSE-SA:2003:006" is in
   the keywords for this CAN.

Description:
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

Status: Candidate
Phase: Assigned (20030110)
Reference: BUGTRAQ:20030319 EEYE: XDR Integer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104810574423662&w=2
Reference: BUGTRAQ:20030331 GLSA: dietlibc (200303-29)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316931/30/25250/threaded
Reference: BUGTRAQ:20030331 GLSA: krb5 & mit-krb5 (200303-28)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316960/30/25250/threaded
Reference: BUGTRAQ:20030319 RE: EEYE: XDR Integer Overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/315638/30/25430/threaded
Reference: VULNWATCH:20030319 EEYE: XDR Integer Overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html
Reference: EEYE:AD20030318
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD20030318.html
Reference: CERT:CA-2003-10
Reference: URL:http://www.cert.org/advisories/CA-2003-10.html
Reference: CERT-VN:VU#516825
Reference: URL:http://www.kb.cert.org/vuls/id/516825
Reference: DEBIAN:DSA-282
Reference: URL:http://www.debian.org/security/2003/dsa-282
Reference: REDHAT:RHSA-2003:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:089
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-089.html
Reference: REDHAT:RHSA-2003:091
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-091.html
Reference: CALDERA:CSSA-2003-013.0
Reference: FREEBSD:FreeBSD-SA-03:05
Reference: BUGTRAQ:20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104811415301340&w=2
Reference: ENGARDE:ESA-20030321-010
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html
Reference: DEBIAN:DSA-266
Reference: URL:http://www.debian.org/security/2003/dsa-266
Reference: DEBIAN:DSA-272
Reference: URL:http://www.debian.org/security/2003/dsa-272
Reference: BUGTRAQ:20030325 GLSA: glibc (200303-22)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104860855114117&w=2
Reference: MANDRAKE:MDKSA-2003:037
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:037
Reference: NETBSD:NetBSD-SA2003-008
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc
Reference: SUSE:SuSE-SA:2003:027
Reference: URL:http://www.novell.com/linux/security/advisories/2003_027_glibc.html
Reference: TRUSTIX:2003-0014
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104878237121402&w=2
Reference: BUGTRAQ:20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105362148313082&w=2
Reference: OVAL:oval:org.mitre.oval:def:230
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:230
 

Votes:

   NOOP(1) Christey

 Christey> MANDRAKE:MDKSA-2003:043
   (as suggested by Vincent Danen of Mandrake)

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20030110)
 

Votes:

Description:
Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension Feature (SEF) before 2.2.3.9 allow attackers with SQL access to execute arbitrary code via the extended stored procedures (1) xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select.

Status: Candidate
Phase: Modified (20080326)
Reference: CERT-VN:VU#247545
Reference: URL:http://www.kb.cert.org/vuls/id/247545
Reference: BUGTRAQ:20030313 Protegrity buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104758650516677&w=2
Reference: BID:7083
Reference: URL:http://www.securityfocus.com/bid/7083
Reference: BID:7084
Reference: URL:http://www.securityfocus.com/bid/7084
Reference: BID:7085
Reference: URL:http://www.securityfocus.com/bid/7085
Reference: SECUNIA:8294
Reference: URL:http://secunia.com/advisories/8294
 

Votes:

   ACCEPT(1) Baker
   MODIFY(1) Frech
   NOOP(3) Wall, Cole, Cox

 Frech> XF:protegrity-sql-sp-bo(11528)

Description:
Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash).

Status: Candidate
Phase: Modified (20080207)
Reference: BUGTRAQ:20030103 Multiple libmcrypt vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104162752401212&w=2
Reference: BUGTRAQ:20030105 GLSA: libmcrypt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104188513728573&w=2
Reference: DEBIAN:DSA-228
Reference: URL:http://www.debian.org/security/2003/dsa-228
Reference: CONECTIVA:CLA-2003:567
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567
Reference: SUSE:SuSE-SA:2003:0010
Reference: BID:6510
Reference: URL:http://www.securityfocus.com/bid/6510
Reference: SECTRACK:1006181
Reference: URL:http://www.securitytracker.com/id?1006181
 

Votes:

   ACCEPT(3) Cole, Armstrong, Green
   NOOP(2) Cox, Christey
   REVIEWING(1) Jones

 Jones> [JHJ] service crash or system crash?
 Christey> XF:libmcrypt-multiple-bo(10987)
   URL:http://www.iss.net/security_center/static/10987.php
   BID:6510
   URL:http://www.securityfocus.com/bid/6510

Description:
Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable.

Status: Candidate
Phase: Modified (20080326)
Reference: MISC:http://www.idefense.com/advisory/01.21.03.txt
Reference: VULNWATCH:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html
Reference: MANDRAKE:MDKSA-2003:010
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:010
Reference: BID:6656
Reference: URL:http://www.securityfocus.com/bid/6656
Reference: SECTRACK:1005959
Reference: URL:http://www.securitytracker.com/id?1005959
 

Votes:

   ACCEPT(2) Armstrong, Green
   NOOP(3) Cole, Cox, Jones

 Green> APPEARS IN MANDRAKE SECURITY ADVISORY MDKSA-2003:010

Description:
Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument.

Status: Candidate
Phase: Modified (20080326)
Reference: BUGTRAQ:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/307608/30/26270/threaded
Reference: MISC:http://www.idefense.com/advisory/01.21.03.txt
Reference: VULNWATCH:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html
Reference: MANDRAKE:MDKSA-2003:010
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:010
Reference: BID:6658
Reference: URL:http://www.securityfocus.com/bid/6658
Reference: SECTRACK:1005959
Reference: URL:http://www.securitytracker.com/id?1005959
 

Votes:

   ACCEPT(3) Cole, Armstrong, Green
   NOOP(2) Cox, Jones

 Green> APPEARS IN MANDRAKE SECURITY ADVISORY MDKSA-2003:010

Description:
ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form "mlg85p%d".

Status: Candidate
Phase: Modified (20080326)
Reference: BUGTRAQ:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/307608/30/26270/threaded
Reference: MISC:http://www.idefense.com/advisory/01.21.03.txt
Reference: VULNWATCH:20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html
Reference: MANDRAKE:MDKSA-2003:010
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:010
Reference: SECTRACK:1005959
Reference: URL:http://www.securitytracker.com/id?1005959
 

Votes:

   ACCEPT(2) Armstrong, Green
   NOOP(3) Cole, Cox, Jones

 Green> APPEARS IN MANDRAKE SECURITY ADVISORY MDKSA-2003:010
   THIS EXPLOIT DIFFERS FROM THE SYMLINK IN A SAMSUNG PRINTER REFERENCED IN CVE-2001-1177.

Description:
Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code.

Status: Candidate
Phase: Modified (20071220)
Reference: DEBIAN:DSA-244
Reference: URL:http://www.debian.org/security/2003/dsa-244
Reference: BID:6695
Reference: URL:http://www.securityfocus.com/bid/6695
Reference: SECUNIA:7955
Reference: URL:http://secunia.com/advisories/7955
Reference: XF:noffle-multiple-bo(11181)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11181
 

Votes:

   ACCEPT(4) Cole, Armstrong, Jones, Green
   NOOP(1) Cox

Description:
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

Status: Candidate
Phase: Modified (20071129)
Reference: BUGTRAQ:20030124 Mailman: cross-site scripting bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104342745916111
Reference: CONFIRM:http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt
Reference: DEBIAN:DSA-436
Reference: URL:http://www.debian.org/security/2004/dsa-436
Reference: BID:6677
Reference: URL:http://www.securityfocus.com/bid/6677
Reference: OSVDB:9205
Reference: URL:http://www.osvdb.org/9205
Reference: SECTRACK:1005987
Reference: URL:http://www.securitytracker.com/id?1005987
Reference: XF:mailman-email-variable-xss(11152)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11152
 

Votes:

   ACCEPT(4) Baker, Cole, Cox, Green
   NOOP(2) Wall, Christey

 Christey> DEBIAN:DSA-436
   URL:http://www.debian.org/security/2004/dsa-436

Description:
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.

Status: Candidate
Phase: Modified (20071113)
Reference: VULNWATCH:20030128 MIT Kerberos FTP client remote shell commands execution
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0047.html
Reference: REDHAT:RHSA-2003:020
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-020.html
Reference: MANDRAKE:MDKSA-2003:021
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:021
Reference: SECUNIA:7979
Reference: URL:http://secunia.com/advisories/7979
Reference: SECUNIA:8114
Reference: URL:http://secunia.com/advisories/8114
 

Votes:

   ACCEPT(4) Cole, Armstrong, Jones, Green
   MODIFY(1) Cox

 Cox> Addref: RHSA-2003:021

Description:
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104394568616290&w=2
Reference: VULNWATCH:20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
Reference: DEBIAN:DSA-246
Reference: URL:http://www.debian.org/security/2003/dsa-246
Reference: HP:HPSBUX0303-249
Reference: URL:http://www.securityfocus.com/advisories/5111
Reference: CIAC:N-060
Reference: URL:http://www.ciac.org/ciac/bulletins/n-060.shtml
Reference: BID:6721
Reference: URL:http://www.securityfocus.com/bid/6721
Reference: SECUNIA:7972
Reference: URL:http://secunia.com/advisories/7972
Reference: SECUNIA:7977
Reference: URL:http://secunia.com/advisories/7977
Reference: XF:tomcat-null-directory-listing(11194)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11194
 

Votes:

   ACCEPT(3) Cole, Armstrong, Green
   NOOP(1) Cox
   REVIEWING(1) Jones

 Jones> [JHJ] RECAST (split?)  Only if vulnerability is not null character for both

Description:
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.

Status: Candidate
Phase: Modified (20071121)
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
Reference: DEBIAN:DSA-246
Reference: URL:http://www.debian.org/security/2003/dsa-246
Reference: HP:HPSBUX0303-249
Reference: URL:http://www.securityfocus.com/advisories/5111
Reference: CIAC:N-060
Reference: URL:http://www.ciac.org/ciac/bulletins/n-060.shtml
Reference: BID:6720
Reference: URL:http://www.securityfocus.com/bid/6720
Reference: OSVDB:9203
Reference: URL:http://www.osvdb.org/9203
Reference: OSVDB:9204
Reference: URL:http://www.osvdb.org/9204
Reference: SECUNIA:7972
Reference: URL:http://secunia.com/advisories/7972
Reference: XF:tomcat-web-app-xss(11196)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11196
 

Votes:

   ACCEPT(3) Cole, Armstrong, Green
   MODIFY(1) Cox
   NOOP(1) Christey
   REVIEWING(1) Jones

 Jones> [JHJ] XSS really "execute arbitrary web script"?
 CHANGE> [Cox changed vote from NOOP to MODIFY]
 Cox> "Agree with Jones, wording on effect of a XSS could be better"
 Christey> I've been trying to devise reasonable-but-short wordings for
   XSS issues and the terminology just isn't quite there yet.  This
   description is clearly a failed wording, however :-)

Description:
AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

Status: Candidate
Phase: Modified (20080207)
Reference: BUGTRAQ:20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104386492422014&w=2
Reference: MISC:http://www.idefense.com/advisory/01.28.03.txt
Reference: CONFIRM:http://www.celestialsoftware.net/telnet/beta_software.html
Reference: BID:6725
Reference: URL:http://www.securityfocus.com/bid/6725
Reference: OSVDB:7686
Reference: URL:http://www.osvdb.org/7686
Reference: SECTRACK:1006013
Reference: URL:http://www.securitytracker.com/id?1006013
 

Votes:

   ACCEPT(3) Baker, Cole, Green
   NOOP(2) Wall, Cox

 Green> PRODUCT ANNOUNCEMENT CONTAINS VENDOR ACKNOWLEDGEMENT

Description:
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

Status: Candidate
Phase: Modified (20071121)
Reference: BUGTRAQ:20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104386492422014&w=2
Reference: MISC:http://www.idefense.com/advisory/01.28.03.txt
Reference: BID:6726
Reference: URL:http://www.securityfocus.com/bid/6726
Reference: BID:6727
Reference: URL:http://www.securityfocus.com/bid/6727
Reference: BID:6728
Reference: URL:http://www.securityfocus.com/bid/6728
Reference: SECTRACK:1006010
Reference: URL:http://www.securitytracker.com/id?1006010
Reference: SECTRACK:1006011
Reference: URL:http://www.securitytracker.com/id?1006011
Reference: SECTRACK:1006012
Reference: URL:http://www.securitytracker.com/id?1006012
 

Votes:

   ACCEPT(2) Baker, Stracener
   NOOP(4) Wall, Cole, Cox, Green

 Green> MULTIPLE VENDORS INVOLVED
 Stracener> I'm going to go with this because at least two of the affected vendors acknowledged a fix in the original advisory.

Description:
PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

Status: Candidate
Phase: Modified (20071220)
Reference: BUGTRAQ:20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104386492422014&w=2
Reference: MISC:http://www.idefense.com/advisory/01.28.03.txt
Reference: BID:6724
Reference: URL:http://www.securityfocus.com/bid/6724
Reference: SECTRACK:1006014
Reference: URL:http://www.securitytracker.com/id?1006014
 

Votes:

   ACCEPT(3) Baker, Stracener, Green
   NOOP(3) Wall, Cole, Cox

 Green> VENDOR ACKNOWLEDGED FIX IN CHANGE LOG OF 2002-11-12

Description:
Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password.

Status: Candidate
Phase: Modified (20071022)
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6860
Reference: URL:http://www.securityfocus.com/bid/6860
Reference: SECTRACK:1006107
Reference: URL:http://securitytracker.com/id?1006107
Reference: XF:macos-afp-unauthorized-access(11333)
Reference: URL:http://www.iss.net/security_center/static/11333.php
 

Votes:

   ACCEPT(3) Baker, Cole, Green
   NOOP(2) Wall, Cox

 Baker> Realizing they have acknowledged the problem, and provided a fix by allowing the administrator to select whether or not this is allowed,
   I am not sure this should really be a vulnerability.  If you are the administrator on a system, there are other ways I can become a user
   on a system.  The fact that you are the administrator (root) you can do almost anything to the system you want, including accessing files
   and programs that belong to other users.  From a security standpoint, if the system gets "hacked" and the administrator account is compromised,
   how big of an issue is it really that the administrator can now access regular user accounts with the administrator password?  I am not sure this
   should really be a vulnerability.
 CHANGE> [Baker changed vote from REVIEWING to ACCEPT]

Description:
Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument.

Status: Candidate
Phase: Modified (20071115)
Reference: BUGTRAQ:20030124 [USG- SA- 2003.001] USG Security Advisory (slocate)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104342864418213&w=2
Reference: BUGTRAQ:20030125 Re: [USG- SA- 2003.001] USG Security Advisory (slocate)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104348607205691&w=2
Reference: MISC:http://www.usg.org.uk/advisories/2003.001.txt
Reference: CALDERA:CSSA-2003-009.0
Reference: URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-009.0.txt
Reference: CONECTIVA:CLA-2003:643
Reference: URL:http://www.net-security.org/advisory.php?id=2010
Reference: MANDRAKE:MDKSA-2003:015
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:015
Reference: DEBIAN:DSA-252
Reference: URL:http://www.debian.org/security/2003/dsa-252
Reference: BUGTRAQ:20030202 GLSA: slocate
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104428624705363&w=2
Reference: REDHAT:RHSA-2004:041
Reference: URL:http://rhn.redhat.com/errata/RHSA-2004-041.html
Reference: SGI:20040202-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
Reference: SECUNIA:7982
Reference: URL:http://secunia.com/advisories/7982
Reference: SECUNIA:8007
Reference: URL:http://secunia.com/advisories/8007
Reference: SECUNIA:8236
Reference: URL:http://secunia.com/advisories/8236
Reference: SECUNIA:10720
Reference: URL:http://secunia.com/advisories/10720
Reference: SECUNIA:7947
Reference: URL:http://secunia.com/advisories/7947
Reference: SECUNIA:8118
Reference: URL:http://secunia.com/advisories/8118/
Reference: SECUNIA:8749
Reference: URL:http://secunia.com/advisories/8749
 

Votes:

   ACCEPT(4) Cole, Armstrong, Jones, Green
   NOOP(2) Cox, Christey

 Christey> REDHAT:RHSA-2004:041
   URL:http://www.redhat.com/support/errata/RHSA-2004-041.html
 Christey> SGI:20040201-01-U

Description:
Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20030127 Hypermail buffer overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104369136703903&w=2
Reference: VULNWATCH:20030126 Hypermail buffer overflows
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0042.html
Reference: DEBIAN:DSA-248
Reference: URL:http://www.debian.org/security/2003/dsa-248
Reference: BID:6689
Reference: URL:http://www.securityfocus.com/bid/6689
Reference: BID:6690
Reference: URL:http://www.securityfocus.com/bid/6690
Reference: SECUNIA:8030
Reference: URL:http://secunia.com/advisories/8030
Reference: XF:hypermail-mail-attachment-bo(11157)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11157
Reference: XF:hypermail-long-hostname-bo(11158)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11158
 

Votes:

   ACCEPT(3) Baker, Cole, Green
   NOOP(3) Wall, Cox, Christey

 Christey> BID:6689
   BID:6690
   DEBIAN:DSA-248
   SUSE:SuSE-SA:2003:012

Description:
Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.

Status: Candidate
Phase: Modified (20040818)
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
Reference: CONECTIVA:CLSA-2003:639
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
Reference: CERT-VN:VU#787523
Reference: URL:http://www.kb.cert.org/vuls/id/787523
Reference: BID:6712
Reference: URL:http://www.securityfocus.com/bid/6712
Reference: XF:kerberos-kdc-format-string(11189)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11189
Reference: OSVDB:4879
Reference: URL:http://www.osvdb.org/4879
 

Votes:

   ACCEPT(2) Baker, Green
   MODIFY(2) Frech, Cox
   NOOP(2) Wall, Cole

 Cox> This is actually fixed in krb5 version 1.2.4 not 1.2.5
 Frech> XF:kerberos-kdc-format-string(11189)

Description:
Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable.

Status: Candidate
Phase: Assigned (20030203)
Reference: IDEFENSE:20030203 HP UX passwd Binary Buffer Overflow Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=87&type=vulnerabilities&flashstatus=true
 

Votes:

Description:
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").

Status: Candidate
Phase: Assigned (20030204)
Reference: BUGTRAQ:20030331 GLSA: krb5 & mit-krb5 (200303-28)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316960/30/25250/threaded
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
Reference: DEBIAN:DSA-266
Reference: URL:http://www.debian.org/security/2003/dsa-266
Reference: REDHAT:RHSA-2003:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: SUNALERT:54042
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1
Reference: BID:7184
Reference: URL:http://www.securityfocus.com/bid/7184
 

Votes:

   NOOP(1) Christey

 Christey> MANDRAKE:MDKSA-2003:043
   (as suggested by Vincent Danen of Mandrake)

Description:
Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog.

Status: Candidate
Phase: Modified (20080326)
Reference: BUGTRAQ:20030129 Local root vuln in SuSE 8.0 plptools package
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104385772908969&w=2
Reference: BUGTRAQ:20030129 Re: Local root vuln in SuSE 8.0 plptools package
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104386699725019&w=2
Reference: BID:6715
Reference: URL:http://www.securityfocus.com/bid/6715
Reference: XF:plptools-plpnsfd-format-string(11193)
Reference: URL:http://www.iss.net/security_center/static/11193.php
 

Votes:

   ACCEPT(3) Baker, Cole, Green
   NOOP(2) Wall, Cox

Description:
Unknown vulnerability in the directory parser for Direct Connect 4 Linux (dcgui) before 0.2.2 allows remote attackers to read files outside the sharelist.

Status: Candidate
Phase: Proposed (20030317)
Reference: CONFIRM:http://dc.ketelhot.de/pipermail/dc/2003-January/000094.html
Reference: BUGTRAQ:20030204 GLSA: qt-dcgui
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104437720116243&w=2
Reference: XF:qtdcgui-directory-download-files(11246)
Reference: URL:http://www.iss.net/security_center/static/11246.php
 

Votes:

   ACCEPT(3) Baker, Cole, Green
   NOOP(2) Wall, Cox

Description:
The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled.

Status: Candidate
Phase: Assigned (20030210)
Reference: REDHAT:RHSA-2003:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-072.html
Reference: BID:7128
Reference: URL:http://www.securityfocus.com/bid/7128
Reference: OSVDB:4400
Reference: URL:http://www.osvdb.org/4400
Reference: XF:gnomelokkit-forward-bypass-firewall(11552)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11552
 

Votes:

Description:
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").

Status: Candidate
Phase: Assigned (20030210)
Reference: BUGTRAQ:20030331 GLSA: krb5 & mit-krb5 (200303-28)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316960/30/25250/threaded
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
Reference: DEBIAN:DSA-266
Reference: URL:http://www.debian.org/security/2003/dsa-266
Reference: REDHAT:RHSA-2003:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:091
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-091.html
Reference: SUNALERT:54042
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1
Reference: BID:7185
Reference: URL:http://www.securityfocus.com/bid/7185
Reference: OVAL:oval:org.mitre.oval:def:244
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:244
Reference: OVAL:oval:org.mitre.oval:def:2536
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2536
Reference: OVAL:oval:org.mitre.oval:def:4430
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4430
 

Votes:

   NOOP(1) Christey

 Christey> MANDRAKE:MDKSA-2003:043
   (as suggested by Vincent Danen of Mandrake)

Description:
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.

Status: Candidate
Phase: Assigned (20030210)
Reference: CONFIRM:http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25
Reference: CONFIRM:http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH
Reference: REDHAT:RHSA-2003:139
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-139.html
Reference: BUGTRAQ:20040325 GLSA200403-04 Multiple security vulnerabilities in Apache 2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108024081011678&w=2
Reference: BUGTRAQ:20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108034113406858&w=2
Reference: OVAL:oval:org.mitre.oval:def:151
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:151
Reference: SECUNIA:8146
Reference: URL:http://secunia.com/advisories/8146
 

Votes:

   NOOP(1) Christey

 Christey> MANDRAKE:MDKSA-2003:050
   (as suggested by Vincent Danen of Mandrake)

Description:
mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.

Status: Candidate
Phase: Assigned (20030210)
Reference: CONFIRM:http://www.itlab.musc.edu/webNIS/mod_auth_any.html
Reference: REDHAT:RHSA-2003:113
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-113.html
Reference: REDHAT:RHSA-2003:114
Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-114.html
Reference: CONFIRM:http://www.itlab.musc.edu/webNIS/mod_auth_any.html
Reference: CIAC:N-090
Reference: URL:http://www.ciac.org/ciac/bulletins/n-090.shtml
Reference: BID:7448
Reference: URL:http://www.securityfocus.com/bid/7448
Reference: XF:modauthany-command-execution(11893)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11893
 

Votes:

Description:
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.

Status: Candidate
Phase: Assigned (20030210)
Reference: BUGTRAQ:20030317 Security Bugfix for Samba - Samba 2.2.8 Released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792723017768&w=2
Reference: BUGTRAQ:20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316165/30/25370/threaded
Reference: BUGTRAQ:20030401 Immunix Secured OS 7+ samba update
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/317145/30/25220/threaded
Reference: APPLE:APPLE-SA-2003-03-24
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316165/30/25370/threaded
Reference: DEBIAN:DSA-262
Reference: URL:http://www.debian.org/security/2003/dsa-262
Reference: GENTOO:GLSA-200303-11
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml
Reference: IMMUNIX:IMNX-2003-7+-003-01
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/317145/30/25220/threaded
Reference: MANDRAKE:MDKSA-2003:032
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:032
Reference: REDHAT:RHSA-2003:095
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-095.html
Reference: REDHAT:RHSA-2003:096
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-096.html
Reference: SUSE:SuSE-SA:2003:016
Reference: URL:http://www.novell.com/linux/security/advisories/2003_016_samba.html
Reference: SGI:20030302-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I
Reference: BUGTRAQ:20030317 GLSA: samba (200303-11)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792646416629&w=2
Reference: BUGTRAQ:20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104801012929374&w=2
Reference: CERT-VN:VU#298233
Reference: URL:http://www.kb.cert.org/vuls/id/298233
Reference: BID:7106
Reference: URL:http://www.securityfocus.com/bid/7106
Reference: OVAL:oval:org.mitre.oval:def:552
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:552
Reference: SECUNIA:8299
Reference: URL:http://secunia.com/advisories/8299
Reference: SECUNIA:8303
Reference: URL:http://secunia.com/advisories/8303
 

Votes:

Description:
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.

Status: Candidate
Phase: Assigned (20030210)
Reference: BUGTRAQ:20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316165/30/25370/threaded
Reference: APPLE:APPLE-SA-2003-03-24
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316165/30/25370/threaded
Reference: DEBIAN:DSA-262
Reference: URL:http://www.debian.org/security/2003/dsa-262
Reference: GENTOO:GLSA-200303-11
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml
Reference: MANDRAKE:MDKSA-2003:032
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:032
Reference: REDHAT:RHSA-2003:095
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-095.html
Reference: REDHAT:RHSA-2003:096
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-096.html
Reference: SUSE:SuSE-SA:2003:016
Reference: URL:http://www.novell.com/linux/security/advisories/2003_016_samba.html
Reference: SGI:20030302-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I
Reference: BUGTRAQ:20030317 GLSA: samba (200303-11)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792646416629&w=2
Reference: BUGTRAQ:20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104801012929374&w=2
Reference: BID:7107
Reference: URL:http://www.securityfocus.com/bid/7107
Reference: OVAL:oval:org.mitre.oval:def:554
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:554
Reference: SECUNIA:8299
Reference: URL:http://secunia.com/advisories/8299
Reference: SECUNIA:8303
Reference: URL:http://secunia.com/advisories/8303
 

Votes:

Description:
Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify.

Status: Candidate
Phase: Assigned (20030211)
Reference: BUGTRAQ:20031113 NSFOCUS SA2003-07: HP-UX Software Distributor Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106873965001431&w=2
Reference: VULNWATCH:20031113 NSFOCUS SA2003-07: HP-UX Software Distributor Buffer Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0038.html
Reference: HP:HPSBUX0311-293
Reference: URL:http://www.securityfocus.com/advisories/6030
Reference: XF:hp-sd-utilities-bo(13623)
Reference: URL:http://xforce.iss.net/xforce/xfdb/13623
Reference: BID:8986
Reference: URL:http://www.securityfocus.com/bid/8986
 

Votes:

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-0844. Reason: This candidate is a duplicate of CVE-2000-0844. Notes: All CVE users should reference CVE-2000-0844 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status: Candidate
Phase: Assigned (20030211)
 

Votes:

Description:
Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.

Status: Candidate
Phase: Assigned (20030211)
Reference: BUGTRAQ:20030331 NSFOCUS SA2003-02: Solaris lpq Stack Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316957/30/25250/threaded
Reference: VULNWATCH:20030331 NSFOCUS SA2003-02: Solaris lpq Stack Buffer Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0162.html
Reference: MISC:http://www.nsfocus.com/english/homepage/sa2003-02.htm
Reference: MISC:http://packetstormsecurity.org/0304-advisories/sa2003-02.txt
Reference: SUNALERT:52443
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-52443-1
Reference: CIAC:N-068
Reference: URL:http://www.ciac.org/ciac/bulletins/n-068.shtml
Reference: OSVDB:8713
Reference: URL:http://www.osvdb.org/8713
Reference: OVAL:oval:org.mitre.oval:def:4383
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4383
 

Votes:

Description:
Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.

Status: Candidate
Phase: Assigned (20030211)
Reference: BUGTRAQ:20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316948/30/25250/threaded
Reference: VULNWATCH:20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0163.html
Reference: SUNALERT:52388
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-52388-1
Reference: BID:7240
Reference: URL:http://www.securityfocus.com/bid/7240
Reference: OVAL:oval:org.mitre.oval:def:1905
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1905
 

Votes:

Description:
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.

Status: Candidate
Phase: Modified (20071016)
Reference: VULNWATCH:20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)
Reference: BUGTRAQ:20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549743326864&w=2
Reference: VULNWATCH:20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html
Reference: VULNWATCH:20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html
Reference: VULNWATCH:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html
Reference: MISC:http://www.nextgenss.com/advisories/ora-bfilebo.txt
Reference: MISC:http://www.nextgenss.com/advisories/ora-tmstmpbo.txt
Reference: MISC:http://www.nextgenss.com/advisories/ora-tzofstbo.txt
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf
Reference: CERT-VN:VU#840666
Reference: URL:http://www.kb.cert.org/vuls/id/840666
Reference: VULNWATCH:20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)
Reference: BUGTRAQ:20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549782327321&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf
Reference: CERT-VN:VU#743954
Reference: URL:http://www.kb.cert.org/vuls/id/743954
Reference: VULNWATCH:20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)
Reference: BUGTRAQ:20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550346303295&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf
Reference: CERT-VN:VU#663786
Reference: URL:http://www.kb.cert.org/vuls/id/663786
Reference: CERT:CA-2003-05
Reference: URL:http://www.cert.org/advisories/CA-2003-05.html
Reference: CIAC:N-046
Reference: URL:http://www.ciac.org/ciac/bulletins/n-046.shtml
Reference: BID:6847
Reference: URL:http://www.securityfocus.com/bid/6847
Reference: BID:6848
Reference: URL:http://www.securityfocus.com/bid/6848
Reference: BID:6850
Reference: URL:http://www.securityfocus.com/bid/6850
Reference: XF:oracle-bfilename-directory-bo(11325)
Reference: URL:http://www.iss.net/security_center/static/11325.php
Reference: XF:oracle-tzoffset-bo(11326)
Reference: URL:http://www.iss.net/security_center/static/11326.php
Reference: XF:oracle-totimestamptz-bo(11327)
Reference: URL:http://www.iss.net/security_center/static/11327.php
 

Votes:

   ACCEPT(4) Wall, Baker, Cole, Frech
   NOOP(2) Cox, Christey

 Christey> Modify the description to omit 8.0.6, as the Oracle advisory
   does not list it.  (However, NGSSoftware does, perhaps as the
   result of a typo or cut-and-paste error in their advisory).
   
   CIAC:N-046
   URL:http://www.ciac.org/ciac/bulletins/n-046.shtml
   BID:6850
   URL:http://www.securityfocus.com/bid/6850
   BID:6847
   URL:http://www.securityfocus.com/bid/6847
   BID:6848
   URL:http://www.securityfocus.com/bid/6848
   MISC:http://www.nextgenss.com/advisories/ora-bfilebo.txt
   MISC:http://www.nextgenss.com/advisories/ora-tzofstbo.txt
   MISC:http://www.nextgenss.com/advisories/ora-tmstmpbo.txt

Description:
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.

Status: Candidate
Phase: Modified (20071016)
Reference: MISC:http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137900
Reference: CONFIRM:http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6
Reference: MANDRAKE:MDKSA-2003:018
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:018
Reference: SUSE:SuSE-SA:2003:022
Reference: URL:http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html
Reference: CALDERA:CSSA-2003-015.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt
Reference: DEBIAN:DSA-277
Reference: URL:http://www.debian.org/security/2003/dsa-277
Reference: BID:7200
Reference: URL:http://www.securityfocus.com/bid/7200
Reference: BID:6828
Reference: URL:http://www.securityfocus.com/bid/6828
Reference: SECTRACK:1006108
Reference: URL:http://securitytracker.com/id?1006108
Reference: XF:apcupsd-logevent-format-string(11334)
Reference: URL:http://www.iss.net/security_center/static/11334.php
 

Votes:

   ACCEPT(4) Cole, Armstrong, Jones, Green
   NOOP(2) Cox, Christey

 Christey> SUSE:SuSE-SA:2003:022
   CALDERA:CSSA-2003-015.0
 Christey> DEBIAN:DSA-277
   URL:http://www.debian.org/security/2003/dsa-277
 Christey> CHANGEREF BID:6828
   (BID:7200 is for the overflows)

Description:
Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function.

Status: Candidate
Phase: Modified (20071016)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137900
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137892
Reference: CALDERA:CSSA-2003-015.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt
Reference: MANDRAKE:MDKSA-2003:018
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:018
Reference: SUSE:SuSE-SA:2003:022
Reference: URL:http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html
Reference: CALDERA:CSSA-2003-015.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt
Reference: DEBIAN:DSA-277
Reference: URL:http://www.debian.org/security/2003/dsa-277
Reference: BID:7200
Reference: URL:http://www.securityfocus.com/bid/7200
Reference: SECTRACK:1006108
Reference: URL:http://securitytracker.com/id?1006108
Reference: XF:apcupsd-vsprintf-multiple-bo(11491)
Reference: URL:http://www.iss.net/security_center/static/11491.php
 

Votes:

   ACCEPT(4) Cole, Armstrong, Jones, Green
   NOOP(2) Cox, Christey

 Christey> SUSE:SuSE-SA:2003:022
   CALDERA:CSSA-2003-015.0
 Christey> DEBIAN:DSA-277
   URL:http://www.debian.org/security/2003/dsa-277
 Christey> As observed in an email to us by a third party, it appears
   that 3.8.6 is probably not affected by this, so the
   description should be changed to refer to "3.10.x before
   3.10.5, and 3.8.x before 3.8.6".
 Christey> An email from Kern Sibbald on August 21, 2003, confirmed that
   3.8.6 and 3.10.5 fixed the issue.
   
   CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137892

Description:
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.

Status: Candidate
Phase: Modified (20080207)
Reference: BUGTRAQ:20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability "Episode 2"
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610300325629&w=2
Reference: MISC:http://www.lac.co.jp/security/english/snsadv_e/62_e.html
Reference: BUGTRAQ:20030224 GLSA: usermin (200302-14)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610336226274&w=2
Reference: BUGTRAQ:20030224 Webmin 1.050 - 1.060 remote exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610245624895&w=2
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=webmin-announce&m=104587858408101&w=2
Reference: CONFIRM:http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html
Reference: DEBIAN:DSA-319
Reference: URL:http://www.debian.org/security/2003/dsa-319
Reference: ENGARDE:ESA-20030225-006
Reference: URL:http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html
Reference: HP:HPSBUX0303-250
Reference: URL:http://archives.neohapsis.com/archives/hp/2003-q1/0063.html
Reference: MANDRAKE:MDKSA-2003:025
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:025
Reference: SGI:20030602-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I
Reference: CIAC:N-058
Reference: URL:http://www.ciac.org/ciac/bulletins/n-058.shtml
Reference: BID:6915
Reference: URL:http://www.securityfocus.com/bid/6915
Reference: SECTRACK:1006160
Reference: URL:http://www.securitytracker.com/id?1006160
Reference: SECUNIA:8115
Reference: URL:http://secunia.com/advisories/8115
Reference: SECUNIA:8163
Reference: URL:http://secunia.com/advisories/8163
Reference: XF:webmin-usermin-root-access(11390)
Reference: URL:http://www.iss.net/security_center/static/11390.php
 

Votes:

   ACCEPT(4) Cole, Armstrong, Jones, Green
   NOOP(2) Christey, Cox

 Christey> SGI:20030602-01-I
   The "websetup v 3.5 package from IRIX 6.5.20 Applications CD"
   uses Webmin; may wish to add this name to the description.
 Christey> DEBIAN:DSA-319
 Christey> CIAC:N-058
   URL:http://www.ciac.org/ciac/bulletins/n-058.shtml
   ENGARDE:ESA-20030225-006
   URL:http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html
   HP:HPSBUX0303-250
   URL:http://archives.neohapsis.com/archives/hp/2003-q1/0063.html
   BID:6915
   URL:http://www.securityfocus.com/bid/6915

Description:
ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server.

Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20040810 Corsaire Security Advisory - Port80 Software ServerMask inconsistencies
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109215441332682&w=2
Reference: MISC:http://www.corsaire.com/advisories/c030224-001.txt
Reference: XF:servermask-header-obtain-info(16947)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16947
 

Votes:

Description:
The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.

Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20030326 Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104869513822233&w=2
Reference: NTBUGTRAQ:20030326 Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104868285106289&w=2
Reference: VULNWATCH:20030326 Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0152.html
Reference: CONFIRM:http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2003032507434754
Reference: BID:7196
Reference: URL:http://www.securityfocus.com/bid/7196
 

Votes:

Description:
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.

Status: Candidate
Phase: Assigned (20030226)
Reference: ISS:20030317 Microsoft IIS WebDAV Remote Compromise Vulnerability
Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22029
Reference: MS:MS03-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
Reference: CONFIRM:http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en
Reference: MSKB:Q815021
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q815021
Reference: CERT:CA-2003-09
Reference: URL:http://www.cert.org/advisories/CA-2003-09.html
Reference: MISC:http://www.nextgenss.com/papers/ms03-007-ntdll.pdf
Reference: VULNWATCH:20030317 Microsoft IIS 5.0 WebDAV remote buffer overflow
Reference: BUGTRAQ:20030321 New attack vectors and a vulnerability dissection of MS03-007
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104826476427372&w=2
Reference: NTBUGTRAQ:20030321 New attack vectors and a vulnerability dissection of MS03-007
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104826785731151&w=2
Reference: BUGTRAQ:20030325 IIS 5.0 WebDAV -Proof of concept-. Fully documented.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104861839130254&w=2
Reference: BUGTRAQ:20030326 WebDAV exploit: using wide character decoder scheme
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104869293619064&w=2
Reference: BUGTRAQ:20030328 Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104887148323552&w=2
Reference: BUGTRAQ:20030708 WDAV exploit without netcat and with pretty magic number
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105768156625699&w=2
Reference: CERT-VN:VU#117394
Reference: URL:http://www.kb.cert.org/vuls/id/117394
Reference: XF:http-webdav-long-request(11533)
Reference: URL:http://www.iss.net/security_center/static/11533.php
Reference: BID:7116
Reference: URL:http://www.securityfocus.com/bid/7116
Reference: OVAL:oval:org.mitre.oval:def:109
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:109
 

Votes:

Description:
The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.

Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20030409 iDEFENSE Security Advisory 04.09.03: Denial of Service in Microsoft Proxy Server and Internet Security and Acceleration Server 2000
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104994487012027&w=2
Reference: MISC:http://www.idefense.com/advisory/04.09.03.txt
Reference: MS:MS03-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-012.asp
Reference: OVAL:oval:org.mitre.oval:def:406
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:406
 

Votes:

Description:
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."

Status: Candidate
Phase: Assigned (20030226)
Reference: MS:MS03-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-011.asp
Reference: CERT-VN:VU#447569
Reference: URL:http://www.kb.cert.org/vuls/id/447569
Reference: XF:msvm-bytecode-improper-validation(11751)
Reference: URL:http://www.iss.net/security_center/static/11751.php
Reference: OVAL:oval:org.mitre.oval:def:136
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:136
 

Votes:

Description:
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.

Status: Candidate
Phase: Assigned (20030226)
Reference: MS:MS03-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS03-013.asp
Reference: CERT-VN:VU#446338
Reference: URL:http://www.kb.cert.org/vuls/id/446338
Reference: OVAL:oval:org.mitre.oval:def:1264
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1264
Reference: OVAL:oval:org.mitre.oval:def:142
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:142
Reference: OVAL:oval:org.mitre.oval:def:262
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:262
Reference: OVAL:oval:org.mitre.oval:def:779
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:779
Reference: XF:win-kernel-lpcrequestwaitreplyport-bo(11803)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11803
Reference: BID:7370
Reference: URL:http://www.securityfocus.com/bid/7370
Reference: OVAL:oval:org.mitre.oval:def:2022
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2022
Reference: OVAL:oval:org.mitre.oval:def:2265
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2265
Reference: OVAL:oval:org.mitre.oval:def:3145
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3145
 

Votes:

Description:
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.

Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20030426 Buffer overflow in Internet Explorer's HTTP parsing code
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105138417416900&w=2
Reference: BUGTRAQ:20030701 URLMON.DLL buffer overflow - technical details
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105718285107246&w=2
Reference: MS:MS03-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-015.asp
Reference: CERT-VN:VU#169753
Reference: URL:http://www.kb.cert.org/vuls/id/169753
Reference: OVAL:oval:org.mitre.oval:def:926
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:926
 

Votes:

Description:
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.

Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20030203 internet explorer local file reading
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104429340817718&w=2
Reference: MS:MS03-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-015.asp
Reference: OVAL:oval:org.mitre.oval:def:963
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:963
 

Votes:

Description:
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233.

Status: Candidate
Phase: Assigned (20030226)
Reference: MS:MS03-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-015.asp
Reference: XF:ie-improper-thirdparty-rendering(11848)
Reference: URL:http://www.iss.net/security_center/static/11848.php
 

Votes:

Description:
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution."

Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20021203 Poisonous Style for Dialog window turns the zone off.
Reference: URL:http://www.securityfocus.com/archive/1/301945
Reference: MS:MS03-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-015.asp
Reference: BUGTRAQ:20021203 Poisonous Style for Dialog window turns the zone off.
Reference: URL:http://www.securityfocus.com/archive/1/301945
Reference: CERT-VN:VU#244729
Reference: URL:http://www.kb.cert.org/vuls/id/244729
Reference: BID:6306
Reference: URL:http://www.securityfocus.com/bid/6306
 

Votes:

Description:
Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.

Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20030505 Microsoft Biztalk Server ISAPI HTTP Receive function buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105216866132289&w=2
Reference: MS:MS03-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-016.asp
 

Votes:

Description:
SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.

Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20030505 Microsoft Biztalk Server DTA vulnerable to SQL injection
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105216839231951&w=2
Reference: MS:MS03-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-016.asp
 

Votes:

Description:
The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities.

Status: Candidate
Phase: Assigned (20030228)
Reference: AIXAPAR:IY40510
Reference: AIXAPAR:IY40228
Reference: AIXAPAR:IY40157
Reference: IBM:MSS-OAR-E01-2003:0245.1
Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/4699c03b46f2d4f68525678c006d45ae/85256a3400529a8685256cde0008ddde?OpenDocument
Reference: CERT-VN:VU#624713
Reference: URL:http://www.kb.cert.org/vuls/id/624713
Reference: BID:7264
Reference: URL:http://www.securityfocus.com/bid/7264
Reference: SECUNIA:8221
Reference: URL:http://secunia.com/advisories/8221
 

Votes:

Description:
Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients.

Status: Candidate
Phase: Assigned (20030303)
Reference: BUGTRAQ:20030307 Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104716030503607&w=2
Reference: BUGTRAQ:20030326 RE: Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue
Reference: URL:http://www.securityfocus.com/archive/1/316311
Reference: BID:7044
Reference: URL:http://www.securityfocus.com/bid/7044
 

Votes:

Description:
The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default "admin" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities.

Status: Candidate
Phase: Proposed (20030317)
Reference: MISC:http://www.krusesecurity.dk/advisories/routefind550bof.txt
Reference: VULNWATCH:20030311 SOHO Routefinder 550 VPN, DoS and Buffer Overflow
 

Votes:

   ACCEPT(1) Baker
   NOOP(4) Wall, Cole, Cox, Green

Description:
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.

Status: Candidate
Phase: Assigned (20030313)
Reference: VULNWATCH:20030317 Fwd: Ptrace hole / Linux 2.2.25
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html
Reference: REDHAT:RHSA-2003:098
Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-098.html
Reference: REDHAT:RHSA-2003:088
Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-088.html
Reference: REDHAT:RHSA-2003:103
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-103.html
Reference: SUSE:SuSE-SA:2003:021
Reference: ENGARDE:ESA-20030318-009
Reference: DEBIAN:DSA-270
Reference: URL:http://www.debian.org/security/2003/dsa-270
Reference: DEBIAN:DSA-276
Reference: URL:http://www.debian.org/security/2003/dsa-276
Reference: DEBIAN:DSA-311
Reference: URL:http://www.debian.org/security/2003/dsa-311
Reference: DEBIAN:DSA-312
Reference: URL:http://www.debian.org/security/2003/dsa-312
Reference: DEBIAN:DSA-332
Reference: URL:http://www.debian.org/security/2003/dsa-332
Reference: DEBIAN:DSA-336
Reference: URL:http://www.debian.org/security/2003/dsa-336
Reference: DEBIAN:DSA-423
Reference: URL:http://www.debian.org/security/2004/dsa-423
Reference: DEBIAN:DSA-495
Reference: URL:http://www.debian.org/security/2004/dsa-495
Reference: MANDRAKE:MDKSA-2003:038
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:038
Reference: MANDRAKE:MDKSA-2003:039
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:039
Reference: CALDERA:CSSA-2003-020.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt
Reference: ENGARDE:ESA-20030515-017
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
Reference: REDHAT:RHSA-2003:145
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-145.html
Reference: GENTOO:GLSA-200303-17
Reference: URL:http://security.gentoo.org/glsa/glsa-200303-17.xml
Reference: CERT-VN:VU#628849
Reference: URL:http://www.kb.cert.org/vuls/id/628849
Reference: OVAL:oval:org.mitre.oval:def:254
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:254
 

Votes:

Description:
The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow.

Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html
Reference: MISC:http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
Reference: GENTOO:GLSA-200303-18
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml
Reference: REDHAT:RHSA-2003:108
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-108.html
Reference: MANDRAKE:MDKSA-2003:045
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:045
Reference: CONECTIVA:CLA-2003:648
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648
Reference: BUGTRAQ:20030321 GLSA: evolution (200303-18)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104826470527308&w=2
Reference: BID:7117
Reference: URL:http://www.securityfocus.com/bid/7117
Reference: OVAL:oval:org.mitre.oval:def:107
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:107
 

Votes:

Description:
Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times.

Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html
Reference: MISC:http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
Reference: GENTOO:GLSA-200303-18
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml
Reference: REDHAT:RHSA-2003:108
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-108.html
Reference: MANDRAKE:MDKSA-2003:045
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:045
Reference: CONECTIVA:CLA-2003:648
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648
Reference: BUGTRAQ:20030321 GLSA: evolution (200303-18)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104826470527308&w=2
Reference: BID:7118
Reference: URL:http://www.securityfocus.com/bid/7118
Reference: OVAL:oval:org.mitre.oval:def:108
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:108
 

Votes:

Description:
The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.

Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html
Reference: MISC:http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
Reference: GENTOO:GLSA-200303-18
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml
Reference: REDHAT:RHSA-2003:108
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-108.html
Reference: MANDRAKE:MDKSA-2003:045
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:045
Reference: CONECTIVA:CLA-2003:648
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648
Reference: BUGTRAQ:20030321 GLSA: evolution (200303-18)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104826470527308&w=2
Reference: BID:7119
Reference: URL:http://www.securityfocus.com/bid/7119
Reference: OVAL:oval:org.mitre.oval:def:111
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:111
 

Votes:

Description:
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030327 Immunix Secured OS 7+ openssl update
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded
Reference: MISC:http://eprint.iacr.org/2003/052/
Reference: BUGTRAQ:20030319 [OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104811162730834&w=2
Reference: BUGTRAQ:20030324 GLSA: openssl (200303-20)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104852637112330&w=2
Reference: MISC:http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html
Reference: CALDERA:CSSA-2003-014.0
Reference: URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
Reference: GENTOO:GLSA-200303-20
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml
Reference: IMMUNIX:IMNX-2003-7+-001-01
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded
Reference: OPENPKG:OpenPKG-SA-2003.026
Reference: URL:http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.html
Reference: CONFIRM:http://www.openssl.org/news/secadv_20030319.txt
Reference: ENGARDE:ESA-20030320-010
Reference: FREEBSD:FreeBSD-SA-03:06
Reference: MANDRAKE:MDKSA-2003:035
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:035
Reference: NETBSD:NetBSD-SA2003-007
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc
Reference: REDHAT:RHSA-2003:101
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-101.html
Reference: REDHAT:RHSA-2003:102
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-102.html
Reference: CONECTIVA:CLA-2003:625
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
Reference: DEBIAN:DSA-288
Reference: URL:http://www.debian.org/security/2003/dsa-288
Reference: SGI:20030501-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
Reference: SUSE:SuSE-SA:2003:024
Reference: URL:http://www.suse.de/de/security/2003_024_openssl.html
Reference: TRUSTIX:2003-0013
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104878215721135&w=2
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00028.html
Reference: CONFIRM:http://www.openssl.org/news/secadv_20030319.txt
Reference: IMMUNIX:IMNX-2003-7+-001-01
Reference: URL:http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html
Reference: SUSE:SuSE-SA:2003:024
Reference: URL:http://www.novell.com/linux/security/advisories/2003_024_openssl.html
Reference: CERT-VN:VU#888801
Reference: URL:http://www.kb.cert.org/vuls/id/888801
Reference: BID:7148
Reference: URL:http://www.securityfocus.com/bid/7148
Reference: XF:ssl-premaster-information-leak(11586)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11586
Reference: BID:7148
Reference: URL:http://www.securityfocus.com/bid/7148
Reference: OVAL:oval:org.mitre.oval:def:461
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:461
 

Votes:

   NOOP(1) Christey

 Christey> REDHAT:RHSA-2003:205

Description:
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.

Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030408 iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104982175321731&w=2
Reference: MISC:http://www.idefense.com/advisory/04.08.03.txt
Reference: BUGTRAQ:20030402 [ANNOUNCE] Apache 2.0.45 Released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104931360606484&w=2
Reference: BUGTRAQ:20030408 Exploit Code Released for Apache 2.x Memory Leak
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104994309010974&w=2
Reference: BUGTRAQ:20030409 GLSA: apache (200304-01)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104994239010517&w=2
Reference: BUGTRAQ:20030410 working apache <= 2.0.44 DoS exploit for linux.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105001663120995&w=2
Reference: BUGTRAQ:20030411 PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105013378320711&w=2
Reference: REDHAT:RHSA-2003:139
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-139.html
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00028.html
Reference: CERT-VN:VU#206537
Reference: URL:http://www.kb.cert.org/vuls/id/206537
Reference: OVAL:oval:org.mitre.oval:def:156
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:156
 

Votes:

   NOOP(1) Christey

 Christey> MANDRAKE:MDKSA-2003:050
   (as suggested by Vincent Danen of Mandrake)

Description:
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.

Status: Candidate
Phase: Assigned (20030313)
Reference: REDHAT:RHSA-2003:126
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-126.html
Reference: MANDRAKE:MDKSA-2003:046
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:046
Reference: CONECTIVA:CLA-2003:737
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000737
Reference: OVAL:oval:org.mitre.oval:def:138
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:138
 

Votes:

Description:
Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.

Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030402 [ANNOUNCE] Apache 2.0.45 Released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104931360606484&w=2
Reference: BUGTRAQ:20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105418115512559&w=2
Reference: CONFIRM:http://cvs.apache.org/viewcvs/apr/file_io/os2/filestat.c.diff?r1=1.34&r2=1.35
 

Votes:

Description:
vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.

Status: Candidate
Phase: Assigned (20030313)
Reference: REDHAT:RHSA-2003:084
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-084.html
Reference: BID:7253
Reference: URL:http://www.securityfocus.com/bid/7253
Reference: OVAL:oval:org.mitre.oval:def:634
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:634
 

Votes:

Description:
psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.

Status: Candidate
Phase: Assigned (20030313)
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366
Reference: DEBIAN:DSA-285
Reference: URL:http://www.debian.org/security/2003/dsa-285
Reference: REDHAT:RHSA-2003:142
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-142.html
Reference: OVAL:oval:org.mitre.oval:def:423
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:423
 

Votes:

Description:
SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings.

Status: Candidate
Phase: Modified (20080326)
Reference: ATSTAKE:A031303-2
Reference: URL:http://www.atstake.com/research/advisories/2003/a031303-2.txt
Reference: SECUNIA:8301
Reference: URL:http://secunia.com/advisories/8301
 

Votes:

   ACCEPT(1) Baker
   NOOP(4) Wall, Cole, Cox, Green

Description:
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.

Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030317 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104791775804776&w=2
Reference: BUGTRAQ:20030331 GLSA: krb5 & mit-krb5 (200303-28)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316960/30/25250/threaded
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
Reference: DEBIAN:DSA-266
Reference: URL:http://www.debian.org/security/2003/dsa-266
Reference: DEBIAN:DSA-269
Reference: URL:http://www.debian.org/security/2003/dsa-269
Reference: DEBIAN:DSA-273
Reference: URL:http://www.debian.org/security/2003/dsa-273
Reference: REDHAT:RHSA-2003:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:091
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-091.html
Reference: CERT-VN:VU#623217
Reference: URL:http://www.kb.cert.org/vuls/id/623217
Reference: BID:7113
Reference: URL:http://www.securityfocus.com/bid/7113
Reference: OVAL:oval:org.mitre.oval:def:248
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:248
 

Votes:

   NOOP(1) Christey

 Christey> MANDRAKE:MDKSA-2003:043
   (as suggested by Vincent Danen of Mandrake)

Description:
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."

Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030319 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104791775804776&w=2
Reference: BUGTRAQ:20030330 GLSA: openafs (200303-26)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/317130/30/25250/threaded
Reference: BUGTRAQ:20030331 GLSA: krb5 & mit-krb5 (200303-28)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316960/30/25250/threaded
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
Reference: DEBIAN:DSA-266
Reference: URL:http://www.debian.org/security/2003/dsa-266
Reference: DEBIAN:DSA-273
Reference: URL:http://www.debian.org/security/2003/dsa-273
Reference: REDHAT:RHSA-2003:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:091
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-091.html
Reference: CERT-VN:VU#442569
Reference: URL:http://www.kb.cert.org/vuls/id/442569
Reference: OVAL:oval:org.mitre.oval:def:250
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:250
 

Votes:

   NOOP(1) Christey

 Christey> MANDRAKE:MDKSA-2003:043
   (as suggested by Vincent Danen of Mandrake)

Description:
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.

Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030320 CORE-20030304-02: Vulnerability in Mutt Mail User Agent
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104818814931378&w=2
Reference: MISC:http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10
Reference: DEBIAN:DSA-268
Reference: URL:http://www.debian.org/security/2003/dsa-268
Reference: GENTOO:GLSA-200303-19
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200303-19.xml
Reference: SUSE:SuSE-SA:2003:020
Reference: URL:http://www.novell.com/linux/security/advisories/2003_020_mutt.html
Reference: MANDRAKE:MDKSA-2003:041
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:041
Reference: REDHAT:RHSA-2003:109
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-109.html
Reference: CONECTIVA:CLA-2003:626
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000626
Reference: CONECTIVA:CLA-2003:630
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000630
Reference: BUGTRAQ:20030319 mutt-1.4.1 fixes a buffer overflow.
Reference: URL:http://www.securityfocus.com/archive/1/315679
Reference: BUGTRAQ:20030320 [OpenPKG-SA-2003.025] OpenPKG Security Advisory (mutt)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104817995421439&w=2
Reference: BUGTRAQ:20030322 GLSA: mutt (200303-19)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104852190605988&w=2
Reference: BUGTRAQ:20030430 GLSA: balsa (200304-10)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105171507629573&w=2
Reference: XF:mutt-folder-name-bo(11583)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11583
Reference: BID:7120
Reference: URL:http://www.securityfocus.com/bid/7120
Reference: OVAL:oval:org.mitre.oval:def:2
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2
Reference: OVAL:oval:org.mitre.oval:def:434
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:434
 

Votes:

Description:
The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.

Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104887465427579&w=2
Reference: VULNWATCH:20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html
Reference: MISC:http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10
Reference: CERT-VN:VU#705761
Reference: URL:http://www.kb.cert.org/vuls/id/705761
Reference: BID:7177
Reference: URL:http://www.securityfocus.com/bid/7177
 

Votes:

Description:
Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function.

Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030708 Adobe Acrobat and PDF security: no improvements for 2 years
Reference: URL:http://www.securityfocus.com/archive/1/328224
Reference: CERT-VN:VU#689835
Reference: URL:http://www.kb.cert.org/vuls/id/689835
 

Votes:

Description:
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20030305 potential buffer overflow in lprm (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104690434504429&w=2
Reference: BUGTRAQ:20030308 OpenBSD lprm(1) exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104714441925019&w=2
Reference: CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch
Reference: DEBIAN:DSA-267
Reference: URL:http://www.debian.org/security/2003/dsa-267
Reference: DEBIAN:DSA-275
Reference: URL:http://www.debian.org/security/2003/dsa-275
Reference: MANDRAKE:MDKSA-2003:059
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:059
Reference: SGI:20030406-02-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P
Reference: SUSE:SuSE-SA:2003:0014
Reference: URL:http://www.novell.com/linux/security/advisories/2003_014_lprold.html
Reference: BID:7025
Reference: URL:http://www.securityfocus.com/bid/7025
Reference: SECUNIA:8293
Reference: URL:http://secunia.com/advisories/8293
Reference: XF:lprm-bo(11473)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11473
 

Votes:

   ACCEPT(4) Cole, Armstrong, Jones, Green
   NOOP(2) Christey, Cox

 Christey> DEBIAN:DSA-267
   URL:http://www.debian.org/security/2003/dsa-267
 Christey> DEBIAN:DSA-275
   URL:http://www.debian.org/security/2003/dsa-275
 Christey> DEBIAN:DSA-267
   URL:http://www.debian.org/security/2003/dsa-267
 Christey> SGI:20030406-02-P
 Christey> MANDRAKE:MDKSA-2003:059
   URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:059

Description:
Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows.

Status: Candidate
Phase: Modified (20050311)
Reference: BUGTRAQ:20030228 NetPBM, multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104644687816522&w=2
Reference: CONECTIVA:CLSA-2003:656
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000656
Reference: DEBIAN:DSA-263
Reference: URL:http://www.debian.org/security/2003/dsa-263
Reference: REDHAT:RHSA-2003:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-060.html
Reference: CERT-VN:VU#630433
Reference: URL:http://www.kb.cert.org/vuls/id/630433
Reference: BID:6979
Reference: URL:http://www.securityfocus.com/bid/6979
Reference: XF:netpbm-multiple-bo(11463)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11463
 

Votes:

   ACCEPT(3) Baker, Cole, Green
   MODIFY(1) Cox
   NOOP(2) Christey, Wall

 Christey> MANDRAKE:MDKSA-2003:036
   URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:036
 CHANGE> [Cox changed vote from ACCEPT to MODIFY]
 Cox> REDHAT:RHSA-2003:061
 Cox> ADDREF REDHAT:RHSA-2003:060
 Christey> MANDRAKE:MDKSA-2003:036
   (as suggested by Vincent Danen of Mandrake)
 Christey> CONECTIVA:CLA-2003:656

Description:
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).

Status: Candidate
Phase: Modified (20071129)
Reference: BUGTRAQ:20030313 Vulnerability in OpenSSL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104766550528628&w=2
Reference: BUGTRAQ:20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316165/30/25370/threaded
Reference: BUGTRAQ:20030327 Immunix Secured OS 7+ openssl update
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded
Reference: VULNWATCH:20030313 OpenSSL Private Key Disclosure
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html
Reference: CONFIRM:http://www.openssl.org/news/secadv_20030317.txt
Reference: BUGTRAQ:20030317 [ADVISORY] Timing Attack on OpenSSL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792570615648&w=2
Reference: MISC:http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
Reference: APPLE:APPLE-SA-2003-03-24
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316165/30/25370/threaded
Reference: CALDERA:CSSA-2003-014.0
Reference: URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
Reference: CONECTIVA:CLA-2003:625
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
Reference: DEBIAN:DSA-288
Reference: URL:http://www.debian.org/security/2003/dsa-288
Reference: ENGARDE:ESA-20030320-010
Reference: FREEBSD:FreeBSD-SA-03:06
Reference: GENTOO:GLSA-200303-24
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104861762028637&w=2
Reference: GENTOO:GLSA-200303-15
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104829040921835&w=2
Reference: GENTOO:GLSA-200303-23
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml
Reference: IMMUNIX:IMNX-2003-7+-001-01
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded
Reference: MANDRAKE:MDKSA-2003:035
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035
Reference: OPENPKG:OpenPKG-SA-2003.019
Reference: URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html
Reference: REDHAT:RHSA-2003:101
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-101.html
Reference: REDHAT:RHSA-2003:102
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-102.html
Reference: REDHAT:RHSA-2003:205
Reference: SGI:20030501-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
Reference: BUGTRAQ:20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104819602408063&w=2
Reference: CERT-VN:VU#997481
Reference: URL:http://www.kb.cert.org/vuls/id/997481
Reference: OVAL:oval:org.mitre.oval:def:466
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:466
 

Votes:

   ACCEPT(4) Wall, Baker, Cole, Green
   MODIFY(1) Cox
   NOOP(1) Christey

 Christey> ENGARDE:ESA-20030320-010
   BUGTRAQ:20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl)
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104819602408063&w=2
 Christey> FREEBSD:FreeBSD-SA-03:06.openssl
 Cox> Addref:http://www.openssl.org/news/secadv_20030317.txt
 Christey> MANDRAKE:MDKSA-2003:035
   URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035
 Christey> BUGTRAQ:20030325 GLSA:  stunnel (200303-24)
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104861762028637&w=2
   
   Need to change desc to include stunnel
 Cox> REDHAT:RHSA-2003:102
   URL:http://www.redhat.com/support/errata/RHSA-2003-102.html
 Cox> REDHAT:RHSA-2003:101
   URL:http://www.redhat.com/support/errata/RHSA-2003-101.html
 Christey> CONECTIVA:CLA-2003:625
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
 Christey> DEBIAN:DSA-288
   URL:http://www.debian.org/security/2003/dsa-288
 Christey> MANDRAKE:MDKSA-2003:035
   (as suggested by Vincent Danen of Mandrake)
 Christey> SGI:20030501-01-I
   URL:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
 Christey> REDHAT:RHSA-2003:205
 Christey> CERT-VN:VU#997481
   URL:http://www.kb.cert.org/vuls/id/997481

Description:
The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell.

Status: Candidate
Phase: Assigned (20030317)
Reference: ATSTAKE:A073103-1
Reference: URL:http://www.atstake.com/research/advisories/2003/a073103-1.txt
Reference: CONFIRM:http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
 

Votes:

Description:
Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters.

Status: Candidate
Phase: Assigned (20030317)
Reference: ATSTAKE:A073103-1
Reference: URL:http://www.atstake.com/research/advisories/2003/a073103-1.txt
Reference: CONFIRM:http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
 

Votes:

Description:
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

Status: Candidate
Phase: Assigned (20030318)
Reference: BUGTRAQ:20030308 MySQL_user_can_be_changed_to_root?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104715840202315&w=2
Reference: BUGTRAQ:20030310 Re: MySQL user can be changed to root
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104739810523433&w=2
Reference: CONECTIVA:CLA-2003:743
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743
Reference: DEBIAN:DSA-303
Reference: URL:http://www.debian.org/security/2003/dsa-303
Reference: ENGARDE:ESA-20030324-012
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html
Reference: REDHAT:RHSA-2003:093
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-093.html
Reference: REDHAT:RHSA-2003:094
Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-094.html
Reference: MANDRAKE:MDKSA-2003:057
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:057
Reference: BUGTRAQ:20030318 [OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104800948128630&w=2
Reference: BUGTRAQ:20030318 GLSA: mysql (200303-14)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104802285012750&w=2
Reference: CERT-VN:VU#203897
Reference: URL:http://www.kb.cert.org/vuls/id/203897
Reference: BID:7052
Reference: URL:http://www.securityfocus.com/bid/7052
Reference: XF:mysql-datadir-root-privileges(11510)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11510
Reference: OVAL:oval:org.mitre.oval:def:442
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:442
 

Votes:

   NOOP(1) Christey

 Christey> DEBIAN:DSA-303
   URL:http://www.debian.org/security/2003/dsa-303

Description:
BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.

Status: Candidate
Phase: Assigned (20030318)
Reference: BUGTRAQ:20030317 SPI ADVISORY: Remote Administration of BEA WebLogic Server and Express
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792477914620&w=2
Reference: BUGTRAQ:20030317 S21SEC-011 - Multiple vulnerabilities in BEA WebLogic Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792544515384&w=2
Reference: MISC:http://www.s21sec.com/en/avisos/s21sec-011-en.txt
Reference: CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp
Reference: BID:7122
Reference: URL:http://www.securityfocus.com/bid/7122
Reference: BID:7124
Reference: URL:http://www.securityfocus.com/bid/7124
 

Votes:

Description:
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.

Status: Candidate
Phase: Assigned (20030319)
Reference: DEBIAN:DSA-265
Reference: URL:http://www.debian.org/security/2003/dsa-265
Reference: BID:7162
Reference: URL:http://www.securityfocus.com/bid/7162
 

Votes:

Description:
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.

Status: Candidate
Phase: Assigned (20030319)
Reference: BUGTRAQ:20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102980129101054&w=2
Reference: DEBIAN:DSA-265
Reference: URL:http://www.debian.org/security/2003/dsa-265
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=187230
Reference: BID:5517
Reference: URL:http://www.securityfocus.com/bid/5517
Reference: XF:bonsai-path-disclosure(9921)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9921
 

Votes:

Description:
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.

Status: Candidate
Phase: Assigned (20030319)
Reference: BUGTRAQ:20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102980129101054&w=2
Reference: DEBIAN:DSA-265
Reference: URL:http://www.debian.org/security/2003/dsa-265
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=163573
Reference: CONFIRM:http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view
Reference: CONFIRM:http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=146244
Reference: BID:5516
Reference: URL:http://www.securityfocus.com/bid/5516
Reference: XF:bonsai-error-message-xss(9920)
Reference: URL:http://www.iss.net/security_center/static/9920.php
 

Votes:

Description:
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.

Status: Candidate
Phase: Assigned (20030319)
Reference: DEBIAN:DSA-265
Reference: URL:http://www.debian.org/security/2003/dsa-265
Reference: BID:7163
Reference: URL:http://www.securityfocus.com/bid/7163
 

Votes:

Description:
Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter.

Status: Candidate
Phase: Assigned (20030319)
Reference: BUGTRAQ:20030311 Cross-Referencing Linux vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104739747222492&w=2
Reference: DEBIAN:DSA-264
Reference: URL:http://www.debian.org/security/2003/dsa-264
Reference: BID:7062
Reference: URL:http://www.securityfocus.com/bid/7062
 

Votes:

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0138. Reason: This candidate is a reservation duplicate of CVE-2003-0138 due to incomplete coordination. Notes: All CVE users should reference CVE-2003-0138 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status: Candidate
Phase: Assigned (20030319)
 

Votes:

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0139. Reason: This candidate is a reservation duplicate of CVE-2003-0139 due to incomplete coordination. Notes: All CVE users should reference CVE-2003-0139 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status: Candidate
Phase: Assigned (20030319)
 

Votes:

Description:
Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Status: Candidate
Phase: Assigned (20030321)
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00008.html
Reference: BUGTRAQ:20030309 GLSA: ethereal (200303-10)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104741640924709&w=2
Reference: REDHAT:RHSA-2003:077
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-077.html
Reference: SUSE:SuSE-SA:2003:019
Reference: URL:http://www.novell.com/linux/security/advisories/2003_019_ethereal.html
Reference: MANDRAKE:MDKSA-2003:051
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:051
Reference: BID:7050
Reference: URL:http://www.securityfocus.com/bid/7050
Reference: OVAL:oval:org.mitre.oval:def:55
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:55
 

Votes:

Description:
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.

Status: Candidate
Phase: Assigned (20030321)
Reference: CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988
Reference: REDHAT:RHSA-2003:112
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-112.html
Reference: OVAL:oval:org.mitre.oval:def:614
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:614
 

Votes:

Description:
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

Status: Candidate
Phase: Assigned (20030324)
Reference: BUGTRAQ:20030329 Sendmail: -1 gone wild
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104897487512238&w=2
Reference: BUGTRAQ:20030520 [Fwd: 127 Research and Development: 127 Day!]
Reference: URL:http://www.securityfocus.com/archive/1/321997
Reference: BUGTRAQ:20030331 GLSA: sendmail (200303-27)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/316961/30/25250/threaded
Reference: BUGTRAQ:20030401 Immunix Secured OS 7+ openssl update
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/317135/30/25220/threaded
Reference: FULLDISC:20030329 Sendmail: -1 gone wild
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html
Reference: BUGTRAQ:20030329 sendmail 8.12.9 available
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104896621106790&w=2
Reference: GENTOO:GLSA-200303-27
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml
Reference: IMMUNIX:IMNX-2003-7+-002-01
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/317135/30/25220/threaded
Reference: SUNALERT:52620
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1
Reference: SUNALERT:52700
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1
Reference: CERT:CA-2003-12
Reference: URL:http://www.cert.org/advisories/CA-2003-12.html
Reference: CERT-VN:VU#897604
Reference: URL:http://www.kb.cert.org/vuls/id/897604
Reference: FREEBSD:FreeBSD-SA-03:07
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc
Reference: REDHAT:RHSA-2003:120
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-120.html
Reference: REDHAT:RHSA-2003:121
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-121.html
Reference: SCO:SCOSA-2004.11
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt
Reference: SUSE:SuSE-SA:2003:023
Reference: SGI:20030401-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P
Reference: CALDERA:CSSA-2003-016.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt
Reference: DEBIAN:DSA-278
Reference: URL:http://www.debian.org/security/2003/dsa-278
Reference: DEBIAN:DSA-290
Reference: URL:http://www.debian.org/security/2003/dsa-290
Reference: CONECTIVA:CLA-2003:614
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614
Reference: HP:SSRT3531
Reference: BUGTRAQ:20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104914999806315&w=2
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00028.html
Reference: BID:7230
Reference: URL:http://www.securityfocus.com/bid/7230
 

Votes:

   NOOP(1) Christey

 Christey> MANDRAKE:MDKSA-2003:042
   (as suggested by Vincent Danen of Mandrake)

Description:
Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page.

Status: Candidate
Phase: Assigned (20030324)
Reference: BUGTRAQ:20030227 Ecardis Password Reseting Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104636153214262&w=2
Reference: BUGTRAQ:20030303 Re: Ecardis Password Reseting Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104673407728323&w=2
Reference: DEBIAN:DSA-271
Reference: URL:http://www.debian.org/security/2003/dsa-271
Reference: BID:6971
Reference: URL:http://www.securityfocus.com/bid/6971
Reference: XF:ecartis-password-reset(11431)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11431
 

Votes:

Description:
decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte.

Status: Candidate
Phase: Assigned (20030324)
Reference: BUGTRAQ:20030412 R7-0013: Heap Corruption in Gaim-Encryption Plugin
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105013281120352&w=2
Reference: MISC:http://www.rapid7.com/advisories/R7-0013.html
Reference: BID:7182
Reference: URL:http://www.securityfocus.com/bid/7182
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20030324)
 

Votes:

Description:
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.

Status: Candidate
Phase: Assigned (20030326)
Reference: BUGTRAQ:20030328 CORE-2003-0304-03: Vulnerability in GNOME's Eye of Gnome
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104887189724146&w=2
Reference: VULNWATCH:20030328 Vulnerability in GNOME's Eye of Gnome
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0157.html
Reference: MISC:http://www.coresecurity.com/common/showdoc.php?idx=312&idxseccion=10
Reference: REDHAT:RHSA-2003:128
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-128.html
Reference: MANDRAKE:MDKSA-2003:048
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:048
Reference: CERT-VN:VU#363001
Reference: URL:http://www.kb.cert.org/vuls/id/363001
Reference: BID:7121
Reference: URL:http://www.securityfocus.com/bid/7121
Reference: OVAL:oval:org.mitre.oval:def:52
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:52
 

Votes:

   NOOP(1) Christey

 Christey> MANDRAKE:MDKSA-2003:048
   (as suggested by Vincent Danen of Mandrake)

Description:
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.

Status: Candidate
Phase: Assigned (20030326)
Reference: BUGTRAQ:20030326 @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104869828526885&w=2
Reference: BUGTRAQ:20030327 RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104878100719467&w=2
Reference: BUGTRAQ:20030402 Inaccurate Reports Concerning PHP Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2
Reference: CONECTIVA:CLSA-2003:691
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691
Reference: SCO:CSSA-2003-SCO.28
Reference: BID:7197
Reference: URL:http://www.securityfocus.com/bid/7197
Reference: BID:7198
Reference: URL:http://www.securityfocus.com/bid/7198
 

Votes:

Description:
Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.

Status: Candidate
Phase: Assigned (20030327)
Reference: DEBIAN:DSA-274
Reference: URL:http://www.debian.org/security/2003/dsa-274
Reference: DEBIAN:DSA-300
Reference: URL:http://www.debian.org/security/2003/dsa-300
Reference: BID:7229
Reference: URL:http://www.securityfocus.com/bid/7229
 

Votes:

Description:
Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL.

Status: Candidate
Phase: Assigned (20030327)
Reference: BUGTRAQ:20030401 Fwd: QuickTime 6.1 for Windows is available
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/317141/30/25220/threaded
Reference: BUGTRAQ:20030401 iDEFENSE Security Advisory 03.31.03: Buffer Overflow in Windows QuickTime Player
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/317148/30/25220/threaded
Reference: VULNWATCH:20030331 iDEFENSE Security Advisory 03.31.03: Buffer Overflow in Windows QuickTime Player
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0166.html
Reference: MISC:http://www.idefense.com/advisory/03.31.03.txt
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00027.html
Reference: APPLE:APPLE-SA-2003-03-31
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/317141/30/25220/threaded
Reference: CERT-VN:VU#112553
Reference: URL:http://www.kb.cert.org/vuls/id/112553
Reference: BID:7247
Reference: URL:http://www.securityfocus.com/bid/7247
Reference: OSVDB:10561
Reference: URL:http://www.osvdb.org/10561
Reference: XF:quicktime-url-bo(11671)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11671
 

Votes:

Description:
hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop.

Status: Candidate
Phase: Assigned (20030327)
Reference: VULNWATCH:20030331 [DDI-1012] Malformed request causes denial of service in HP Instant TopTools
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0164.html
Reference: BUGTRAQ:20030331 [DDI-1012] Malformed request causes denial of service in HP Instant TopTools
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104914959705949&w=2
Reference: BID:7246
Reference: URL:http://www.securityfocus.com/bid/7246
 

Votes:

Description:
Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors.

Status: Candidate
Phase: Assigned (20030327)
Reference: AIXAPAR:IY42424
Reference: URL:http://www-1.ibm.com/support/docview.wss?uid=isg1IY42424
Reference: IBM:MSS-OAR-E01-2003.0469.1
Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0469.1
Reference: BID:7346
Reference: URL:http://www.securityfocus.com/bid/7346
Reference: OSVDB:4878
Reference: URL:http://www.osvdb.org/4878
Reference: XF:aix-ftpd-gain-access(11823)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11823
 

Votes:

Description:
DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.

Status: Candidate
Phase: Assigned (20030328)
Reference: ATSTAKE:A041003-1
Reference: URL:http://www.atstake.com/research/advisories/2003/a041003-1.txt
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00028.html
 

Votes:

Description:
Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument.

Status: Candidate
Phase: Assigned (20030328)
Reference: BUGTRAQ:20030327 @(#)Mordred Labs advisory - PHP for Win32: buffer overflow in openlog() function
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104878149020152&w=2
Reference: BUGTRAQ:20030402 Inaccurate Reports Concerning PHP Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2
Reference: BUGTRAQ:20030327 Re: @(#)Mordred Labs advisory - PHP for Win32: buffer overflow in openlog() function
Reference: URL:http://www.securityfocus.com/archive/1/316583
Reference: BUGTRAQ:20041222 PHP v4.3.x exploit for Windows.
Reference: URL:http://www.securityfocus.com/archive/1/385238
Reference: BID:7210
Reference: URL:http://www.securityfocus.com/bid/7210
Reference: OSVDB:2113
Reference: URL:http://www.osvdb.org/2113
Reference: XF:php-openlog-stack-bo(11637)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11637
 

Votes:

Description:
xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges.

Status: Candidate
Phase: Assigned (20030328)
Reference: SGI:20030404-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030404-01-P
Reference: DEBIAN:DSA-283
Reference: URL:http://www.debian.org/security/2003/dsa-283
Reference: MANDRAKE:MDKSA-2003:047
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:047
Reference: CERT-VN:VU#111673
Reference: URL:http://www.kb.cert.org/vuls/id/111673
 

Votes:

   NOOP(1) Christey

 Christey> MANDRAKE:MDKSA-2003:047
   (as suggested by Vincent Danen of Mandrake)

Description:
The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.

Status: Candidate
Phase: Assigned (20030328)
Reference: SGI:20030407-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P
Reference: CIAC:N-084
Reference: URL:http://www.ciac.org/ciac/bulletins/n-084.shtml
Reference: BID:7442
Reference: URL:http://www.securityfocus.com/bid/7442
Reference: XF:irix-ldap-authentication-bypass(11860)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11860
 

Votes:

Description:
SGI IRIX before 6.5.21 allows local users to cause a denial of service (kernel panic) via a certain call to the PIOCSWATCH ioctl.

Status: Candidate
Phase: Assigned (20030328)
Reference: SGI:20030603-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030603-01-P
Reference: CERT-VN:VU#142228
Reference: URL:http://www.kb.cert.org/vuls/id/142228
Reference: SECTRACK:1008770
Reference: URL:http://www.securitytracker.com/id?1008770
Reference: XF:irix-piocswatch-ioctl-dos(12241)
Reference: URL:http://xforce.iss.net/xforce/xfdb/12241
Reference: BID:7868
Reference: URL:http://www.securityfocus.com/bid/7868
 

Votes:

Description:
The Name Service Daemon (nsd), when running on an NIS master on SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via a UDP port scan.

Status: Candidate
Phase: Assigned (20030328)
Reference: SGI:20030701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P
 

Votes:

Description:
SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does not follow "-" entries in the /etc/group file, which may cause subsequent group membership entries to be processed inadvertently.

Status: Candidate
Phase: Assigned (20030328)
Reference: SGI:20030701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P
 

Votes:

Description:
Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation.

Status: Candidate
Phase: Assigned (20030328)
Reference: BUGTRAQ:20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550063431461&w=2
Reference: NTBUGTRAQ:20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104558777531350&w=2
Reference: BUGTRAQ:20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550063431463&w=2
Reference: NTBUGTRAQ:20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104558777331345&w=2
Reference: BUGTRAQ:20030217 Domino Advisories UPDATE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550335103136&w=2
Reference: NTBUGTRAQ:20030217 Domino Advisories UPDATE
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104558778331387&w=2
Reference: VULNWATCH:20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0080.html
Reference: VULNWATCH:20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0081.html
Reference: VULNWATCH:20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html
Reference: MISC:http://www.nextgenss.com/advisories/lotus-hostlocbo.txt
Reference: MISC:http://www.nextgenss.com/advisories/lotus-inotesoflow.txt
Reference: CERT:CA-2003-11
Reference: URL:http://www.cert.org/advisories/CA-2003-11.html
Reference: CERT-VN:VU#206361
Reference: URL:http://www.kb.cert.org/vuls/id/206361
Reference: CERT-VN:VU#542873
Reference: URL:http://www.kb.cert.org/vuls/id/542873
Reference: CERT-VN:VU#772817
Reference: URL:http://www.kb.cert.org/vuls/id/772817
Reference: CIAC:N-065
Reference: URL:http://www.ciac.org/ciac/bulletins/n-065.shtml
Reference: BID:6870
Reference: URL:http://www.securityfocus.com/bid/6870
Reference: BID:6871
Reference: URL:http://www.securityfocus.com/bid/6871
Reference: XF:lotus-domino-hostname-bo(11337)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11337
Reference: XF:lotus-domino-inotes-bo(11336)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11336
Reference: BID:6870
Reference: URL:http://www.securityfocus.com/bid/6870
Reference: BID:6871
Reference: URL:http://www.securityfocus.com/bid/6871
 

Votes:

Description:
Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control.

Status: Candidate
Phase: Assigned (20030328)
Reference: BUGTRAQ:20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550124032513&w=2
Reference: NTBUGTRAQ:20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104558778131373&w=2
Reference: VULNWATCH:20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html
Reference: MISC:http://www.nextgenss.com/advisories/lotus-inotesclientaxbo.txt
Reference: BUGTRAQ:20030217 Domino Advisories UPDATE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550335103136&w=2
Reference: NTBUGTRAQ:20030217 Domino Advisories UPDATE
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104558778331387&w=2
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21104543
Reference: CERT:CA-2003-11
Reference: URL:http://www.cert.org/advisories/CA-2003-11.html
Reference: CERT-VN:VU#571297
Reference: URL:http://www.kb.cert.org/vuls/id/571297
Reference: CIAC:N-065
Reference: URL:http://www.ciac.org/ciac/bulletins/n-065.shtml
Reference: BID:6872
Reference: URL:http://www.securityfocus.com/bid/6872
Reference: XF:lotus-notes-activex-bo(11339)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11339
Reference: BID:6872
Reference: URL:http://www.securityfocus.com/bid/6872
 

Votes:

Description:
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form.

Status: Candidate
Phase: Assigned (20030328)
Reference: VULNWATCH:20030218 More Lotus Domino Advisories
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html
Reference: MISC:http://www.nextgenss.com/advisories/lotus-60dos.txt
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21104528
Reference: CERT:CA-2003-11
Reference: URL:http://www.cert.org/advisories/CA-2003-11.html
Reference: CERT-VN:VU#355169
Reference: URL:http://www.kb.cert.org/vuls/id/355169
Reference: CIAC:N-065
Reference: URL:http://www.ciac.org/ciac/bulletins/n-065.shtml
Reference: XF:lotus-incomplete-post-dos(11360)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11360
Reference: BID:6951
Reference: URL:http://www.securityfocus.com/bid/6951
 

Votes:

Description:
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name.

Status: Candidate
Phase: Assigned (20030328)
Reference: VULNWATCH:20030218 More Lotus Domino Advisories
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html
Reference: MISC:http://www.nextgenss.com/advisories/lotus-60dos.txt
Reference: VULNWATCH:20030218 More Lotus Domino Advisories
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21104528
Reference: CERT:CA-2003-11
Reference: URL:http://www.cert.org/advisories/CA-2003-11.html
Reference: BID:6951
Reference: URL:http://www.securityfocus.com/bid/6951
Reference: XF:lotus-invalid-field-dos(11361)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11361
Reference: BID:6951
Reference: URL:http://www.securityfocus.com/bid/6951
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20030401)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20030401)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20030401)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20030401)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20030401)
 

Votes:

Description:
The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts.

Status: Candidate
Phase: Assigned (20030401)
Reference: BUGTRAQ:20030802 [SECURITY] Netfilter Security Advisory: Conntrack list_del() DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105986028426824&w=2
Reference: OVAL:oval:org.mitre.oval:def:260
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:260
 

Votes:

Description:
lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.

Status: Candidate
Phase: Assigned (20030401)
Reference: REDHAT:RHSA-2003:167
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-167.html
Reference: REDHAT:RHSA-2003:169
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-169.html
Reference: DEBIAN:DSA-304
Reference: URL:http://www.debian.org/security/2003/dsa-304
Reference: TURBO:TLSA-2003-35
Reference: URL:http://www.turbolinux.com/security/TLSA-2003-35.txt
Reference: OVAL:oval:org.mitre.oval:def:430
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:430
 

Votes:

Description:
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.

Status: Candidate
Phase: Assigned (20030401)
Reference: CONFIRM:http://www.apache.org/dist/httpd/Announcement2.html
Reference: BUGTRAQ:20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105418115512559&w=2
Reference: REDHAT:RHSA-2003:186
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-186.html
Reference: CONECTIVA:CLA-2003:661
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000661
Reference: CERT-VN:VU#479268
Reference: URL:http://www.kb.cert.org/vuls/id/479268
Reference: BID:7725
Reference: URL:http://www.securityfocus.com/bid/7725
Reference: SECUNIA:8881
Reference: URL:http://secunia.com/advisories/8881
Reference: XF:apache-aprpasswordvalidate-dos(12091)
Reference: URL:http://xforce.iss.net/xforce/xfdb/12091
 

Votes:

Description:
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

Status: Candidate
Phase: Assigned (20030401)
Reference: BUGTRAQ:20030430 OpenSSH/PAM timing attack allows remote users identification
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105172058404810&w=2
Reference: FULLDISC:20030430 OpenSSH/PAM timing attack allows remote users identification
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html
Reference: MISC:http://lab.mediaservice.net/advisory/2003-01-openssh.txt
Reference: REDHAT:RHSA-2003:222
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-222.html
Reference: REDHAT:RHSA-2003:224
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-224.html
Reference: BUGTRAQ:20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106018677302607&w=2
Reference: TURBO:TLSA-2003-31
Reference: URL:http://www.turbolinux.com/security/TLSA-2003-31.txt
Reference: BID:7467
Reference: URL:http://www.securityfocus.com/bid/7467
Reference: OVAL:oval:org.mitre.oval:def:445
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:445
 

Votes:

Description:
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.

Status: Candidate
Phase: Assigned (20030401)
Reference: BUGTRAQ:20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105776593602600&w=2
Reference: MANDRAKE:MDKSA-2003:075
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:075
Reference: REDHAT:RHSA-2003:240
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-240.html
Reference: REDHAT:RHSA-2003:243
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-243.html
Reference: REDHAT:RHSA-2003:244
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-244.html
Reference: SCO:CSSA-2003-SCO.28
Reference: SCO:SCOSA-2004.6
Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt
Reference: OVAL:oval:org.mitre.oval:def:169
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:169
 

Votes:

Description:
msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html").

Status: Candidate
Phase: Assigned (20030401)
Reference: DEBIAN:DSA-575
Reference: URL:http://www.debian.org/security/2004/dsa-575
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525
Reference: BID:11560
Reference: URL:http://www.securityfocus.com/bid/11560
Reference: OSVDB:11193
Reference: URL:http://www.osvdb.org/11193
Reference: SECUNIA:13021
Reference: URL:http://secunia.com/advisories/13021/
Reference: SECUNIA:13022
Reference: URL:http://secunia.com/advisories/13022/
Reference: XF:catdoc-xlsview-symlink(16335)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16335
 

Votes:

Description:
tcpdump does not properly drop privileges to the pcap user when starting up.

Status: Candidate
Phase: Assigned (20030401)
Reference: REDHAT:RHSA-2003:174
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-174.html
Reference: REDHAT:RHSA-2003:151
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-151.html
 

Votes:

Description:
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.

Status: Candidate
Phase: Assigned (20030401)
Reference: CONECTIVA:CLSA-2003:678
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000678
Reference: REDHAT:RHSA-2003:171
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-171.html
Reference: MANDRAKE:MDKSA-2003:062
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:062
Reference: SUSE:SuSE-SA:2003:028
Reference: URL:http://www.novell.com/linux/security/advisories/2003_028.html
Reference: DEBIAN:DSA-317
Reference: URL:http://www.debian.org/security/2003/dsa-317
Reference: TURBO:TLSA-2003-33
Reference: URL:http://www.turbolinux.com/security/TLSA-2003-33.txt
Reference: BUGTRAQ:20030529 [slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105427288724449&w=2
Reference: BID:7637
Reference: URL:http://www.securityfocus.com/bid/7637
Reference: OVAL:oval:org.mitre.oval:def:6
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6
 

Votes:

Description:
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

Status: Candidate
Phase: Assigned (20030401)
Reference: BUGTRAQ:20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104973186901597&w=2
Reference: DEBIAN:DSA-280
Reference: URL:http://www.debian.org/security/2003/dsa-280
Reference: MANDRAKE:MDKSA-2003:044
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:044
Reference: REDHAT:RHSA-2003:137
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-137.html
Reference: BUGTRAQ:20030407 Immunix Secured OS 7+ samba update
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104974612519064&w=2
Reference: OVAL:oval:org.mitre.oval:def:564
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:564
 

Votes:

Description:
Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).

Status: Candidate
Phase: Assigned (20030403)
Reference: VULNWATCH:20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html
Reference: BUGTRAQ:20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104940730819887&w=2
Reference: MISC:http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt
 

Votes:

Description:
Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.

Status: Candidate
Phase: Assigned (20030404)
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00028.html
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20030404)
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20030404)
 

Votes:

Description:
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

Status: Candidate
Phase: Assigned (20030404)
Reference: BUGTRAQ:20030407 [DDI-1013] Buffer Overflow in Samba allows remote root compromise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104972664226781&w=2
Reference: MISC:http://www.digitaldefense.net/labs/advisories/DDI-1013.txt
Reference: DEBIAN:DSA-280
Reference: URL:http://www.debian.org/security/2003/dsa-280
Reference: SUSE:SuSE-SA:2003:025
Reference: URL:http://www.novell.com/linux/security/advisories/2003_025_samba.html
Reference: MANDRAKE:MDKSA-2003:044
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:044
Reference: REDHAT:RHSA-2003:137
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-137.html
Reference: CONECTIVA:CLA-2003:624
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000624
Reference: SGI:20030403-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030403-01-P
Reference: BUGTRAQ:20030409 GLSA: samba (200304-02)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104994564212488&w=2
Reference: BUGTRAQ:20030407 Immunix Secured OS 7+ samba update
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104974612519064&w=2
Reference: BUGTRAQ:20030408 [Sorcerer-spells] SAMBA--SORCERER2003-04-08
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104981682014565&w=2
Reference: CERT-VN:VU#267873
Reference: URL:http://www.kb.cert.org/vuls/id/267873
Reference: BID:7294
Reference: URL:http://www.securityfocus.com/bid/7294
Reference: OVAL:oval:org.mitre.oval:def:567
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:567
Reference: OVAL:oval:org.mitre.oval:def:2163
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2163
 

Votes:

Description:
The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

Status: Candidate
Phase: Assigned (20030404)
Reference: DEBIAN:DSA-279
Reference: URL:http://www.debian.org/security/2003/dsa-279
Reference: XF:metrics-tmpfile-symlink(11734)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11734
Reference: BID:7293
Reference: URL:http://www.securityfocus.com/bid/7293
 

Votes:

Description:
Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner.

Status: Candidate
Phase: Assigned (20030408)
Reference: BUGTRAQ:20030223 moxftp arbitrary code execution poc/advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610380126860&w=2
Reference: FULLDISC:20030223 moxftp arbitrary code execution poc/advisory
Reference: URL:http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-02/0338.html
Reference: DEBIAN:DSA-281
Reference: URL:http://www.debian.org/security/2003/dsa-281
Reference: BID:6921
Reference: URL:http://www.securityfocus.com/bid/6921
Reference: SECTRACK:1006156
Reference: URL:http://www.securitytracker.com/id?1006156
Reference: SECUNIA:8136
Reference: URL:http://secunia.com/advisories/8136
Reference: XF:moxftp-welcome-banner-bo(11399)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11399
Reference: BID:6921
Reference: URL:http://www.securityfocus.com/bid/6921
 

Votes:

Description:
KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.

Status: Candidate
Phase: Assigned (20030414)
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20030409-1.txt
Reference: CONFIRM:http://bugs.kde.org/show_bug.cgi?id=56808
Reference: CONFIRM:http://bugs.kde.org/show_bug.cgi?id=53343
Reference: DEBIAN:DSA-284
Reference: URL:http://www.debian.org/security/2003/dsa-284
Reference: DEBIAN:DSA-293
Reference: URL:http://www.debian.org/security/2003/dsa-293
Reference: DEBIAN:DSA-296
Reference: URL:http://www.debian.org/security/2003/dsa-296
Reference: MANDRAKE:MDKSA-2003:049
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:049
Reference: REDHAT:RHSA-2003:002
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-002.html
Reference: CONECTIVA:CLA-2003:668
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668
Reference: CONECTIVA:CLA-2003:747
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
Reference: BUGTRAQ:20030410 GLSA: kde-3.x (200304-04)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105001557020141&w=2
Reference: BUGTRAQ:20030411 GLSA: kde-2.x (200304-05)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105012994719099&w=2
Reference: BUGTRAQ:20030414 GLSA: kde-2.x (200304-05.1)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105034222521369&w=2
Reference: BUGTRAQ:20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105017403010459&w=2
 

Votes:

   NOOP(1) Christey

 Christey> MANDRAKE:MDKSA-2003:049
   (as suggested by Vincent Danen of Mandrake)

Description:
gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the ticker title of a URI.

Status: Candidate
Phase: Assigned (20030414)
Reference: BUGTRAQ:20030423 Security problems in gkrellm-newsticker
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105111327000755&w=2
Reference: DEBIAN:DSA-294
Reference: URL:http://www.debian.org/security/2003/dsa-294
 

Votes:

Description:
gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines.

Status: Candidate
Phase: Assigned (20030414)
Reference: BUGTRAQ:20030423 Security problems in gkrellm-newsticker
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105111327000755&w=2
Reference: DEBIAN:DSA-294
Reference: URL:http://www.debian.org/security/2003/dsa-294
 

Votes:

Description:
ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files.

Status: Candidate
Phase: Assigned (20030414)
Reference: DEBIAN:DSA-286
Reference: URL:http://www.debian.org/security/2003/dsa-286
 

Votes:

Description:
Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field.

Status: Candidate
Phase: Assigned (20030414)
Reference: BUGTRAQ:20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105033712615013&w=2
Reference: FULLDISC:20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004514.html
Reference: VULNWATCH:20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach
Reference: MISC:http://www.securiteam.com/securitynews/5XP0B0U9PE.html
Reference: CONFIRM:http://www.macromedia.com/support/flash/ts/documents/clicktag_security.htm
 

Votes:

Description:
Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.

Status: Candidate
Phase: Assigned (20030415)
Reference: VULNWATCH:20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability
Reference: BUGTRAQ:20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105043563016235&w=2
Reference: MISC:http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10
Reference: BUGTRAQ:20030423 Snort <=1.9.1 exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105111217731583&w=2
Reference: BUGTRAQ:20030422 GLSA: snort (200304-05)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105103586927007&w=2
Reference: BUGTRAQ:20030428 GLSA: snort (200304-06)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154530427824&w=2
Reference: DEBIAN:DSA-297
Reference: URL:http://www.debian.org/security/2003/dsa-297
Reference: ENGARDE:ESA-20030430-013
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105172790914107&w=2
Reference: MANDRAKE:MDKSA-2003:052
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:052
Reference: CERT:CA-2003-13
Reference: URL:http://www.cert.org/advisories/CA-2003-13.html
Reference: CERT-VN:VU#139129
Reference: URL:http://www.kb.cert.org/vuls/id/139129
Reference: BID:7178
Reference: URL:http://www.securityfocus.com/bid/7178
 

Votes:

Description:
Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002.

Status: Candidate
Phase: Assigned (20030415)
Reference: BUGTRAQ:20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105120066126196&w=2
Reference: NTBUGTRAQ:20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105118056332344&w=2
Reference: CISCO:20030423 Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml
Reference: CERT-VN:VU#697049
Reference: URL:http://www.kb.cert.org/vuls/id/697049
 

Votes:

Description:
Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.

Status: Candidate
Phase: Assigned (20030415)
Reference: BUGTRAQ:20030418 Xinetd 2.3.10 Memory Leaks
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105068673220605&w=2
Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537
Reference: REDHAT:RHSA-2003:160
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-160.html
Reference: MANDRAKE:MDKSA-2003:056
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:056
Reference: CONECTIVA:CLA-2003:782
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000782
Reference: OVAL:oval:org.mitre.oval:def:657
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:657
 

Votes:

Description:
handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of connections.

Status: Candidate
Phase: Assigned (20030415)
Reference: BUGTRAQ:20030417 Vulnerability in rinetd
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105059298502830&w=2
Reference: DEBIAN:DSA-289
Reference: URL:http://www.debian.org/security/2003/dsa-289
 

Votes:

Description:
ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.

Status: Candidate
Phase: Assigned (20030422)
Reference: BUGTRAQ:20030409 PoPToP PPTP server remotely exploitable buffer overflow
Reference: URL:http://www.securityfocus.com/archive/1/317995
Reference: BUGTRAQ:20030418 Exploit for PoPToP PPTP server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105068728421160&w=2
Reference: BUGTRAQ:20030422 Re: Exploit for PoPToP PPTP server - Linux version
Reference: URL:http://www.securityfocus.com/archive/1/319428
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=138437
Reference: DEBIAN:DSA-295
Reference: URL:http://www.debian.org/security/2003/dsa-295
Reference: SUSE:SuSE-SA:2003:029
Reference: URL:http://www.novell.com/linux/security/advisories/2003_029.html
Reference: BUGTRAQ:20030428 GLSA: pptpd (200304-08)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154539727967&w=2
Reference: CERT-VN:VU#673993
Reference: URL:http://www.kb.cert.org/vuls/id/673993
Reference: BID:7316
Reference: URL:http://www.securityfocus.com/bid/7316
 

Votes:

Description:
run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Status: Candidate
Phase: Assigned (20030423)
Reference: DEBIAN:DSA-292
Reference: URL:http://www.debian.org/security/2003/dsa-292
 

Votes:

Description:
SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields.

Status: Candidate
Phase: Assigned (20030423)
Reference: BUGTRAQ:20030424 SQL injection in BttlxeForum
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105120052725940&w=2
Reference: CONFIRM:http://www.battleaxesoftware.com/forums/forum.asp?forumid=36&select=1812
Reference: SECTRACK:1006632
Reference: URL:http://securitytracker.com/id?1006632
 

Votes:

Description:
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password.

Status: Candidate
Phase: Assigned (20030424)
Reference: CISCO:20030424 Cisco Security Advisory: Cisco Catalyst Enable Password Bypass Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20030424-catos.shtml.
Reference: CERT-VN:VU#443257
Reference: URL:http://www.kb.cert.org/vuls/id/443257
 

Votes:

Description:
Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script.

Status: Candidate
Phase: Assigned (20030425)
Reference: BUGTRAQ:20030513 XSS In Neoteris IVE Allows Session Hijacking
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105283833617480&w=2
 

Votes:

Description:
Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body.

Status: Candidate
Phase: Assigned (20030428)
Reference: BUGTRAQ:20030420 Monkey HTTPd Remote Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105094204204166&w=2
Reference: VULNWATCH:20030420 Monkey HTTPd Remote Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0029.html
Reference: CONFIRM:http://monkeyd.sourceforge.net/Changelog.txt
Reference: BUGTRAQ:20030428 GLSA: monkeyd (200304-07.1)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154473526898&w=2
Reference: BID:7202
Reference: URL:http://www.securityfocus.com/bid/7202
 

Votes:

Description:
Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server.

Status: Candidate
Phase: Assigned (20030428)
Reference: BUGTRAQ:20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105155734411836&w=2
Reference: VULNWATCH:20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall
Reference: MISC:http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10
Reference: CERT-VN:VU#641012
Reference: URL:http://www.kb.cert.org/vuls/id/641012
Reference: BID:7179
Reference: URL:http://www.securityfocus.com/bid/7179
 

Votes:

Description:
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.

Status: Candidate
Phase: Assigned (20030428)
Reference: BUGTRAQ:20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105155734411836&w=2
Reference: VULNWATCH:20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall
Reference: MISC:http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10
Reference: CERT-VN:VU#454716
Reference: URL:http://www.kb.cert.org/vuls/id/454716
Reference: BID:7180
Reference: URL:http://www.securityfocus.com/bid/7180
 

Votes:

Description:
The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack.

Status: Candidate
Phase: Assigned (20030428)
Reference: HP:SSRT3471
Reference: URL:http://www.ciac.org/ciac/bulletins/n-086.shtml
Reference: CIAC:N-086
Reference: BID:7452
Reference: URL:http://www.securityfocus.com/bid/7452
Reference: XF:tru64-dupatch-setld-symlink(11892)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11892
 

Votes:

Description:
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.

Status: Candidate
Phase: Assigned (20030429)
Reference: BUGTRAQ:20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105162831008176&w=2
Reference: NTBUGTRAQ:20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105163376015735&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf
Reference: CIAC:N-085
Reference: URL:http://www.ciac.org/ciac/bulletins/n-085.shtml
Reference: BID:7453
Reference: URL:http://www.securityfocus.com/bid/7453
Reference: XF:oracle-database-link-bo(11885)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11885
 

Votes:

Description:
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.

Status: Candidate
Phase: Assigned (20030430)
Reference: MS:MS03-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
Reference: OVAL:oval:org.mitre.oval:def:66
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:66
 

Votes:

Description:
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."

Status: Candidate
Phase: Assigned (20030430)
Reference: NTBUGTRAQ:20030530 NSFOCUS SA2003-05: Microsoft IIS ssinc.dll Over-long Filename Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105431767100944&w=2
Reference: MS:MS03-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
Reference: OVAL:oval:org.mitre.oval:def:483
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:483
 

Votes:

Description:
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.

Status: Candidate
Phase: Assigned (20030430)
Reference: NTBUGTRAQ:20030418 Microsoft Active Server Pages DoS
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105110606122772&w=2
Reference: MISC:http://www.aqtronix.com/Advisories/AQ-2003-01.txt
Reference: MS:MS03-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
Reference: OVAL:oval:org.mitre.oval:def:373
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:373
 

Votes:

Description:
Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.

Status: Candidate
Phase: Assigned (20030430)
Reference: BUGTRAQ:20030528 Internet Information Services 5.0 Denial of service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2003-05/0308.html
Reference: NTBUGTRAQ:20030528 Internet Information Services 5.0 Denial of service
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105421243732552&w=2
Reference: BUGTRAQ:20030529 IIS WEBDAV Denial of Service attacks
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105427362724860&w=2
Reference: MISC:http://www.spidynamics.com/iis_alert.html
Reference: MS:MS03-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
Reference: OVAL:oval:org.mitre.oval:def:933
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:933
 

Votes:

Description:
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.

Status: Candidate
Phase: Assigned (20030430)
Reference: NTBUGTRAQ:20030528 MS03-019: DoS or Code of Choice
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105421176432011&w=2
Reference: NTBUGTRAQ:20030528 Re: Alert: MS03-019, Microsoft... wrong, again.
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105421127531558&w=2
Reference: BUGTRAQ:20030528 RE: Alert: MS03-019, Microsoft... wrong, again.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105427615626177&w=2
Reference: MS:MS03-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-019.asp
Reference: OVAL:oval:org.mitre.oval:def:936
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:936
Reference: OVAL:oval:org.mitre.oval:def:966
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:966
 

Votes:

Description:
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.

Status: Candidate
Phase: Assigned (20030430)
Reference: BUGTRAQ:20030507 Windows Media Player directory traversal vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105232913516488&w=2
Reference: NTBUGTRAQ:20030507 Windows Media Player directory traversal vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105233960728901&w=2
Reference: BUGTRAQ:20030508 why i love xs4all + mediaplayer thingie
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105240528419389&w=2
Reference: MS:MS03-017
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-017.asp
Reference: CERT-VN:VU#384932
Reference: URL:http://www.kb.cert.org/vuls/id/384932
Reference: BID:7517
Reference: URL:http://www.securityfocus.com/bid/7517
Reference: OVAL:oval:org.mitre.oval:def:321
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:321
Reference: XF:mediaplayer-skin-code-execution(11953)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11953
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20030430)
 

Votes:

Description:
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.

Status: Candidate
Phase: Assigned (20030430)
Reference: MS:MS03-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS03-031.asp
Reference: CERT-VN:VU#556356
Reference: URL:http://www.kb.cert.org/vuls/id/556356
Reference: OVAL:oval:org.mitre.oval:def:235
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:235
 

Votes:

Description:
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.

Status: Candidate
Phase: Assigned (20030430)
Reference: ATSTAKE:A072303-2
Reference: URL:http://www.atstake.com/research/advisories/2003/a072303-2.txt
Reference: MS:MS03-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS03-031.asp
Reference: CERT-VN:VU#918652
Reference: URL:http://www.kb.cert.org/vuls/id/918652
Reference: OVAL:oval:org.mitre.oval:def:299
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:299
 

Votes:

Description:
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.

Status: Candidate
Phase: Assigned (20030430)
Reference: ATSTAKE:A072303-3
Reference: URL:http://www.atstake.com/research/advisories/2003/a072303-3.txt
Reference: MS:MS03-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS03-031.asp
Reference: CERT-VN:VU#584868
Reference: URL:http://www.kb.cert.org/vuls/id/584868
Reference: OVAL:oval:org.mitre.oval:def:303
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:303
 

Votes:

Description:
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.

Status: Candidate
Phase: Assigned (20030430)
Reference: BUGTRAQ:20030424 Internet Explorer Plugin.ocx heap overflow (#NISR24042003)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105120164927952&w=2
Reference: MS:MS03-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-015.asp
Reference: XF:ie-plugin-load-bo(11854)
Reference: URL:http://www.iss.net/security_center/static/11854.php
Reference: OVAL:oval:org.mitre.oval:def:1094
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1094
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20030501)
 

Votes:

Description:
Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command.

Status: Candidate
Phase: Assigned (20030501)
Reference: VULNWATCH:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
Reference: BUGTRAQ:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105216842131995&w=2
Reference: MISC:http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
Reference: BID:7461
Reference: URL:http://www.securityfocus.com/bid/7461
Reference: XF:icq-pop3-format-string(11938)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11938
 

Votes:

Description:
Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers.

Status: Candidate
Phase: Assigned (20030501)
Reference: VULNWATCH:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
Reference: BUGTRAQ:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105216842131995&w=2
Reference: MISC:http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
Reference: BID:7462
Reference: URL:http://www.securityfocus.com/bid/7462
Reference: BID:7463
Reference: URL:http://www.securityfocus.com/bid/7463
Reference: XF:icq-pop3-email-bo(11939)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11939
 

Votes:

Description:
The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.

Status: Candidate
Phase: Assigned (20030501)
Reference: VULNWATCH:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
Reference: BUGTRAQ:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105216842131995&w=2
Reference: MISC:http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
Reference: BID:7464
Reference: URL:http://www.securityfocus.com/bid/7464
Reference: XF:icq-features-no-auth(11944)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11944
 

Votes:

Description:
The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag.

Status: Candidate
Phase: Assigned (20030501)
Reference: VULNWATCH:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
Reference: BUGTRAQ:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105216842131995&w=2
Reference: MISC:http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
Reference: BID:7465
Reference: URL:http://www.securityfocus.com/bid/7465
Reference: XF:icq-table-tag-dos(11947)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11947
 

Votes:

Description:
icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.

Status: Candidate
Phase: Assigned (20030501)
Reference: VULNWATCH:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
Reference: BUGTRAQ:20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105216842131995&w=2
Reference: MISC:http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
Reference: BID:7466
Reference: URL:http://www.securityfocus.com/bid/7466
Reference: XF:icq-gif89a-header-dos(11948)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11948
 

Votes:

Description:
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).

Status: Candidate
Phase: Assigned (20030501)
Reference: BUGTRAQ:20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105406374731579&w=2
Reference: MISC:http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
Reference: CERT-VN:VU#799060
Reference: URL:http://www.kb.cert.org/vuls/id/799060
Reference: BID:7652
Reference: URL:http://www.securityfocus.com/bid/7652
Reference: OSVDB:4804
Reference: URL:http://www.osvdb.org/4804
Reference: SECTRACK:1006854
Reference: URL:http://securitytracker.com/id?1006854
Reference: SECUNIA:8876
Reference: URL:http://secunia.com/advisories/8876
Reference: XF:axis-admin-authentication-bypass(12104)
Reference: URL:http://xforce.iss.net/xforce/xfdb/12104
 

Votes:

Description:
FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers to execute arbitrary code via a message that is rendered in IE using a less secure zone.

Status: Candidate
Phase: Assigned (20030501)
Reference: VULNWATCH:20030528 SECNAP Security Advisory: Invalid HTML processing in GoldMine(tm)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0091.html
Reference: MISC:http://www.secnap.net/security/gm001.html
 

Votes:

Description:
IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies.

Status: Candidate
Phase: Assigned (20030506)
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CERT-VN:VU#869548
Reference: URL:http://www.kb.cert.org/vuls/id/869548
Reference: BID:7628
Reference: URL:http://www.securityfocus.com/bid/7628
Reference: SECTRACK:1006796
Reference: URL:http://securitytracker.com/id?1006796
Reference: SECUNIA:8798
Reference: URL:http://secunia.com/advisories/8798
Reference: XF:macos-ipsec-acl-bypass(12027)
Reference: URL:http://xforce.iss.net/xforce/xfdb/12027
 

Votes:

Description:
Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts.

Status: Candidate
Phase: Assigned (20030506)
Reference: VULNWATCH:20030507 Happymall E-Commerce Remote Command Execution
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0058.html
Reference: SECTRACK:1006707
Reference: URL:http://securitytracker.com/id?1006707
 

Votes:

Description:
The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions.

Status: Candidate
Phase: Assigned (20030506)
Reference: VULNWATCH:20030517 Algorithmic Complexity Attacks and the Linux Networking Code
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0073.html
Reference: MISC:http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html
Reference: MISC:http://marc.theaimsgroup.com/?l=linux-kernel&m=104956079213417
Reference: REDHAT:RHSA-2003:145
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-145.html
Reference: REDHAT:RHSA-2003:147
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-147.html
Reference: REDHAT:RHSA-2003:172
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-172.html
Reference: ENGARDE:ESA-20030515-017
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
Reference: DEBIAN:DSA-311
Reference: URL:http://www.debian.org/security/2003/dsa-311
Reference: DEBIAN:DSA-312
Reference: URL:http://www.debian.org/security/2003/dsa-312
Reference: DEBIAN:DSA-332
Reference: URL:http://www.debian.org/security/2003/dsa-332
Reference: DEBIAN:DSA-336
Reference: URL:http://www.debian.org/security/2003/dsa-336
Reference: DEBIAN:DSA-442
Reference: URL:http://www.debian.org/security/2004/dsa-442
Reference: MANDRAKE:MDKSA-2003:066
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
Reference: MANDRAKE:MDKSA-2003:074
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
Reference: BUGTRAQ:20030618 [slackware-security] 2.4.21 kernels available (SSA:2003-168-01)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105595901923063&w=2
Reference: BID:7601
Reference: URL:http://www.securityfocus.com/bid/7601
Reference: OVAL:oval:org.mitre.oval:def:261
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:261
Reference: SECUNIA:8786
Reference: URL:http://www.secunia.com/advisories/8786/
Reference: XF:data-algorithmic-complexity-dos(15382)
Reference: URL:http://xforce.iss.net/xforce/xfdb/15382
 

Votes:

Description:
Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.

Status: Candidate
Phase: Assigned (20030506)
Reference: CONFIRM:http://www.apache.org/dist/httpd/Announcement2.html
Reference: BUGTRAQ:20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105418115512559&w=2
Reference: VULNWATCH:20030530 iDEFENSE Security Advisory 05.30.03: Apache Portable Runtime Denial of Service and Arbitrary Code Execution Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0095.html
Reference: MISC:http://www.idefense.com/advisory/05.30.03.txt
Reference: REDHAT:RHSA-2003:186
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-186.html
Reference: CONECTIVA:CLA-2003:661
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000661
Reference: MANDRAKE:MDKSA-2003:063
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:063
Reference: CERT-VN:VU#757612
Reference: URL:http://www.kb.cert.org/vuls/id/757612
Reference: XF:apache-aprpsprintf-code-execution(12090)
Reference: URL:http://xforce.iss.net/xforce/xfdb/12090
Reference: BID:7723
Reference: URL:http://www.securityfocus.com/bid/7723
 

Votes:

Description:
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.

Status: Candidate
Phase: Assigned (20030506)
Reference: REDHAT:RHSA-2003:172
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-172.html
Reference: REDHAT:RHSA-2003:147
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-147.html
Reference: ENGARDE:ESA-20030515-017
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
Reference: DEBIAN:DSA-311
Reference: URL:http://www.debian.org/security/2003/dsa-311
Reference: DEBIAN:DSA-312
Reference: URL:http://www.debian.org/security/2003/dsa-312
Reference: DEBIAN:DSA-332
Reference: URL:http://www.debian.org/security/2003/dsa-332
Reference: DEBIAN:DSA-336
Reference: URL:http://www.debian.org/security/2003/dsa-336
Reference: DEBIAN:DSA-442
Reference: URL:http://www.debian.org/security/2004/dsa-442
Reference: MANDRAKE:MDKSA-2003:066
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
Reference: MANDRAKE:MDKSA-2003:074
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
Reference: TURBO:TLSA-2003-41
Reference: URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
Reference: VULNWATCH:20030520 Linux 2.4 kernel ioperm vuln
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html
Reference: OVAL:oval:org.mitre.oval:def:278
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:278
 

Votes:

Description:
Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops").

Status: Candidate
Phase: Assigned (20030506)
Reference: REDHAT:RHSA-2003:187
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-187.html
Reference: REDHAT:RHSA-2003:195
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-195.html
Reference: REDHAT:RHSA-2003:198
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
Reference: DEBIAN:DSA-311
Reference: URL:http://www.debian.org/security/2003/dsa-311
Reference: DEBIAN:DSA-312
Reference: URL:http://www.debian.org/security/2003/dsa-312
Reference: DEBIAN:DSA-332
Reference: URL:http://www.debian.org/security/2003/dsa-332
Reference: DEBIAN:DSA-336
Reference: URL:http://www.debian.org/security/2003/dsa-336
Reference: DEBIAN:DSA-442
Reference: URL:http://www.debian.org/security/2004/dsa-442
Reference: MANDRAKE:MDKSA-2003:066
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
Reference: MANDRAKE:MDKSA-2003:074
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
Reference: TURBO:TLSA-2003-41
Reference: URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
Reference: OVAL:oval:org.mitre.oval:def:284
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:284
 

Votes:

Description:
The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.

Status: Candidate
Phase: Assigned (20030506)
Reference: REDHAT:RHSA-2003:187
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-187.html
Reference: REDHAT:RHSA-2003:195
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-195.html
Reference: DEBIAN:DSA-311
Reference: URL:http://www.debian.org/security/2003/dsa-311
Reference: DEBIAN:DSA-312
Reference: URL:http://www.debian.org/security/2003/dsa-312
Reference: DEBIAN:DSA-332
Reference: URL:http://www.debian.org/security/2003/dsa-332
Reference: DEBIAN:DSA-336
Reference: URL:http://www.debian.org/security/2003/dsa-336
Reference: DEBIAN:DSA-442
Reference: URL:http://www.debian.org/security/2004/dsa-442
Reference: MANDRAKE:MDKSA-2003:066
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
Reference: MANDRAKE:MDKSA-2003:074
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
Reference: TURBO:TLSA-2003-41
Reference: URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
Reference: OVAL:oval:org.mitre.oval:def:292
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:292
 

Votes:

Description:
** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."

Status: Candidate
Phase: Assigned (20030506)
Reference: IDEFENSE:20030625 PHP/Apache .htaccess Authentication Bypass Vulnerability
Reference: URL:http://www.idefense.com/intelligence/vulnerabilities/display.php?id=97
 

Votes:

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20030506)
 

Votes:

Description:
ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block.

Status: Candidate
Phase: Assigned (20030506)
Reference: HP:HPSBTU02132
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/440454/100/0/threaded
Reference: HP:SSRT061154
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/440454/100/0/threaded
Reference: REDHAT:RHSA-2003:173
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-173.html
Reference: MANDRAKE:MDKSA-2003:072
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:072
Reference: REDHAT:RHSA-2003:201
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-201.html
Reference: SUNALERT:55600
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55600&zone_32=category%3Asecurity
Reference: TURBO:TLSA-2003-43
Reference: URL:http://www.turbolinux.com/security/TLSA-2003-43.txt
Reference: BID:8031
Reference: URL:http://www.securityfocus.com/bid/8031
Reference: FRSIRT:ADV-2006-2873
Reference: URL:http://www.frsirt.com/english/advisories/2006/2873
Reference: OVAL:oval:org.mitre.oval:def:667
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:667
Reference: SECTRACK:1016517
Reference: URL:http://securitytracker.com/id?1016517
Reference: SECUNIA:21112
Reference: URL:http://secunia.com/advisories/21112
 

Votes:

Description:
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.

Status: Candidate
Phase: Assigned (20030506)
Reference: VULNWATCH:20030714 Linux nfs-utils xlog() off-by-one bug
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.html
Reference: BUGTRAQ:20030714 Linux nfs-utils xlog() off-by-one bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105820223707191&w=2
Reference: MISC:http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt
Reference: VULNWATCH:20030714 Reality of the rpc.mountd bug
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.html
Reference: DEBIAN:DSA-349
Reference: URL:http://www.debian.org/security/2003/dsa-349
Reference: REDHAT:RHSA-2003:206
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-206.html
Reference: REDHAT:RHSA-2003:207
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-207.html
Reference: SUSE:SuSE-SA:2003:031
Reference: URL:http://www.novell.com/linux/security/advisories/2003_031_nfs_utils.html
Reference: MANDRAKE:MDKSA-2003:076
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:076
Reference: TURBO:TLSA-2003-44
Reference: URL:http://www.turbolinux.com/security/TLSA-2003-44.txt
Reference: SCO:CSSA-2003-037.0
Reference: BUGTRAQ:20030715 [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105830921519513&w=2
Reference: BUGTRAQ:20030716 Immunix Secured OS 7+ nfs-utils update -- bugtraq
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105839032403325&w=2
Reference: CERT-VN:VU#258564
Reference: URL:http://www.kb.cert.org/vuls/id/258564
Reference: BID:8179
Reference: URL:http://www.securityfocus.com/bid/8179
Reference: OVAL:oval:org.mitre.oval:def:443
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:443
Reference: SECTRACK:1007187
Reference: URL:http://securitytracker.com/id?1007187
Reference: SECUNIA:9259
Reference: URL:http://secunia.com/advisories/9259
Reference: XF:nfs-utils-offbyone-bo(12600)
Reference: URL:http://xforce.iss.net/xforce/xfdb/12600
 

Votes:

Description:
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.

Status: Candidate
Phase: Assigned (20030506)
Reference: BUGTRAQ:20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105776593602600&w=2
Reference: MANDRAKE:MDKSA-2003:075
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:075
Reference: REDHAT:RHSA-2003:240
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-240.html
Reference: OVAL:oval:org.mitre.oval:def:173
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:173
 

Votes:

Description:
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.

Status: Candidate
Phase: Assigned (20030506)
Reference: BUGTRAQ:20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105776593602600&w=2
Reference: MANDRAKE:MDKSA-2003:075
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:075
Reference: REDHAT:RHSA-2003:240
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-240.html
Reference: OVAL:oval:org.mitre.oval:def:183
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:183
 

Votes:

Description:
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.

Status: Candidate
Phase: Assigned (20030506)
Reference: BUGTRAQ:20030504 Key validity bug in GnuPG 1.2.1 and earlier
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105215110111174&w=2
Reference: MISC:http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html
Reference: CONECTIVA:CLA-2003:694
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694
Reference: ENGARDE:ESA-20030515-016
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301357425157&w=2
Reference: ENGARDE:20030515-016
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html
Reference: REDHAT:RHSA-2003:175
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-175.html
Reference: REDHAT:RHSA-2003:176
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-176.html
Reference: MANDRAKE:MDKSA-2003:061
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:061
Reference: TURBO:TLSA200334
Reference: URL:http://www.turbolinux.com/security/TLSA-2003-34.txt
Reference: SCO:CSSA-2003-034.0
Reference: BUGTRAQ:20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105311804129104&w=2
Reference: BUGTRAQ:20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105362224514081&w=2
Reference: CERT-VN:VU#397604
Reference: URL:http://www.kb.cert.org/vuls/id/397604
Reference: BID:7497
Reference: URL:http://www.securityfocus.com/bid/7497
Reference: OSVDB:4947
Reference: URL:http://www.osvdb.org/4947
Reference: OVAL:oval:org.mitre.oval:def:135
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:135
Reference: XF:gnupg-invalid-key-acceptance(11930)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11930
 

Votes:

Description:
The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.

Status: Candidate
Phase: Assigned (20030507)
Reference: MANDRAKE:MDKSA-2003:055
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:055
Reference: CONECTIVA:CLA-2003:665
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000665
Reference: CONFIRM:http://kopete.kde.org/index.php?page=newsstory&news=Kopete_releases_version_0.6.2
 

Votes:

Description:
Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges.

Status: Candidate
Phase: Assigned (20030507)
Reference: AIXAPAR:IY42089
Reference: AIXAPAR:IY42090
Reference: AIXAPAR:IY42091
Reference: IBM:MSS-OAR-E01-2003:0660.1
Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0660.1
Reference: XF:aix-print-format-string(12000)
Reference: URL:http://xforce.iss.net/xforce/xfdb/12000
 

Votes:

Description:
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.

Status: Candidate
Phase: Assigned (20030507)
Reference: CISCO:20030507 Cisco VPN 3000 Concentrator Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml
Reference: CERT-VN:VU#727780
Reference: URL:http://www.kb.cert.org/vuls/id/727780
Reference: XF:cisco-vpn-unauth-access(11954)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11954
 

Votes:

Description:
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet.

Status: Candidate
Phase: Assigned (20030507)
Reference: CISCO:20030507 Cisco VPN 3000 Concentrator Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml
Reference: CERT-VN:VU#317348
Reference: URL:http://www.kb.cert.org/vuls/id/317348
Reference: XF:cisco-vpn-ssh-dos(11955)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11955
 

Votes:

Description:
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets.

Status: Candidate
Phase: Assigned (20030507)
Reference: CISCO:20030507 Cisco VPN 3000 Concentrator Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml
Reference: CERT-VN:VU#221164
Reference: URL:http://www.kb.cert.org/vuls/id/221164
Reference: XF:cisco-vpn-icmp-dos(11956)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11956
 

Votes:

Description:
fuzz 0.6 and earlier creates temporary files insecurely, which could allow local users to gain root privileges.

Status: Candidate
Phase: Assigned (20030507)
Reference: DEBIAN:DSA-302
Reference: URL:http://www.debian.org/security/2003/dsa-302
 

Votes:

Description:
leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have.

Status: Candidate
Phase: Assigned (20030507)
Reference: DEBIAN:DSA-299
Reference: URL:http://www.debian.org/security/2003/dsa-299
Reference: BID:7505
Reference: URL:http://www.securityfocus.com/bid/7505
Reference: XF:kataxwr-gain-privileges(11945)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11945
 

Votes:

Description:
Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGatePro) 1.22 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.

Status: Candidate
Phase: Assigned (20030507)
Reference: BUGTRAQ:20030506 Multiple Buffer Overflow Vulnerabilities Found in FTGate Pro Mail Server v. 1.22 (1328)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105223471822836&w=2
Reference: VULNWATCH:20030506 Multiple Buffer Overflow Vulnerabilities Found in FTGate Pro Mail Server v. 1.22 (1328)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0052.html
Reference: BID:7506
Reference: URL:http://www.securityfocus.com/bid/7506
Reference: BID:7508
Reference: URL:http://www.securityfocus.com/bid/7508
Reference: XF:ftgate-mailfrom-rcptto-bo(11951)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11951
 

Votes:

Description:
Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server.

Status: Candidate
Phase: Assigned (20030507)
Reference: BUGTRAQ:20030507 Multiple Buffer Overflow Vulnerabilities in SLMail (#NISR07052003A)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105232506011335&w=2
Reference: NTBUGTRAQ:20030507 Multiple Buffer Overflow Vulnerabilities in SLMail (#NISR07052003A)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105233360321895&w=2
Reference: MISC:http://www.nextgenss.com/advisories/slmail-vulns.txt
 

Votes:

Description:
Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed.

Status: Candidate
Phase: Assigned (20030507)
Reference: BUGTRAQ:20030507 SAP database local root vulnerability during installation. (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105232424810097&w=2
Reference: BID:7421
Reference: URL:http://www.securityfocus.com/bid/7421
 

Votes:

Description:
Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll.

Status: Candidate
Phase: Assigned (20030507)
Reference: BUGTRAQ:20030507 Multiple Vulnerabilities in SLWebmail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105232436210273&w=2
Reference: NTBUGTRAQ:20030507 Multiple Vulnerabilities in SLWebmail
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105233363721919&w=2
Reference: MISC:http://www.nextgenss.com/advisories/slwebmail-vulns.txt
 

Votes:

Description:
ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file.

Status: Candidate
Phase: Assigned (20030507)
Reference: BUGTRAQ:20030507 Multiple Vulnerabilities in SLWebmail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105232436210273&w=2
Reference: NTBUGTRAQ:20030507 Multiple Vulnerabilities in SLWebmail
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105233363721919&w=2
Reference: MISC:http://www.nextgenss.com/advisories/slwebmail-vulns.txt
 

Votes:

Description:
SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message.

Status: Candidate
Phase: Assigned (20030507)
Reference: BUGTRAQ:20030507 Multiple Vulnerabilities in SLWebmail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105232436210273&w=2
Reference: NTBUGTRAQ:20030507 Multiple Vulnerabilities in SLWebmail
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105233363721919&w=2
Reference: MISC:http://www.nextgenss.com/advisories/slwebmail-vulns.txt
 

Votes:

Description:
Buffer overflow in youbin allows local users to gain privileges via a long HOME environment variable.

Status: Candidate
Phase: Assigned (20030507)
Reference: BUGTRAQ:20030506 youbin local root exploit + advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105223947528794&w=2
Reference: VULNWATCH:20030506 youbin local root exploit + advisory
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0053.html
Reference: FULLDISC:20030506 youbin local root exploit + advisory
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004892.html
Reference: BID:7503
Reference: URL:http://www.securityfocus.com/bid/7503
Reference: XF:youbin-home-bo(11949)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11949
 

Votes:

Description:
The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.

Status: Candidate
Phase: Assigned (20030508)
Reference: ATSTAKE:A051203-1
Reference: URL:http://www.atstake.com/research/advisories/2003/a051203-1.txt
Reference: BID:7554
Reference: URL:http://www.securityfocus.com/bid/7554
Reference: SECTRACK:1006742
Reference: URL:http://securitytracker.com/id?1006742
Reference: SECUNIA:8773
Reference: URL:http://secunia.com/advisories/8773
Reference: XF:airport-auth-credentials-disclosure(11980)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11980
 

Votes:

Description:
Buffer overflow in Personal FTP Server allows remote attackers to execute arbitrary code via a long USER argument.

Status: Candidate
Phase: Assigned (20030508)
Reference: BUGTRAQ:20030331 Personal FTP Server
Reference: URL:http://www.securityfocus.com/archive/1/316958
Reference: BUGTRAQ:20030508 Remote Stack Overflow exploit for Personal FTPD
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105240469318622&w=2
Reference: MISC:http://security.nnov.ru/search/document.asp?docid=4309