Sax2 Network Intrusion Detection System

A professional intrusion detection and protection system (NIDS) which excels at real-time packet capture, 24/7 network monitor, advanced protocol analysis and automatic expert detection.  

Name:CVE-2002-0002

Description:
Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code. Status: Entry
Reference: MISC:http://marc.theaimsgroup.com/?l=stunnel-users&m=100869449828705&w=2
Reference: BUGTRAQ:20011227 Stunnel: Format String Bug in versions <3.22
Reference: URL:http://online.securityfocus.com/archive/1/247427
Reference: BUGTRAQ:20020102 Stunnel: Format String Bug update
Reference: URL:http://online.securityfocus.com/archive/1/248149
Reference: CONFIRM:http://stunnel.mirt.net/news.html
Reference: REDHAT:RHSA-2002:002
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-002.html
Reference: MANDRAKE:MDKSA-2002:004
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3
Reference: XF:stunnel-client-format-string(7741)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7741
Reference: BID:3748
Reference: URL:http://www.securityfocus.com/bid/3748

Description:
Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system. Status: Entry
Reference: REDHAT:RHSA-2002:004
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-004.html
Reference: MANDRAKE:MDKSA-2002:012
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php
Reference: HP:HPSBTL0201-014
Reference: URL:http://online.securityfocus.com/advisories/3793
Reference: XF:linux-groff-preprocessor-bo(7881)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7881
Reference: BID:3869
Reference: URL:http://www.securityfocus.com/bid/3869

Description:
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. Status: Entry
Reference: BUGTRAQ:20020117 '/usr/bin/at 31337 + vuln' problem + exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101128661602088&w=2
Reference: DEBIAN:DSA-102
Reference: URL:http://www.debian.org/security/2002/dsa-102
Reference: SUSE:SuSE-SA:2002:003
Reference: URL:http://www.novell.com/linux/security/advisories/2002_003_at_txt.html
Reference: MANDRAKE:MDKSA-2002:007
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101147632721031&w=2
Reference: REDHAT:RHSA-2002:015
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-015.html
Reference: HP:HPSBTL0201-021
Reference: URL:http://online.securityfocus.com/advisories/3833
Reference: HP:HPSBTL0302-034
Reference: URL:http://online.securityfocus.com/advisories/3969
Reference: XF:linux-at-exetime-heap-corruption(7909)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7909
Reference: BID:3886
Reference: URL:http://www.securityfocus.com/bid/3886

Description:
Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame). Status: Entry
Reference: BUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100998295512885&w=2
Reference: BUGTRAQ:20020102 AIM addendum
Reference: URL:http://www.securityfocus.com/archive/1/247944
Reference: NTBUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability)
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=72
Reference: NTBUGTRAQ:20020102 AIM addendum
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=198
Reference: CERT-VN:VU#907819
Reference: URL:http://www.kb.cert.org/vuls/id/907819
Reference: BID:3769
Reference: URL:http://www.securityfocus.com/bid/3769
Reference: XF:aim-game-overflow(7743)
Reference: URL:http://xforce.iss.net/static/7743.php

Description:
XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set. Status: Entry
Reference: BUGTRAQ:20020109 xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101060676210255&w=2
Reference: DEBIAN:DSA-099
Reference: URL:http://www.debian.org/security/2002/dsa-099
Reference: REDHAT:RHSA-2002:005
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-005.html
Reference: HP:HPSBTL0201-016
Reference: URL:http://online.securityfocus.com/advisories/3806
Reference: CONECTIVA:CLA-2002:453
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000453
Reference: XF:xchat-ctcp-ping-command(7856)
Reference: URL:http://xforce.iss.net/static/7856.php
Reference: BID:3830
Reference: URL:http://www.securityfocus.com/bid/3830

Description:
CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server. Status: Entry
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=54901
Reference: REDHAT:RHSA-2002:001
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-001.html
Reference: BID:3792
Reference: URL:http://www.securityfocus.com/bid/3792
Reference: XF:bugzilla-ldap-auth-bypass(7812)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7812

Description:
show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. Status: Entry
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=102141
Reference: REDHAT:RHSA-2002:001
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-001.html
Reference: XF:bugzilla-showbug-reveal-bugs(7802)
Reference: URL:http://www.iss.net/security_center/static/7802.php
Reference: BID:3798
Reference: URL:http://www.securityfocus.com/bid/3798

Description:
Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login. Status: Entry
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=98146
Reference: REDHAT:RHSA-2002:001
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-001.html
Reference: XF:bugzilla-doeditvotes-login-information(7803)
Reference: URL:http://www.iss.net/security_center/static/7803.php
Reference: BID:3800
Reference: URL:http://www.securityfocus.com/bid/3800

Description:
URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&). Status: Entry
Reference: BUGTRAQ:20020105 Pine 4.33 (at least) URL handler allows embedded commands.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101027841605918&w=2
Reference: REDHAT:RHSA-2002:009
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-009.html
Reference: ENGARDE:ESA-20020114-002
Reference: CONECTIVA:CLA-2002:460
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000460
Reference: FREEBSD:FreeBSD-SA-02:05
Reference: HP:HPSBTL0201-015
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0201-015
Reference: BID:3815
Reference: URL:http://www.securityfocus.com/bid/3815

Description:
Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request. Status: Entry
Reference: ISS:20020403 Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon
Reference: URL:http://www.iss.net/security_center/alerts/advise113.php
Reference: SGI:20020201-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-P
Reference: BID:4421
Reference: URL:http://www.securityfocus.com/bid/4421
Reference: XF:irix-snmp-bo(7846)
Reference: URL:http://www.iss.net/security_center/static/7846.php

Description:
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. Status: Entry
Reference: MS:MS02-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-001.asp
Reference: BID:3997
Reference: URL:http://www.securityfocus.com/bid/3997
Reference: OVAL:oval:org.mitre.oval:def:159
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:159
Reference: OVAL:oval:org.mitre.oval:def:64
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:64
Reference: XF:win-sid-gain-privileges(8023)
Reference: URL:http://xforce.iss.net/xforce/xfdb/8023

Description:
Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options. Status: Entry
Reference: MS:MS02-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-004.asp
Reference: BID:4061
Reference: URL:http://www.securityfocus.com/bid/4061
Reference: XF:ms-telnet-option-bo(8094)
Reference: URL:http://www.iss.net/security_center/static/8094.php
Reference: OVAL:oval:org.mitre.oval:def:424
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:424

Description:
Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement. Status: Entry
Reference: MS:MS02-002
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-002.asp
Reference: BID:4045
Reference: URL:http://www.securityfocus.com/bid/4045
Reference: OSVDB:2041
Reference: URL:http://www.osvdb.org/2041

Description:
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated. Status: Entry
Reference: BUGTRAQ:20020213 dH & SECURITY.NNOV: buffer overflow in mshtml.dll
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101362984930597&w=2
Reference: BUGTRAQ:20020227 Details and exploitation of buffer overflow in mshtml.dll (and few sidenotes on Unicode overflows in general)
Reference: URL:http://online.securityfocus.com/archive/1/258614
Reference: MS:MS02-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp
Reference: CERT:CA-2002-04
Reference: URL:http://www.cert.org/advisories/CA-2002-04.html
Reference: XF:ie-html-directive-bo(8116)
Reference: URL:http://www.iss.net/security_center/static/8116.php
Reference: BID:4080
Reference: URL:http://www.securityfocus.com/bid/4080
Reference: OVAL:oval:org.mitre.oval:def:925
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:925

Description:
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. Status: Entry
Reference: BUGTRAQ:20020101 IE GetObject() problems
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0000.html
Reference: MS:MS02-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp
Reference: BID:3767
Reference: URL:http://www.securityfocus.com/bid/3767
Reference: OSVDB:3030
Reference: URL:http://www.osvdb.org/3030
Reference: OVAL:oval:org.mitre.oval:def:17
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17
Reference: OVAL:oval:org.mitre.oval:def:40
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:40
Reference: OVAL:oval:org.mitre.oval:def:50
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:50
Reference: OVAL:oval:org.mitre.oval:def:77
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:77
Reference: XF:ie-getobject-directory-traversal(7758)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7758

Description:
File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. Status: Entry
Reference: MS:MS02-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp
Reference: BID:4087
Reference: URL:http://www.securityfocus.com/bid/4087

Description:
Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document. Status: Entry
Reference: MS:MS02-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp
Reference: BUGTRAQ:20020212 [ GFISEC04102001 ] Internet Explorer and Access allow macros to be executed automatically
Reference: URL:http://online.securityfocus.com/archive/1/255767
Reference: BID:4085
Reference: URL:http://www.securityfocus.com/bid/4085
Reference: XF:ie-application-invocation(8118)
Reference: URL:http://xforce.iss.net/xforce/xfdb/8118

Description:
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made. Status: Entry
Reference: MS:MS02-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp
Reference: BID:4082
Reference: URL:http://www.securityfocus.com/bid/4082
Reference: OVAL:oval:org.mitre.oval:def:12
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12
Reference: OVAL:oval:org.mitre.oval:def:23
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:23
Reference: OVAL:oval:org.mitre.oval:def:32
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:32

Description:
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874. Status: Entry
Reference: BUGTRAQ:20011219 Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, Site Spoofing Bug
Reference: URL:http://www.securityfocus.com/archive/1/246522
Reference: MS:MS02-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp
Reference: BID:3721
Reference: URL:http://www.securityfocus.com/bid/3721
Reference: OSVDB:3031
Reference: URL:http://www.osvdb.org/3031
Reference: OVAL:oval:org.mitre.oval:def:974
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:974

Description:
Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request. Status: Entry
Reference: BUGTRAQ:20020106 ICQ remote buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101043894627851&w=2
Reference: VULN-DEV:20020107 ICQ remote buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101043076806401&w=2
Reference: CERT:CA-2002-02
Reference: URL:http://www.cert.org/advisories/CA-2002-02.html
Reference: CERT-VN:VU#570167
Reference: URL:http://www.kb.cert.org/vuls/id/570167
Reference: BID:3813
Reference: URL:http://www.securityfocus.com/bid/3813
Reference: XF:aim-game-overflow(7743)
Reference: URL:http://xforce.iss.net/static/7743.php

Description:
Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI. Status: Entry
Reference: BUGTRAQ:20020527 Yahoo Messenger - Multiple Vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/274223
Reference: CERT:CA-2002-16
Reference: URL:http://www.cert.org/advisories/CA-2002-16.html
Reference: CERT-VN:VU#172315
Reference: URL:http://www.kb.cert.org/vuls/id/172315
Reference: BID:4838
Reference: URL:http://www.securityfocus.com/bid/4838
Reference: XF:yahoo-messenger-script-injection(9184)
Reference: URL:http://www.iss.net/security_center/static/9184.php

Description:
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name. Status: Entry
Reference: BUGTRAQ:20020505 [LSD] Solaris cachefsd remote buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0026.html
Reference: CERT:CA-2002-11
Reference: URL:http://www.cert.org/advisories/CA-2002-11.html
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309
Reference: CERT-VN:VU#635811
Reference: URL:http://www.kb.cert.org/vuls/id/635811
Reference: BID:4674
Reference: URL:http://www.securityfocus.com/bid/4674
Reference: XF:solaris-cachefsd-name-bo(8999)
Reference: URL:http://www.iss.net/security_center/static/8999.php
Reference: OVAL:oval:org.mitre.oval:def:124
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:124
Reference: OVAL:oval:org.mitre.oval:def:31
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:31

Description:
Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. Status: Entry
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
Reference: CERT-VN:VU#587579
Reference: URL:http://www.kb.cert.org/vuls/id/587579
Reference: CONECTIVA:CLA-2003:639
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
Reference: MANDRAKE:MDKSA-2003:043
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043
Reference: REDHAT:RHSA-2003:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:168
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html
Reference: XF:kerberos-kdc-neglength-bo(11190)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11190
Reference: BID:6713
Reference: URL:http://www.securityfocus.com/bid/6713
Reference: OSVDB:4896
Reference: URL:http://www.osvdb.org/4896

Description:
Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote attackers to cause a denial of service by forcing the cache to fill the disk. Status: Entry
Reference: SGI:20020102-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-01-I
Reference: SGI:20020102-02-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-02-I
Reference: SGI:20020102-03-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-03-P
Reference: XF:irix-nsd-cache-dos(7907)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7907
Reference: BID:3882
Reference: URL:http://www.securityfocus.com/bid/3882

Description:
Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to cause privileged applications to dump core via the HOSTALIASES environment variable, which might allow the users to gain privileges. Status: Entry
Reference: SGI:20020306-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020306-01-P
Reference: BID:4388
Reference: URL:http://www.securityfocus.com/bid/4388
Reference: OSVDB:2058
Reference: URL:http://www.osvdb.org/2058
Reference: XF:irix-hostaliases-gain-privileges(8669)
Reference: URL:http://www.iss.net/security_center/static/8669.php

Description:
Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS. Status: Entry
Reference: SGI:20020402-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020402-01-P
Reference: XF:irix-xfs-dos(8839)
Reference: URL:http://www.iss.net/security_center/static/8839.php
Reference: BID:4511
Reference: URL:http://www.securityfocus.com/bid/4511

Description:
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked. Status: Entry
Reference: BUGTRAQ:20020114 Sudo version 1.6.4 now available (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/250168
Reference: REDHAT:RHSA-2002:013
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-013.html
Reference: REDHAT:RHSA-2002:011
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-011.html
Reference: CONECTIVA:CLA-2002:451
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451
Reference: ENGARDE:ESA-20020114-001
Reference: SUSE:SuSE-SA:2002:002
Reference: URL:http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.html
Reference: MANDRAKE:MDKSA-2002:003
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003
Reference: DEBIAN:DSA-101
Reference: URL:http://www.debian.org/security/2002/dsa-101
Reference: IMMUNIX:IMNX-2002-70-001-01
Reference: URL:http://www.securityfocus.com/advisories/3800
Reference: FREEBSD:FreeBSD-SA-02:06
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc
Reference: BUGTRAQ:20020116 Sudo +Postfix Exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101120193627756&w=2
Reference: MISC:http://www.sudo.ws/sudo/alerts/postfix.html
Reference: XF:sudo-unclean-env-root(7891)
Reference: URL:http://xforce.iss.net/static/7891.php
Reference: BID:3871
Reference: URL:http://www.securityfocus.com/bid/3871

Description:
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files. Status: Entry
Reference: REDHAT:RHSA-2002:012
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-012.html
Reference: HP:HPSBTL0201-019
Reference: URL:http://www.securityfocus.com/advisories/3818
Reference: MANDRAKE:MDKSA-2002:010
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-010.php3
Reference: DEBIAN:DSA-105
Reference: URL:http://www.debian.org/security/2002/dsa-105
Reference: XF:gnu-enscript-tmpfile-symlink(7932)
Reference: URL:http://xforce.iss.net/static/7932.php
Reference: BID:3920
Reference: URL:http://www.securityfocus.com/bid/3920

Description:
slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs. Status: Entry
Reference: CONFIRM:http://www.openldap.org/lists/openldap-announce/200201/msg00002.html
Reference: CALDERA:CSSA-2002-001.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-001.0.txt
Reference: CONECTIVA:CLA-2002:459
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000459
Reference: HP:HPSBTL0201-020
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0201-020
Reference: MANDRAKE:MDKSA-2002:013
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:013
Reference: REDHAT:RHSA-2002:014
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-014.html
Reference: BID:3945
Reference: URL:http://www.securityfocus.com/bid/3945
Reference: OSVDB:5395
Reference: URL:http://www.osvdb.org/5395
Reference: XF:openldap-slapd-delete-attributes(7978)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7978

Description:
Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet. Status: Entry
Reference: BUGTRAQ:20020120 remote memory reading through tcp/icmp
Reference: URL:http://www.securityfocus.com/archive/1/251418
Reference: REDHAT:RHSA-2002:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-007.html
Reference: XF:icmp-read-memory(7998)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7998
Reference: OSVDB:5394
Reference: URL:http://www.osvdb.org/5394

Description:
CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet. Status: Entry
Reference: DEBIAN:DSA-104
Reference: URL:http://www.debian.org/security/2002/dsa-104
Reference: REDHAT:RHSA-2002:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-007.html
Reference: XF:cipe-packet-handling-dos(7883)
Reference: URL:http://xforce.iss.net/static/7883.php

Description:
Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. Status: Entry
Reference: MS:MS02-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-003.asp
Reference: BID:4053
Reference: URL:http://www.securityfocus.com/bid/4053
Reference: OSVDB:2042
Reference: URL:http://www.osvdb.org/2042
Reference: OVAL:oval:org.mitre.oval:def:1022
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1022
Reference: XF:exchange-attendant-incorrect-permissions(8092)
Reference: URL:http://xforce.iss.net/xforce/xfdb/8092

Description:
Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. Status: Entry
Reference: MS:MS02-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-010.asp
Reference: BID:4157
Reference: URL:http://www.securityfocus.com/bid/4157

Description:
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. Status: Entry
Reference: BUGTRAQ:20011205 SECURITY.NNOV: file locking and security (group policy DoS on Windows 2000 domain)
Reference: URL:http://online.securityfocus.com/archive/1/244329
Reference: MS:MS02-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-016.asp
Reference: BID:4438
Reference: URL:http://www.securityfocus.com/bid/4438
Reference: OVAL:oval:org.mitre.oval:def:38
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:38

Description:
Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files. Status: Entry
Reference: MS:MS02-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-009.asp
Reference: BID:4158
Reference: URL:http://www.securityfocus.com/bid/4158
Reference: OSVDB:763
Reference: URL:http://www.osvdb.org/763
Reference: SECTRACK:1003630
Reference: URL:http://securitytracker.com/id?1003630

Description:
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. Status: Entry
Reference: MS:MS02-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-011.asp
Reference: BID:4205
Reference: URL:http://www.securityfocus.com/bid/4205
Reference: BUGTRAQ:20020301 IIS SMTP component allows mail relaying via Null Session
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101501580409373&w=2

Description:
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. Status: Entry
Reference: BUGTRAQ:20020306 Vulnerability Details for MS02-012
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101558498401274&w=2
Reference: MS:MS02-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-012.asp
Reference: XF:ms-smtp-data-transfer-dos(8307)
Reference: URL:http://www.iss.net/security_center/static/8307.php
Reference: BID:4204
Reference: URL:http://www.securityfocus.com/bid/4204
Reference: OVAL:oval:org.mitre.oval:def:30
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:30

Description:
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. Status: Entry
Reference: BUGTRAQ:20011214 MSIE6 can read local files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.html
Reference: BUGTRAQ:20020212 Update on the MS02-005 patch, holes still remain
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101366383408821&w=2
Reference: MS:MS02-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-008.asp
Reference: BID:3699
Reference: URL:http://www.securityfocus.com/bid/3699
Reference: XF:ie-xmlhttp-redirect(7712)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7712
Reference: OSVDB:3032
Reference: URL:http://www.osvdb.org/3032

Description:
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data. Status: Entry
Reference: BUGTRAQ:20020311 security problem fixed in zlib 1.1.4
Reference: BUGTRAQ:20020312 exploiting the zlib bug in openssh
Reference: VULNWATCH:20020312 exploiting the zlib bug in openssh
Reference: VULNWATCH:20020311 [VulnWatch] zlibscan : script to find suid binaries possibly affected by zlib vulnerability
Reference: BUGTRAQ:20020312 [OpenPKG-SA-2002.003] OpenPKG Security Advisory (zlib)
Reference: BUGTRAQ:20020312 Re: [VulnWatch] exploiting the zlib bug in openssh
Reference: BUGTRAQ:20020312 zlib & java
Reference: BUGTRAQ:20020312 zlibscan : script to find suid binaries possibly affected by zlib vulnerability
Reference: BUGTRAQ:20020313 OpenSSH rebuild warning: problems avoiding zlib problems in Solaris
Reference: BUGTRAQ:20020314 about zlib vulnerability
Reference: BUGTRAQ:20020314 ZLib double free bug: Windows NT potentially unaffected
Reference: BUGTRAQ:20020314 Re: about zlib vulnerability - Microsoft products
Reference: BUGTRAQ:20020315 RE: [Whitehat] about zlib vulnerability
Reference: CERT:CA-2002-07
Reference: URL:http://www.cert.org/advisories/CA-2002-07.html
Reference: CERT-VN:VU#368819
Reference: URL:http://www.kb.cert.org/vuls/id/368819
Reference: DEBIAN:DSA-122
Reference: URL:http://www.debian.org/security/2002/dsa-122
Reference: REDHAT:RHSA-2002:026
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-026.html
Reference: REDHAT:RHSA-2002:027
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-027.html
Reference: SUSE:SuSE-SA:2002:010
Reference: SUSE:SuSE-SA:2002:011
Reference: ENGARDE:ESA-20020311-008
Reference: MANDRAKE:MDKSA-2002:022
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
Reference: MANDRAKE:MDKSA-2002:023
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
Reference: CALDERA:CSSA-2002-014.1
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
Reference: CALDERA:CSSA-2002-015.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
Reference: CONECTIVA:CLA-2002:469
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
Reference: HP:HPSBTL0204-030
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
Reference: HP:HPSBTL0204-036
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
Reference: HP:HPSBTL0204-037
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
Reference: MANDRAKE:MDKSA-2002:024
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
Reference: CISCO:20020403 Vulnerability in the zlib Compression Library
Reference: OPENBSD:20020313 015: RELIABILITY FIX: March 13, 2002
Reference: FREEBSD:FreeBSD-SA-02:18
Reference: BUGTRAQ:20020318 TSLSA-2002-0040 - zlib
Reference: BUGTRAQ:20020402 VNC Security Bulletin - zlib double free issue (multiple vendors and versions)
Reference: BID:4267
Reference: URL:http://www.securityfocus.com/bid/4267
Reference: XF:zlib-doublefree-memory-corruption(8427)
Reference: URL:http://xforce.iss.net/xforce/xfdb/8427

Description:
IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions. Status: Entry
Reference: BUGTRAQ:20020227 security advisory linux 2.4.x ip_conntrack_irc
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101483396412051&w=2
Reference: VULN-DEV:20020227 Fwd: [ANNOUNCE] Security Advisory about IRC DCC connection tracking
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101486352429653&w=2
Reference: CONFIRM:http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.html
Reference: HP:HPSBUX0203-027
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0203-027
Reference: MANDRAKE:MDKSA-2002:041
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:041
Reference: REDHAT:RHSA-2002:028
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-028.html
Reference: CERT-VN:VU#230307
Reference: URL:http://www.kb.cert.org/vuls/id/230307
Reference: BID:4188
Reference: URL:http://www.securityfocus.com/bid/4188
Reference: XF:linux-dcc-port-access(8302)
Reference: URL:http://xforce.iss.net/xforce/xfdb/8302

Description:
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. Status: Entry
Reference: BUGTRAQ:20020321 Vulnerability in Apache for Win32 batch file processing - Remote command execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101674082427358&w=2
Reference: BUGTRAQ:20020325 Apache 1.3.24 Released! (fwd)
Reference: URL:http://online.securityfocus.com/archive/1/263927
Reference: XF:apache-dos-batch-command-execution(8589)
Reference: URL:http://www.iss.net/security_center/static/8589.php
Reference: BID:4335
Reference: URL:http://www.securityfocus.com/bid/4335
Reference: CONFIRM:http://www.apacheweek.com/issues/02-03-29#apache1324

Description:
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." Status: Entry
Reference: REDHAT:RHSA-2002:020
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-020.html
Reference: DEBIAN:DSA-113
Reference: URL:http://www.debian.org/security/2002/dsa-113
Reference: BID:2116
Reference: URL:http://www.securityfocus.com/bid/2116
Reference: XF:gnu-ncurses-window-bo(8222)
Reference: URL:http://www.iss.net/security_center/static/8222.php

Description:
Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values. Status: Entry
Reference: CONFIRM:http://www.cups.org/relnotes.html
Reference: DEBIAN:DSA-110
Reference: URL:http://www.debian.org/security/2002/dsa-110
Reference: MANDRAKE:MDKSA-2002:015
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-015.php
Reference: REDHAT:RHSA-2002:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-032.html
Reference: SUSE:SuSE-SA:2002:005
Reference: URL:http://lists2.suse.com/archive/suse-security-announce/2001-Mar/0000.html
Reference: SUSE:SuSE-SA:2002:006
Reference: CALDERA:CSSA-2002-008.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-008.0.txt
Reference: CONECTIVA:CLA-2002:471
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000471
Reference: XF:cups-ippread-bo(8192)
Reference: URL:http://xforce.iss.net/xforce/xfdb/8192
Reference: BID:4100
Reference: URL:http://www.securityfocus.com/bid/4100

Description:
Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system. Status: Entry
Reference: BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x
Reference: URL:http://razor.bindview.com/publish/advisories/adv_FunkProxy.html
Reference: XF:funk-proxy-insecure-permissions(8791)
Reference: URL:http://www.iss.net/security_center/static/8791.php
Reference: BID:4458
Reference: URL:http://www.securityfocus.com/bid/4458

Description:
Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry. Status: Entry
Reference: BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x
Reference: URL:http://razor.bindview.com/publish/advisories/adv_FunkProxy.html
Reference: XF:funk-proxy-weak-password(8792)
Reference: URL:http://www.iss.net/security_center/static/8792.php
Reference: BID:4459
Reference: URL:http://www.securityfocus.com/bid/4459

Description:
Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges. Status: Entry
Reference: BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x
Reference: URL:http://razor.bindview.com/publish/advisories/adv_FunkProxy.html
Reference: XF:funk-proxy-named-pipe(8793)
Reference: URL:http://www.iss.net/security_center/static/8793.php
Reference: BID:4460
Reference: URL:http://www.securityfocus.com/bid/4460

Description:
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions. Status: Entry
Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: REDHAT:RHSA-2002:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html
Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2
Reference: MANDRAKE:MDKSA-2002:016
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
Reference: CALDERA:CSSA-2002-SCO.7
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
Reference: CONECTIVA:CLA-2002:464
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
Reference: FREEBSD:FreeBSD-SA-02:12
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
Reference: XF:squid-htcp-enabled(8261)
Reference: URL:http://www.iss.net/security_center/static/8261.php
Reference: BID:4150
Reference: URL:http://www.securityfocus.com/bid/4150
Reference: OSVDB:5379
Reference: URL:http://www.osvdb.org/5379

Description:
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters. Status: Entry
Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: BUGTRAQ:20020222 Squid buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440163111826&w=2
Reference: REDHAT:RHSA-2002:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html
Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2
Reference: MANDRAKE:MDKSA-2002:016
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
Reference: CALDERA:CSSA-2002-010.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt
Reference: CALDERA:CSSA-2002-SCO.7
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
Reference: CONECTIVA:CLA-2002:464
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
Reference: SUSE:SuSE-SA:2002:008
Reference: URL:http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html
Reference: FREEBSD:FreeBSD-SA-02:12
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
Reference: BID:4148
Reference: URL:http://www.securityfocus.com/bid/4148
Reference: XF:squid-ftpbuildtitleurl-bo(8258)
Reference: URL:http://www.iss.net/security_center/static/8258.php
Reference: OSVDB:5378
Reference: URL:http://www.osvdb.org/5378

Description:
Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service. Status: Entry
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: REDHAT:RHSA-2002:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html
Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101431040422095&w=2
Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101443252627021&w=2
Reference: MANDRAKE:MDKSA-2002:016
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
Reference: CALDERA:CSSA-2002-SCO.7
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
Reference: CONECTIVA:CLA-2002:464
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
Reference: FREEBSD:FreeBSD-SA-02:12
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
Reference: XF:squid-snmp-dos(8260)
Reference: URL:http://www.iss.net/security_center/static/8260.php
Reference: BID:4146
Reference: URL:http://www.securityfocus.com/bid/4146

Description:
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. Status: Entry
Reference: BUGTRAQ:20020312 ADVISORY: Windows Shell Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101594127017290&w=2
Reference: VULNWATCH:20020311 ADVISORY: Windows Shell Overflow
Reference: NTBUGTRAQ:20020311 ADVISORY: Windows Shell Overflow
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0203&L=ntbugtraq&F=P&S=&P=2404
Reference: MS:MS02-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-014.asp
Reference: XF:win-shell-bo(8384)
Reference: URL:http://www.iss.net/security_center/static/8384.php
Reference: BID:4248
Reference: URL:http://www.securityfocus.com/bid/4248
Reference: OVAL:oval:org.mitre.oval:def:18
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:18
Reference: OVAL:oval:org.mitre.oval:def:147
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:147

Description:
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. Status: Entry
Reference: ATSTAKE:A041002-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a041002-1.txt
Reference: BUGTRAQ:20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101854087828265&w=2
Reference: VULNWATCH:20020411 [VulnWatch] KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: CERT-VN:VU#363715
Reference: URL:http://www.kb.cert.org/vuls/id/363715
Reference: XF:iis-htr-isapi-bo(8799)
Reference: URL:http://www.iss.net/security_center/static/8799.php
Reference: BID:4474
Reference: URL:http://www.securityfocus.com/bid/4474
Reference: OSVDB:3325
Reference: URL:http://www.osvdb.org/3325
Reference: OVAL:oval:org.mitre.oval:def:130
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:130
Reference: OVAL:oval:org.mitre.oval:def:45
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:45

Description:
The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer. Status: Entry
Reference: BUGTRAQ:20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101853851025208&w=2
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CERT-VN:VU#521059
Reference: URL:http://www.kb.cert.org/vuls/id/521059
Reference: XF:iis-isapi-filter-error-dos(8800)
Reference: URL:http://www.iss.net/security_center/static/8800.php
Reference: BID:4479
Reference: URL:http://www.securityfocus.com/bid/4479
Reference: OSVDB:3326
Reference: URL:http://www.osvdb.org/3326

Description:
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. Status: Entry
Reference: VULNWATCH:20020416 [VulnWatch] Microsoft FTP Service STAT Globbing DoS
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html
Reference: BUGTRAQ:20020417 Microsoft FTP Service STAT Globbing DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101901273810598&w=2
Reference: MISC:http://www.digitaloffense.net/msftpd/advisory.txt
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CERT-VN:VU#412203
Reference: URL:http://www.kb.cert.org/vuls/id/412203
Reference: BID:4482
Reference: URL:http://www.securityfocus.com/bid/4482
Reference: OSVDB:3328
Reference: URL:http://www.osvdb.org/3328
Reference: OVAL:oval:org.mitre.oval:def:24
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:24
Reference: OVAL:oval:org.mitre.oval:def:35
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:35
Reference: XF:iis-ftp-session-status-dos(8801)
Reference: URL:http://www.iss.net/security_center/static/8801.php

Description:
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. Status: Entry
Reference: BUGTRAQ:20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues
Reference: URL:http://seclists.org/bugtraq/2002/Apr/0126.html
Reference: MISC:http://www.cgisecurity.com/advisory/9.txt
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CERT-VN:VU#883091
Reference: URL:http://www.kb.cert.org/vuls/id/883091
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: XF:iis-help-file-css(8802)
Reference: URL:http://www.iss.net/security_center/static/8802.php
Reference: BID:4483
Reference: URL:http://www.securityfocus.com/bid/4483
Reference: OSVDB:3338
Reference: URL:http://www.osvdb.org/3338
Reference: OVAL:oval:org.mitre.oval:def:46
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:46

Description:
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. Status: Entry
Reference: BUGTRAQ:20020411 [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101854677802990&w=2
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: CERT-VN:VU#520707
Reference: URL:http://www.kb.cert.org/vuls/id/520707
Reference: XF:iis-redirected-url-error-css(8804)
Reference: URL:http://www.iss.net/security_center/static/8804.php
Reference: BID:4487
Reference: URL:http://www.securityfocus.com/bid/4487
Reference: OSVDB:3341
Reference: URL:http://www.osvdb.org/3341
Reference: OVAL:oval:org.mitre.oval:def:210
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:210
Reference: OVAL:oval:org.mitre.oval:def:58
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:58

Description:
Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability. Status: Entry
Reference: MS:MS02-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-013.asp
Reference: SUN:00218
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218
Reference: COMPAQ:SSRT0822
Reference: BID:4313
Reference: URL:http://www.securityfocus.com/bid/4313
Reference: XF:java-vm-verifier-variant(8480)
Reference: URL:http://www.iss.net/security_center/static/8480.php

Description:
The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. Status: Entry
Reference: BUGTRAQ:20020330 IE: Remote webpage can script in local zone
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101781180528301&w=2
Reference: MS:MS02-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-015.asp
Reference: BID:4392
Reference: URL:http://www.securityfocus.com/bid/4392
Reference: XF:ie-cookie-local-zone(8701)
Reference: URL:http://www.iss.net/security_center/static/8701.php
Reference: OSVDB:3029
Reference: URL:http://www.osvdb.org/3029
Reference: OVAL:oval:org.mitre.oval:def:96
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:96

Description:
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. Status: Entry
Reference: BUGTRAQ:20020410 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101846993304518&w=2
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: CERT-VN:VU#610291
Reference: URL:http://www.kb.cert.org/vuls/id/610291
Reference: XF:iis-asp-chunked-encoding-bo(8795)
Reference: URL:http://www.iss.net/security_center/static/8795.php
Reference: BID:4485
Reference: URL:http://www.securityfocus.com/bid/4485
Reference: OVAL:oval:org.mitre.oval:def:16
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16
Reference: OVAL:oval:org.mitre.oval:def:25
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:25

Description:
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. Status: Entry
Reference: REDHAT:RHSA-2002:026
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-026.html
Reference: MANDRAKE:MDKSA-2002:024
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
Reference: CALDERA:CSSA-2002-014.1
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
Reference: XF:linux-rsync-inherit-privileges(8463)
Reference: URL:http://www.iss.net/security_center/static/8463.php
Reference: BID:4285
Reference: URL:http://www.securityfocus.com/bid/4285

Description:
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled. Status: Entry
Reference: VULN-DEV:20020225 Re: Rumours about Apache 1.3.22 exploits
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101468694824998&w=2
Reference: BUGTRAQ:20020227 Advisory 012002: PHP remote vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101484705523351&w=2
Reference: NTBUGTRAQ:20020227 PHP remote vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101484975231922&w=2
Reference: CONFIRM:http://www.php.net/downloads.php
Reference: MISC:http://security.e-matters.de/advisories/012002.html
Reference: REDHAT:RHSA-2002:035
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-035.html
Reference: REDHAT:RHSA-2002:040
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-040.html
Reference: DEBIAN:DSA-115
Reference: URL:http://www.debian.org/security/2002/dsa-115
Reference: CERT:CA-2002-05
Reference: URL:http://www.cert.org/advisories/CA-2002-05.html
Reference: CERT-VN:VU#297363
Reference: URL:http://www.kb.cert.org/vuls/id/297363
Reference: ENGARDE:ESA-20020301-006
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1924.html
Reference: HP:HPSBTL0203-028
Reference: URL:http://online.securityfocus.com/advisories/3911
Reference: CONECTIVA:CLA-2002:468
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468
Reference: XF:php-file-upload-overflow(8281)
Reference: URL:http://www.iss.net/security_center/static/8281.php
Reference: BID:4183
Reference: URL:http://www.securityfocus.com/bid/4183
Reference: BUGTRAQ:20020304 Apache+php Proof of Concept Exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101537076619812&w=2
Reference: BUGTRAQ:20020228 TSLSA-2002-0033 - mod_php
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101497256024338&w=2
Reference: SUSE:SuSE-SA:2002:007
Reference: URL:http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html
Reference: MANDRAKE:MDKSA-2002:017
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php

Description:
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. Status: Entry
Reference: BUGTRAQ:20020227 mod_ssl Buffer Overflow Condition (Update Available)
Reference: URL:http://online.securityfocus.com/archive/1/258646
Reference: BUGTRAQ:20020301 Apache-SSL buffer overflow (fix available)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101518491916936&w=2
Reference: BUGTRAQ:20020304 Apache-SSL 1.3.22+1.47 - update to security fix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101528358424306&w=2
Reference: CONFIRM:http://www.apacheweek.com/issues/02-03-01#security
Reference: BUGTRAQ:20020228 TSLSA-2002-0034 - apache
Reference: ENGARDE:ESA-20020301-005
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1923.html
Reference: CONECTIVA:CLA-2002:465
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465
Reference: MANDRAKE:MDKSA-2002:020
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php
Reference: REDHAT:RHSA-2002:041
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-041.html
Reference: REDHAT:RHSA-2002:042
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-042.html
Reference: REDHAT:RHSA-2002:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-045.html
Reference: DEBIAN:DSA-120
Reference: URL:http://www.debian.org/security/2002/dsa-120
Reference: HP:HPSBTL0203-031
Reference: URL:http://www.securityfocus.com/advisories/3965
Reference: HP:HPSBUX0204-190
Reference: URL:http://www.securityfocus.com/advisories/4008
Reference: CALDERA:CSSA-2002-011.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt
Reference: COMPAQ:SSRT0817
Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml
Reference: BID:4189
Reference: URL:http://www.securityfocus.com/bid/4189
Reference: XF:apache-modssl-bo(8308)
Reference: URL:http://www.iss.net/security_center/static/8308.php

Description:
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. Status: Entry
Reference: VULNWATCH:20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html
Reference: BUGTRAQ:20020307 OpenSSH Security Advisory (adv.channelalloc)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101553908201861&w=2
Reference: BUGTRAQ:20020307 [PINE-CERT-20020301] OpenSSH off-by-one
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101552065005254&w=2
Reference: BUGTRAQ:20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101561384821761&w=2
Reference: BUGTRAQ:20020311 TSLSA-2002-0039 - openssh
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html
Reference: BUGTRAQ:20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101586991827622&w=2
Reference: BUGTRAQ:20020328 OpenSSH channel_lookup() off by one exploit
Reference: URL:http://online.securityfocus.com/archive/1/264657
Reference: CONFIRM:http://www.openbsd.org/advisories/ssh_channelalloc.txt
Reference: ENGARDE:ESA-20020307-007
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1937.html
Reference: SUSE:SuSE-SA:2002:009
Reference: URL:http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html
Reference: CONECTIVA:CLA-2002:467
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467
Reference: DEBIAN:DSA-119
Reference: URL:http://www.debian.org/security/2002/dsa-119
Reference: REDHAT:RHSA-2002:043
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-043.html
Reference: MANDRAKE:MDKSA-2002:019
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php
Reference: NETBSD:NetBSD-SA2002-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc
Reference: CALDERA:CSSA-2002-SCO.10
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt
Reference: CALDERA:CSSA-2002-SCO.11
Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt
Reference: CALDERA:CSSA-2002-012.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt
Reference: FREEBSD:FreeBSD-SA-02:13
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc
Reference: HP:HPSBTL0203-029
Reference: URL:http://online.securityfocus.com/advisories/3960
Reference: XF:openssh-channel-error(8383)
Reference: URL:http://www.iss.net/security_center/static/8383.php
Reference: BID:4241
Reference: URL:http://www.securityfocus.com/bid/4241
Reference: OSVDB:730
Reference: URL:http://www.osvdb.org/730

Description:
Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option. Status: Entry
Reference: MISC:http://www.esecurityonline.com/advisories/eSO3761.asp
Reference: VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0041.html
Reference: BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/270149
Reference: SUNALERT:44842
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/44842
Reference: CERT-VN:VU#188507
Reference: URL:http://www.kb.cert.org/vuls/id/188507
Reference: BID:4633
Reference: URL:http://www.securityfocus.com/bid/4633
Reference: XF:solaris-lbxproxy-display-bo(8958)
Reference: URL:http://www.iss.net/security_center/static/8958.php
Reference: OVAL:oval:org.mitre.oval:def:179
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:179
Reference: OVAL:oval:org.mitre.oval:def:86
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:86

Description:
CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability. Status: Entry
Reference: VULN-DEV:20020220 Help needed with bufferoverflow in cvs
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101422243817321&w=2
Reference: VULN-DEV:20020220 Re: [Fwd: Help needed with bufferoverflow in cvs]
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101433077724524&w=2
Reference: DEBIAN:DSA-117
Reference: URL:http://www.debian.org/security/2002/dsa-117
Reference: REDHAT:RHSA-2002:026
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-026.html
Reference: BID:4234
Reference: URL:http://www.securityfocus.com/bid/4234
Reference: XF:cvs-global-var-dos(8366)
Reference: URL:http://www.iss.net/security_center/static/8366.php

Description:
config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion. Status: Entry
Reference: BUGTRAQ:20020102 BSCW: Vulnerabilities and Problems
Reference: URL:http://www.securityfocus.com/archive/1/248000
Reference: MISC:http://bscw.gmd.de/WhatsNew.html
Reference: BID:3776
Reference: URL:http://www.securityfocus.com/bid/3776
Reference: XF:bscw-remote-shell-execution(7774)
Reference: URL:http://www.iss.net/security_center/static/7774.php

Description:
The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed. Status: Entry
Reference: BUGTRAQ:20020102 BSCW: Vulnerabilities and Problems
Reference: URL:http://www.securityfocus.com/archive/1/248000
Reference: BID:3777
Reference: URL:http://www.securityfocus.com/bid/3777
Reference: XF:bscw-default-installation-registration(7775)
Reference: URL:http://www.iss.net/security_center/static/7775.php

Description:
The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended. Status: Entry
Reference: BUGTRAQ:20020103 Vulnerability in new user creation in Geeklog 1.3
Reference: URL:http://www.securityfocus.com/archive/1/248367
Reference: CONFIRM:http://geeklog.sourceforge.net/index.php?topic=Security
Reference: BID:3783
Reference: URL:http://www.securityfocus.com/bid/3783
Reference: XF:geeklog-default-admin-privileges(7780)
Reference: URL:http://www.iss.net/security_center/static/7780.php

Description:
Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account. Status: Entry
Reference: BUGTRAQ:20020110 Cookie modification allows unauthenticated user login in Geeklog 1.3
Reference: URL:http://online.securityfocus.com/archive/1/249443
Reference: CONFIRM:http://geeklog.sourceforge.net/index.php?topic=Security
Reference: BID:3844
Reference: URL:http://www.securityfocus.com/bid/3844
Reference: XF:geeklog-modify-auth-cookie(7869)
Reference: URL:http://www.iss.net/security_center/static/7869.php

Description:
Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner. Status: Entry
Reference: BUGTRAQ:20020105 BOOZT! Standard 's administration cgi vulnerable to buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101027773404836&w=2
Reference: BUGTRAQ:20020109 BOOZT! Standard CGI Vulnerability : Exploit Released
Reference: URL:http://online.securityfocus.com/archive/1/249219
Reference: CONFIRM:http://www.boozt.com/news_detail.php?id=3
Reference: BID:3787
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3787
Reference: XF:boozt-long-name-bo(7790)
Reference: URL:http://www.iss.net/security_center/static/7790.php

Description:
Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message. Status: Entry
Reference: BUGTRAQ:20020108 svindel.net security advisory - web admin vulnerability in CacheOS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101052887431488&w=2
Reference: BID:3841
Reference: URL:http://www.securityfocus.com/bid/3841
Reference: BUGTRAQ:20020205 RE: svindel.net security advisory - web admin vulnerability in Ca cheOS
Reference: URL:http://online.securityfocus.com/archive/1/254167
Reference: XF:cachos-insecure-web-interface(7835)
Reference: URL:http://www.iss.net/security_center/static/7835.php

Description:
Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL. Status: Entry
Reference: BUGTRAQ:20020109 File Transversal Vulnerability in Dino's WebServer
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101062213627501&w=2
Reference: BID:3861
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3861
Reference: XF:dinos-webserver-directory-traversal(7853)
Reference: URL:http://www.iss.net/security_center/static/7853.php

Description:
Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet. Status: Entry
Reference: BUGTRAQ:20020110 Snort core dumped
Reference: URL:http://online.securityfocus.com/archive/1/249340
Reference: BUGTRAQ:20020110 Re: Snort core dumped
Reference: URL:http://online.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-03-08&end=2002-03-14&mid=249623&threads=1
Reference: BID:3849
Reference: URL:http://www.securityfocus.com/bid/3849
Reference: XF:snort-icmp-dos(7874)
Reference: URL:http://www.iss.net/security_center/static/7874.php
Reference: OSVDB:2022
Reference: URL:http://www.osvdb.org/2022

Description:
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. Status: Entry
Reference: BUGTRAQ:20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]
Reference: URL:http://online.securityfocus.com/archive/1/249031
Reference: CONFIRM:http://www.yabbforum.com/
Reference: BID:3828
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828
Reference: OSVDB:2019
Reference: URL:http://www.osvdb.org/2019
Reference: XF:yabb-encoded-css(7840)
Reference: URL:http://www.iss.net/security_center/static/7840.php

Description:
Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information. Status: Entry
Reference: BUGTRAQ:20020112 Palm Desktop 4.0b76-77 for Mac OS X
Reference: URL:http://online.securityfocus.com/archive/1/250093
Reference: BID:3863
Reference: URL:http://www.securityfocus.com/bid/3863
Reference: XF:palm-macos-backup-permissions(7937)
Reference: URL:http://www.iss.net/security_center/static/7937.php

Description:
PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. Status: Entry
Reference: BUGTRAQ:20020113 PHP 4.x session spoofing
Reference: URL:http://online.securityfocus.com/archive/1/250196
Reference: BID:3873
Reference: URL:http://www.securityfocus.com/bid/3873
Reference: XF:php-session-temp-disclosure(7908)
Reference: URL:http://www.iss.net/security_center/static/7908.php

Description:
MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. Status: Entry
Reference: BUGTRAQ:20020114 Web Server 4D/eCommerce 3.5.3 DoS Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/250242
Reference: BID:3874
Reference: URL:http://www.securityfocus.com/bid/3874
Reference: XF:ws4d-long-url-dos(7879)
Reference: URL:http://www.iss.net/security_center/static/7879.php

Description:
cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument. Status: Entry
Reference: BUGTRAQ:20020116 Sambar Webserver v5.1 DoS Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/250545
Reference: BUGTRAQ:20020206 Sambar Webserver Sample Script v5.1 DoS Vulnerability Exploit
Reference: URL:http://www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2002-02/0083.html
Reference: CONFIRM:http://www.sambar.com/security.htm
Reference: BID:3885
Reference: URL:http://www.securityfocus.com/bid/3885
Reference: XF:sambar-cgitest-dos(7894)
Reference: URL:http://www.iss.net/security_center/static/7894.php

Description:
Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command. Status: Entry
Reference: BUGTRAQ:20020120 Bounce vulnerability in SpoonFTP 1.1.0.1
Reference: URL:http://online.securityfocus.com/archive/1/251422
Reference: CONFIRM:http://www.pi-soft.com/spoonftp/index.shtml
Reference: BID:3910
Reference: URL:http://www.securityfocus.com/bid/3910
Reference: XF:spoonftp-ftp-bounce(7943)
Reference: URL:http://www.iss.net/security_center/static/7943.php

Description:
Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable. Status: Entry
Reference: BUGTRAQ:20020113 Eterm SGID utmp Buffer Overflow (Local)
Reference: URL:http://online.securityfocus.com/archive/1/250145
Reference: BUGTRAQ:20020121 Re: Eterm SGID utmp Buffer Overflow (Local)
Reference: URL:http://online.securityfocus.com/archive/1/251597
Reference: BID:3868
Reference: URL:http://www.securityfocus.com/bid/3868
Reference: XF:eterm-home-bo(7896)
Reference: URL:http://www.iss.net/security_center/static/7896.php

Description:
fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array. Status: Entry
Reference: REDHAT:RHSA-2002:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-047.html
Reference: CALDERA:CSSA-2002-027.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-027.0.txt
Reference: HP:HPSBTL0205-042
Reference: URL:http://online.securityfocus.com/advisories/4145
Reference: MANDRAKE:MDKSA-2002:036
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-036.php
Reference: BID:4788
Reference: URL:http://www.securityfocus.com/bid/4788
Reference: XF:fetchmail-imap-msgnum-bo(9133)
Reference: URL:http://www.iss.net/security_center/static/9133.php

Description:
Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." Status: Entry
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: CERT-VN:VU#669779
Reference: URL:http://www.kb.cert.org/vuls/id/669779
Reference: BID:4490
Reference: URL:http://www.securityfocus.com/bid/4490
Reference: XF:iis-asp-data-transfer-bo(8796)
Reference: URL:http://www.iss.net/security_center/static/8796.php
Reference: OSVDB:3301
Reference: URL:http://www.osvdb.org/3301
Reference: OVAL:oval:org.mitre.oval:def:22
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:22
Reference: OVAL:oval:org.mitre.oval:def:72
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:72

Description:
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. Status: Entry
Reference: BUGTRAQ:20020410 IIS allows universal CrossSiteScripting
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: XF:iis-http-error-page-css(8803)
Reference: URL:http://www.iss.net/security_center/static/8803.php
Reference: CERT-VN:VU#886699
Reference: URL:http://www.kb.cert.org/vuls/id/886699
Reference: BID:4486
Reference: URL:http://www.securityfocus.com/bid/4486
Reference: OSVDB:3339
Reference: URL:http://www.osvdb.org/3339
Reference: OVAL:oval:org.mitre.oval:def:81
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:81
Reference: OVAL:oval:org.mitre.oval:def:92
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:92

Description:
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. Status: Entry
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: CERT-VN:VU#721963
Reference: URL:http://www.kb.cert.org/vuls/id/721963
Reference: XF:iis-ssi-safety-check-bo(8798)
Reference: URL:http://www.iss.net/security_center/static/8798.php
Reference: BID:4478
Reference: URL:http://www.securityfocus.com/bid/4478
Reference: OSVDB:3320
Reference: URL:http://www.osvdb.org/3320
Reference: OVAL:oval:org.mitre.oval:def:132
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:132
Reference: OVAL:oval:org.mitre.oval:def:95
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:95

Description:
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. Status: Entry
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: CERT-VN:VU#454091
Reference: URL:http://www.kb.cert.org/vuls/id/454091
Reference: XF:iis-asp-http-header-bo(8797)
Reference: URL:http://www.iss.net/security_center/static/8797.php
Reference: BID:4476
Reference: URL:http://www.securityfocus.com/bid/4476
Reference: OSVDB:3316
Reference: URL:http://www.osvdb.org/3316
Reference: OVAL:oval:org.mitre.oval:def:137
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:137
Reference: OVAL:oval:org.mitre.oval:def:39
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:39

Description:
Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. Status: Entry
Reference: BUGTRAQ:20020404 NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101793727306282&w=2
Reference: VULNWATCH:20020404 NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow
Reference: MS:MS02-017
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-017.asp
Reference: XF:win-mup-bo(8752)
Reference: URL:http://www.iss.net/security_center/static/8752.php
Reference: BID:4426
Reference: URL:http://www.securityfocus.com/bid/4426
Reference: OVAL:oval:org.mitre.oval:def:145
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:145
Reference: OVAL:oval:org.mitre.oval:def:89
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:89

Description:
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. Status: Entry
Reference: BUGTRAQ:20020416 w00w00 on Microsoft IE/Office for Mac OS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101897994314015&w=2
Reference: MS:MS02-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-019.asp
Reference: XF:ms-mac-html-file-bo(8850)
Reference: URL:http://www.iss.net/security_center/static/8850.php
Reference: BID:4517
Reference: URL:http://www.securityfocus.com/bid/4517
Reference: OSVDB:5357
Reference: URL:http://www.osvdb.org/5357

Description:
Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability. Status: Entry
Reference: BUGTRAQ:20020122 Macinosh IE file execuion
Reference: URL:http://www.securityfocus.com/archive/1/251805
Reference: MS:MS02-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-019.asp
Reference: BID:3935
Reference: URL:http://www.securityfocus.com/bid/3935
Reference: OSVDB:5356
Reference: URL:http://www.osvdb.org/5356
Reference: XF:ie-macos-file-execution(7969)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7969
Reference: XF:ie-mac-applescript-execution(8851)
Reference: URL:http://www.iss.net/security_center/static/8851.php

Description:
Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX. Status: Entry
Reference: BUGTRAQ:20020508 ADVISORY: MSN Messenger OCX Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102089960531919&w=2
Reference: VULNWATCH:20020508 [VulnWatch] ADVISORY: MSN Messenger OCX Buffer Overflow
Reference: MS:MS02-022
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-022.asp
Reference: CERT:CA-2002-13
Reference: URL:http://www.cert.org/advisories/CA-2002-13.html
Reference: XF:msn-chatcontrol-resdll-bo(9041)
Reference: URL:http://www.iss.net/security_center/static/9041.php
Reference: BID:4707
Reference: URL:http://www.securityfocus.com/bid/4707

Description:
Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file. Status: Entry
Reference: BUGTRAQ:20020502 R7-0003: Nautilus Symlink Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/270691/2002-04-29/2002-05-05/0
Reference: REDHAT:RHSA-2002:064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-064.html
Reference: XF:nautilus-metafile-xml-symlink(8995)
Reference: URL:http://www.iss.net/security_center/static/8995.php
Reference: BID:4373
Reference: URL:http://www.securityfocus.com/bid/4373

Description:
Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. Status: Entry
Reference: BUGTRAQ:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2
Reference: VULNWATCH:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html
Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652
Reference: BID:4408
Reference: URL:http://www.securityfocus.com/bid/4408
Reference: OVAL:oval:org.mitre.oval:def:14
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14
Reference: OVAL:oval:org.mitre.oval:def:33
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:33
Reference: XF:solaris-xsun-co-bo(8703)
Reference: URL:http://xforce.iss.net/xforce/xfdb/8703

Description:
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. Status: Entry
Reference: BUGTRAQ:20020403 iXsecurity.20020314.csadmin_fmt.a
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101787248913611&w=2
Reference: CISCO:20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows
Reference: URL:http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
Reference: XF:ciscosecure-acs-format-string(8742)
Reference: URL:http://www.iss.net/security_center/static/8742.php
Reference: BID:4416
Reference: URL:http://www.securityfocus.com/bid/4416
Reference: OSVDB:2062
Reference: URL:http://www.osvdb.org/2062

Description:
The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. Status: Entry
Reference: BUGTRAQ:20020403 iXsecurity.20020316.csadmin_dir.a
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101786689128667&w=2
Reference: CISCO:20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows
Reference: URL:http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
Reference: OSVDB:5352
Reference: URL:http://www.osvdb.org/5352

Description:
Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses. Status: Entry
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_2.txt
Reference: FREEBSD:FreeBSD-SA-02:19
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc
Reference: MANDRAKE:MDKSA-2002:027
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php
Reference: BUGTRAQ:20020326 updated squid advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101716495023226&w=2
Reference: CALDERA:CSSA-2002-017.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt
Reference: CALDERA:CSSA-2002-SCO.26
Reference: REDHAT:RHSA-2002:051
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-051.html
Reference: BID:4363
Reference: URL:http://www.securityfocus.com/bid/4363
Reference: XF:squid-dns-reply-dos(8628)
Reference: URL:http://www.iss.net/security_center/static/8628.php

Description:
Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display. Status: Entry
Reference: DEBIAN:DSA-125
Reference: URL:http://www.debian.org/security/2002/dsa-125
Reference: FREEBSD:FreeBSD-SN-02:02
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc
Reference: REDHAT:RHSA-2002:059
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-059.html
Reference: XF:analog-logfile-css(8656)
Reference: URL:http://www.iss.net/security_center/static/8656.php
Reference: BID:4389
Reference: URL:http://www.securityfocus.com/bid/4389
Reference: OSVDB:2059
Reference: URL:http://www.osvdb.org/2059

Description:
Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM. Status: Entry
Reference: REDHAT:RHSA-2002:048
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-048.html
Reference: CONECTIVA:CLA-2002:470
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470
Reference: CALDERA:CSSA-2002-019.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-019.0.txt
Reference: MANDRAKE:MDKSA-2002:029
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-029.php
Reference: SUSE:SuSE-SA:2002:015
Reference: URL:http://www.novell.com/linux/security/advisories/2002_015_imlib_txt.html
Reference: BID:4339
Reference: URL:http://www.securityfocus.com/bid/4339

Description:
Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption. Status: Entry
Reference: REDHAT:RHSA-2002:048
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-048.html
Reference: CONECTIVA:CLA-2002:470
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470
Reference: CALDERA:CSSA-2002-019.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-019.0.txt
Reference: MANDRAKE:MDKSA-2002:029
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-029.php
Reference: SUSE:SuSE-SA:2002:015
Reference: URL:http://www.novell.com/linux/security/advisories/2002_015_imlib_txt.html
Reference: BID:4336
Reference: URL:http://www.securityfocus.com/bid/4336

Description:
The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier. Status: Entry
Reference: REDHAT:RHSA-2002:062
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-062.html
Reference: HP:HPSBTL0205-038
Reference: URL:http://online.securityfocus.com/advisories/4095
Reference: XF:linux-docbook-stylesheet-insecure(8983)
Reference: URL:http://www.iss.net/security_center/static/8983.php
Reference: BID:4654
Reference: URL:http://www.securityfocus.com/bid/4654
Reference: OSVDB:5349
Reference: URL:http://www.osvdb.org/5349

Description:
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration. Status: Entry
Reference: BUGTRAQ:20020301 [matt@zope.com: [Zope-Annce] Zope Hotfix 2002-03-01 (Ownership Roles Enforcement)]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101503023511996&w=2
Reference: CONFIRM:http://www.zope.org/Products/Zope/hotfixes/
Reference: REDHAT:RHSA-2002:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-060.html
Reference: XF:zope-proxy-role-privileges(8334)
Reference: URL:http://www.iss.net/security_center/static/8334.php
Reference: BID:4229
Reference: URL:http://www.securityfocus.com/bid/4229
Reference: OSVDB:5350
Reference: URL:http://www.osvdb.org/5350

Description:
IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges. Status: Entry
Reference: SGI:20020406-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020406-01-P
Reference: CERT-VN:VU#498707
Reference: URL:http://www.kb.cert.org/vuls/id/498707
Reference: BID:4588
Reference: URL:http://www.securityfocus.com/bid/4588
Reference: OSVDB:5351
Reference: URL:http://www.osvdb.org/5351
Reference: XF:irix-irisconsole-icadmin-access(8933)
Reference: URL:http://www.iss.net/security_center/static/8933.php

Description:
/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption). Status: Entry
Reference: SGI:20020408-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020408-01-I
Reference: CERT-VN:VU#770891
Reference: URL:http://www.kb.cert.org/vuls/id/770891
Reference: BID:4648
Reference: URL:http://www.securityfocus.com/bid/4648
Reference: OSVDB:4695
Reference: URL:http://www.osvdb.org/4695
Reference: XF:irix-ipfilter-dos(8960)
Reference: URL:http://www.iss.net/security_center/static/8960.php

Description:
Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges. Status: Entry
Reference: SGI:20020409-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020409-01-I
Reference: BID:4644
Reference: URL:http://www.securityfocus.com/bid/4644
Reference: XF:irix-cpr-bo(8959)
Reference: URL:http://www.iss.net/security_center/static/8959.php
Reference: OSVDB:5359
Reference: URL:http://www.osvdb.org/5359

Description:
nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file. Status: Entry
Reference: SGI:20020501-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020501-01-I
Reference: XF:irix-nsd-symlink(8981)
Reference: URL:http://www.iss.net/security_center/static/8981.php
Reference: BID:4655
Reference: URL:http://www.securityfocus.com/bid/4655

Description:
libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe. Status: Entry
Reference: BUGTRAQ:20020320 Bypassing libsafe format string protection
Reference: URL:http://online.securityfocus.com/archive/1/263121
Reference: VULNWATCH:20020320 [VulnWatch] Bypassing libsafe format string protection
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html
Reference: MANDRAKE:MDKSA-2002:026
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php
Reference: BID:4326
Reference: URL:http://www.securityfocus.com/bid/4326
Reference: XF:libsafe-flagchar-protection-bypass(8593)
Reference: URL:http://www.iss.net/security_center/static/8593.php

Description:
The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe. Status: Entry
Reference: BUGTRAQ:20020320 Bypassing libsafe format string protection
Reference: URL:http://online.securityfocus.com/archive/1/263121
Reference: VULNWATCH:20020320 [VulnWatch] Bypassing libsafe format string protection
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html
Reference: MANDRAKE:MDKSA-2002:026
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php
Reference: BID:4327
Reference: URL:http://www.securityfocus.com/bid/4327
Reference: XF:libsafe-argnum-protection-bypass(8594)
Reference: URL:http://www.iss.net/security_center/static/8594.php

Description:
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands. Status: Entry
Reference: MISC:http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en
Reference: REDHAT:RHSA-2002:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-065.html
Reference: HP:HPSBTL0205-040
Reference: URL:http://online.securityfocus.com/advisories/4132
Reference: MANDRAKE:MDKSA-2002:052
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php
Reference: REDHAT:RHSA-2003:180
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-180.html
Reference: XF:sharutils-uudecode-symlink(9075)
Reference: URL:http://www.iss.net/security_center/static/9075.php
Reference: BID:4742
Reference: URL:http://www.securityfocus.com/bid/4742
Reference: BUGTRAQ:20021030 GLSA: sharutils
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103599320902432&w=2
Reference: CERT-VN:VU#336083
Reference: URL:http://www.kb.cert.org/vuls/id/336083
Reference: CALDERA:CSSA-2002-040.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt
Reference: COMPAQ:SSRT2301
Reference: OSVDB:8274
Reference: URL:http://www.osvdb.org/8274

Description:
Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows remote attackers to execute arbitrary code. Status: Entry
Reference: DEBIAN:DSA-127
Reference: URL:http://www.debian.org/security/2002/dsa-127
Reference: BID:4534
Reference: URL:http://www.securityfocus.com/bid/4534
Reference: XF:xpilot-server-bo(8852)
Reference: URL:http://www.iss.net/security_center/static/8852.php

Description:
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. Status: Entry
Reference: BUGTRAQ:20020406 IMP 2.2.8 (SECURITY) released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101828033830744&w=2
Reference: DEBIAN:DSA-126
Reference: URL:http://www.debian.org/security/2002/dsa-126
Reference: CALDERA:CSSA-2002-016.1
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-016.1.txt
Reference: CONECTIVA:CLA-2001:473
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000473
Reference: MISC:http://bugs.horde.org/show_bug.cgi?id=916
Reference: XF:imp-status-php3-css(8769)
Reference: URL:http://www.iss.net/security_center/static/8769.php
Reference: BID:4444
Reference: URL:http://www.securityfocus.com/bid/4444
Reference: OSVDB:5345
Reference: URL:http://www.osvdb.org/5345

Description:
Heap-based buffer overflow in sudo before 1.6.6 may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. Status: Entry
Reference: BUGTRAQ:20020425 [Global InterSec 2002041701] Sudo Password Prompt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101974610509912&w=2
Reference: BUGTRAQ:20020425 Sudo version 1.6.6 now available (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101975443619600&w=2
Reference: MANDRAKE:MDKSA-2002:028
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-028.php3
Reference: DEBIAN:DSA-128
Reference: URL:http://www.debian.org/security/2002/dsa-128
Reference: REDHAT:RHSA-2002:071
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-071.html
Reference: REDHAT:RHSA-2002:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-072.html
Reference: ENGARDE:ESA-20020429-010
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2040.html
Reference: BUGTRAQ:20020425 [slackware-security] sudo upgrade fixes a potential vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101979472822196&w=2
Reference: CONECTIVA:CLA-2002:475
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000475
Reference: TRUSTIX:TSLSA-2002-0046
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102010164413135&w=2
Reference: BUGTRAQ:20020429 TSLSA-2002-0046 - sudo
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102010164413135&w=2
Reference: SUSE:SuSE-SA:2002:014
Reference: URL:http://www.novell.com/linux/security/advisories/2002_014_sudo_txt.html
Reference: CERT-VN:VU#820083
Reference: URL:http://www.kb.cert.org/vuls/id/820083
Reference: XF:sudo-password-expansion-overflow(8936)
Reference: URL:http://www.iss.net/security_center/static/8936.php
Reference: BID:4593
Reference: URL:http://www.securityfocus.com/bid/4593

Description:
mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module. Status: Entry
Reference: MISC:http://www.modpython.org/pipermail/mod_python/2002-April/001991.html
Reference: MISC:http://www.modpython.org/pipermail/mod_python/2002-April/002003.html
Reference: REDHAT:RHSA-2002:070
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-070.html
Reference: CONECTIVA:CLA-2002:477
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000477
Reference: XF:modpython-imported-module-access(8997)
Reference: URL:http://www.iss.net/security_center/static/8997.php
Reference: BID:4656
Reference: URL:http://www.securityfocus.com/bid/4656

Description:
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension." Status: Entry
Reference: BUGTRAQ:20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102397345410856&w=2
Reference: VULNWATCH:20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html
Reference: MS:MS02-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-030.asp
Reference: CERT-VN:VU#811371
Reference: URL:http://www.kb.cert.org/vuls/id/811371
Reference: BID:5004
Reference: URL:http://www.securityfocus.com/bid/5004
Reference: OSVDB:5347
Reference: URL:http://www.osvdb.org/5347
Reference: OVAL:oval:org.mitre.oval:def:484
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:484
Reference: OVAL:oval:org.mitre.oval:def:489
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:489
Reference: XF:mssql-sqlxml-isapi-bo(9328)
Reference: URL:http://www.iss.net/security_center/static/9328.php

Description:
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag." Status: Entry
Reference: BUGTRAQ:20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102397345410856&w=2
Reference: VULNWATCH:20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html
Reference: MS:MS02-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-030.asp

Description:
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. Status: Entry
Reference: BUGTRAQ:20020516 [SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0126.html
Reference: MS:MS02-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp
Reference: MISC:http://www.lac.co.jp/security/english/snsadv_e/48_e.html
Reference: XF:ie-content-disposition-variant2(9086)
Reference: URL:http://www.iss.net/security_center/static/9086.php

Description:
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability. Status: Entry
Reference: MS:MS02-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp
Reference: CERT-VN:VU#242891
Reference: URL:http://www.kb.cert.org/vuls/id/242891
Reference: XF:ie-netbios-incorrect-security-zone(9084)
Reference: URL:http://www.iss.net/security_center/static/9084.php
Reference: BID:4753
Reference: URL:http://www.securityfocus.com/bid/4753
Reference: OVAL:oval:org.mitre.oval:def:923
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:923

Description:
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability. Status: Entry
Reference: BUGTRAQ:20020402 Reading portions of local files in IE, depending on structure (GM#004-IE)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101778302030981&w=2
Reference: MS:MS02-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp
Reference: XF:ie-css-read-files (8740)
Reference: URL:http://www.iss.net/security_center/static/8740.php
Reference: BID:4411
Reference: URL:http://www.securityfocus.com/bid/4411

Description:
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. Status: Entry
Reference: MS:MS02-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp
Reference: XF:ie-content-disposition-variant(9085)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9085
Reference: BID:4752
Reference: URL:http://www.securityfocus.com/bid/4752
Reference: OVAL:oval:org.mitre.oval:def:27
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:27
Reference: OVAL:oval:org.mitre.oval:def:99
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:99

Description:
GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root. Status: Entry
Reference: BUGTRAQ:20020122 (Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory)
Reference: URL:http://online.securityfocus.com/archive/1/251699
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=144966
Reference: BID:3924
Reference: URL:http://www.securityfocus.com/bid/3924
Reference: XF:cwpapi-getrelativepath-view-files(7981)
Reference: URL:http://www.iss.net/security_center/static/7981.php

Description:
psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate. Status: Entry
Reference: BUGTRAQ:20020122 psyBNC 2.3 Beta - encrypted text "spoofable" in others' irc terminals
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101173478806580&w=2
Reference: BUGTRAQ:20020122 psyBNC2.3 Beta - encrypted text spoofable in others irc terminal
Reference: URL:http://online.securityfocus.com/archive/1/251832
Reference: XF:psybnc-view-encrypted-messages(7985)
Reference: URL:http://www.iss.net/security_center/static/7985.php
Reference: BID:3931
Reference: URL:http://www.securityfocus.com/bid/3931

Description:
Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header. Status: Entry
Reference: VULN-DEV:20020105 RealPlayer Buffer Problem
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html
Reference: BUGTRAQ:20020124 Potential RealPlayer 8 Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/252414
Reference: BUGTRAQ:20020124 RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01]
Reference: URL:http://online.securityfocus.com/archive/1/252425
Reference: MISC:http://sentinelchicken.com/advisories/realplayer/
Reference: BID:3809
Reference: URL:http://www.securityfocus.com/bid/3809
Reference: XF:realplayer-file-header-bo(7839)
Reference: URL:http://www.iss.net/security_center/static/7839.php

Description:
Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address. Status: Entry
Reference: BUGTRAQ:20020125 Alteon ACEdirector signature/security bug
Reference: URL:http://online.securityfocus.com/archive/1/252455
Reference: BUGTRAQ:20020312 Re: Alteon ACEdirector signature/security bug
Reference: URL:http://online.securityfocus.com/archive/1/261548
Reference: BID:3964
Reference: URL:http://www.securityfocus.com/bid/3964
Reference: XF:acedirector-http-reveal-ip(8010)
Reference: URL:http://www.iss.net/security_center/static/8010.php

Description:
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed. Status: Entry
Reference: BUGTRAQ:20020126 Vulnerability report for Tarantella Enterprise 3.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101208650722179&w=2
Reference: BUGTRAQ:20020404 Exploit for Tarantella Enterprise 3 installation (BID 3966)
Reference: URL:http://online.securityfocus.com/archive/1/265845
Reference: CONFIRM:http://www.tarantella.com/security/bulletin-04.html
Reference: BID:3966
Reference: URL:http://www.securityfocus.com/bid/3966
Reference: XF:tarantella-gunzip-tmp-race(7996)
Reference: URL:http://www.iss.net/security_center/static/7996.php

Description:
xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink attack on the VOLICON file, which is copied to the .HSicon file in a shared directory. Status: Entry
Reference: BUGTRAQ:20020128 [ Hackerslab bug_paper ] Xkas application vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101223525118717&w=2
Reference: SGI:20020604-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020604-01-I
Reference: BID:3969
Reference: URL:http://www.securityfocus.com/bid/3969
Reference: XF:kashare-xkas-icon-symlink(8002)
Reference: URL:http://www.iss.net/security_center/static/8002.php

Description:
retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user. Status: Entry
Reference: BUGTRAQ:20020201 Vulnerability in all versions of DCForum from dcscripts.com
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101258311519504&w=2
Reference: CONFIRM:http://www.dcscripts.com/bugtrac/DCForumID7/3.html
Reference: BID:4014
Reference: URL:http://www.securityfocus.com/bid/4014
Reference: XF:dcforum-cgi-recover-passwords(8044)
Reference: URL:http://www.iss.net/security_center/static/8044.php
Reference: OSVDB:2038
Reference: URL:http://www.osvdb.org/2038
Reference: OSVDB:3866
Reference: URL:http://www.osvdb.org/3866

Description:
Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a flood of large ICMP ping packets. Status: Entry
Reference: BUGTRAQ:20020209 ALERT: ISS BlackICE Kernel Overflow Exploitable
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101321744807452&w=2
Reference: BUGTRAQ:20020204 Vulnerability in Black ICE Defender
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101286393404301&w=2
Reference: NTBUGTRAQ:20020209 ALERT: ISS BlackICE Kernel Overflow Exploitable
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101353165915171&w=2
Reference: BUGTRAQ:20020206 Black ICE Ping Vulnerability Side Note
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101302424803268&w=2
Reference: ISS:20020204 DoS and Potential Overflow Vulnerability in BlackICE Products
Reference: URL:http://www.iss.net/security_center/alerts/advise109.php
Reference: BID:4025
Reference: URL:http://www.securityfocus.com/bid/4025
Reference: XF:blackice-ping-flood-dos(8058)
Reference: URL:http://www.iss.net/security_center/static/8058.php

Description:
NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server. Status: Entry
Reference: CISCO:20020207 Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml
Reference: XF:ciscosecure-nds-authentication(8106)
Reference: URL:http://www.iss.net/security_center/static/8106.php
Reference: BID:4048
Reference: URL:http://www.securityfocus.com/bid/4048

Description:
Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint. Status: Entry
Reference: BUGTRAQ:20020210 Unixware Message catalog exploit code
Reference: URL:http://online.securityfocus.com/archive/1/255414
Reference: CALDERA:CSSA-2002-SCO.3
Reference: URL:ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.3/CSSA-2002-SCO.3.txt
Reference: BID:4060
Reference: URL:http://www.securityfocus.com/bid/4060
Reference: XF:unixware-msg-catalog-format-string(8113)
Reference: URL:http://www.iss.net/security_center/static/8113.php

Description:
Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password. Status: Entry
Reference: BUGTRAQ:20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101318469216213&w=2
Reference: VULNWATCH:20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability
Reference: HP:HPSBUX0202-185
Reference: URL:http://online.securityfocus.com/advisories/3870
Reference: BID:4062
Reference: URL:http://www.securityfocus.com/bid/4062
Reference: XF:hp-advancestack-bypass-auth(8124)
Reference: URL:http://www.iss.net/security_center/static/8124.php

Description:
Buffer overflow in licq 1.0.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string of format string characters such as "%d". Status: Entry
Reference: BUGTRAQ:20020206 -Possible- licq D.o.S
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301254432079&w=2
Reference: BUGTRAQ:20020208 RE: -Possible- licq D.o.S
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101318594420200&w=2
Reference: BID:4036
Reference: URL:http://www.securityfocus.com/bid/4036
Reference: XF:licq-static-bo(8107)
Reference: URL:http://www.iss.net/security_center/static/8107.php

Description:
Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file with world-writable permissions, which allows local users to gain privileges by modifying the file. Status: Entry
Reference: BUGTRAQ:20020211 Vulnerability in Sawmill for Solaris v. 6.2.14
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101346206921270&w=2
Reference: CONFIRM:http://www.sawmill.net/version_history.html
Reference: BID:4077
Reference: URL:http://www.securityfocus.com/bid/4077
Reference: XF:sawmill-admin-password-insecure(8173)
Reference: URL:http://www.iss.net/security_center/static/8173.php

Description:
preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file. Status: Entry
Reference: BUGTRAQ:20020212 SIPS - vulnerable to anyone gaining admin access.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363233905645&w=2
Reference: CONFIRM:http://sips.sourceforge.net/adminvul.html
Reference: BID:4097
Reference: URL:http://www.securityfocus.com/bid/4097
Reference: XF:sips-theme-admin-access(8193)
Reference: URL:http://www.iss.net/security_center/static/8193.php

Description:
Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments. Status: Entry
Reference: BUGTRAQ:20020213 Exim 3.34 and lower (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101362618118598&w=2
Reference: MLIST:[exim-announce] 20020219 Exim 3.35 released
Reference: REDHAT:RHSA-2002:208
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-208.html
Reference: XF:exim-config-arg-bo(8194)
Reference: URL:http://www.iss.net/security_center/static/8194.php
Reference: BID:4096
Reference: URL:http://www.securityfocus.com/bid/4096

Description:
Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL. Status: Entry
Reference: BUGTRAQ:20020213 Falcon Web Server Authentication Circumvention Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363946626951&w=2
Reference: VULNWATCH:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0082.html
Reference: BUGTRAQ:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102253858809370&w=2
Reference: BID:4099
Reference: URL:http://www.securityfocus.com/bid/4099
Reference: XF:falcon-protected-dir-access(8189)
Reference: URL:http://xforce.iss.net/xforce/xfdb/8189

Description:
Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, when running on networks with an MTU greater than 2000, allows remote attackers to execute arbitrary code via large packets. Status: Entry
Reference: BUGTRAQ:20020213 [NGSEC-2002-1] Ettercap, remote root compromise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101370874219511&w=2
Reference: VULNWATCH:20020213 [VulnWatch] [NGSEC-2002-1] Ettercap, remote root compromise
Reference: CONFIRM:http://ettercap.sourceforge.net/index.php?s=history
Reference: BID:4104
Reference: URL:http://www.securityfocus.com/bid/4104
Reference: XF:ettercap-memcpy-bo(8200)
Reference: URL:http://www.iss.net/security_center/static/8200.php

Description:
pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default. Status: Entry
Reference: BUGTRAQ:20020216 pforum: mysql-injection-bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101389284625019&w=2
Reference: CONFIRM:http://www.powie.de/news/index.php
Reference: BID:4114
Reference: URL:http://www.securityfocus.com/bid/4114
Reference: XF:pforum-quotes-sql-injection(8203)
Reference: URL:http://www.iss.net/security_center/static/8203.php

Description:
Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument. Status: Entry
Reference: BUGTRAQ:20020218 Netwin Webnews Buffer Overflow Vulnerability (#NISR18022002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101413521417638&w=2
Reference: CONFIRM:ftp://netwinsite.com/pub/webnews/beta/webnews11m_solaris.tar.Z
Reference: BID:4124
Reference: URL:http://www.securityfocus.com/bid/4124
Reference: XF:webnews-cgi-group-bo(8220)
Reference: URL:http://www.iss.net/security_center/static/8220.php

Description:
Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field. Status: Entry
Reference: BUGTRAQ:20020219 [SA-2002:01] Slashcode login vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101414005501708&w=2
Reference: BID:4116
Reference: URL:http://www.securityfocus.com/bid/4116
Reference: XF:slashcode-site-xss(8221)
Reference: URL:http://www.iss.net/security_center/static/8221.php

Description:
CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan. Status: Entry
Reference: BUGTRAQ:20020220 CNet CatchUp arbitrary code execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101438631921749&w=2
Reference: BID:3975
Reference: URL:http://www.securityfocus.com/bid/3975
Reference: XF:cnet-catchup-gain-privileges(8035)
Reference: URL:http://www.iss.net/security_center/static/8035.php

Description:
gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file. Status: Entry
Reference: BUGTRAQ:20020219 gnujsp: dir- and script-disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101415804625292&w=2
Reference: BUGTRAQ:20020220 Re: gnujsp: dir- and script-disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101422432123898&w=2
Reference: DEBIAN:DSA-114
Reference: URL:http://www.debian.org/security/2002/dsa-114
Reference: BID:4125
Reference: URL:http://www.securityfocus.com/bid/4125
Reference: XF:gnujsp-jserv-information-disclosure(8240)
Reference: URL:http://www.iss.net/security_center/static/8240.php

Description:
The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack. Status: Entry
Reference: BUGTRAQ:20020220 Symantec Enterprise Firewall (SEF) Notify Daemon data loss via SN MP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424225814604&w=2
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20a.html
Reference: BID:4139
Reference: URL:http://www.securityfocus.com/bid/4139
Reference: XF:sef-snmp-notify-loss(8253)
Reference: URL:http://xforce.iss.net/xforce/xfdb/8253

Description:
SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information. Status: Entry
Reference: BUGTRAQ:20020221 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101430810813853&w=2
Reference: BUGTRAQ:20020220 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424307617060&w=2
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20.html
Reference: BID:4141
Reference: URL:http://www.securityfocus.com/bid/4141
Reference: XF:sef-smtp-proxy-information(8251)
Reference: URL:http://www.iss.net/security_center/static/8251.php

Description:
Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL. Status: Entry
Reference: BUGTRAQ:20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)
Reference: URL:http://online.securityfocus.com/archive/1/258365
Reference: BUGTRAQ:20020221 SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440530023617&w=2
Reference: FULLDISC:20030704 Essentia Web Server 2.12 (Linux)
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006231.html
Reference: XF:essentia-server-long-request-dos(8249)
Reference: URL:http://www.iss.net/security_center/static/8249.php
Reference: BID:4159
Reference: URL:http://www.securityfocus.com/bid/4159

Description:
FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets. Status: Entry
Reference: BUGTRAQ:20020221 DoS Attack against many RADIUS servers
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101440113410083&w=2
Reference: XF:freeradius-access-request-dos(9968)
Reference: URL:http://www.iss.net/security_center/static/9968.php

Description:
Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag. Status: Entry
Reference: BUGTRAQ:20020227 RE: Open Bulletin Board javascript bug.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101485184605149&w=2
Reference: BUGTRAQ:20020227 Snitz 2000 Code Patch (was RE: Open Bulletin Board javascript bug.)
Reference: URL:http://online.securityfocus.com/archive/1/258981
Reference: CONFIRM:http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660
Reference: CERT-VN:VU#132011
Reference: URL:http://www.kb.cert.org/vuls/id/132011
Reference: BID:4192
Reference: URL:http://www.securityfocus.com/bid/4192
Reference: XF:snitz-img-css(8309)
Reference: URL:http://www.iss.net/security_center/static/8309.php

Description:
Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag. Status: Entry
Reference: BUGTRAQ:20020225 Open Bulletin Board javascript bug.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101466092601554&w=2
Reference: CONFIRM:http://community.iansoft.net/read.php?TID=5159
Reference: BID:4171
Reference: URL:http://www.securityfocus.com/bid/4171
Reference: XF:openbb-img-css(8278)
Reference: URL:http://www.iss.net/security_center/static/8278.php
Reference: OSVDB:5658
Reference: URL:http://www.osvdb.org/5658

Description:
Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length. Status: Entry
Reference: CISCO:20020227 Cisco Security Advisory: Data Leak with Cisco Express Forwarding
Reference: URL:http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml
Reference: CERT-VN:VU#310387
Reference: URL:http://www.kb.cert.org/vuls/id/310387
Reference: BID:4191
Reference: URL:http://www.securityfocus.com/bid/4191
Reference: OSVDB:806
Reference: URL:http://www.osvdb.org/806
Reference: XF:ios-cef-information-leak(8296)
Reference: URL:http://www.iss.net/security_center/static/8296.php

Description:
netstat in SGI IRIX before 6.5.12 allows local users to determine the existence of files on the system, even if the users do not have the appropriate permissions. Status: Entry
Reference: SGI:20020503-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020503-01-I
Reference: BID:4682
Reference: URL:http://www.securityfocus.com/bid/4682
Reference: XF:irix-netstat-file-existence(9023)
Reference: URL:http://www.iss.net/security_center/static/9023.php

Description:
Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local users to gain root privileges by overwriting critical system files. Status: Entry
Reference: SGI:20020504-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020504-01-I
Reference: XF:irix-fsrxfs-gain-privileges(9042)
Reference: URL:http://www.iss.net/security_center/static/9042.php
Reference: BID:4706
Reference: URL:http://www.securityfocus.com/bid/4706

Description:
Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges. Status: Entry
Reference: SGI:20020601-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020601-01-P
Reference: CERT-VN:VU#430419
Reference: URL:http://www.kb.cert.org/vuls/id/430419
Reference: CIAC:M-087
Reference: URL:http://www.ciac.org/ciac/bulletins/m-087.shtml
Reference: BID:4939
Reference: URL:http://www.securityfocus.com/bid/4939
Reference: OSVDB:834
Reference: URL:http://www.osvdb.org/834
Reference: XF:irix-rpcpasswd-gain-privileges(9261)
Reference: URL:http://www.iss.net/security_center/static/9261.php

Description:
MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows local users to force the program to dump core via certain arguments, which could allow the users to read sensitive data or gain privileges. Status: Entry
Reference: SGI:20020602-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020602-01-I
Reference: XF:irix-mediamail-core-dump(9292)
Reference: URL:http://www.iss.net/security_center/static/9292.php
Reference: BID:4959
Reference: URL:http://www.securityfocus.com/bid/4959

Description:
xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allows remote attackers to call dangerous RPC functions, including those that can mount or unmount xfs file systems, to gain root privileges. Status: Entry
Reference: BUGTRAQ:20020620 [LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102459162909825&w=2
Reference: SGI:20020606-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I
Reference: CERT-VN:VU#521147
Reference: URL:http://www.kb.cert.org/vuls/id/521147
Reference: XF:irix-xfsmd-bypass-authentication(9401)
Reference: URL:http://www.iss.net/security_center/static/9401.php
Reference: BID:5072
Reference: URL:http://www.securityfocus.com/bid/5072

Description:
Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711. Status: Entry
Reference: VULNWATCH:20020506 [VulnWatch] w00w00 on AOL Instant Messenger remote overflow #2
Reference: BUGTRAQ:20020506 w00w00 on AOL Instant Messenger remote overflow #2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102071080509955&w=2
Reference: BID:4677
Reference: URL:http://www.securityfocus.com/bid/4677
Reference: XF:aim-addexternalapp-bo(9017)
Reference: URL:http://www.iss.net/security_center/static/9017.php

Description:
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice. Status: Entry
Reference: MISC:http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html
Reference: MISC:http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html
Reference: REDHAT:RHSA-2002:083
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-083.html
Reference: REDHAT:RHSA-2002:123
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-123.html
Reference: REDHAT:RHSA-2003:209
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-209.html
Reference: CALDERA:CSSA-2002-026.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt
Reference: XF:ghostscript-postscript-command-execution(9254)
Reference: URL:http://www.iss.net/security_center/static/9254.php
Reference: BID:4937
Reference: URL:http://www.securityfocus.com/bid/4937

Description:
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." Status: Entry
Reference: BUGTRAQ:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102392069305962&w=2
Reference: NTBUGTRAQ:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102392308608100&w=2
Reference: VULNWATCH:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612]
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html
Reference: BUGTRAQ:20020613 VNA - .HTR HEAP OVERFLOW
Reference: URL:http://online.securityfocus.com/archive/1/276767
Reference: CERT-VN:VU#313819
Reference: URL:http://www.kb.cert.org/vuls/id/313819
Reference: MS:MS02-028
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-028.asp
Reference: BID:4855
Reference: URL:http://www.securityfocus.com/bid/4855
Reference: XF:iis-htr-chunked-encoding-bo(9327)
Reference: URL:http://www.iss.net/security_center/static/9327.php
Reference: OVAL:oval:org.mitre.oval:def:182
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:182
Reference: OVAL:oval:org.mitre.oval:def:29
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:29

Description:
Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry. Status: Entry
Reference: BUGTRAQ:20020613 Microsoft RASAPI32.DLL
Reference: URL:http://online.securityfocus.com/archive/1/276776
Reference: BUGTRAQ:20020620 VPN and Q318138
Reference: URL:http://online.securityfocus.com/archive/1/278145
Reference: MISC:http://www.nextgenss.com/vna/ms-ras.txt
Reference: MS:MS02-029
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-029.asp
Reference: BID:4852
Reference: URL:http://www.securityfocus.com/bid/4852
Reference: OVAL:oval:org.mitre.oval:def:61
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:61
Reference: OVAL:oval:org.mitre.oval:def:63
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:63

Description:
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. Status: Entry
Reference: BUGTRAQ:20020314 Fwd: DebPloit (exploit)
Reference: URL:http://www.securityfocus.com/archive/1/262074
Reference: BUGTRAQ:20020326 Re: DebPloit (exploit)
Reference: URL:http://www.securityfocus.com/archive/1/264441
Reference: BUGTRAQ:20020327 Local Security Vulnerability in Windows NT and Windows 2000
Reference: URL:http://www.securityfocus.com/archive/1/264927
Reference: NTBUGTRAQ:20020314 DebPloit (exploit)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101614320402695&w=2
Reference: BID:4287
Reference: URL:http://www.securityfocus.com/bid/4287
Reference: XF:win-debug-duplicate-handles(8462)
Reference: URL:http://www.iss.net/security_center/static/8462.php
Reference: MS:MS02-024
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-024.asp
Reference: OVAL:oval:org.mitre.oval:def:158
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:158
Reference: OVAL:oval:org.mitre.oval:def:76
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:76

Description:
The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." Status: Entry
Reference: MS:MS02-025
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-025.asp
Reference: XF:exchange-msg-attribute-dos(9195)
Reference: URL:http://www.iss.net/security_center/static/9195.php
Reference: BID:4881
Reference: URL:http://www.securityfocus.com/bid/4881

Description:
Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode. Status: Entry
Reference: MS:MS02-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-026.asp
Reference: XF:ms-aspdotnet-stateserver-bo(9276)
Reference: URL:http://www.iss.net/security_center/static/9276.php
Reference: BID:4958
Reference: URL:http://www.securityfocus.com/bid/4958

Description:
Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". Status: Entry
Reference: MS:MS02-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp
Reference: XF:mediaplayer-cache-code-execution(9420)
Reference: URL:http://www.iss.net/security_center/static/9420.php
Reference: BID:5107
Reference: URL:http://www.securityfocus.com/bid/5107
Reference: OVAL:oval:org.mitre.oval:def:281
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:281

Description:
The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service". Status: Entry
Reference: MS:MS02-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp
Reference: XF:mediaplayer-wmdm-privilege-elevation(9421)
Reference: URL:http://www.iss.net/security_center/static/9421.php
Reference: BID:5109
Reference: URL:http://www.securityfocus.com/bid/5109

Description:
Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name. Status: Entry
Reference: BUGTRAQ:20020506 ldap vulnerabilities
Reference: VULNWATCH:20020506 ldap vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html
Reference: CALDERA:CSSA-2002-041.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-041.0.txt
Reference: MANDRAKE:MDKSA-2002:075
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075
Reference: REDHAT:RHSA-2002:084
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-084.html
Reference: REDHAT:RHSA-2002:141
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-141.html
Reference: REDHAT:RHSA-2002:175
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-175.html
Reference: REDHAT:RHSA-2002:180
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-180.html
Reference: BUGTRAQ:20021030 GLSA: pam_ldap
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103601912505261&w=2
Reference: XF:pamldap-config-format-string(9018)
Reference: URL:http://www.iss.net/security_center/static/9018.php
Reference: BID:4679
Reference: URL:http://www.securityfocus.com/bid/4679

Description:
Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field. Status: Entry
Reference: ATSTAKE:A091002-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a091002-1.txt
Reference: BUGTRAQ:20020925 Fwd: QuickTime for Windows ActiveX security advisory
Reference: URL:http://online.securityfocus.com/archive/1/293095
Reference: XF:quicktime-activex-pluginspage-bo(10077)
Reference: URL:http://www.iss.net/security_center/static/10077.php
Reference: BID:5685
Reference: URL:http://www.securityfocus.com/bid/5685

Description:
Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files. Status: Entry
Reference: BUGTRAQ:20020512 Gaim abritary Email Reading
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102130733815285&w=2
Reference: VULN-DEV:20020511 Gaim abritary Email Reading
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0584.html
Reference: CONFIRM:http://gaim.sourceforge.net/ChangeLog
Reference: XF:gaim-email-access(9061)
Reference: URL:http://www.iss.net/security_center/static/9061.php
Reference: BID:4730
Reference: URL:http://www.securityfocus.com/bid/4730

Description:
Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request. Status: Entry
Reference: BUGTRAQ:20020510 wu-imap buffer overflow condition
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102107222100529&w=2
Reference: CONFIRM:http://www.washington.edu/imap/buffer.html
Reference: CALDERA:CSSA-2002-021.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-021.0.txt
Reference: CONECTIVA:CLA-2002:487
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000487
Reference: ENGARDE:ESA-20020607-013
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2120.html
Reference: HP:HPSBTL0205-043
Reference: URL:http://online.securityfocus.com/advisories/4167
Reference: MANDRAKE:MDKSA-2002:034
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-034.php
Reference: REDHAT:RHSA-2002:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-092.html
Reference: CERT-VN:VU#961489
Reference: URL:http://www.kb.cert.org/vuls/id/961489
Reference: BID:4713
Reference: URL:http://www.securityfocus.com/bid/4713
Reference: XF:wuimapd-partial-mailbox-bo(9055)
Reference: URL:http://www.iss.net/security_center/static/9055.php
Reference: XF:wuimapd-authenticated-user-bo(10803)
Reference: URL:http://xforce.iss.net/xforce/xfdb/10803

Description:
Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet. Status: Entry
Reference: REDHAT:RHSA-2002:094
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-094.html
Reference: REDHAT:RHSA-2002:121
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-121.html
Reference: REDHAT:RHSA-2003:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html
Reference: FREEBSD:FreeBSD-SA-02:29
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102650721503642&w=2
Reference: CONECTIVA:CLA-2002:491
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000491
Reference: CALDERA:CSSA-2002-025.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt
Reference: DEBIAN:DSA-255
Reference: URL:http://www.debian.org/security/2003/dsa-255
Reference: BUGTRAQ:20020606 TSLSA-2002-0055 - tcpdump
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102339541014226&w=2
Reference: XF:tcpdump-nfs-bo(9216)
Reference: URL:http://www.iss.net/security_center/static/9216.php
Reference: BID:4890
Reference: URL:http://www.securityfocus.com/bid/4890
Reference: HP:HPSBTL0205-044
Reference: URL:http://online.securityfocus.com/advisories/4169

Description:
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address. Status: Entry
Reference: MISC:http://www.FreeBSD.org/cgi/query-pr.cgi?pr=35022
Reference: BUGTRAQ:20020317 TCP Connections to a Broadcast Address on BSD-Based Systems
Reference: URL:http://online.securityfocus.com/archive/1/262733
Reference: CONFIRM:http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110
Reference: CONFIRM:http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137
Reference: SGI:20030604-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030604-01-I
Reference: BID:4309
Reference: URL:http://www.securityfocus.com/bid/4309
Reference: OSVDB:5308
Reference: URL:http://www.osvdb.org/5308
Reference: XF:bsd-broadcast-address(8485)
Reference: URL:http://www.iss.net/security_center/static/8485.php

Description:
XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters. Status: Entry
Reference: BUGTRAQ:20020327 Xchat /dns command execution vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101725430425490&w=2
Reference: REDHAT:RHSA-2002:097
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-097.html
Reference: REDHAT:RHSA-2002:124
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-124.html
Reference: MANDRAKE:MDKSA-2002:051
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-051.php
Reference: CONECTIVA:CLA-2002:526
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000526
Reference: XF:xchat-dns-execute-commands(8704)
Reference: URL:http://www.iss.net/security_center/static/8704.php
Reference: BID:4376
Reference: URL:http://www.securityfocus.com/bid/4376

Description:
Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code. Status: Entry
Reference: REDHAT:RHSA-2002:098
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-098.html
Reference: REDHAT:RHSA-2002:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-107.html
Reference: REDHAT:RHSA-2002:122
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-122.html
Reference: REDHAT:RHSA-2003:156
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-156.html
Reference: MANDRAKE:MDKSA-2002:054
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:054
Reference: HP:HPSBTL0208-057
Reference: URL:http://online.securityfocus.com/advisories/4358
Reference: XF:gaim-jabber-module-bo(9766)
Reference: URL:http://www.iss.net/security_center/static/9766.php
Reference: BID:5406
Reference: URL:http://www.securityfocus.com/bid/5406
Reference: OSVDB:3729
Reference: URL:http://www.osvdb.org/3729

Description:
Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL. Status: Entry
Reference: ATSTAKE:A031303-1
Reference: URL:http://www.atstake.com/research/advisories/2003/a031303-1.txt
Reference: SUNALERT:52022
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/52022
Reference: CIAC:N-064
Reference: URL:http://www.ciac.org/ciac/bulletins/n-064.shtml
Reference: XF:sunone-gxnsapi6-bo(11529)
Reference: URL:http://xforce.iss.net/xforce/xfdb/11529
Reference: BID:7082
Reference: URL:http://www.securityfocus.com/bid/7082

Description:
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives. Status: Entry
Reference: BUGTRAQ:20020417 Mailman/Pipermail private mailing list/local user vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101902003314968&w=2
Reference: MISC:http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103
Reference: XF:pipermail-view-archives(8874)
Reference: URL:http://www.iss.net/security_center/static/8874.php
Reference: BID:4538
Reference: URL:http://www.securityfocus.com/bid/4538

Description:
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. Status: Entry
Reference: ISS:20020731 Remote Buffer Overflow Vulnerability in Sun RPC
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823
Reference: BUGTRAQ:20020731 Remote Buffer Overflow Vulnerability in Sun RPC
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102813809232532&w=2
Reference: BUGTRAQ:20020801 RPC analysis
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102821785316087&w=2
Reference: BUGTRAQ:20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102831443208382&w=2
Reference: CERT:CA-2002-25
Reference: URL:http://www.cert.org/advisories/CA-2002-25.html
Reference: CERT-VN:VU#192995
Reference: URL:http://www.kb.cert.org/vuls/id/192995
Reference: AIXAPAR:IY34194
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
Reference: CALDERA:CSSA-2002-055.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt
Reference: CONECTIVA:CLA-2002:515
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515
Reference: CONECTIVA:CLA-2002:535
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535
Reference: DEBIAN:DSA-142
Reference: URL:http://www.debian.org/security/2002/dsa-142
Reference: DEBIAN:DSA-143
Reference: URL:http://www.debian.org/security/2002/dsa-143
Reference: DEBIAN:DSA-146
Reference: URL:http://www.debian.org/security/2002/dsa-146
Reference: DEBIAN:DSA-149
Reference: URL:http://www.debian.org/security/2002/dsa-149
Reference: DEBIAN:DSA-333
Reference: URL:http://www.debian.org/security/2003/dsa-333
Reference: ENGARDE:ESA-20021003-021
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2399.html
Reference: FREEBSD:FreeBSD-SA-02:34.rpc
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102821928418261&w=2
Reference: HP:HPSBTL0208-061
Reference: URL:http://online.securityfocus.com/advisories/4402
Reference: HP:HPSBUX0209-215
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0077.html
Reference: MANDRAKE:MDKSA-2002:057
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057
Reference: MS:MS02-057
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-057.asp
Reference: NETBSD:NetBSD-SA2002-011
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc
Reference: REDHAT:RHSA-2002:166
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-166.html
Reference: REDHAT:RHSA-2003:168
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html
Reference: REDHAT:RHSA-2002:172
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-172.html
Reference: REDHAT:RHSA-2002:173
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-173.html
Reference: REDHAT:RHSA-2002:167
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-167.html
Reference: REDHAT:RHSA-2003:212
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-212.html
Reference: SGI:20020801-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A
Reference: SGI:20020801-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A
Reference: SUSE:SuSE-SA:2002:031
Reference: BUGTRAQ:20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html
Reference: BUGTRAQ:20020802 kerberos rpc xdr_array
Reference: URL:http://online.securityfocus.com/archive/1/285740
Reference: BUGTRAQ:20020909 GLSA: glibc
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103158632831416&w=2
Reference: XF:sunrpc-xdr-array-bo(9170)
Reference: URL:http://www.iss.net/security_center/static/9170.php
Reference: BID:5356
Reference: URL:http://www.securityfocus.com/bid/5356
Reference: OVAL:oval:org.mitre.oval:def:42
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:42
Reference: OVAL:oval:org.mitre.oval:def:4728
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4728
Reference: OVAL:oval:org.mitre.oval:def:9
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9

Description:
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. Status: Entry
Reference: CONFIRM:http://httpd.apache.org/info/security_bulletin_20020617.txt
Reference: VULNWATCH:20020617 [VulnWatch] Apache httpd: vulnerability with chunked encoding
Reference: ISS:20020617 Remote Compromise Vulnerability in Apache HTTP Server
Reference: BUGTRAQ:20020617 Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server
Reference: BUGTRAQ:20020617 Re: Remote Compromise Vulnerability in Apache HTTP Server
Reference: BUGTRAQ:20020618 Fixed version of Apache 1.3 available
Reference: BUGTRAQ:20020619 Implications of Apache vuln for Oracle
Reference: BUGTRAQ:20020619 Remote Apache 1.3.x Exploit
Reference: BUGTRAQ:20020620 Apache Exploit
Reference: BUGTRAQ:20020620 TSLSA-2002-0056 - apache
Reference: BUGTRAQ:20020621 [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
Reference: URL:http://online.securityfocus.com/archive/1/278149
Reference: BUGTRAQ:20020622 Ending a few arguments with one simple attachment.
Reference: BUGTRAQ:20020622 blowchunks - protecting existing apache servers until upgrades arrive
Reference: CERT:CA-2002-17
Reference: URL:http://www.cert.org/advisories/CA-2002-17.html
Reference: HP:HPSBMA02149
Reference: URL:http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083816475
Reference: HP:SSRT050968
Reference: URL:http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083816475
Reference: SGI:20020605-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A
Reference: SGI:20020605-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I
Reference: REDHAT:RHSA-2002:103
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-103.html
Reference: REDHAT:RHSA-2002:126
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-126.html
Reference: REDHAT:RHSA-2002:150
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-150.html
Reference: REDHAT:RHSA-2003:106
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-106.html
Reference: MANDRAKE:MDKSA-2002:039
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:039
Reference: CALDERA:CSSA-2002-029.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt
Reference: CALDERA:CSSA-2002-SCO.31
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31
Reference: CALDERA:CSSA-2002-SCO.32
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32
Reference: COMPAQ:SSRT2253
Reference: CONECTIVA:CLSA-2002:498
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498
Reference: DEBIAN:DSA-131
Reference: URL:http://www.debian.org/security/2002/dsa-131
Reference: DEBIAN:DSA-132
Reference: URL:http://www.debian.org/security/2002/dsa-132
Reference: DEBIAN:DSA-133
Reference: URL:http://www.debian.org/security/2002/dsa-133
Reference: ENGARDE:ESA-20020619-014
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2137.html
Reference: REDHAT:RHSA-2002:118
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-118.html
Reference: REDHAT:RHSA-2002:117
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-117.html
Reference: BUGTRAQ:20020619 [OpenPKG-SA-2002.004] OpenPKG Security Advisory (apache)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0235.html
Reference: BUGTRAQ:20020621 [slackware-security] new apache/mod_ssl packages available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0266.html
Reference: SUSE:SuSE-SA:2002:022
Reference: URL:http://www.novell.com/linux/security/advisories/2002_22_apache.html
Reference: CERT-VN:VU#944335
Reference: URL:http://www.kb.cert.org/vuls/id/944335
Reference: HP:HPSBTL0206-049
Reference: URL:http://online.securityfocus.com/advisories/4240
Reference: HP:HPSBUX0207-197
Reference: URL:http://online.securityfocus.com/advisories/4257
Reference: BID:5033
Reference: URL:http://www.securityfocus.com/bid/5033
Reference: BID:20005
Reference: URL:http://www.securityfocus.com/bid/20005
Reference: FRSIRT:ADV-2006-3598
Reference: URL:http://www.frsirt.com/english/advisories/2006/3598
Reference: OSVDB:838
Reference: URL:http://www.osvdb.org/838
Reference: SECUNIA:21917
Reference: URL:http://secunia.com/advisories/21917
Reference: XF:apache-chunked-encoding-bo(9249)
Reference: URL:http://www.iss.net/security_center/static/9249.php

Description:
Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, which makes it easier for attackers to conduct a brute force guessing attack due to the smaller space of possible passwords. Status: Entry
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: XF:redm-1050ap-insecure-passwords(9263)
Reference: URL:http://www.iss.net/security_center/static/9263.php

Description:
The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods. Status: Entry
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: XF:redm-1050ap-tftp-bruteforce(9264)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9264

Description:
The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session. Status: Entry
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: BID:4940
Reference: URL:http://www.securityfocus.com/bid/4940
Reference: XF:redm-1050ap-insecure-session(9265)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9265

Description:
Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887. Status: Entry
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: XF:redm-1050ap-device-existence(9266)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9266

Description:
Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name. Status: Entry
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: BID:4943
Reference: URL:http://www.securityfocus.com/bid/4943
Reference: XF:redm-1050ap-ppp-dos(9267)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9267

Description:
ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype. Status: Entry
Reference: CONFIRM:http://www.isc.org/index.pl?/sw/bind/bind-security.php
Reference: CERT:CA-2002-15
Reference: URL:http://www.cert.org/advisories/CA-2002-15.html
Reference: CERT-VN:VU#739123
Reference: URL:http://www.kb.cert.org/vuls/id/739123
Reference: ISS:20020604 Remote Denial of Service Vulnerability in ISC BIND
Reference: CALDERA:CSSA-2002-SCO.24
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt
Reference: CONECTIVA:CLA-2002:494
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494
Reference: HP:HPSBUX0207-202
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0022.html
Reference: MANDRAKE:MDKSA-2002:038
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038
Reference: REDHAT:RHSA-2002:105
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-105.html
Reference: REDHAT:RHSA-2002:119
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-119.html
Reference: REDHAT:RHSA-2003:154
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-154.html
Reference: SUSE:SuSE-SA:2002:021
Reference: URL:http://www.novell.com/linux/security/advisories/2002_21_bind9.html
Reference: BID:4936
Reference: URL:http://www.securityfocus.com/bid/4936
Reference: XF:bind-findtype-dos(9250)
Reference: URL:http://www.iss.net/security_center/static/9250.php

Description:
SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer. Status: Entry
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: REDHAT:RHSA-2002:036
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-036.html
Reference: REDHAT:RHSA-2002:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html
Reference: CONECTIVA:CLSA-2002:505
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
Reference: CALDERA:CSSA-2002-037.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
Reference: BID:4806
Reference: URL:http://www.securityfocus.com/bid/4806
Reference: XF:ethereal-smb-dissector-dos(9204)
Reference: URL:http://www.iss.net/security_center/static/9204.php

Description:
Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms. Status: Entry
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2
Reference: REDHAT:RHSA-2002:036
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-036.html
Reference: REDHAT:RHSA-2002:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html
Reference: REDHAT:RHSA-2002:170
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-170.html
Reference: CONECTIVA:CLSA-2002:505
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
Reference: CALDERA:CSSA-2002-037.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
Reference: XF:ethereal-x11-dissector-bo(9203)
Reference: URL:http://www.iss.net/security_center/static/9203.php
Reference: BID:4805
Reference: URL:http://www.securityfocus.com/bid/4805

Description:
DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. Status: Entry
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2
Reference: REDHAT:RHSA-2002:036
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-036.html
Reference: REDHAT:RHSA-2002:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html
Reference: REDHAT:RHSA-2002:170
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-170.html
Reference: CONECTIVA:CLSA-2002:505
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
Reference: CALDERA:CSSA-2002-037.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
Reference: BID:4807
Reference: URL:http://www.securityfocus.com/bid/4807
Reference: XF:ethereal-dns-dissector-dos(9205)
Reference: URL:http://www.iss.net/security_center/static/9205.php

Description:
Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption). Status: Entry
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2
Reference: REDHAT:RHSA-2002:036
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-036.html
Reference: REDHAT:RHSA-2002:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html
Reference: REDHAT:RHSA-2002:170
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-170.html
Reference: CONECTIVA:CLSA-2002:505
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
Reference: CALDERA:CSSA-2002-037.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
Reference: BID:4808
Reference: URL:http://www.securityfocus.com/bid/4808
Reference: XF:ethereal-giop-dissector-dos(9206)
Reference: URL:http://www.iss.net/security_center/static/9206.php

Description:
Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in. Status: Entry
Reference: BUGTRAQ:20020302 Denial of Service in Sphereserver
Reference: URL:http://online.securityfocus.com/archive/1/259334
Reference: XF:sphereserver-connections-dos(8338)
Reference: URL:http://www.iss.net/security_center/static/8338.php
Reference: BID:4258
Reference: URL:http://www.securityfocus.com/bid/4258

Description:
Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication. Status: Entry
Reference: BUGTRAQ:20020304 [H20020304]: Remotely exploitable format string vulnerability in ntop
Reference: URL:http://online.securityfocus.com/archive/1/259642
Reference: BUGTRAQ:20020411 ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101854261030453&w=2
Reference: BUGTRAQ:20020411 re: gobbles ntop alert
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101856541322245&w=2
Reference: BUGTRAQ:20020417 segfault in ntop
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101908224609740&w=2
Reference: VULNWATCH:20020304 [VulnWatch] [H20020304]: Remotely exploitable format string vulnerability in ntop
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0056.html
Reference: CONFIRM:http://snapshot.ntop.org/
Reference: MISC:http://listmanager.unipi.it/pipermail/ntop-dev/2002-February/000489.html
Reference: XF:ntop-traceevent-format-string(8347)
Reference: URL:http://www.iss.net/security_center/static/8347.php
Reference: BID:4225
Reference: URL:http://www.securityfocus.com/bid/4225
Reference: OSVDB:5307
Reference: URL:http://www.osvdb.org/5307

Description:
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. Status: Entry
Reference: BUGTRAQ:20020304 BSD: IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec
Reference: URL:http://www.securityfocus.com/archive/1/259598
Reference: CONFIRM:http://orange.kame.net/dev/cvsweb.cgi/kame/CHANGELOG
Reference: BID:4224
Reference: URL:http://www.securityfocus.com/bid/4224
Reference: XF:kame-forged-packet-forwarding(8416)
Reference: URL:http://www.iss.net/security_center/static/8416.php
Reference: VULNWATCH:20020304 [VulnWatch] BSD: IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0057.html
Reference: OSVDB:5304
Reference: URL:http://www.osvdb.org/5304

Description:
Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup. Status: Entry
Reference: BUGTRAQ:20020306 efingerd remote buffer overflow and a dangerous feature
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html
Reference: CONFIRM:http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.5.tar.gz
Reference: BID:4239
Reference: URL:http://www.securityfocus.com/bid/4239
Reference: XF:efingerd-reverse-lookup-bo(8380)
Reference: URL:http://www.iss.net/security_center/static/8380.php

Description:
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger. Status: Entry
Reference: BUGTRAQ:20020306 efingerd remote buffer overflow and a dangerous feature
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html
Reference: CONFIRM:http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz
Reference: BID:4240
Reference: URL:http://www.securityfocus.com/bid/4240
Reference: XF:efingerd-file-execution(8381)
Reference: URL:http://www.iss.net/security_center/static/8381.php

Description:
mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message. Status: Entry
Reference: BUGTRAQ:20020306 mIRC DCC Server Security Flaw
Reference: URL:http://online.securityfocus.com/archive/1/260244
Reference: XF:mirc-dcc-reveal-info(8393)
Reference: URL:http://www.iss.net/security_center/static/8393.php
Reference: BID:4247
Reference: URL:http://www.securityfocus.com/bid/4247
Reference: OSVDB:5301
Reference: URL:http://www.osvdb.org/5301

Description:
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall). Status: Entry
Reference: BUGTRAQ:20020308 linux <=2.4.18 x86 traps.c problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101561298818888&w=2
Reference: CONFIRM:http://www.openwall.com/linux/
Reference: DEBIAN:DSA-311
Reference: URL:http://www.debian.org/security/2003/dsa-311
Reference: DEBIAN:DSA-312
Reference: URL:http://www.debian.org/security/2003/dsa-312
Reference: DEBIAN:DSA-332
Reference: URL:http://www.debian.org/security/2003/dsa-332
Reference: DEBIAN:DSA-336
Reference: URL:http://www.debian.org/security/2003/dsa-336
Reference: DEBIAN:DSA-442
Reference: URL:http://www.debian.org/security/2004/dsa-442
Reference: REDHAT:RHSA-2002:158
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-158.html
Reference: BID:4259
Reference: URL:http://www.securityfocus.com/bid/4259
Reference: XF:linux-ibcs-lcall-process(8420)
Reference: URL:http://www.iss.net/security_center/static/8420.php

Description:
XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection. Status: Entry
Reference: BUGTRAQ:20020309 xtux server DoS.
Reference: URL:http://online.securityfocus.com/archive/1/260912
Reference: MISC:https://sourceforge.net/tracker/index.php?func=detail&aid=529046&group_id=206&atid=100206
Reference: BID:4260
Reference: URL:http://www.securityfocus.com/bid/4260
Reference: XF:xtux-server-dos(8422)
Reference: URL:http://www.iss.net/security_center/static/8422.php

Description:
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system. Status: Entry
Reference: BUGTRAQ:20020310 GNU fileutils - recursive directory removal race condition
Reference: URL:http://www.securityfocus.com/archive/1/260936
Reference: CONFIRM:http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html
Reference: CALDERA:CSSA-2002-018.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt
Reference: REDHAT:RHSA-2003:015
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-015.html
Reference: REDHAT:RHSA-2003:016
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-016.html
Reference: XF:gnu-fileutils-race-condition(8432)
Reference: URL:http://www.iss.net/security_center/static/8432.php
Reference: BID:4266
Reference: URL:http://www.securityfocus.com/bid/4266
Reference: MANDRAKE:MDKSA-2002:031
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php

Description:
Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format vulnerability" by some sources. Status: Entry
Reference: BUGTRAQ:20020311 SMStools vulnerabilities in release before 1.4.8
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0103.html
Reference: CONFIRM:http://www.isis.de/members/~s.frings/smstools/history.html
Reference: BID:4268
Reference: URL:http://www.securityfocus.com/bid/4268
Reference: XF:sms-tools-format-string(8433)
Reference: URL:http://www.iss.net/security_center/static/8433.php

Description:
Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter. Status: Entry
Reference: BUGTRAQ:20020311 Directory traversal vulnerability in phpimglist
Reference: URL:http://www.securityfocus.com/archive/1/261221
Reference: CONFIRM:http://www.liquidpulse.net/get.lp?id=17
Reference: XF:phpimglist-dot-directory-traversal(8441)
Reference: URL:http://www.iss.net/security_center/static/8441.php
Reference: BID:4276
Reference: URL:http://www.securityfocus.com/bid/4276

Description:
Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges. Status: Entry
Reference: CALDERA:CSSA-2002-SCO.8
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.8/CSSA-2002-SCO.8.txt
Reference: XF:openserver-dlvraudit-bo(8442)
Reference: URL:http://www.iss.net/security_center/static/8442.php
Reference: BID:4273
Reference: URL:http://www.securityfocus.com/bid/4273

Description:
Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. Status: Entry
Reference: BUGTRAQ:20020307 Windows 2000 password policy bypass possibility
Reference: URL:http://online.securityfocus.com/archive/1/260704
Reference: XF:win2k-password-bypass-policy(8402)
Reference: URL:http://www.iss.net/security_center/static/8402.php
Reference: BID:4256
Reference: URL:http://www.securityfocus.com/bid/4256

Description:
Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. Status: Entry
Reference: BUGTRAQ:20020408 Vulnerability: Windows2000Server running Terminalservices
Reference: URL:http://www.securityfocus.com/archive/1/266729
Reference: BID:4464
Reference: URL:http://www.securityfocus.com/bid/4464
Reference: XF:win2k-terminal-bypass-policies(8813)
Reference: URL:http://www.iss.net/security_center/static/8813.php

Description:
article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message. Status: Entry
Reference: BUGTRAQ:20020312 [ARL02-A05] PHP FirstPost System Information Path Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/261337
Reference: XF:phpfirstpost-path-disclosure(8434)
Reference: URL:http://www.iss.net/security_center/static/8434.php
Reference: BID:4274
Reference: URL:http://www.securityfocus.com/bid/4274
Reference: OSVDB:7170
Reference: URL:http://www.osvdb.org/7170

Description:
filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter. Status: Entry
Reference: BUGTRAQ:20020313 Command execution in phprojekt.
Reference: URL:http://www.securityfocus.com/archive/1/261676
Reference: CONFIRM:http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=19&mode=&order=
Reference: BID:4284
Reference: URL:http://www.securityfocus.com/bid/4284
Reference: XF:phpprojekt-filemanager-include-files(8448)
Reference: URL:http://www.iss.net/security_center/static/8448.php

Description:
Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop. Status: Entry
Reference: BUGTRAQ:20020315 Bug in QPopper (All Versions?)
Reference: URL:http://www.securityfocus.com/archive/1/262213
Reference: CONFIRM:ftp://ftp.qualcomm.com/eudora/servers/unix/popper/qpopper4.0.4.tar.gz
Reference: XF:qpopper-qpopper-dos(8458)
Reference: URL:http://www.iss.net/security_center/static/8458.php
Reference: BID:4295
Reference: URL:http://www.securityfocus.com/bid/4295
Reference: CALDERA:CSSA-2002-SCO.20

Description:
bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled. Status: Entry
Reference: BUGTRAQ:20020318 [ARL02-A11] Big Sam (Built-In Guestbook Stand-Alone Module) Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/262735
Reference: CONFIRM:http://www.gezzed.net/bigsam/bigsam.1_1_12.php.txt
Reference: XF:bigsam-displaybegin-dos(8478)
Reference: URL:http://www.iss.net/security_center/static/8478.php
Reference: XF:bigsam-safemode-path-disclosure(8479)
Reference: URL:http://www.iss.net/security_center/static/8479.php
Reference: BID:4312
Reference: URL:http://www.securityfocus.com/bid/4312
Reference: OSVDB:5287
Reference: URL:http://www.osvdb.org/5287
Reference: OSVDB:5288
Reference: URL:http://www.osvdb.org/5288

Description:
home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message. Status: Entry
Reference: BUGTRAQ:20020319 Re: [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/262802
Reference: BUGTRAQ:20020316 [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/262652
Reference: BID:4307
Reference: URL:http://www.securityfocus.com/bid/4307
Reference: XF:arsc-language-path-disclosure(8472)
Reference: URL:http://www.iss.net/security_center/static/8472.php

Description:
Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp. Status: Entry
Reference: BUGTRAQ:20020318 Hosting Directory Traversal madness...
Reference: URL:http://www.securityfocus.com/archive/1/262734
Reference: CONFIRM:http://www.hostingcontroller.com/english/patches/ForAll/download/dot-slash.zip
Reference: BID:4311
Reference: URL:http://www.securityfocus.com/bid/4311

Description:
db.php in phBB 2.0 (aka phBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter. Status: Entry
Reference: VULN-DEV:20020318 phpBB2 remote execution command
Reference: URL:http://online.securityfocus.com/archive/82/262600
Reference: BUGTRAQ:20020318 Re: phpBB2 remote execution command (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html
Reference: BUGTRAQ:20020318 phpBB2 remote execution command
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0229.html
Reference: CONFIRM:http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip
Reference: MISC:http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483
Reference: BID:4380
Reference: URL:http://www.securityfocus.com/bid/4380
Reference: XF:phpbb-db-command-execution(8476)
Reference: URL:http://www.iss.net/security_center/static/8476.php
Reference: OSVDB:4268
Reference: URL:http://www.osvdb.org/4268

Description:
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. Status: Entry
Reference: BUGTRAQ:20020321 Re: move_uploaded_file breaks safe_mode restrictions in PHP
Reference: URL:http://online.securityfocus.com/archive/1/263259
Reference: BUGTRAQ:20020317 move_uploaded_file breaks safe_mode restrictions in PHP
Reference: URL:http://online.securityfocus.com/archive/1/262999
Reference: BUGTRAQ:20020322 Re: move_uploaded_file breaks safe_mode restrictions in PHP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101683938806677&w=2
Reference: CONFIRM:http://bugs.php.net/bug.php?id=16128
Reference: XF:php-moveuploadedfile-create-files(8591)
Reference: URL:http://www.iss.net/security_center/static/8591.php
Reference: BID:4325
Reference: URL:http://www.securityfocus.com/bid/4325

Description:
Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter. Status: Entry
Reference: BUGTRAQ:20020321 PHP script: Penguin Traceroute, Remote Command Execution
Reference: URL:http://www.securityfocus.com/archive/1/263285
Reference: CONFIRM:http://www.linux-directory.com/scripts/traceroute.pl
Reference: XF:penguin-traceroute-command-execution(8600)
Reference: URL:http://www.iss.net/security_center/static/8600.php
Reference: BID:4332
Reference: URL:http://www.securityfocus.com/bid/4332

Description:
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php. Status: Entry
Reference: BUGTRAQ:20020323 Instant Web Mail additional POP3 commands and mail headers
Reference: URL:http://www.securityfocus.com/archive/1/264041
Reference: CONFIRM:http://instantwebmail.sourceforge.net/#changeLog
Reference: XF:instant-webmail-pop-commands(8650)
Reference: URL:http://www.iss.net/security_center/static/8650.php
Reference: BID:4361
Reference: URL:http://www.securityfocus.com/bid/4361

Description:
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions. Status: Entry
Reference: BUGTRAQ:20020325 re: Tomcat Security Exposure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101709002410365&w=2
Reference: MISC:http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail@icarus.apache.org%3E
Reference: XF:tomcat-xml-bypass-restrictions(9863)
Reference: URL:http://www.iss.net/security_center/static/9863.php

Description:
Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name. Status: Entry
Reference: BUGTRAQ:20020325 WebSight Directory System: cross-site-scripting bug
Reference: URL:http://www.securityfocus.com/archive/1/263914
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=163389
Reference: BID:4357
Reference: URL:http://www.securityfocus.com/bid/4357
Reference: XF:websight-directory-system-css(8624)
Reference: URL:http://www.iss.net/security_center/static/8624.php

Description:
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi. Status: Entry
Reference: BUGTRAQ:20020325 CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)
Reference: URL:http://www.securityfocus.com/archive/1/264169
Reference: MISC:http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7
Reference: BID:4368
Reference: URL:http://www.securityfocus.com/bid/4368
Reference: XF:cssearch-url-execute-commands(8636)
Reference: URL:http://www.iss.net/security_center/static/8636.php

Description:
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable. Status: Entry
Reference: BUGTRAQ:20020306 mtr 0.45, 0.46
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0048.html
Reference: DEBIAN:DSA-124
Reference: URL:http://www.debian.org/security/2002/dsa-124
Reference: BID:4217
Reference: URL:http://www.securityfocus.com/bid/4217
Reference: XF:mtr-options-bo(8367)
Reference: URL:http://www.iss.net/security_center/static/8367.php

Description:
Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages. Status: Entry
Reference: BUGTRAQ:20020327 Format String Bug in Posadis DNS Server
Reference: URL:http://online.securityfocus.com/archive/1/264450
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=165094
Reference: XF:posadis-logging-format-string(8653)
Reference: URL:http://www.iss.net/security_center/static/8653.php
Reference: BID:4378
Reference: URL:http://www.securityfocus.com/bid/4378
Reference: OSVDB:3516
Reference: URL:http://www.osvdb.org/3516

Description:
Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords. Status: Entry
Reference: CISCO:20020327 LDAP Connection Leak in CTI when User Authentication Fails
Reference: URL:http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml
Reference: XF:cisco-cti-memory-leak(8655)
Reference: URL:http://www.iss.net/security_center/static/8655.php
Reference: BID:4370
Reference: URL:http://www.securityfocus.com/bid/4370

Description:
Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt. Status: Entry
Reference: BUGTRAQ:20020328 A possible buffer overflow in libnewt
Reference: URL:http://online.securityfocus.com/archive/1/264699
Reference: XF:libnewt-bo(8700)
Reference: URL:http://www.iss.net/security_center/static/8700.php
Reference: BID:4393
Reference: URL:http://www.securityfocus.com/bid/4393

Description:
The default configuration of Name Service Cache Daemon (nscd) in Caldera OpenLinux 3.1 and 3.1.1 uses cached PTR records instead of consulting the authoritative DNS server for the A record, which could make it easier for remote attackers to bypass applications that restrict access based on host names. Status: Entry
Reference: CALDERA:CSSA-2002-013.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-013.0.txt
Reference: XF:nscd-dns-ptr-validation(8745)
Reference: URL:http://www.iss.net/security_center/static/8745.php
Reference: BID:4399
Reference: URL:http://www.securityfocus.com/bid/4399

Description:
startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries. Status: Entry
Reference: CALDERA:CSSA-2002-005.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt
Reference: BID:4400
Reference: URL:http://www.securityfocus.com/bid/4400
Reference: XF:kde-startkde-search-directory(8737)
Reference: URL:http://www.iss.net/security_center/static/8737.php

Description:
The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator. Status: Entry
Reference: BUGTRAQ:20020330 popper_mod 1.2.1 and previous accounts compromise
Reference: URL:http://online.securityfocus.com/archive/1/265438
Reference: CONFIRM:http://www.symatec-computer.com/forums/viewtopic.php?t=14
Reference: XF:symatec-popper-admin-access(8746)
Reference: URL:http://www.iss.net/security_center/static/8746.php
Reference: BID:4412
Reference: URL:http://www.securityfocus.com/bid/4412

Description:
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie. Status: Entry
Reference: BUGTRAQ:20020327 squirrelmail 1.2.5 email user can execute command
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html
Reference: BUGTRAQ:20020331 Re: squirrelmail 1.2.5 email user can execute command
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html
Reference: BID:4385
Reference: URL:http://www.securityfocus.com/bid/4385
Reference: XF:squirrelmail-theme-command-execution(8671)
Reference: URL:http://www.iss.net/security_center/static/8671.php

Description:
Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter. Status: Entry
Reference: BUGTRAQ:20020403 emumail.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0066.html
Reference: CONFIRM:http://www.emumail.com/downloads/download_unix.html/
Reference: XF:emumail-cgi-view-files(8766)
Reference: URL:http://www.iss.net/security_center/static/8766.php
Reference: BID:4435
Reference: URL:http://www.securityfocus.com/bid/4435

Description:
EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters. Status: Entry
Reference: BUGTRAQ:20020410 Re: emumail.cgi, one more local vulnerability (not verified)
Reference: URL:http://online.securityfocus.com/archive/1/266930
Reference: XF:emumail-http-host-execute(8836)
Reference: URL:http://www.iss.net/security_center/static/8836.php
Reference: BID:4488
Reference: URL:http://www.securityfocus.com/bid/4488
Reference: OSVDB:5270
Reference: URL:http://www.osvdb.org/5270

Description:
PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack. Status: Entry
Reference: BUGTRAQ:20020403 SQL injection in PHPGroupware
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0036.html
Reference: BUGTRAQ:20020411 Re: SQL injection in PHPGroupware
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0143.html
Reference: XF:phpgroupware-sql-injection(8755)
Reference: URL:http://www.iss.net/security_center/static/8755.php
Reference: BID:4424
Reference: URL:http://www.securityfocus.com/bid/4424
Reference: OSVDB:5153
Reference: URL:http://www.osvdb.org/5153

Description:
FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability. Status: Entry
Reference: BUGTRAQ:20020415 Raptor Firewall FTP Bounce vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0166.html
Reference: BUGTRAQ:20020417 Re: Raptor Firewall FTP Bounce vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0224.html
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.04.17.html
Reference: XF:raptor-firewall-ftp-bounce(8847)
Reference: URL:http://www.iss.net/security_center/static/8847.php
Reference: BID:4522
Reference: URL:http://www.securityfocus.com/bid/4522

Description:
Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie. Status: Entry
Reference: BUGTRAQ:20020415 Demarc PureSecure 1.05 may be other (user can bypass login)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0168.html
Reference: BUGTRAQ:20020417 Demarc Security Update Advisory
Reference: URL:http://online.securityfocus.com/archive/1/267941
Reference: XF:puresecure-sql-injection(8854)
Reference: URL:http://www.iss.net/security_center/static/8854.php
Reference: BID:4520
Reference: URL:http://www.securityfocus.com/bid/4520
Reference: OSVDB:5239
Reference: URL:http://www.osvdb.org/5239

Description:
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron. Status: Entry
Reference: BUGTRAQ:20020411 local root compromise in openbsd 3.0 and below
Reference: URL:http://online.securityfocus.com/archive/1/267089
Reference: BUGTRAQ:20020411 OpenBSD Local Root Compromise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101855467811695&w=2
Reference: CONFIRM:http://www.openbsd.org/errata30.html#mail
Reference: XF:openbsd-mail-root-privileges(8818)
Reference: URL:http://www.iss.net/security_center/static/8818.php
Reference: BID:4495
Reference: URL:http://www.securityfocus.com/bid/4495
Reference: OSVDB:5269
Reference: URL:http://www.osvdb.org/5269

Description:
Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request. Status: Entry
Reference: BUGTRAQ:20020409 Abyss Webserver 1.0 Administration password file retrieval exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0110.html
Reference: CONFIRM:http://www.aprelium.com/forum/viewtopic.php?t=24
Reference: BID:4466
Reference: URL:http://www.securityfocus.com/bid/4466
Reference: XF:abyss-unicode-directory-traversal(8805)
Reference: URL:http://www.iss.net/security_center/static/8805.php

Description:
Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords. Status: Entry
Reference: CISCO:20020409 Aironet Telnet Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/Aironet-Telnet.shtml
Reference: BID:4461
Reference: URL:http://www.securityfocus.com/bid/4461
Reference: XF:cisco-aironet-telnet-dos(8788)
Reference: URL:http://www.iss.net/security_center/static/8788.php

Description:
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file. Status: Entry
Reference: BUGTRAQ:20020403 Winamp: Mp3 file can control the minibrowser
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html
Reference: BUGTRAQ:20020403 Re: Winamp: Mp3 file can control the minibrowser
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html
Reference: XF:winamp-mp3-browser-css(8753)
Reference: URL:http://www.iss.net/security_center/static/8753.php
Reference: BID:4414
Reference: URL:http://www.securityfocus.com/bid/4414

Description:
Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration. Status: Entry
Reference: BUGTRAQ:20020413 SunSop: cross-site-scripting bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0154.html
Reference: XF:sunshop-new-cust-css(8840)
Reference: URL:http://www.iss.net/security_center/static/8840.php
Reference: BID:4506
Reference: URL:http://www.securityfocus.com/bid/4506

Description:
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. Status: Entry
Reference: BUGTRAQ:20020206 Remote Compromise in Oracle 9i Database Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301332402079&w=2
Reference: CERT-VN:VU#180147
Reference: URL:http://www.kb.cert.org/vuls/id/180147
Reference: CERT:CA-2002-08
Reference: URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf
Reference: BID:4033
Reference: URL:http://www.securityfocus.com/bid/4033
Reference: XF:oracle-plsql-remote-access(8089)
Reference: URL:http://xforce.iss.net/static/8089.php

Description:
Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet). Status: Entry
Reference: BUGTRAQ:20020206 Hackproofing Oracle Application Server paper
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301813117562&w=2
Reference: CERT-VN:VU#977251
Reference: URL:http://www.kb.cert.org/vuls/id/977251
Reference: CERT:CA-2002-08
Reference: URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: MISC:http://www.nextgenss.com/papers/hpoas.pdf
Reference: BID:4298
Reference: URL:http://www.securityfocus.com/bid/4298
Reference: XF:oracle-appserver-config-file-access(8453)
Reference: URL:http://www.iss.net/security_center/static/8453.php

Description:
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. Status: Entry
Reference: BUGTRAQ:20020416 ansi outer join syntax in Oracle allows access to any data
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0175.html
Reference: CIAC:M-071
Reference: URL:http://www.ciac.org/ciac/bulletins/m-071.shtml
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf
Reference: XF:oracle-ansi-sql-bypass-acl(8855)
Reference: URL:http://www.iss.net/security_center/static/8855.php
Reference: BID:4523
Reference: URL:http://www.securityfocus.com/bid/4523
Reference: OSVDB:5236
Reference: URL:http://www.osvdb.org/5236

Description:
Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed. Status: Entry
Reference: BUGTRAQ:20020430 Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System
Reference: URL:http://online.securityfocus.com/archive/1/270268
Reference: VULNWATCH:20020430 [VulnWatch] Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0049.html
Reference: CERT:CA-2002-10
Reference: URL:http://www.cert.org/advisories/CA-2002-10.html
Reference: CERT-VN:VU#638099
Reference: URL:http://www.kb.cert.org/vuls/id/638099
Reference: XF:solaris-rwall-format-string(8971)
Reference: URL:http://www.iss.net/security_center/static/8971.php
Reference: BID:4639
Reference: URL:http://www.securityfocus.com/bid/4639
Reference: OSVDB:778
Reference: URL:http://www.osvdb.org/778
Reference: OVAL:oval:org.mitre.oval:def:41
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:41
Reference: OVAL:oval:org.mitre.oval:def:79
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:79

Description:
Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed. Status: Entry
Reference: FREEBSD:FreeBSD-SA-02:21
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc
Reference: BID:4539
Reference: URL:http://www.securityfocus.com/bid/4539
Reference: XF:freebsd-icmp-echo-reply-dos(8893)
Reference: URL:http://www.iss.net/security_center/static/8893.php
Reference: OSVDB:5232
Reference: URL:http://www.osvdb.org/5232

Description:
Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges. Status: Entry
Reference: BUGTRAQ:20020426 Revised OpenSSH Security Advisory (adv.token)
Reference: URL:http://online.securityfocus.com/archive/1/269701
Reference: BUGTRAQ:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow
Reference: URL:http://online.securityfocus.com/archive/1/268718
Reference: VULN-DEV:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101924296115863&w=2
Reference: BUGTRAQ:20020517 OpenSSH 3.2.2 released (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102167972421837&w=2
Reference: BUGTRAQ:20020429 TSLSA-2002-0047 - openssh
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0394.html
Reference: BUGTRAQ:20020420 OpenSSH Security Advisory (adv.token)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0298.html
Reference: CALDERA:CSSA-2002-022.2
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-022.2.txt
Reference: BID:4560
Reference: URL:http://www.securityfocus.com/bid/4560
Reference: XF:openssh-sshd-kerberos-bo(8896)
Reference: URL:http://www.iss.net/security_center/static/8896.php
Reference: OSVDB:781
Reference: URL:http://www.osvdb.org/781

Description:
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message. Status: Entry
Reference: BUGTRAQ:20020418 KPMG-2002013: Coldfusion Path Disclosure
Reference: URL:http://online.securityfocus.com/archive/1/268263
Reference: VULNWATCH:20020418 [VulnWatch] KPMG-2002013: Coldfusion Path Disclosure
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22906
Reference: BID:4542
Reference: URL:http://www.securityfocus.com/bid/4542
Reference: XF:coldfusion-dos-device-path-disclosure(8866)
Reference: URL:http://www.iss.net/security_center/static/8866.php
Reference: OSVDB:3337
Reference: URL:http://www.osvdb.org/3337

Description:
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect. Status: Entry
Reference: BUGTRAQ:20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)
Reference: URL:http://online.securityfocus.com/archive/1/270249
Reference: CONECTIVA:CLA-2002:490
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490
Reference: REDHAT:RHSA-2002:192
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html
Reference: REDHAT:RHSA-2003:046
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-046.html
Reference: BID:4640
Reference: URL:http://www.securityfocus.com/bid/4640
Reference: XF:mozilla-css-files-exist(8977)
Reference: URL:http://www.iss.net/security_center/static/8977.php

Description:
LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445. Status: Entry
Reference: BUGTRAQ:20020417 KPMG-2002011: Windows 2000 microsoft-ds Denial of Service
Reference: URL:http://online.securityfocus.com/archive/1/268066
Reference: VULNWATCH:20020417 [VulnWatch] KPMG-2002011: Windows 2000 microsoft-ds Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0025.html
Reference: MSKB:Q320751
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q320751
Reference: CERT-VN:VU#693099
Reference: URL:http://www.kb.cert.org/vuls/id/693099
Reference: BID:4532
Reference: URL:http://www.securityfocus.com/bid/4532
Reference: OSVDB:5179
Reference: URL:http://www.osvdb.org/5179
Reference: XF:win2k-lanman-dos(8867)
Reference: URL:http://www.iss.net/security_center/static/8867.php

Description:
Format string vulnerability in Foundstone FScan 1.12 with banner grabbing enabled allows remote attackers to execute arbitrary code on the scanning system via format string specifiers in the server banner. Status: Entry
Reference: BUGTRAQ:20020419 KPMG-2002014: Foundstone Fscan Format String Bug
Reference: URL:http://online.securityfocus.com/archive/1/268581
Reference: VULNWATCH:20020419 KPMG-2002014: Foundstone Fscan Format String Bug
Reference: BUGTRAQ:20020501 FW: Fscan advisory (fwd)
Reference: CONFIRM:http://www.foundstone.com/knowledge/fscan112_advisory.html
Reference: XF:fscan-banner-format-string(8895)
Reference: URL:http://www.iss.net/security_center/static/8895.php
Reference: BID:4549
Reference: URL:http://www.securityfocus.com/bid/4549

Description:
Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen. Status: Entry
Reference: BUGTRAQ:20020428 Blahz-DNS: Authentication bypass vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0395.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=87004
Reference: BID:4618
Reference: URL:http://www.securityfocus.com/bid/4618
Reference: XF:blahzdns-auth-bypass(8951)
Reference: URL:http://www.iss.net/security_center/static/8951.php
Reference: OSVDB:5178
Reference: URL:http://www.osvdb.org/5178

Description:
ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers to cause a denial of service (crash) via malformed DHCP packets that cause RealSecure to dereference a null pointer. Status: Entry
Reference: ISS:20020430 Remote Denial of Service Vulnerability in RealSecure Network Sensor
Reference: URL:http://www.iss.net/security_center/alerts/advise116.php
Reference: BUGTRAQ:20020430 ISS Advisory: Remote Denial of Service Vulnerability in RealSecure Network Sensor
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0420.html
Reference: XF:rs-ns-dhcp-dos(8961)
Reference: URL:http://www.iss.net/security_center/static/8961.php
Reference: BID:4649
Reference: URL:http://www.securityfocus.com/bid/4649
Reference: OSVDB:5165
Reference: URL:http://www.osvdb.org/5165

Description:
Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter. Status: Entry
Reference: BUGTRAQ:20020503 Macromedia Flash Activex Buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102039374017185&w=2
Reference: VULN-DEV:20020503 Macromedia Flash Activex Buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102038919414726&w=2
Reference: VULNWATCH:20020502 [VulnWatch] Macromedia Flash Activex Buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0051.html
Reference: NTBUGTRAQ:20020503 Macromedia Flash Activex Buffer overflow
Reference: CONFIRM:http://www.macromedia.com/support/flash/ts/documents/buf_ovflow_623.htm
Reference: XF:flash-activex-movie-bo(8993)
Reference: URL:http://www.iss.net/security_center/static/8993.php
Reference: BID:4664
Reference: URL:http://www.securityfocus.com/bid/4664
Reference: OSVDB:5177
Reference: URL:http://www.osvdb.org/5177

Description:
dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters. Status: Entry
Reference: BUGTRAQ:20020428 dnstools: authentication bypass vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0390.html
Reference: CONFIRM:http://www.dnstools.com/dnstools_2.0.1.tar.gz
Reference: BID:4617
Reference: URL:http://www.securityfocus.com/bid/4617
Reference: XF:dnstools-auth-bypass(8948)
Reference: URL:http://www.iss.net/security_center/static/8948.php

Description:
The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". Status: Entry
Reference: MS:MS02-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-032.asp
Reference: XF:mediaplayer-playlist-script-execution(9422)
Reference: URL:http://www.iss.net/security_center/static/9422.php
Reference: BID:5110
Reference: URL:http://www.securityfocus.com/bid/5110

Description:
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." Status: Entry
Reference: MS:MS02-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp
Reference: XF:excel-inline-macro-execution(9397)
Reference: URL:http://www.iss.net/security_center/static/9397.php
Reference: BID:5063
Reference: URL:http://www.securityfocus.com/bid/5063

Description:
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." Status: Entry
Reference: MS:MS02-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp
Reference: BID:5064
Reference: URL:http://www.securityfocus.com/bid/5064
Reference: OSVDB:5175
Reference: URL:http://www.osvdb.org/5175
Reference: XF:excel-hyperlink-macro-execution(9398)
Reference: URL:http://xforce.iss.net/xforce/xfdb/9398

Description:
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution". Status: Entry
Reference: NTBUGTRAQ:20020524 Excel XP xml stylesheet problems
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102256054320377&w=2
Reference: MISC:http://www.guninski.com/ex$el2.html
Reference: MS:MS02-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp
Reference: BID:4821
Reference: URL:http://www.securityfocus.com/bid/4821
Reference: XF:excel-xsl-script-execution(9399)
Reference: URL:http://www.iss.net/security_center/static/9399.php

Description:
The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). Status: Entry
Reference: BUGTRAQ:20020514 dH team & SECURITY.NNOV: A variant of "Word Mail Merge" vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102139136019862&w=2
Reference: MS:MS02-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-031.asp
Reference: XF:word-mail-merge-variant(9077)
Reference: URL:http://www.iss.net/security_center/static/9077.php
Reference: BID:5066
Reference: URL:http://www.securityfocus.com/bid/5066

Description:
Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer. Status: Entry
Reference: BUGTRAQ:20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)
Reference: MS:MS02-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp
Reference: XF:mscs-owc-installer-bo(9424)
Reference: URL:http://www.iss.net/security_center/static/9424.php
Reference: BID:5108
Reference: URL:http://www.securityfocus.com/bid/5108
Reference: OSVDB:5172
Reference: URL:http://www.osvdb.org/5172

Description:
The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution". Status: Entry
Reference: BUGTRAQ:20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)
Reference: MS:MS02-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp
Reference: XF:mscs-owc-installer-permissions(9425)
Reference: URL:http://www.iss.net/security_center/static/9425.php
Reference: BID:5111
Reference: URL:http://www.securityfocus.com/bid/5111
Reference: OSVDB:5170
Reference: URL:http://www.osvdb.org/5170

Description:
Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun". Status: Entry
Reference: MS:MS02-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-033.asp
Reference: BID:5112
Reference: URL:http://www.securityfocus.com/bid/5112
Reference: XF:mscs-authfilter-isapi-bo-variant(9426)
Reference: URL:http://www.iss.net/security_center/static/9426.php
Reference: OSVDB:5163
Reference: URL:http://www.osvdb.org/5163

Description:
The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests. Status: Entry
Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
Reference: CIAC:M-123
Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml
Reference: XF:viewstation-unicode-retrieve-password(9348)
Reference: URL:http://www.iss.net/security_center/static/9348.php
Reference: BID:5632
Reference: URL:http://www.securityfocus.com/bid/5632

Description:
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets. Status: Entry
Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
Reference: CIAC:M-123
Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml
Reference: XF:viewstation-icmp-dos(9350)
Reference: URL:http://www.iss.net/security_center/static/9350.php
Reference: BID:5637
Reference: URL:http://www.securityfocus.com/bid/5637

Description:
Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges. Status: Entry
Reference: SGI:20020607-02-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020607-02-I
Reference: BID:5092
Reference: URL:http://www.securityfocus.com/bid/5092
Reference: XF:irix-nveventd-file-write(9418)
Reference: URL:http://www.iss.net/security_center/static/9418.php

Description:
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. Status: Entry
Reference: VULNWATCH:20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html
Reference: BUGTRAQ:20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102795787713996&w=2
Reference: CERT-VN:VU#405955
Reference: URL:http://www.kb.cert.org/vuls/id/405955
Reference: REDHAT:RHSA-2002:132
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-132.html
Reference: REDHAT:RHSA-2002:137
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-137.html
Reference: CONECTIVA:CLA-2002:523
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523
Reference: CALDERA:CSSA-2002-043.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt
Reference: MANDRAKE:MDKSA-2002:047
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php
Reference: BUGTRAQ:20020730 TSLSA-2002-0064 - util-linux
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html
Reference: HP:HPSBTL0207-054
Reference: URL:http://online.securityfocus.com/advisories/4320
Reference: XF:utillinux-chfn-race-condition(9709)
Reference: URL:http://www.iss.net/security_center/static/9709.php
Reference: BID:5344
Reference: URL:http://www.securityfocus.com/bid/5344
Reference: OSVDB:5164
Reference: URL:http://www.osvdb.org/5164

Description:
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication. Status: Entry
Reference: ISS:20020626 OpenSSH Remote Challenge Vulnerability
Reference: BUGTRAQ:20020626 OpenSSH Security Advisory (adv.iss)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102514371522793&w=2
Reference: BUGTRAQ:20020626 Revised OpenSSH Security Advisory (adv.iss)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102514631524575&w=2
Reference: BUGTRAQ:20020627 How to reproduce OpenSSH Overflow.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102521542826833&w=2
Reference: NETBSD:2002-005
Reference: CERT-VN:VU#369347
Reference: URL:http://www.kb.cert.org/vuls/id/369347
Reference: CERT:CA-2002-18
Reference: URL:http://www.cert.org/advisories/CA-2002-18.html
Reference: DEBIAN:DSA-134
Reference: URL:http://www.debian.org/security/2002/dsa-134
Reference: HP:HPSBUX0206-195
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195
Reference: CALDERA:CSSA-2002-030.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt
Reference: BUGTRAQ:20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html
Reference: CONECTIVA:CLA-2002:502
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502
Reference: ENGARDE:ESA-20020702-016
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2177.html
Reference: MANDRAKE:MDKSA-2002:040
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040
Reference: BID:5093
Reference: URL:http://www.securityfocus.com/bid/5093
Reference: XF:openssh-challenge-response-bo(9169)
Reference: URL:http://www.iss.net/security_center/static/9169.php
Reference: OSVDB:6245
Reference: URL:http://www.osvdb.org/6245