|
Name: CVE-2003-0001
Description:
Multiple ethernet Network Interface Card (NIC) device
drivers do not pad frames with null bytes, which allows
remote attackers to obtain information from previous
packets or kernel memory by using malformed packets, as
demonstrated by Etherleak.
Status: Candidate
Phase: Modified (20080207)
Reference: ATSTAKE:A010603-1
Reference:
URL:http://www.atstake.com/research/advisories/2003/a010603-1.txt
Reference: BUGTRAQ:20030110 More information
regarding Etherleak
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104222046632243&w=2
Reference: BUGTRAQ:20030106 Etherleak: Ethernet
frame padding information leakage (A010603-1)
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/305335/30/26420/threaded
Reference: BUGTRAQ:20030117 Re: More information
regarding Etherleak
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/307564/30/26270/threaded
Reference: VULNWATCH:20030110 More information
regarding Etherleak
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
Reference:
MISC:http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
Reference: REDHAT:RHSA-2003:088
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-088.html
Reference: CERT-VN:VU#412115
Reference:
URL:http://www.kb.cert.org/vuls/id/412115
Reference: REDHAT:RHSA-2003:025
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-025.html
Reference: OSVDB:9962
Reference: URL:http://www.osvdb.org/9962
Reference: OVAL:oval:org.mitre.oval:def:2665
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2665
Reference: SECUNIA:7996
Reference: URL:http://secunia.com/advisories/7996
Votes:
ACCEPT(3) Wall, Baker, Cole
MODIFY(2) Frech, Cox
NOOP(1) Christey
Voter Comments:
Christey> ENGARDE:ESA-20030318-009
URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html
CHANGE> [Cox changed vote from ACCEPT to MODIFY]
Cox> Addref: RHSA-2003:088
Christey> MANDRAKE:MDKSA-2003:039
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:039
Frech> XF:ethernet-driver-information-leak(10996)
Christey> SGI:20030601-01-A
Christey> DEBIAN:DSA-311
URL:http://www.debian.org/security/2003/dsa-311
Christey> MANDRAKE:MDKSA-2003:066
Christey> DEBIAN:DSA-332
URL:http://www.debian.org/security/2003/dsa-332
DEBIAN:DSA-336
URL:http://www.debian.org/security/2003/dsa-336
Christey> HP:HPSBUX0305-261
URL:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0708.1
DEBIAN:DSA-312
URL:http://www.debian.org/security/2003/dsa-312
BID:6535
URL:http://www.securityfocus.com/bid/6535
Christey> MANDRAKE:MDKSA-2003:074
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:074
Christey> DEBIAN:DSA-423
URL:http://www.debian.org/security/2004/dsa-423
Christey> BUGTRAQ:20040207 [Fwd: zyxel prestige ethernet information leakage]
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107618991322594&w=2
Christey> DEBIAN:DSA-442
URL:http://www.debian.org/security/2004/dsa-442
Christey> SGI:20030601-01-I
URL:ftp://patches.sgi.com/support/free/security/advisories/20030601-01-A
Cox> Change description to say "in Linux 2.4 prior to 2.4.21" as
this was fixed in Linux 2.4.21 by changesets committed by Alan Cox on
5th Feb 2003.
Name: CVE-2003-0005
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030102)
Votes:
Name: CVE-2003-0006
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030102)
Votes:
Name: CVE-2003-0008
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030102)
Votes:
Name: CVE-2003-0010
Description:
Integer overflow in JsArrayFunctionHeapSort function
used by Windows Script Engine for JScript (JScript.dll)
on various Windows operating system allows remote
attackers to execute arbitrary code via a malicious web
page or HTML e-mail that uses a large array index value
that enables a heap-based buffer overflow attack.
Status: Candidate
Phase: Assigned (20030102)
Reference: IDEFENSE:20030319 Heap Overflow in
Windows Script Engine
Reference:
URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=26
Reference: BUGTRAQ:20030319 iDEFENSE Security
Advisory 03.19.03: Heap Overflow in Windows Script
Engine
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104812108307645&w=2
Reference: MS:MS03-008
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-008.asp
Reference: VULNWATCH:20030319 Windows Scripting
Engine issue
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0139.html
Reference: BID:7146
Reference:
URL:http://www.securityfocus.com/bid/7146
Reference: OVAL:oval:org.mitre.oval:def:200
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:200
Reference: OVAL:oval:org.mitre.oval:def:794
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:794
Reference: OVAL:oval:org.mitre.oval:def:795
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:795
Reference: OVAL:oval:org.mitre.oval:def:134
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:134
Votes:
Name: CVE-2003-0011
Description:
Unknown vulnerability in the DNS intrusion detection
application filter for Microsoft Internet Security and
Acceleration (ISA) Server 2000 allows remote attackers
to cause a denial of service (blocked traffic to DNS
servers) via a certain type of incoming DNS request that
is not properly handled.
Status: Candidate
Phase: Assigned (20030102)
Reference: MS:MS03-009
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-009.asp
Reference: BID:7145
Reference:
URL:http://www.securityfocus.com/bid/7145
Votes:
Name: CVE-2003-0014
Description:
gsinterf.c in bmv 1.2 and earlier allows local users to
overwrite arbitrary files via a symlink attack on
temporary files.
Status: Candidate
Phase: Assigned (20030106)
Reference:
CONFIRM:http://packages.debian.org/changelogs/pool/main/b/bmv/bmv_1.2-14.2/changelog
Reference: DEBIAN:DSA-633
Reference:
URL:http://www.debian.org/security/2005/dsa-633
Reference: BID:12229
Reference: URL:http://securityfocus.org/bid/12229
Reference: SECTRACK:1012847
Reference:
URL:http://securitytracker.com/id?1012847
Reference: SECUNIA:13793
Reference:
URL:http://secunia.com/advisories/13793
Reference: SECUNIA:13796
Reference:
URL:http://secunia.com/advisories/13796
Reference: XF:bmv-symlink(18823)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/18823
Votes:
Name: CVE-2003-0025
Description:
Multiple SQL injection vulnerabilities in IMP 2.2.8 and
earlier allow remote attackers to perform unauthorized
database activities and possibly gain privileges via
certain database functions such as check_prefs() in
db.pgsql, as demonstrated using mailbox.php3.
Status: Candidate
Phase: Modified (20071121)
Reference: BUGTRAQ:20030108 IMP 2.x SQL injection
vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104204786206563&w=2
Reference: BUGTRAQ:20030108 Re: IMP 2.x SQL
injection vulnerabilities
Reference:
URL:http://www.securityfocus.com/archive/1/306268
Reference: DEBIAN:DSA-229
Reference:
URL:http://www.debian.org/security/2003/dsa-229
Reference: SUSE:SuSE-SA:2003:0008
Reference: BID:6559
Reference:
URL:http://www.securityfocus.com/bid/6559
Reference: SECTRACK:1005904
Reference:
URL:http://www.securitytracker.com/id?1005904
Reference: SECUNIA:8087
Reference: URL:http://secunia.com/advisories/8087
Reference: SECUNIA:8177
Reference: URL:http://secunia.com/advisories/8177
Votes:
ACCEPT(3) Cole, Armstrong, Green
MODIFY(1) Jones
NOOP(2) Cox, Christey
Voter Comments:
Jones> Change "...gain privileges..." to "...gain additional
privileges..."
Christey> BID:6559
URL:http://www.securityfocus.com/bid/6559
XF:imp-multiple-sql-injection(11028)
URL:http://www.iss.net/security_center/static/11028.php
Christey> CONECTIVA:CLA-2003:690
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000690
Name: CVE-2003-0026
Description:
Multiple stack-based buffer overflows in the error
handling routines of the minires library, as used in the
NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10,
allow remote attackers to execute arbitrary code via a
DHCP message containing a long hostname.
Status: Candidate
Phase: Modified (20071129)
Reference: CONECTIVA:CLA-2003:562
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000562
Reference: DEBIAN:DSA-231
Reference:
URL:http://www.debian.org/security/2003/dsa-231
Reference: MANDRAKE:MDKSA-2003:007
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:007
Reference: OPENPKG:OpenPKG-SA-2003.002
Reference:
URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.html
Reference: REDHAT:RHSA-2003:011
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-011.html
Reference: SUSE:SuSE-SA:2003:0006
Reference:
URL:http://www.suse.com/de/security/2003_006_dhcp.html
Reference: BUGTRAQ:20030122
[securityslackware.com: [slackware-security] New DHCP
packages available]
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2003-01/0250.html
Reference: SUSE:SuSE-SA:2003:006
Reference:
URL:http://www.suse.com/de/security/2003_006_dhcp.html
Reference: CERT:CA-2003-01
Reference:
URL:http://www.cert.org/advisories/CA-2003-01.html
Reference: CERT-VN:VU#284857
Reference:
URL:http://www.kb.cert.org/vuls/id/284857
Reference: CIAC:N-031
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-031.shtml
Reference: BID:6627
Reference:
URL:http://www.securityfocus.com/bid/6627
Reference: SECTRACK:1005924
Reference:
URL:http://www.securitytracker.com/id?1005924
Reference: XF:dhcpd-minires-multiple-bo(11073)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11073
Votes:
ACCEPT(4) Wall, Baker, Cole, Cox
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:dhcpd-minires-multiple-bo(11073)
Christey> MANDRAKE:MDKSA-2003:007
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:007
SUSE:SUSE-SA:2003:0006
URL:http://www.suse.de/de/security/2003_006_dhcp.html
Since the SuSE advisory name is "malformed" according to
SuSE's own convention, make sure that "SuSE-SA:2003:006" is in
the keywords for this CAN.
Name: CVE-2003-0028
Description:
Integer overflow in the xdrmem_getbytes() function, and
possibly other functions, of XDR (external data
representation) libraries derived from SunRPC, including
libnsl, libc, glibc, and dietlibc, allows remote
attackers to execute arbitrary code via certain integer
values in length fields, a different vulnerability than
CVE-2002-0391.
Status: Candidate
Phase: Assigned (20030110)
Reference: BUGTRAQ:20030319 EEYE: XDR Integer
Overflow
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104810574423662&w=2
Reference: BUGTRAQ:20030331 GLSA: dietlibc
(200303-29)
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316931/30/25250/threaded
Reference: BUGTRAQ:20030331 GLSA: krb5 & mit-krb5
(200303-28)
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316960/30/25250/threaded
Reference: BUGTRAQ:20030319 RE: EEYE: XDR Integer
Overflow
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/315638/30/25430/threaded
Reference: VULNWATCH:20030319 EEYE: XDR Integer
Overflow
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html
Reference: EEYE:AD20030318
Reference:
URL:http://www.eeye.com/html/Research/Advisories/AD20030318.html
Reference: CERT:CA-2003-10
Reference:
URL:http://www.cert.org/advisories/CA-2003-10.html
Reference: CERT-VN:VU#516825
Reference:
URL:http://www.kb.cert.org/vuls/id/516825
Reference: DEBIAN:DSA-282
Reference:
URL:http://www.debian.org/security/2003/dsa-282
Reference: REDHAT:RHSA-2003:051
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:089
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-089.html
Reference: REDHAT:RHSA-2003:091
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-091.html
Reference: CALDERA:CSSA-2003-013.0
Reference: FREEBSD:FreeBSD-SA-03:05
Reference: BUGTRAQ:20030319 MITKRB5-SA-2003-003:
faulty length checks in xdrmem_getbytes
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104811415301340&w=2
Reference: ENGARDE:ESA-20030321-010
Reference:
URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html
Reference: DEBIAN:DSA-266
Reference:
URL:http://www.debian.org/security/2003/dsa-266
Reference: DEBIAN:DSA-272
Reference:
URL:http://www.debian.org/security/2003/dsa-272
Reference: BUGTRAQ:20030325 GLSA: glibc
(200303-22)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104860855114117&w=2
Reference: MANDRAKE:MDKSA-2003:037
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:037
Reference: NETBSD:NetBSD-SA2003-008
Reference:
URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc
Reference: SUSE:SuSE-SA:2003:027
Reference:
URL:http://www.novell.com/linux/security/advisories/2003_027_glibc.html
Reference: TRUSTIX:2003-0014
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104878237121402&w=2
Reference: BUGTRAQ:20030522 [slackware-security]
glibc XDR overflow fix (SSA:2003-141-03)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105362148313082&w=2
Reference: OVAL:oval:org.mitre.oval:def:230
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:230
Votes:
NOOP(1) Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2003:043
(as suggested by Vincent Danen of Mandrake)
Name: CVE-2003-0029
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030110)
Votes:
Name: CVE-2003-0030
Description:
Buffer overflows in protegrity.dll of Protegrity
Secure.Data Extension Feature (SEF) before 2.2.3.9 allow
attackers with SQL access to execute arbitrary code via
the extended stored procedures (1) xp_pty_checkusers,
(2) xp_pty_insert, or (3) xp_pty_select.
Status: Candidate
Phase: Modified (20080326)
Reference: CERT-VN:VU#247545
Reference:
URL:http://www.kb.cert.org/vuls/id/247545
Reference: BUGTRAQ:20030313 Protegrity buffer
overflow
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104758650516677&w=2
Reference: BID:7083
Reference:
URL:http://www.securityfocus.com/bid/7083
Reference: BID:7084
Reference:
URL:http://www.securityfocus.com/bid/7084
Reference: BID:7085
Reference:
URL:http://www.securityfocus.com/bid/7085
Reference: SECUNIA:8294
Reference: URL:http://secunia.com/advisories/8294
Votes:
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(3) Wall, Cole, Cox
Voter Comments:
Frech> XF:protegrity-sql-sp-bo(11528)
Name: CVE-2003-0031
Description:
Multiple buffer overflows in libmcrypt before 2.5.5
allow attackers to cause a denial of service (crash).
Status: Candidate
Phase: Modified (20080207)
Reference: BUGTRAQ:20030103 Multiple libmcrypt
vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104162752401212&w=2
Reference: BUGTRAQ:20030105 GLSA: libmcrypt
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104188513728573&w=2
Reference: DEBIAN:DSA-228
Reference:
URL:http://www.debian.org/security/2003/dsa-228
Reference: CONECTIVA:CLA-2003:567
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567
Reference: SUSE:SuSE-SA:2003:0010
Reference: BID:6510
Reference:
URL:http://www.securityfocus.com/bid/6510
Reference: SECTRACK:1006181
Reference:
URL:http://www.securitytracker.com/id?1006181
Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(2) Cox, Christey
REVIEWING(1) Jones
Voter Comments:
Jones> [JHJ] service crash or system crash?
Christey> XF:libmcrypt-multiple-bo(10987)
URL:http://www.iss.net/security_center/static/10987.php
BID:6510
URL:http://www.securityfocus.com/bid/6510
Name: CVE-2003-0034
Description:
Buffer overflow in the mtink status monitor, as included
in the printer-drivers package in Mandrake Linux, allows
local users to execute arbitrary code via a long HOME
environment variable.
Status: Candidate
Phase: Modified (20080326)
Reference:
MISC:http://www.idefense.com/advisory/01.21.03.txt
Reference: VULNWATCH:20030121 iDEFENSE Security
Advisory 01.21.03: Buffer Overflows in Mandrake Linux
printer-drivers Package
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html
Reference: MANDRAKE:MDKSA-2003:010
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:010
Reference: BID:6656
Reference:
URL:http://www.securityfocus.com/bid/6656
Reference: SECTRACK:1005959
Reference:
URL:http://www.securitytracker.com/id?1005959
Votes:
ACCEPT(2) Armstrong, Green
NOOP(3) Cole, Cox, Jones
Voter Comments:
Green> APPEARS IN MANDRAKE SECURITY ADVISORY MDKSA-2003:010
Name: CVE-2003-0035
Description:
Buffer overflow in escputil, as included in the
printer-drivers package in Mandrake Linux, allows local
users to execute arbitrary code via a long printer-name
command line argument.
Status: Candidate
Phase: Modified (20080326)
Reference: BUGTRAQ:20030121 iDEFENSE Security
Advisory 01.21.03: Buffer Overflows in Mandrake Linux
printer-drivers Package
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/307608/30/26270/threaded
Reference:
MISC:http://www.idefense.com/advisory/01.21.03.txt
Reference: VULNWATCH:20030121 iDEFENSE Security
Advisory 01.21.03: Buffer Overflows in Mandrake Linux
printer-drivers Package
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html
Reference: MANDRAKE:MDKSA-2003:010
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:010
Reference: BID:6658
Reference:
URL:http://www.securityfocus.com/bid/6658
Reference: SECTRACK:1005959
Reference:
URL:http://www.securitytracker.com/id?1005959
Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(2) Cox, Jones
Voter Comments:
Green> APPEARS IN MANDRAKE SECURITY ADVISORY MDKSA-2003:010
Name: CVE-2003-0036
Description:
ml85p, as included in the printer-drivers package for
Mandrake Linux, allows local users to overwrite
arbitrary files via a symlink attack on temporary files
with predictable filenames of the form "mlg85p%d".
Status: Candidate
Phase: Modified (20080326)
Reference: BUGTRAQ:20030121 iDEFENSE Security
Advisory 01.21.03: Buffer Overflows in Mandrake Linux
printer-drivers Package
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/307608/30/26270/threaded
Reference:
MISC:http://www.idefense.com/advisory/01.21.03.txt
Reference: VULNWATCH:20030121 iDEFENSE Security
Advisory 01.21.03: Buffer Overflows in Mandrake Linux
printer-drivers Package
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html
Reference: MANDRAKE:MDKSA-2003:010
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:010
Reference: SECTRACK:1005959
Reference:
URL:http://www.securitytracker.com/id?1005959
Votes:
ACCEPT(2) Armstrong, Green
NOOP(3) Cole, Cox, Jones
Voter Comments:
Green> APPEARS IN MANDRAKE SECURITY ADVISORY MDKSA-2003:010
THIS EXPLOIT DIFFERS FROM THE SYMLINK IN A SAMSUNG PRINTER REFERENCED IN CVE-2001-1177.
Name: CVE-2003-0037
Description:
Buffer overflows in noffle news server 1.0.1 and earlier
allow remote attackers to cause a denial of service
(segmentation fault) and possibly execute arbitrary
code.
Status: Candidate
Phase: Modified (20071220)
Reference: DEBIAN:DSA-244
Reference:
URL:http://www.debian.org/security/2003/dsa-244
Reference: BID:6695
Reference:
URL:http://www.securityfocus.com/bid/6695
Reference: SECUNIA:7955
Reference: URL:http://secunia.com/advisories/7955
Reference: XF:noffle-multiple-bo(11181)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11181
Votes:
ACCEPT(4) Cole, Armstrong, Jones, Green
NOOP(1) Cox
Name: CVE-2003-0038
Description:
Cross-site scripting (XSS) vulnerability in options.py
for Mailman 2.1 allows remote attackers to inject script
or HTML into web pages via the (1) email or (2) language
parameters.
Status: Candidate
Phase: Modified (20071129)
Reference: BUGTRAQ:20030124 Mailman: cross-site
scripting bug
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104342745916111
Reference:
CONFIRM:http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt
Reference: DEBIAN:DSA-436
Reference:
URL:http://www.debian.org/security/2004/dsa-436
Reference: BID:6677
Reference:
URL:http://www.securityfocus.com/bid/6677
Reference: OSVDB:9205
Reference: URL:http://www.osvdb.org/9205
Reference: SECTRACK:1005987
Reference:
URL:http://www.securitytracker.com/id?1005987
Reference: XF:mailman-email-variable-xss(11152)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11152
Votes:
ACCEPT(4) Baker, Cole, Cox, Green
NOOP(2) Wall, Christey
Voter Comments:
Christey> DEBIAN:DSA-436
URL:http://www.debian.org/security/2004/dsa-436
Name: CVE-2003-0041
Description:
Kerberos FTP client allows remote FTP sites to execute
arbitrary code via a pipe (|) character in a filename
that is retrieved by the client.
Status: Candidate
Phase: Modified (20071113)
Reference: VULNWATCH:20030128 MIT Kerberos FTP
client remote shell commands execution
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0047.html
Reference: REDHAT:RHSA-2003:020
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-020.html
Reference: MANDRAKE:MDKSA-2003:021
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:021
Reference: SECUNIA:7979
Reference: URL:http://secunia.com/advisories/7979
Reference: SECUNIA:8114
Reference: URL:http://secunia.com/advisories/8114
Votes:
ACCEPT(4) Cole, Armstrong, Jones, Green
MODIFY(1) Cox
Voter Comments:
Cox> Addref: RHSA-2003:021
Name: CVE-2003-0042
Description:
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1
or earlier, allows remote attackers to list directories
even with an index.html or other file present, or obtain
unprocessed source code for a JSP file, via a URL
containing a null character.
Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20030130 Apache Jakarta Tomcat
3 URL parsing vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104394568616290&w=2
Reference: VULNWATCH:20030130 Apache Jakarta
Tomcat 3 URL parsing vulnerability
Reference:
CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
Reference:
CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
Reference: DEBIAN:DSA-246
Reference:
URL:http://www.debian.org/security/2003/dsa-246
Reference: HP:HPSBUX0303-249
Reference:
URL:http://www.securityfocus.com/advisories/5111
Reference: CIAC:N-060
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-060.shtml
Reference: BID:6721
Reference:
URL:http://www.securityfocus.com/bid/6721
Reference: SECUNIA:7972
Reference: URL:http://secunia.com/advisories/7972
Reference: SECUNIA:7977
Reference: URL:http://secunia.com/advisories/7977
Reference:
XF:tomcat-null-directory-listing(11194)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11194
Votes:
ACCEPT(3) Cole, Armstrong, Green
NOOP(1) Cox
REVIEWING(1) Jones
Voter Comments:
Jones> [JHJ] RECAST (split?) Only if vulnerability is not null character for both
Name: CVE-2003-0044
Description:
Multiple cross-site scripting (XSS) vulnerabilities in
the (1) examples and (2) ROOT web applications for
Jakarta Tomcat 3.x through 3.3.1a allow remote attackers
to insert arbitrary web script or HTML.
Status: Candidate
Phase: Modified (20071121)
Reference:
CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
Reference:
CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
Reference: DEBIAN:DSA-246
Reference:
URL:http://www.debian.org/security/2003/dsa-246
Reference: HP:HPSBUX0303-249
Reference:
URL:http://www.securityfocus.com/advisories/5111
Reference: CIAC:N-060
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-060.shtml
Reference: BID:6720
Reference:
URL:http://www.securityfocus.com/bid/6720
Reference: OSVDB:9203
Reference: URL:http://www.osvdb.org/9203
Reference: OSVDB:9204
Reference: URL:http://www.osvdb.org/9204
Reference: SECUNIA:7972
Reference: URL:http://secunia.com/advisories/7972
Reference: XF:tomcat-web-app-xss(11196)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11196
Votes:
ACCEPT(3) Cole, Armstrong, Green
MODIFY(1) Cox
NOOP(1) Christey
REVIEWING(1) Jones
Voter Comments:
Jones> [JHJ] XSS really "execute arbitrary web script"?
CHANGE> [Cox changed vote from NOOP to MODIFY]
Cox> "Agree with Jones, wording on effect of a XSS could be better"
Christey> I've been trying to devise reasonable-but-short wordings for
XSS issues and the terminology just isn't quite there yet. This
description is clearly a failed wording, however :-)
Name: CVE-2003-0046
Description:
AbsoluteTelnet SSH2 client does not clear logon
credentials from memory, including plaintext passwords,
which could allow attackers with access to memory to
steal the SSH credentials.
Status: Candidate
Phase: Modified (20080207)
Reference: BUGTRAQ:20030129 iDEFENSE Security
Advisory 01.28.03: SSH2 Clients Insecurely Store
Passwords
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104386492422014&w=2
Reference:
MISC:http://www.idefense.com/advisory/01.28.03.txt
Reference:
CONFIRM:http://www.celestialsoftware.net/telnet/beta_software.html
Reference: BID:6725
Reference:
URL:http://www.securityfocus.com/bid/6725
Reference: OSVDB:7686
Reference: URL:http://www.osvdb.org/7686
Reference: SECTRACK:1006013
Reference:
URL:http://www.securitytracker.com/id?1006013
Votes:
ACCEPT(3) Baker, Cole, Green
NOOP(2) Wall, Cox
Voter Comments:
Green> PRODUCT ANNOUNCEMENT CONTAINS VENDOR ACKNOWLEDGEMENT
Name: CVE-2003-0047
Description:
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7,
(2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and
earlier, do not clear logon credentials from memory,
including plaintext passwords, which could allow
attackers with access to memory to steal the SSH
credentials.
Status: Candidate
Phase: Modified (20071121)
Reference: BUGTRAQ:20030129 iDEFENSE Security
Advisory 01.28.03: SSH2 Clients Insecurely Store
Passwords
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104386492422014&w=2
Reference:
MISC:http://www.idefense.com/advisory/01.28.03.txt
Reference: BID:6726
Reference:
URL:http://www.securityfocus.com/bid/6726
Reference: BID:6727
Reference:
URL:http://www.securityfocus.com/bid/6727
Reference: BID:6728
Reference:
URL:http://www.securityfocus.com/bid/6728
Reference: SECTRACK:1006010
Reference:
URL:http://www.securitytracker.com/id?1006010
Reference: SECTRACK:1006011
Reference:
URL:http://www.securitytracker.com/id?1006011
Reference: SECTRACK:1006012
Reference:
URL:http://www.securitytracker.com/id?1006012
Votes:
ACCEPT(2) Baker, Stracener
NOOP(4) Wall, Cole, Cox, Green
Voter Comments:
Green> MULTIPLE VENDORS INVOLVED
Stracener> I'm going to go with this because at least two of the affected vendors acknowledged a fix in the original advisory.
Name: CVE-2003-0048
Description:
PuTTY 0.53b and earlier does not clear logon credentials
from memory, including plaintext passwords, which could
allow attackers with access to memory to steal the SSH
credentials.
Status: Candidate
Phase: Modified (20071220)
Reference: BUGTRAQ:20030129 iDEFENSE Security
Advisory 01.28.03: SSH2 Clients Insecurely Store
Passwords
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104386492422014&w=2
Reference:
MISC:http://www.idefense.com/advisory/01.28.03.txt
Reference: BID:6724
Reference:
URL:http://www.securityfocus.com/bid/6724
Reference: SECTRACK:1006014
Reference:
URL:http://www.securitytracker.com/id?1006014
Votes:
ACCEPT(3) Baker, Stracener, Green
NOOP(3) Wall, Cole, Cox
Voter Comments:
Green> VENDOR ACKNOWLEDGED FIX IN CHANGE LOG OF 2002-11-12
Name: CVE-2003-0049
Description:
Apple File Protocol (AFP) in Mac OS X before 10.2.4
allows administrators to log in as other users by using
the administrator password.
Status: Candidate
Phase: Modified (20071022)
Reference:
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference:
CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: BID:6860
Reference:
URL:http://www.securityfocus.com/bid/6860
Reference: SECTRACK:1006107
Reference:
URL:http://securitytracker.com/id?1006107
Reference:
XF:macos-afp-unauthorized-access(11333)
Reference:
URL:http://www.iss.net/security_center/static/11333.php
Votes:
ACCEPT(3) Baker, Cole, Green
NOOP(2) Wall, Cox
Voter Comments:
Baker> Realizing they have acknowledged the problem, and provided a fix by allowing the administrator to select whether or not this is allowed,
I am not sure this should really be a vulnerability. If you are the administrator on a system, there are other ways I can become a user
on a system. The fact that you are the administrator (root) you can do almost anything to the system you want, including accessing files
and programs that belong to other users. From a security standpoint, if the system gets "hacked" and the administrator account is compromised,
how big of an issue is it really that the administrator can now access regular user accounts with the administrator password? I am not sure this
should really be a vulnerability.
CHANGE> [Baker changed vote from REVIEWING to ACCEPT]
Name: CVE-2003-0056
Description:
Buffer overflow in secure locate (slocate) before 2.7
allows local users to execute arbitrary code via a long
(1) -c or (2) -r command line argument.
Status: Candidate
Phase: Modified (20071115)
Reference: BUGTRAQ:20030124 [USG- SA- 2003.001]
USG Security Advisory (slocate)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104342864418213&w=2
Reference: BUGTRAQ:20030125 Re: [USG- SA-
2003.001] USG Security Advisory (slocate)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104348607205691&w=2
Reference:
MISC:http://www.usg.org.uk/advisories/2003.001.txt
Reference: CALDERA:CSSA-2003-009.0
Reference:
URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-009.0.txt
Reference: CONECTIVA:CLA-2003:643
Reference:
URL:http://www.net-security.org/advisory.php?id=2010
Reference: MANDRAKE:MDKSA-2003:015
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:015
Reference: DEBIAN:DSA-252
Reference:
URL:http://www.debian.org/security/2003/dsa-252
Reference: BUGTRAQ:20030202 GLSA: slocate
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104428624705363&w=2
Reference: REDHAT:RHSA-2004:041
Reference:
URL:http://rhn.redhat.com/errata/RHSA-2004-041.html
Reference: SGI:20040202-01-U
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
Reference: SECUNIA:7982
Reference: URL:http://secunia.com/advisories/7982
Reference: SECUNIA:8007
Reference: URL:http://secunia.com/advisories/8007
Reference: SECUNIA:8236
Reference: URL:http://secunia.com/advisories/8236
Reference: SECUNIA:10720
Reference:
URL:http://secunia.com/advisories/10720
Reference: SECUNIA:7947
Reference: URL:http://secunia.com/advisories/7947
Reference: SECUNIA:8118
Reference:
URL:http://secunia.com/advisories/8118/
Reference: SECUNIA:8749
Reference: URL:http://secunia.com/advisories/8749
Votes:
ACCEPT(4) Cole, Armstrong, Jones, Green
NOOP(2) Cox, Christey
Voter Comments:
Christey> REDHAT:RHSA-2004:041
URL:http://www.redhat.com/support/errata/RHSA-2004-041.html
Christey> SGI:20040201-01-U
Name: CVE-2003-0057
Description:
Multiple buffer overflows in Hypermail 2 before 2.1.6
allows remote attackers to cause a denial of service and
possibly execute arbitrary code (1) via a long
attachment filename that is not properly handled by the
hypermail executable, or (2) by connecting to the mail
CGI program from an IP address that reverse-resolves to
a long hostname.
Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20030127 Hypermail buffer
overflows
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104369136703903&w=2
Reference: VULNWATCH:20030126 Hypermail buffer
overflows
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0042.html
Reference: DEBIAN:DSA-248
Reference:
URL:http://www.debian.org/security/2003/dsa-248
Reference: BID:6689
Reference:
URL:http://www.securityfocus.com/bid/6689
Reference: BID:6690
Reference:
URL:http://www.securityfocus.com/bid/6690
Reference: SECUNIA:8030
Reference: URL:http://secunia.com/advisories/8030
Reference: XF:hypermail-mail-attachment-bo(11157)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11157
Reference: XF:hypermail-long-hostname-bo(11158)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11158
Votes:
ACCEPT(3) Baker, Cole, Green
NOOP(3) Wall, Cox, Christey
Voter Comments:
Christey> BID:6689
BID:6690
DEBIAN:DSA-248
SUSE:SuSE-SA:2003:012
Name: CVE-2003-0060
Description:
Format string vulnerabilities in the logging routines
for MIT Kerberos V5 Key Distribution Center (KDC) before
1.2.5 allow remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via
format string specifiers in Kerberos principal names.
Status: Candidate
Phase: Modified (20040818)
Reference:
CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
Reference: CONECTIVA:CLSA-2003:639
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
Reference: CERT-VN:VU#787523
Reference:
URL:http://www.kb.cert.org/vuls/id/787523
Reference: BID:6712
Reference:
URL:http://www.securityfocus.com/bid/6712
Reference: XF:kerberos-kdc-format-string(11189)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11189
Reference: OSVDB:4879
Reference: URL:http://www.osvdb.org/4879
Votes:
ACCEPT(2) Baker, Green
MODIFY(2) Frech, Cox
NOOP(2) Wall, Cole
Voter Comments:
Cox> This is actually fixed in krb5 version 1.2.4 not 1.2.5
Frech> XF:kerberos-kdc-format-string(11189)
Name: CVE-2003-0061
Description:
Buffer overflow in passwd for HP UX B.10.20 allows local
users to execute arbitrary commands with root privileges
via a long LANG environment variable.
Status: Candidate
Phase: Assigned (20030203)
Reference: IDEFENSE:20030203 HP UX passwd Binary
Buffer Overflow Vulnerability
Reference:
URL:http://www.idefense.com/application/poi/display?id=87&type=vulnerabilities&flashstatus=true
Votes:
Name: CVE-2003-0072
Description:
The Key Distribution Center (KDC) in Kerberos 5 (krb5)
1.2.7 and earlier allows remote, authenticated attackers
to cause a denial of service (crash) on KDCs within the
same realm using a certain protocol request that causes
an out-of-bounds read of an array (aka "array overrun").
Status: Candidate
Phase: Assigned (20030204)
Reference: BUGTRAQ:20030331 GLSA: krb5 & mit-krb5
(200303-28)
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316960/30/25250/threaded
Reference:
CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
Reference: DEBIAN:DSA-266
Reference:
URL:http://www.debian.org/security/2003/dsa-266
Reference: REDHAT:RHSA-2003:051
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: SUNALERT:54042
Reference:
URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1
Reference: BID:7184
Reference:
URL:http://www.securityfocus.com/bid/7184
Votes:
NOOP(1) Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2003:043
(as suggested by Vincent Danen of Mandrake)
Name: CVE-2003-0074
Description:
Format string vulnerability in mpmain.c for plpnfsd of
the plptools package allows remote attackers to execute
arbitrary code via the functions (1) debuglog, (2)
errorlog, and (3) infolog.
Status: Candidate
Phase: Modified (20080326)
Reference: BUGTRAQ:20030129 Local root vuln in
SuSE 8.0 plptools package
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104385772908969&w=2
Reference: BUGTRAQ:20030129 Re: Local root vuln
in SuSE 8.0 plptools package
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104386699725019&w=2
Reference: BID:6715
Reference:
URL:http://www.securityfocus.com/bid/6715
Reference:
XF:plptools-plpnsfd-format-string(11193)
Reference:
URL:http://www.iss.net/security_center/static/11193.php
Votes:
ACCEPT(3) Baker, Cole, Green
NOOP(2) Wall, Cox
Name: CVE-2003-0076
Description:
Unknown vulnerability in the directory parser for Direct
Connect 4 Linux (dcgui) before 0.2.2 allows remote
attackers to read files outside the sharelist.
Status: Candidate
Phase: Proposed (20030317)
Reference:
CONFIRM:http://dc.ketelhot.de/pipermail/dc/2003-January/000094.html
Reference: BUGTRAQ:20030204 GLSA: qt-dcgui
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104437720116243&w=2
Reference:
XF:qtdcgui-directory-download-files(11246)
Reference:
URL:http://www.iss.net/security_center/static/11246.php
Votes:
ACCEPT(3) Baker, Cole, Green
NOOP(2) Wall, Cox
Name: CVE-2003-0080
Description:
The iptables ruleset in Gnome-lokkit in Red Hat Linux
8.0 does not include any rules in the FORWARD chain,
which could allow attackers to bypass intended access
restrictions if packet forwarding is enabled.
Status: Candidate
Phase: Assigned (20030210)
Reference: REDHAT:RHSA-2003:072
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-072.html
Reference: BID:7128
Reference:
URL:http://www.securityfocus.com/bid/7128
Reference: OSVDB:4400
Reference: URL:http://www.osvdb.org/4400
Reference:
XF:gnomelokkit-forward-bypass-firewall(11552)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11552
Votes:
Name: CVE-2003-0082
Description:
The Key Distribution Center (KDC) in Kerberos 5 (krb5)
1.2.7 and earlier allows remote, authenticated attackers
to cause a denial of service (crash) on KDCs within the
same realm using a certain protocol request that causes
the KDC to corrupt its heap (aka "buffer underrun").
Status: Candidate
Phase: Assigned (20030210)
Reference: BUGTRAQ:20030331 GLSA: krb5 & mit-krb5
(200303-28)
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316960/30/25250/threaded
Reference:
CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
Reference: DEBIAN:DSA-266
Reference:
URL:http://www.debian.org/security/2003/dsa-266
Reference: REDHAT:RHSA-2003:051
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:091
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-091.html
Reference: SUNALERT:54042
Reference:
URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1
Reference: BID:7185
Reference:
URL:http://www.securityfocus.com/bid/7185
Reference: OVAL:oval:org.mitre.oval:def:244
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:244
Reference: OVAL:oval:org.mitre.oval:def:2536
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2536
Reference: OVAL:oval:org.mitre.oval:def:4430
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4430
Votes:
NOOP(1) Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2003:043
(as suggested by Vincent Danen of Mandrake)
Name: CVE-2003-0083
Description:
Apache 1.3 before 1.3.25 and Apache 2.0 before version
2.0.46 does not filter terminal escape sequences from
its access logs, which could make it easier for
attackers to insert those sequences into terminal
emulators containing vulnerabilities related to escape
sequences, a different vulnerability than CVE-2003-0020.
Status: Candidate
Phase: Assigned (20030210)
Reference:
CONFIRM:http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25
Reference:
CONFIRM:http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH
Reference: REDHAT:RHSA-2003:139
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-139.html
Reference: BUGTRAQ:20040325 GLSA200403-04
Multiple security vulnerabilities in Apache 2
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108024081011678&w=2
Reference: BUGTRAQ:20040325 LNSA-#2004-0006: bug
workaround for Apache 2.0.48
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108034113406858&w=2
Reference: OVAL:oval:org.mitre.oval:def:151
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:151
Reference: SECUNIA:8146
Reference: URL:http://secunia.com/advisories/8146
Votes:
NOOP(1) Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2003:050
(as suggested by Vincent Danen of Mandrake)
Name: CVE-2003-0084
Description:
mod_auth_any package in Red Hat Enterprise Linux 2.1 and
other operating systems does not properly escape
arguments when calling other programs, which allows
attackers to execute arbitrary commands via shell
metacharacters.
Status: Candidate
Phase: Assigned (20030210)
Reference:
CONFIRM:http://www.itlab.musc.edu/webNIS/mod_auth_any.html
Reference: REDHAT:RHSA-2003:113
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-113.html
Reference: REDHAT:RHSA-2003:114
Reference:
URL:http://rhn.redhat.com/errata/RHSA-2003-114.html
Reference:
CONFIRM:http://www.itlab.musc.edu/webNIS/mod_auth_any.html
Reference: CIAC:N-090
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-090.shtml
Reference: BID:7448
Reference:
URL:http://www.securityfocus.com/bid/7448
Reference: XF:modauthany-command-execution(11893)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11893
Votes:
Name: CVE-2003-0085
Description:
Buffer overflow in the SMB/CIFS packet fragment
re-assembly code for SMB daemon (smbd) in Samba before
2.2.8, and Samba-TNG before 0.3.1, allows remote
attackers to execute arbitrary code.
Status: Candidate
Phase: Assigned (20030210)
Reference: BUGTRAQ:20030317 Security Bugfix for
Samba - Samba 2.2.8 Released
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792723017768&w=2
Reference: BUGTRAQ:20030325 Fwd:
APPLE-SA-2003-03-24 Samba, OpenSSL
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316165/30/25370/threaded
Reference: BUGTRAQ:20030401 Immunix Secured OS 7+
samba update
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/317145/30/25220/threaded
Reference: APPLE:APPLE-SA-2003-03-24
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316165/30/25370/threaded
Reference: DEBIAN:DSA-262
Reference:
URL:http://www.debian.org/security/2003/dsa-262
Reference: GENTOO:GLSA-200303-11
Reference:
URL:http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml
Reference: IMMUNIX:IMNX-2003-7+-003-01
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/317145/30/25220/threaded
Reference: MANDRAKE:MDKSA-2003:032
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:032
Reference: REDHAT:RHSA-2003:095
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-095.html
Reference: REDHAT:RHSA-2003:096
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-096.html
Reference: SUSE:SuSE-SA:2003:016
Reference:
URL:http://www.novell.com/linux/security/advisories/2003_016_samba.html
Reference: SGI:20030302-01-I
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I
Reference: BUGTRAQ:20030317 GLSA: samba
(200303-11)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792646416629&w=2
Reference: BUGTRAQ:20030318 [OpenPKG-SA-2003.021]
OpenPKG Security Advisory (samba)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104801012929374&w=2
Reference: CERT-VN:VU#298233
Reference:
URL:http://www.kb.cert.org/vuls/id/298233
Reference: BID:7106
Reference:
URL:http://www.securityfocus.com/bid/7106
Reference: OVAL:oval:org.mitre.oval:def:552
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:552
Reference: SECUNIA:8299
Reference: URL:http://secunia.com/advisories/8299
Reference: SECUNIA:8303
Reference: URL:http://secunia.com/advisories/8303
Votes:
Name: CVE-2003-0086
Description:
The code for writing reg files in Samba before 2.2.8
allows local users to overwrite arbitrary files via a
race condition involving chown.
Status: Candidate
Phase: Assigned (20030210)
Reference: BUGTRAQ:20030325 Fwd:
APPLE-SA-2003-03-24 Samba, OpenSSL
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316165/30/25370/threaded
Reference: APPLE:APPLE-SA-2003-03-24
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316165/30/25370/threaded
Reference: DEBIAN:DSA-262
Reference:
URL:http://www.debian.org/security/2003/dsa-262
Reference: GENTOO:GLSA-200303-11
Reference:
URL:http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml
Reference: MANDRAKE:MDKSA-2003:032
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:032
Reference: REDHAT:RHSA-2003:095
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-095.html
Reference: REDHAT:RHSA-2003:096
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-096.html
Reference: SUSE:SuSE-SA:2003:016
Reference:
URL:http://www.novell.com/linux/security/advisories/2003_016_samba.html
Reference: SGI:20030302-01-I
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I
Reference: BUGTRAQ:20030317 GLSA: samba
(200303-11)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792646416629&w=2
Reference: BUGTRAQ:20030318 [OpenPKG-SA-2003.021]
OpenPKG Security Advisory (samba)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104801012929374&w=2
Reference: BID:7107
Reference:
URL:http://www.securityfocus.com/bid/7107
Reference: OVAL:oval:org.mitre.oval:def:554
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:554
Reference: SECUNIA:8299
Reference: URL:http://secunia.com/advisories/8299
Reference: SECUNIA:8303
Reference: URL:http://secunia.com/advisories/8303
Votes:
Name: CVE-2003-0089
Description:
Buffer overflow in the Software Distributor utilities
for HP-UX B.11.00 and B.11.11 allows local users to
execute arbitrary code via a long LANG environment
variable to setuid programs such as (1) swinstall and
(2) swmodify.
Status: Candidate
Phase: Assigned (20030211)
Reference: BUGTRAQ:20031113 NSFOCUS SA2003-07:
HP-UX Software Distributor Buffer Overflow Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106873965001431&w=2
Reference: VULNWATCH:20031113 NSFOCUS SA2003-07:
HP-UX Software Distributor Buffer Overflow Vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0038.html
Reference: HP:HPSBUX0311-293
Reference:
URL:http://www.securityfocus.com/advisories/6030
Reference: XF:hp-sd-utilities-bo(13623)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/13623
Reference: BID:8986
Reference:
URL:http://www.securityfocus.com/bid/8986
Votes:
Name: CVE-2003-0090
Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER.
ConsultIDs: CVE-2000-0844. Reason: This candidate is a
duplicate of CVE-2000-0844. Notes: All CVE users should
reference CVE-2000-0844 instead of this candidate. All
references and descriptions in this candidate have been
removed to prevent accidental usage.
Status: Candidate
Phase: Assigned (20030211)
Votes:
Name: CVE-2003-0091
Description:
Stack-based buffer overflow in the bsd_queue() function
for lpq on Solaris 2.6 and 7 allows local users to gain
root privilege.
Status: Candidate
Phase: Assigned (20030211)
Reference: BUGTRAQ:20030331 NSFOCUS SA2003-02:
Solaris lpq Stack Buffer Overflow Vulnerability
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316957/30/25250/threaded
Reference: VULNWATCH:20030331 NSFOCUS SA2003-02:
Solaris lpq Stack Buffer Overflow Vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0162.html
Reference:
MISC:http://www.nsfocus.com/english/homepage/sa2003-02.htm
Reference:
MISC:http://packetstormsecurity.org/0304-advisories/sa2003-02.txt
Reference: SUNALERT:52443
Reference:
URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-52443-1
Reference: CIAC:N-068
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-068.shtml
Reference: OSVDB:8713
Reference: URL:http://www.osvdb.org/8713
Reference: OVAL:oval:org.mitre.oval:def:4383
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4383
Votes:
Name: CVE-2003-0092
Description:
Heap-based buffer overflow in dtsession for Solaris
2.5.1 through Solaris 9 allows local users to gain root
privileges via a long HOME environment variable.
Status: Candidate
Phase: Assigned (20030211)
Reference: BUGTRAQ:20030331 NSFOCUS SA2003-03:
Solaris dtsession Heap Buffer Overflow Vulnerability
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316948/30/25250/threaded
Reference: VULNWATCH:20030331 NSFOCUS SA2003-03:
Solaris dtsession Heap Buffer Overflow Vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0163.html
Reference: SUNALERT:52388
Reference:
URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-52388-1
Reference: BID:7240
Reference:
URL:http://www.securityfocus.com/bid/7240
Reference: OVAL:oval:org.mitre.oval:def:1905
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1905
Votes:
Name: CVE-2003-0096
Description:
Multiple buffer overflows in Oracle 9i Database release
2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote
attackers to execute arbitrary code via (1) a long
conversion string argument to the TO_TIMESTAMP_TZ
function, (2) a long time zone argument to the TZ_OFFSET
function, or (3) a long DIRECTORY parameter to the
BFILENAME function.
Status: Candidate
Phase: Modified (20071016)
Reference: VULNWATCH:20030217 Oracle
TO_TIMESTAMP_TZ Remote System Buffer Overrun
(#NISR16022003b)
Reference: BUGTRAQ:20030217 Oracle
TO_TIMESTAMP_TZ Remote System Buffer Overrun
(#NISR16022003b)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549743326864&w=2
Reference: VULNWATCH:20030217 Oracle TZ_OFFSET
Remote System Buffer Overrun (#NISR16022003c)
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html
Reference: VULNWATCH:20030217 Oracle bfilename
function buffer overflow vulnerability (#NISR16022003e)
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html
Reference: VULNWATCH:20030217 Oracle
unauthenticated remote system compromise
(#NISR16022003a)
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html
Reference:
MISC:http://www.nextgenss.com/advisories/ora-bfilebo.txt
Reference:
MISC:http://www.nextgenss.com/advisories/ora-tmstmpbo.txt
Reference:
MISC:http://www.nextgenss.com/advisories/ora-tzofstbo.txt
Reference:
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf
Reference: CERT-VN:VU#840666
Reference:
URL:http://www.kb.cert.org/vuls/id/840666
Reference: VULNWATCH:20030217 Oracle TZ_OFFSET
Remote System Buffer Overrun (#NISR16022003c)
Reference: BUGTRAQ:20030217 Oracle TZ_OFFSET
Remote System Buffer Overrun (#NISR16022003c)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549782327321&w=2
Reference:
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf
Reference: CERT-VN:VU#743954
Reference:
URL:http://www.kb.cert.org/vuls/id/743954
Reference: VULNWATCH:20030217 Oracle bfilename
function buffer overflow vulnerability (#NISR16022003e)
Reference: BUGTRAQ:20030217 Oracle bfilename
function buffer overflow vulnerability (#NISR16022003e)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550346303295&w=2
Reference:
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf
Reference: CERT-VN:VU#663786
Reference:
URL:http://www.kb.cert.org/vuls/id/663786
Reference: CERT:CA-2003-05
Reference:
URL:http://www.cert.org/advisories/CA-2003-05.html
Reference: CIAC:N-046
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-046.shtml
Reference: BID:6847
Reference:
URL:http://www.securityfocus.com/bid/6847
Reference: BID:6848
Reference:
URL:http://www.securityfocus.com/bid/6848
Reference: BID:6850
Reference:
URL:http://www.securityfocus.com/bid/6850
Reference:
XF:oracle-bfilename-directory-bo(11325)
Reference:
URL:http://www.iss.net/security_center/static/11325.php
Reference: XF:oracle-tzoffset-bo(11326)
Reference:
URL:http://www.iss.net/security_center/static/11326.php
Reference: XF:oracle-totimestamptz-bo(11327)
Reference:
URL:http://www.iss.net/security_center/static/11327.php
Votes:
ACCEPT(4) Wall, Baker, Cole, Frech
NOOP(2) Cox, Christey
Voter Comments:
Christey> Modify the description to omit 8.0.6, as the Oracle advisory
does not list it. (However, NGSSoftware does, perhaps as the
result of a typo or cut-and-paste error in their advisory).
CIAC:N-046
URL:http://www.ciac.org/ciac/bulletins/n-046.shtml
BID:6850
URL:http://www.securityfocus.com/bid/6850
BID:6847
URL:http://www.securityfocus.com/bid/6847
BID:6848
URL:http://www.securityfocus.com/bid/6848
MISC:http://www.nextgenss.com/advisories/ora-bfilebo.txt
MISC:http://www.nextgenss.com/advisories/ora-tzofstbo.txt
MISC:http://www.nextgenss.com/advisories/ora-tmstmpbo.txt
Name: CVE-2003-0098
Description:
Unknown vulnerability in apcupsd before 3.8.6, and
3.10.x before 3.10.5, allows remote attackers to gain
root privileges, possibly via format strings in a
request to a slave server.
Status: Candidate
Phase: Modified (20071016)
Reference:
MISC:http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt
Reference:
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137900
Reference:
CONFIRM:http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6
Reference: MANDRAKE:MDKSA-2003:018
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:018
Reference: SUSE:SuSE-SA:2003:022
Reference:
URL:http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html
Reference: CALDERA:CSSA-2003-015.0
Reference:
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt
Reference: DEBIAN:DSA-277
Reference:
URL:http://www.debian.org/security/2003/dsa-277
Reference: BID:7200
Reference:
URL:http://www.securityfocus.com/bid/7200
Reference: BID:6828
Reference:
URL:http://www.securityfocus.com/bid/6828
Reference: SECTRACK:1006108
Reference:
URL:http://securitytracker.com/id?1006108
Reference:
XF:apcupsd-logevent-format-string(11334)
Reference:
URL:http://www.iss.net/security_center/static/11334.php
Votes:
ACCEPT(4) Cole, Armstrong, Jones, Green
NOOP(2) Cox, Christey
Voter Comments:
Christey> SUSE:SuSE-SA:2003:022
CALDERA:CSSA-2003-015.0
Christey> DEBIAN:DSA-277
URL:http://www.debian.org/security/2003/dsa-277
Christey> CHANGEREF BID:6828
(BID:7200 is for the overflows)
Name: CVE-2003-0099
Description:
Multiple buffer overflows in apcupsd before 3.8.6, and
3.10.x before 3.10.5, may allow attackers to cause a
denial of service or execute arbitrary code, related to
usage of the vsprintf function.
Status: Candidate
Phase: Modified (20071016)
Reference:
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137900
Reference:
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137892
Reference: CALDERA:CSSA-2003-015.0
Reference:
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt
Reference: MANDRAKE:MDKSA-2003:018
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:018
Reference: SUSE:SuSE-SA:2003:022
Reference:
URL:http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html
Reference: CALDERA:CSSA-2003-015.0
Reference:
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt
Reference: DEBIAN:DSA-277
Reference:
URL:http://www.debian.org/security/2003/dsa-277
Reference: BID:7200
Reference:
URL:http://www.securityfocus.com/bid/7200
Reference: SECTRACK:1006108
Reference:
URL:http://securitytracker.com/id?1006108
Reference: XF:apcupsd-vsprintf-multiple-bo(11491)
Reference:
URL:http://www.iss.net/security_center/static/11491.php
Votes:
ACCEPT(4) Cole, Armstrong, Jones, Green
NOOP(2) Cox, Christey
Voter Comments:
Christey> SUSE:SuSE-SA:2003:022
CALDERA:CSSA-2003-015.0
Christey> DEBIAN:DSA-277
URL:http://www.debian.org/security/2003/dsa-277
Christey> As observed in an email to us by a third party, it appears
that 3.8.6 is probably not affected by this, so the
description should be changed to refer to "3.10.x before
3.10.5, and 3.8.x before 3.8.6".
Christey> An email from Kern Sibbald on August 21, 2003, confirmed that
3.8.6 and 3.10.5 fixed the issue.
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=137892
Name: CVE-2003-0101
Description:
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin
before 1.000 does not properly handle metacharacters
such as line feeds and carriage returns (CRLF) in
Base-64 encoded strings during Basic authentication,
which allows remote attackers to spoof a session ID and
gain root privileges.
Status: Candidate
Phase: Modified (20080207)
Reference: BUGTRAQ:20030224 [SNS Advisory No.62]
Webmin/Usermin Session ID Spoofing Vulnerability
"Episode 2"
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610300325629&w=2
Reference:
MISC:http://www.lac.co.jp/security/english/snsadv_e/62_e.html
Reference: BUGTRAQ:20030224 GLSA: usermin
(200302-14)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610336226274&w=2
Reference: BUGTRAQ:20030224 Webmin 1.050 - 1.060
remote exploit
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610245624895&w=2
Reference:
CONFIRM:http://marc.theaimsgroup.com/?l=webmin-announce&m=104587858408101&w=2
Reference:
CONFIRM:http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html
Reference: DEBIAN:DSA-319
Reference:
URL:http://www.debian.org/security/2003/dsa-319
Reference: ENGARDE:ESA-20030225-006
Reference:
URL:http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html
Reference: HP:HPSBUX0303-250
Reference:
URL:http://archives.neohapsis.com/archives/hp/2003-q1/0063.html
Reference: MANDRAKE:MDKSA-2003:025
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:025
Reference: SGI:20030602-01-I
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I
Reference: CIAC:N-058
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-058.shtml
Reference: BID:6915
Reference:
URL:http://www.securityfocus.com/bid/6915
Reference: SECTRACK:1006160
Reference:
URL:http://www.securitytracker.com/id?1006160
Reference: SECUNIA:8115
Reference: URL:http://secunia.com/advisories/8115
Reference: SECUNIA:8163
Reference: URL:http://secunia.com/advisories/8163
Reference: XF:webmin-usermin-root-access(11390)
Reference:
URL:http://www.iss.net/security_center/static/11390.php
Votes:
ACCEPT(4) Cole, Armstrong, Jones, Green
NOOP(2) Christey, Cox
Voter Comments:
Christey> SGI:20030602-01-I
The "websetup v 3.5 package from IRIX 6.5.20 Applications CD"
uses Webmin; may wish to add this name to the description.
Christey> DEBIAN:DSA-319
Christey> CIAC:N-058
URL:http://www.ciac.org/ciac/bulletins/n-058.shtml
ENGARDE:ESA-20030225-006
URL:http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html
HP:HPSBUX0303-250
URL:http://archives.neohapsis.com/archives/hp/2003-q1/0063.html
BID:6915
URL:http://www.securityfocus.com/bid/6915
Name: CVE-2003-0105
Description:
ServerMask 2.2 and earlier does not obfuscate (1) ETag,
(2) HTTP Status Message, or (3) Allow HTTP responses,
which could tell remote attackers that the web server is
an IIS server.
Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20040810 Corsaire Security
Advisory - Port80 Software ServerMask inconsistencies
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109215441332682&w=2
Reference:
MISC:http://www.corsaire.com/advisories/c030224-001.txt
Reference:
XF:servermask-header-obtain-info(16947)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/16947
Votes:
Name: CVE-2003-0106
Description:
The HTTP proxy for Symantec Enterprise Firewall (SEF)
7.0 allows proxy users to bypass pattern matching for
blocked URLs via requests that are URL-encoded with
escapes, Unicode, or UTF-8.
Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20030326 Corsaire Security
Advisory - Symantec Enterprise Firewall (SEF) H TTP URL
pattern evasion issue
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104869513822233&w=2
Reference: NTBUGTRAQ:20030326 Corsaire Security
Advisory - Symantec Enterprise Firewall (SEF) H TTP URL
pattern evasion issue
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104868285106289&w=2
Reference: VULNWATCH:20030326 Corsaire Security
Advisory - Symantec Enterprise Firewall (SEF) H TTP URL
pattern evasion issue
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0152.html
Reference:
CONFIRM:http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2003032507434754
Reference: BID:7196
Reference:
URL:http://www.securityfocus.com/bid/7196
Votes:
Name: CVE-2003-0109
Description:
Buffer overflow in ntdll.dll on Microsoft Windows NT
4.0, Windows NT 4.0 Terminal Server Edition, Windows
2000, and Windows XP allows remote attackers to execute
arbitrary code, as demonstrated via a WebDAV request to
IIS 5.0.
Status: Candidate
Phase: Assigned (20030226)
Reference: ISS:20030317 Microsoft IIS WebDAV
Remote Compromise Vulnerability
Reference:
URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22029
Reference: MS:MS03-007
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
Reference:
CONFIRM:http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en
Reference: MSKB:Q815021
Reference:
URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q815021
Reference: CERT:CA-2003-09
Reference:
URL:http://www.cert.org/advisories/CA-2003-09.html
Reference:
MISC:http://www.nextgenss.com/papers/ms03-007-ntdll.pdf
Reference: VULNWATCH:20030317 Microsoft IIS 5.0
WebDAV remote buffer overflow
Reference: BUGTRAQ:20030321 New attack vectors
and a vulnerability dissection of MS03-007
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104826476427372&w=2
Reference: NTBUGTRAQ:20030321 New attack vectors
and a vulnerability dissection of MS03-007
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104826785731151&w=2
Reference: BUGTRAQ:20030325 IIS 5.0 WebDAV -Proof
of concept-. Fully documented.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104861839130254&w=2
Reference: BUGTRAQ:20030326 WebDAV exploit: using
wide character decoder scheme
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104869293619064&w=2
Reference: BUGTRAQ:20030328 Fate Research Labs
Presents: Analysis of the NTDLL.DLL Exploit
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104887148323552&w=2
Reference: BUGTRAQ:20030708 WDAV exploit without
netcat and with pretty magic number
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105768156625699&w=2
Reference: CERT-VN:VU#117394
Reference:
URL:http://www.kb.cert.org/vuls/id/117394
Reference: XF:http-webdav-long-request(11533)
Reference:
URL:http://www.iss.net/security_center/static/11533.php
Reference: BID:7116
Reference:
URL:http://www.securityfocus.com/bid/7116
Reference: OVAL:oval:org.mitre.oval:def:109
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:109
Votes:
Name: CVE-2003-0110
Description:
The Winsock Proxy service in Microsoft Proxy Server 2.0
and the Microsoft Firewall service in Internet Security
and Acceleration (ISA) Server 2000 allow remote
attackers to cause a denial of service (CPU consumption
or packet storm) via a spoofed, malformed packet to UDP
port 1745.
Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20030409 iDEFENSE Security
Advisory 04.09.03: Denial of Service in Microsoft Proxy
Server and Internet Security and Acceleration Server
2000
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104994487012027&w=2
Reference:
MISC:http://www.idefense.com/advisory/04.09.03.txt
Reference: MS:MS03-012
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-012.asp
Reference: OVAL:oval:org.mitre.oval:def:406
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:406
Votes:
Name: CVE-2003-0111
Description:
The ByteCode Verifier component of Microsoft Virtual
Machine (VM) build 5.0.3809 and earlier, as used in
Windows and Internet Explorer, allows remote attackers
to bypass security checks and execute arbitrary code via
a malicious Java applet, aka "Flaw in Microsoft VM Could
Enable System Compromise."
Status: Candidate
Phase: Assigned (20030226)
Reference: MS:MS03-011
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-011.asp
Reference: CERT-VN:VU#447569
Reference:
URL:http://www.kb.cert.org/vuls/id/447569
Reference:
XF:msvm-bytecode-improper-validation(11751)
Reference:
URL:http://www.iss.net/security_center/static/11751.php
Reference: OVAL:oval:org.mitre.oval:def:136
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:136
Votes:
Name: CVE-2003-0112
Description:
Buffer overflow in Windows Kernel allows local users to
gain privileges by causing certain error messages to be
passed to a debugger.
Status: Candidate
Phase: Assigned (20030226)
Reference: MS:MS03-013
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/MS03-013.asp
Reference: CERT-VN:VU#446338
Reference:
URL:http://www.kb.cert.org/vuls/id/446338
Reference: OVAL:oval:org.mitre.oval:def:1264
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1264
Reference: OVAL:oval:org.mitre.oval:def:142
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:142
Reference: OVAL:oval:org.mitre.oval:def:262
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:262
Reference: OVAL:oval:org.mitre.oval:def:779
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:779
Reference:
XF:win-kernel-lpcrequestwaitreplyport-bo(11803)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11803
Reference: BID:7370
Reference:
URL:http://www.securityfocus.com/bid/7370
Reference: OVAL:oval:org.mitre.oval:def:2022
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2022
Reference: OVAL:oval:org.mitre.oval:def:2265
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2265
Reference: OVAL:oval:org.mitre.oval:def:3145
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3145
Votes:
Name: CVE-2003-0113
Description:
Buffer overflow in URLMON.DLL in Microsoft Internet
Explorer 5.01, 5.5 and 6.0 allows remote attackers to
execute arbitrary code via an HTTP response containing
long values in (1) Content-type and (2) Content-encoding
fields.
Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20030426 Buffer overflow in
Internet Explorer's HTTP parsing code
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105138417416900&w=2
Reference: BUGTRAQ:20030701 URLMON.DLL buffer
overflow - technical details
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105718285107246&w=2
Reference: MS:MS03-015
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-015.asp
Reference: CERT-VN:VU#169753
Reference:
URL:http://www.kb.cert.org/vuls/id/169753
Reference: OVAL:oval:org.mitre.oval:def:926
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:926
Votes:
Name: CVE-2003-0114
Description:
The file upload control in Microsoft Internet Explorer
5.01, 5.5, and 6.0 allows remote attackers to
automatically upload files from the local system via a
web page containing a script to upload the files.
Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20030203 internet explorer
local file reading
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104429340817718&w=2
Reference: MS:MS03-015
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-015.asp
Reference: OVAL:oval:org.mitre.oval:def:963
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:963
Votes:
Name: CVE-2003-0115
Description:
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not
properly check parameters that are passed during third
party rendering, which could allow remote attackers to
execute arbitrary web script, aka the "Third Party
Plugin Rendering" vulnerability, a different
vulnerability than CVE-2003-0233.
Status: Candidate
Phase: Assigned (20030226)
Reference: MS:MS03-015
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-015.asp
Reference:
XF:ie-improper-thirdparty-rendering(11848)
Reference:
URL:http://www.iss.net/security_center/static/11848.php
Votes:
Name: CVE-2003-0116
Description:
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not
properly check the Cascading Style Sheet input parameter
for Modal dialogs, which allows remote attackers to read
files on the local system via a web page containing
script that creates a dialog and then accesses the
target files, aka "Modal Dialog script execution."
Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20021203 Poisonous Style for
Dialog window turns the zone off.
Reference:
URL:http://www.securityfocus.com/archive/1/301945
Reference: MS:MS03-015
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-015.asp
Reference: BUGTRAQ:20021203 Poisonous Style for
Dialog window turns the zone off.
Reference:
URL:http://www.securityfocus.com/archive/1/301945
Reference: CERT-VN:VU#244729
Reference:
URL:http://www.kb.cert.org/vuls/id/244729
Reference: BID:6306
Reference:
URL:http://www.securityfocus.com/bid/6306
Votes:
Name: CVE-2003-0117
Description:
Buffer overflow in the HTTP receiver function
(BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk
Server 2002 allows attackers to execute arbitrary code
via a certain request to the HTTP receiver.
Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20030505 Microsoft Biztalk
Server ISAPI HTTP Receive function buffer overflow
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105216866132289&w=2
Reference: MS:MS03-016
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-016.asp
Votes:
Name: CVE-2003-0118
Description:
SQL injection vulnerability in the Document Tracking and
Administration (DTA) website of Microsoft BizTalk Server
2000 and 2002 allows remote attackers to execute
operating system commands via a request to (1)
rawdocdata.asp or (2) RawCustomSearchField.asp
containing an embedded SQL statement.
Status: Candidate
Phase: Assigned (20030226)
Reference: BUGTRAQ:20030505 Microsoft Biztalk
Server DTA vulnerable to SQL injection
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105216839231951&w=2
Reference: MS:MS03-016
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-016.asp
Votes:
Name: CVE-2003-0119
Description:
The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an
Internet socket when communicating with the loadmodule,
which allows remote attackers to directly connect to the
daemon and conduct unauthorized activities.
Status: Candidate
Phase: Assigned (20030228)
Reference: AIXAPAR:IY40510
Reference: AIXAPAR:IY40228
Reference: AIXAPAR:IY40157
Reference: IBM:MSS-OAR-E01-2003:0245.1
Reference:
URL:http://www-1.ibm.com/services/continuity/recover1.nsf/4699c03b46f2d4f68525678c006d45ae/85256a3400529a8685256cde0008ddde?OpenDocument
Reference: CERT-VN:VU#624713
Reference:
URL:http://www.kb.cert.org/vuls/id/624713
Reference: BID:7264
Reference:
URL:http://www.securityfocus.com/bid/7264
Reference: SECUNIA:8221
Reference: URL:http://secunia.com/advisories/8221
Votes:
Name: CVE-2003-0121
Description:
Clearswift MAILsweeper 4.x allows remote attackers to
bypass attachment detection via an attachment that does
not specify a MIME-Version header field, which is
processed by some mail clients.
Status: Candidate
Phase: Assigned (20030303)
Reference: BUGTRAQ:20030307 Corsaire Security
Advisory - Clearswift MAILsweeper MIME attachment
evasion issue
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104716030503607&w=2
Reference: BUGTRAQ:20030326 RE: Corsaire Security
Advisory - Clearswift MAILsweeper MIME attachment
evasion issue
Reference:
URL:http://www.securityfocus.com/archive/1/316311
Reference: BID:7044
Reference:
URL:http://www.securityfocus.com/bid/7044
Votes:
Name: CVE-2003-0126
Description:
The web interface for SOHO Routefinder 550 firmware 4.63
and earlier, and possibly later versions, has a default
"admin" account with a blank password, which could allow
attackers on the LAN side to conduct unauthorized
activities.
Status: Candidate
Phase: Proposed (20030317)
Reference:
MISC:http://www.krusesecurity.dk/advisories/routefind550bof.txt
Reference: VULNWATCH:20030311 SOHO Routefinder
550 VPN, DoS and Buffer Overflow
Votes:
ACCEPT(1) Baker
NOOP(4) Wall, Cole, Cox, Green
Name: CVE-2003-0127
Description:
The kernel module loader in Linux kernel 2.2.x before
2.2.25, and 2.4.x before 2.4.21, allows local users to
gain root privileges by using ptrace to attach to a
child process that is spawned by the kernel.
Status: Candidate
Phase: Assigned (20030313)
Reference: VULNWATCH:20030317 Fwd: Ptrace hole /
Linux 2.2.25
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html
Reference: REDHAT:RHSA-2003:098
Reference:
URL:http://rhn.redhat.com/errata/RHSA-2003-098.html
Reference: REDHAT:RHSA-2003:088
Reference:
URL:http://rhn.redhat.com/errata/RHSA-2003-088.html
Reference: REDHAT:RHSA-2003:103
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-103.html
Reference: SUSE:SuSE-SA:2003:021
Reference: ENGARDE:ESA-20030318-009
Reference: DEBIAN:DSA-270
Reference:
URL:http://www.debian.org/security/2003/dsa-270
Reference: DEBIAN:DSA-276
Reference:
URL:http://www.debian.org/security/2003/dsa-276
Reference: DEBIAN:DSA-311
Reference:
URL:http://www.debian.org/security/2003/dsa-311
Reference: DEBIAN:DSA-312
Reference:
URL:http://www.debian.org/security/2003/dsa-312
Reference: DEBIAN:DSA-332
Reference:
URL:http://www.debian.org/security/2003/dsa-332
Reference: DEBIAN:DSA-336
Reference:
URL:http://www.debian.org/security/2003/dsa-336
Reference: DEBIAN:DSA-423
Reference:
URL:http://www.debian.org/security/2004/dsa-423
Reference: DEBIAN:DSA-495
Reference:
URL:http://www.debian.org/security/2004/dsa-495
Reference: MANDRAKE:MDKSA-2003:038
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:038
Reference: MANDRAKE:MDKSA-2003:039
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:039
Reference: CALDERA:CSSA-2003-020.0
Reference:
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt
Reference: ENGARDE:ESA-20030515-017
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
Reference: REDHAT:RHSA-2003:145
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-145.html
Reference: GENTOO:GLSA-200303-17
Reference:
URL:http://security.gentoo.org/glsa/glsa-200303-17.xml
Reference: CERT-VN:VU#628849
Reference:
URL:http://www.kb.cert.org/vuls/id/628849
Reference: OVAL:oval:org.mitre.oval:def:254
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:254
Votes:
Name: CVE-2003-0128
Description:
The try_uudecoding function in mail-format.c for Ximian
Evolution Mail User Agent 1.2.2 and earlier allows
remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a malicious
uuencoded (UUE) header, possibly triggering a heap-based
buffer overflow.
Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030319 CORE-2003-03-04-01:
Multiple vulnerabilities in Ximian 's Evolution Mail
User Agent
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html
Reference:
MISC:http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
Reference: GENTOO:GLSA-200303-18
Reference:
URL:http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml
Reference: REDHAT:RHSA-2003:108
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-108.html
Reference: MANDRAKE:MDKSA-2003:045
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:045
Reference: CONECTIVA:CLA-2003:648
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648
Reference: BUGTRAQ:20030321 GLSA: evolution
(200303-18)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104826470527308&w=2
Reference: BID:7117
Reference:
URL:http://www.securityfocus.com/bid/7117
Reference: OVAL:oval:org.mitre.oval:def:107
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:107
Votes:
Name: CVE-2003-0129
Description:
Ximian Evolution Mail User Agent 1.2.2 and earlier
allows remote attackers to cause a denial of service
(memory consumption) via a mail message that is
uuencoded multiple times.
Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030319 CORE-2003-03-04-01:
Multiple vulnerabilities in Ximian 's Evolution Mail
User Agent
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html
Reference:
MISC:http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
Reference: GENTOO:GLSA-200303-18
Reference:
URL:http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml
Reference: REDHAT:RHSA-2003:108
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-108.html
Reference: MANDRAKE:MDKSA-2003:045
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:045
Reference: CONECTIVA:CLA-2003:648
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648
Reference: BUGTRAQ:20030321 GLSA: evolution
(200303-18)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104826470527308&w=2
Reference: BID:7118
Reference:
URL:http://www.securityfocus.com/bid/7118
Reference: OVAL:oval:org.mitre.oval:def:108
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:108
Votes:
Name: CVE-2003-0130
Description:
The handle_image function in mail-format.c for Ximian
Evolution Mail User Agent 1.2.2 and earlier does not
properly escape HTML characters, which allows remote
attackers inject arbitrary data and HTML via a MIME
Content-ID header in a MIME-encoded image.
Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030319 CORE-2003-03-04-01:
Multiple vulnerabilities in Ximian 's Evolution Mail
User Agent
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html
Reference:
MISC:http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10
Reference: GENTOO:GLSA-200303-18
Reference:
URL:http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml
Reference: REDHAT:RHSA-2003:108
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-108.html
Reference: MANDRAKE:MDKSA-2003:045
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:045
Reference: CONECTIVA:CLA-2003:648
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648
Reference: BUGTRAQ:20030321 GLSA: evolution
(200303-18)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104826470527308&w=2
Reference: BID:7119
Reference:
URL:http://www.securityfocus.com/bid/7119
Reference: OVAL:oval:org.mitre.oval:def:111
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:111
Votes:
Name: CVE-2003-0131
Description:
The SSL and TLS components for OpenSSL 0.9.6i and
earlier, 0.9.7, and 0.9.7a allow remote attackers to
perform an unauthorized RSA private key operation via a
modified Bleichenbacher attack that uses a large number
of SSL or TLS connections using PKCS #1 v1.5 padding
that cause OpenSSL to leak information regarding the
relationship between ciphertext and the associated
plaintext, aka the "Klima-Pokorny-Rosa attack."
Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030327 Immunix Secured OS 7+
openssl update
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded
Reference: MISC:http://eprint.iacr.org/2003/052/
Reference: BUGTRAQ:20030319 [OpenSSL Advisory]
Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104811162730834&w=2
Reference: BUGTRAQ:20030324 GLSA: openssl
(200303-20)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104852637112330&w=2
Reference:
MISC:http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html
Reference: CALDERA:CSSA-2003-014.0
Reference:
URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
Reference: GENTOO:GLSA-200303-20
Reference:
URL:http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml
Reference: IMMUNIX:IMNX-2003-7+-001-01
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded
Reference: OPENPKG:OpenPKG-SA-2003.026
Reference:
URL:http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.html
Reference:
CONFIRM:http://www.openssl.org/news/secadv_20030319.txt
Reference: ENGARDE:ESA-20030320-010
Reference: FREEBSD:FreeBSD-SA-03:06
Reference: MANDRAKE:MDKSA-2003:035
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:035
Reference: NETBSD:NetBSD-SA2003-007
Reference:
URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc
Reference: REDHAT:RHSA-2003:101
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-101.html
Reference: REDHAT:RHSA-2003:102
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-102.html
Reference: CONECTIVA:CLA-2003:625
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
Reference: DEBIAN:DSA-288
Reference:
URL:http://www.debian.org/security/2003/dsa-288
Reference: SGI:20030501-01-I
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
Reference: SUSE:SuSE-SA:2003:024
Reference:
URL:http://www.suse.de/de/security/2003_024_openssl.html
Reference: TRUSTIX:2003-0013
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104878215721135&w=2
Reference:
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00028.html
Reference:
CONFIRM:http://www.openssl.org/news/secadv_20030319.txt
Reference: IMMUNIX:IMNX-2003-7+-001-01
Reference:
URL:http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html
Reference: SUSE:SuSE-SA:2003:024
Reference:
URL:http://www.novell.com/linux/security/advisories/2003_024_openssl.html
Reference: CERT-VN:VU#888801
Reference:
URL:http://www.kb.cert.org/vuls/id/888801
Reference: BID:7148
Reference:
URL:http://www.securityfocus.com/bid/7148
Reference:
XF:ssl-premaster-information-leak(11586)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11586
Reference: BID:7148
Reference:
URL:http://www.securityfocus.com/bid/7148
Reference: OVAL:oval:org.mitre.oval:def:461
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:461
Votes:
NOOP(1) Christey
Voter Comments:
Christey> REDHAT:RHSA-2003:205
Name: CVE-2003-0132
Description:
A memory leak in Apache 2.0 through 2.0.44 allows remote
attackers to cause a denial of service (memory
consumption) via large chunks of linefeed characters,
which causes Apache to allocate 80 bytes for each
linefeed.
Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030408 iDEFENSE Security
Advisory 04.08.03: Denial of Service in Apache HTTP
Server 2.x
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104982175321731&w=2
Reference:
MISC:http://www.idefense.com/advisory/04.08.03.txt
Reference: BUGTRAQ:20030402 [ANNOUNCE] Apache
2.0.45 Released
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104931360606484&w=2
Reference: BUGTRAQ:20030408 Exploit Code Released
for Apache 2.x Memory Leak
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104994309010974&w=2
Reference: BUGTRAQ:20030409 GLSA: apache
(200304-01)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104994239010517&w=2
Reference: BUGTRAQ:20030410 working apache <=
2.0.44 DoS exploit for linux.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105001663120995&w=2
Reference: BUGTRAQ:20030411 PATCH:
[CAN-2003-0132] Apache 2.0.44 Denial of Service
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105013378320711&w=2
Reference: REDHAT:RHSA-2003:139
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-139.html
Reference:
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00028.html
Reference: CERT-VN:VU#206537
Reference:
URL:http://www.kb.cert.org/vuls/id/206537
Reference: OVAL:oval:org.mitre.oval:def:156
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:156
Votes:
NOOP(1) Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2003:050
(as suggested by Vincent Danen of Mandrake)
Name: CVE-2003-0133
Description:
GtkHTML, as included in Evolution before 1.2.4, allows
remote attackers to cause a denial of service (crash)
via certain malformed messages.
Status: Candidate
Phase: Assigned (20030313)
Reference: REDHAT:RHSA-2003:126
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-126.html
Reference: MANDRAKE:MDKSA-2003:046
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:046
Reference: CONECTIVA:CLA-2003:737
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000737
Reference: OVAL:oval:org.mitre.oval:def:138
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:138
Votes:
Name: CVE-2003-0134
Description:
Unknown vulnerability in filestat.c for Apache running
on OS2, versions 2.0 through 2.0.45, allows unknown
attackers to cause a denial of service via requests
related to device names.
Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030402 [ANNOUNCE] Apache
2.0.45 Released
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104931360606484&w=2
Reference: BUGTRAQ:20030528 [SECURITY] [ANNOUNCE]
Apache 2.0.46 released
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105418115512559&w=2
Reference:
CONFIRM:http://cvs.apache.org/viewcvs/apr/file_io/os2/filestat.c.diff?r1=1.34&r2=1.35
Votes:
Name: CVE-2003-0135
Description:
vsftpd FTP daemon in Red Hat Linux 9 is not compiled
against TCP wrappers (tcp_wrappers) but is installed as
a standalone service, which inadvertently prevents
vsftpd from restricting access as intended.
Status: Candidate
Phase: Assigned (20030313)
Reference: REDHAT:RHSA-2003:084
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-084.html
Reference: BID:7253
Reference:
URL:http://www.securityfocus.com/bid/7253
Reference: OVAL:oval:org.mitre.oval:def:634
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:634
Votes:
Name: CVE-2003-0136
Description:
psbanner in the LPRng package allows local users to
overwrite arbitrary files via a symbolic link attack on
the /tmp/before file.
Status: Candidate
Phase: Assigned (20030313)
Reference:
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366
Reference: DEBIAN:DSA-285
Reference:
URL:http://www.debian.org/security/2003/dsa-285
Reference: REDHAT:RHSA-2003:142
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-142.html
Reference: OVAL:oval:org.mitre.oval:def:423
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:423
Votes:
Name: CVE-2003-0137
Description:
SNMP daemon in the DX200 based network element for Nokia
Serving GPRS support node (SGSN) allows remote attackers
to read SNMP options via arbitrary community strings.
Status: Candidate
Phase: Modified (20080326)
Reference: ATSTAKE:A031303-2
Reference:
URL:http://www.atstake.com/research/advisories/2003/a031303-2.txt
Reference: SECUNIA:8301
Reference: URL:http://secunia.com/advisories/8301
Votes:
ACCEPT(1) Baker
NOOP(4) Wall, Cole, Cox, Green
Name: CVE-2003-0138
Description:
Version 4 of the Kerberos protocol (krb4), as used in
Heimdal and other packages, allows an attacker to
impersonate any principal in a realm via a
chosen-plaintext attack.
Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030317 MITKRB5-SA-2003-004:
Cryptographic weaknesses in Kerberos v4 protocol
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104791775804776&w=2
Reference: BUGTRAQ:20030331 GLSA: krb5 & mit-krb5
(200303-28)
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316960/30/25250/threaded
Reference:
CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
Reference: DEBIAN:DSA-266
Reference:
URL:http://www.debian.org/security/2003/dsa-266
Reference: DEBIAN:DSA-269
Reference:
URL:http://www.debian.org/security/2003/dsa-269
Reference: DEBIAN:DSA-273
Reference:
URL:http://www.debian.org/security/2003/dsa-273
Reference: REDHAT:RHSA-2003:051
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:091
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-091.html
Reference: CERT-VN:VU#623217
Reference:
URL:http://www.kb.cert.org/vuls/id/623217
Reference: BID:7113
Reference:
URL:http://www.securityfocus.com/bid/7113
Reference: OVAL:oval:org.mitre.oval:def:248
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:248
Votes:
NOOP(1) Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2003:043
(as suggested by Vincent Danen of Mandrake)
Name: CVE-2003-0139
Description:
Certain weaknesses in the implementation of version 4 of
the Kerberos protocol (krb4) in the krb5 distribution,
when triple-DES keys are used to key krb4 services,
allow an attacker to create krb4 tickets for
unauthorized principals using a cut-and-paste attack and
"ticket splicing."
Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030319 MITKRB5-SA-2003-004:
Cryptographic weaknesses in Kerberos v4
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104791775804776&w=2
Reference: BUGTRAQ:20030330 GLSA: openafs
(200303-26)
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/317130/30/25250/threaded
Reference: BUGTRAQ:20030331 GLSA: krb5 & mit-krb5
(200303-28)
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316960/30/25250/threaded
Reference:
CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
Reference: DEBIAN:DSA-266
Reference:
URL:http://www.debian.org/security/2003/dsa-266
Reference: DEBIAN:DSA-273
Reference:
URL:http://www.debian.org/security/2003/dsa-273
Reference: REDHAT:RHSA-2003:051
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:091
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-091.html
Reference: CERT-VN:VU#442569
Reference:
URL:http://www.kb.cert.org/vuls/id/442569
Reference: OVAL:oval:org.mitre.oval:def:250
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:250
Votes:
NOOP(1) Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2003:043
(as suggested by Vincent Danen of Mandrake)
Name: CVE-2003-0140
Description:
Buffer overflow in Mutt 1.4.0 and possibly earlier
versions, 1.5.x up to 1.5.3, and other programs that use
Mutt code such as Balsa before 2.0.10, allows a remote
malicious IMAP server to cause a denial of service
(crash) and possibly execute arbitrary code via a
crafted folder.
Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030320 CORE-20030304-02:
Vulnerability in Mutt Mail User Agent
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104818814931378&w=2
Reference:
MISC:http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10
Reference: DEBIAN:DSA-268
Reference:
URL:http://www.debian.org/security/2003/dsa-268
Reference: GENTOO:GLSA-200303-19
Reference:
URL:http://www.gentoo.org/security/en/glsa/glsa-200303-19.xml
Reference: SUSE:SuSE-SA:2003:020
Reference:
URL:http://www.novell.com/linux/security/advisories/2003_020_mutt.html
Reference: MANDRAKE:MDKSA-2003:041
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:041
Reference: REDHAT:RHSA-2003:109
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-109.html
Reference: CONECTIVA:CLA-2003:626
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000626
Reference: CONECTIVA:CLA-2003:630
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000630
Reference: BUGTRAQ:20030319 mutt-1.4.1 fixes a
buffer overflow.
Reference:
URL:http://www.securityfocus.com/archive/1/315679
Reference: BUGTRAQ:20030320 [OpenPKG-SA-2003.025]
OpenPKG Security Advisory (mutt)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104817995421439&w=2
Reference: BUGTRAQ:20030322 GLSA: mutt
(200303-19)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104852190605988&w=2
Reference: BUGTRAQ:20030430 GLSA: balsa
(200304-10)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105171507629573&w=2
Reference: XF:mutt-folder-name-bo(11583)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11583
Reference: BID:7120
Reference:
URL:http://www.securityfocus.com/bid/7120
Reference: OVAL:oval:org.mitre.oval:def:2
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2
Reference: OVAL:oval:org.mitre.oval:def:434
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:434
Votes:
Name: CVE-2003-0141
Description:
The PNG deflate algorithm in RealOne Player 6.0.11.x and
earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and
other versions allows remote attackers to corrupt the
heap and overwrite arbitrary memory via a PNG graphic
file format containing compressed data using fixed trees
that contain the length values 286-287, which are
treated as a very large length.
Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030328 CORE-2003-0306:
RealPlayer PNG deflate heap corruption vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104887465427579&w=2
Reference: VULNWATCH:20030328 CORE-2003-0306:
RealPlayer PNG deflate heap corruption vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html
Reference:
MISC:http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10
Reference: CERT-VN:VU#705761
Reference:
URL:http://www.kb.cert.org/vuls/id/705761
Reference: BID:7177
Reference:
URL:http://www.securityfocus.com/bid/7177
Votes:
Name: CVE-2003-0142
Description:
Adobe Acrobat Reader (acroread) 6, under certain
circumstances when running with the "Certified plug-ins
only" option disabled, loads plug-ins with signatures
used for older versions of Acrobat, which can allow
attackers to cause Acrobat to enter Certified mode and
run untrusted plugins by modifying the CTIsCertifiedMode
function.
Status: Candidate
Phase: Assigned (20030313)
Reference: BUGTRAQ:20030708 Adobe Acrobat and PDF
security: no improvements for 2 years
Reference:
URL:http://www.securityfocus.com/archive/1/328224
Reference: CERT-VN:VU#689835
Reference:
URL:http://www.kb.cert.org/vuls/id/689835
Votes:
Name: CVE-2003-0144
Description:
Buffer overflow in the lprm command in the lprold lpr
package on SuSE 7.1 through 7.3, OpenBSD 3.2 and
earlier, and possibly other operating systems, allows
local users to gain root privileges via long command
line arguments such as (1) request ID or (2) user name.
Status: Candidate
Phase: Modified (20071113)
Reference: BUGTRAQ:20030305 potential buffer
overflow in lprm (fwd)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104690434504429&w=2
Reference: BUGTRAQ:20030308 OpenBSD lprm(1)
exploit
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104714441925019&w=2
Reference:
CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch
Reference: DEBIAN:DSA-267
Reference:
URL:http://www.debian.org/security/2003/dsa-267
Reference: DEBIAN:DSA-275
Reference:
URL:http://www.debian.org/security/2003/dsa-275
Reference: MANDRAKE:MDKSA-2003:059
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:059
Reference: SGI:20030406-02-P
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P
Reference: SUSE:SuSE-SA:2003:0014
Reference:
URL:http://www.novell.com/linux/security/advisories/2003_014_lprold.html
Reference: BID:7025
Reference:
URL:http://www.securityfocus.com/bid/7025
Reference: SECUNIA:8293
Reference: URL:http://secunia.com/advisories/8293
Reference: XF:lprm-bo(11473)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11473
Votes:
ACCEPT(4) Cole, Armstrong, Jones, Green
NOOP(2) Christey, Cox
Voter Comments:
Christey> DEBIAN:DSA-267
URL:http://www.debian.org/security/2003/dsa-267
Christey> DEBIAN:DSA-275
URL:http://www.debian.org/security/2003/dsa-275
Christey> DEBIAN:DSA-267
URL:http://www.debian.org/security/2003/dsa-267
Christey> SGI:20030406-02-P
Christey> MANDRAKE:MDKSA-2003:059
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:059
Name: CVE-2003-0146
Description:
Multiple vulnerabilities in NetPBM 9.20 and earlier, and
possibly other versions, may allow remote attackers to
cause a denial of service or execute arbitrary code via
"maths overflow errors" such as (1) integer signedness
errors or (2) integer overflows, which lead to buffer
overflows.
Status: Candidate
Phase: Modified (20050311)
Reference: BUGTRAQ:20030228 NetPBM, multiple
vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104644687816522&w=2
Reference: CONECTIVA:CLSA-2003:656
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000656
Reference: DEBIAN:DSA-263
Reference:
URL:http://www.debian.org/security/2003/dsa-263
Reference: REDHAT:RHSA-2003:060
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-060.html
Reference: CERT-VN:VU#630433
Reference:
URL:http://www.kb.cert.org/vuls/id/630433
Reference: BID:6979
Reference:
URL:http://www.securityfocus.com/bid/6979
Reference: XF:netpbm-multiple-bo(11463)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11463
Votes:
ACCEPT(3) Baker, Cole, Green
MODIFY(1) Cox
NOOP(2) Christey, Wall
Voter Comments:
Christey> MANDRAKE:MDKSA-2003:036
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:036
CHANGE> [Cox changed vote from ACCEPT to MODIFY]
Cox> REDHAT:RHSA-2003:061
Cox> ADDREF REDHAT:RHSA-2003:060
Christey> MANDRAKE:MDKSA-2003:036
(as suggested by Vincent Danen of Mandrake)
Christey> CONECTIVA:CLA-2003:656
Name: CVE-2003-0147
Description:
OpenSSL does not use RSA blinding by default, which
allows local and remote attackers to obtain the server's
private key by determining factors using timing
differences on (1) the number of extra reductions during
Montgomery reduction, and (2) the use of different
integer multiplication algorithms ("Karatsuba" and
normal).
Status: Candidate
Phase: Modified (20071129)
Reference: BUGTRAQ:20030313 Vulnerability in
OpenSSL
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104766550528628&w=2
Reference: BUGTRAQ:20030325 Fwd:
APPLE-SA-2003-03-24 Samba, OpenSSL
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316165/30/25370/threaded
Reference: BUGTRAQ:20030327 Immunix Secured OS 7+
openssl update
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded
Reference: VULNWATCH:20030313 OpenSSL Private Key
Disclosure
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html
Reference:
CONFIRM:http://www.openssl.org/news/secadv_20030317.txt
Reference: BUGTRAQ:20030317 [ADVISORY] Timing
Attack on OpenSSL
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792570615648&w=2
Reference:
MISC:http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
Reference: APPLE:APPLE-SA-2003-03-24
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316165/30/25370/threaded
Reference: CALDERA:CSSA-2003-014.0
Reference:
URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
Reference: CONECTIVA:CLA-2003:625
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
Reference: DEBIAN:DSA-288
Reference:
URL:http://www.debian.org/security/2003/dsa-288
Reference: ENGARDE:ESA-20030320-010
Reference: FREEBSD:FreeBSD-SA-03:06
Reference: GENTOO:GLSA-200303-24
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104861762028637&w=2
Reference: GENTOO:GLSA-200303-15
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104829040921835&w=2
Reference: GENTOO:GLSA-200303-23
Reference:
URL:http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml
Reference: IMMUNIX:IMNX-2003-7+-001-01
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded
Reference: MANDRAKE:MDKSA-2003:035
Reference:
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035
Reference: OPENPKG:OpenPKG-SA-2003.019
Reference:
URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html
Reference: REDHAT:RHSA-2003:101
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-101.html
Reference: REDHAT:RHSA-2003:102
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-102.html
Reference: REDHAT:RHSA-2003:205
Reference: SGI:20030501-01-I
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
Reference: BUGTRAQ:20030320 [OpenPKG-SA-2003.026]
OpenPKG Security Advisory (openssl)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104819602408063&w=2
Reference: CERT-VN:VU#997481
Reference:
URL:http://www.kb.cert.org/vuls/id/997481
Reference: OVAL:oval:org.mitre.oval:def:466
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:466
Votes:
ACCEPT(4) Wall, Baker, Cole, Green
MODIFY(1) Cox
NOOP(1) Christey
Voter Comments:
Christey> ENGARDE:ESA-20030320-010
BUGTRAQ:20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl)
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104819602408063&w=2
Christey> FREEBSD:FreeBSD-SA-03:06.openssl
Cox> Addref:http://www.openssl.org/news/secadv_20030317.txt
Christey> MANDRAKE:MDKSA-2003:035
URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035
Christey> BUGTRAQ:20030325 GLSA: stunnel (200303-24)
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104861762028637&w=2
Need to change desc to include stunnel
Cox> REDHAT:RHSA-2003:102
URL:http://www.redhat.com/support/errata/RHSA-2003-102.html
Cox> REDHAT:RHSA-2003:101
URL:http://www.redhat.com/support/errata/RHSA-2003-101.html
Christey> CONECTIVA:CLA-2003:625
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
Christey> DEBIAN:DSA-288
URL:http://www.debian.org/security/2003/dsa-288
Christey> MANDRAKE:MDKSA-2003:035
(as suggested by Vincent Danen of Mandrake)
Christey> SGI:20030501-01-I
URL:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
Christey> REDHAT:RHSA-2003:205
Christey> CERT-VN:VU#997481
URL:http://www.kb.cert.org/vuls/id/997481
Name: CVE-2003-0148
Description:
The default installation of MSDE via McAfee ePolicy
Orchestrator 2.0 through 3.0 allows attackers to execute
arbitrary code via a series of steps that (1) obtain the
database administrator username and encrypted password
in a configuration file from the ePO server using a
certain request, (2) crack the password due to weak
cryptography, and (3) use the password to pass commands
through xp_cmdshell.
Status: Candidate
Phase: Assigned (20030317)
Reference: ATSTAKE:A073103-1
Reference:
URL:http://www.atstake.com/research/advisories/2003/a073103-1.txt
Reference:
CONFIRM:http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
Votes:
Name: CVE-2003-0149
Description:
Heap-based buffer overflow in ePO agent for McAfee
ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote
attackers to execute arbitrary code via a POST request
containing long parameters.
Status: Candidate
Phase: Assigned (20030317)
Reference: ATSTAKE:A073103-1
Reference:
URL:http://www.atstake.com/research/advisories/2003/a073103-1.txt
Reference:
CONFIRM:http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
Votes:
Name: CVE-2003-0150
Description:
MySQL 3.23.55 and earlier creates world-writeable files
and allows mysql users to gain root privileges by using
the "SELECT * INFO OUTFILE" operator to overwrite a
configuration file and cause mysql to run as root upon
restart, as demonstrated by modifying my.cnf.
Status: Candidate
Phase: Assigned (20030318)
Reference: BUGTRAQ:20030308
MySQL_user_can_be_changed_to_root?
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104715840202315&w=2
Reference: BUGTRAQ:20030310 Re: MySQL user can be
changed to root
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104739810523433&w=2
Reference: CONECTIVA:CLA-2003:743
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743
Reference: DEBIAN:DSA-303
Reference:
URL:http://www.debian.org/security/2003/dsa-303
Reference: ENGARDE:ESA-20030324-012
Reference:
URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html
Reference: REDHAT:RHSA-2003:093
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-093.html
Reference: REDHAT:RHSA-2003:094
Reference:
URL:http://rhn.redhat.com/errata/RHSA-2003-094.html
Reference: MANDRAKE:MDKSA-2003:057
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:057
Reference: BUGTRAQ:20030318 [OpenPKG-SA-2003.022]
OpenPKG Security Advisory (mysql)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104800948128630&w=2
Reference: BUGTRAQ:20030318 GLSA: mysql
(200303-14)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104802285012750&w=2
Reference: CERT-VN:VU#203897
Reference:
URL:http://www.kb.cert.org/vuls/id/203897
Reference: BID:7052
Reference:
URL:http://www.securityfocus.com/bid/7052
Reference:
XF:mysql-datadir-root-privileges(11510)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11510
Reference: OVAL:oval:org.mitre.oval:def:442
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:442
Votes:
NOOP(1) Christey
Voter Comments:
Christey> DEBIAN:DSA-303
URL:http://www.debian.org/security/2003/dsa-303
Name: CVE-2003-0151
Description:
BEA WebLogic Server and Express 6.0 through 7.0 does not
properly restrict access to certain internal servlets
that perform administrative functions, which allows
remote attackers to read arbitrary files or execute
arbitrary code.
Status: Candidate
Phase: Assigned (20030318)
Reference: BUGTRAQ:20030317 SPI ADVISORY: Remote
Administration of BEA WebLogic Server and Express
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792477914620&w=2
Reference: BUGTRAQ:20030317 S21SEC-011 - Multiple
vulnerabilities in BEA WebLogic Server
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104792544515384&w=2
Reference:
MISC:http://www.s21sec.com/en/avisos/s21sec-011-en.txt
Reference:
CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp
Reference: BID:7122
Reference:
URL:http://www.securityfocus.com/bid/7122
Reference: BID:7124
Reference:
URL:http://www.securityfocus.com/bid/7124
Votes:
Name: CVE-2003-0152
Description:
Unknown vulnerability in bonsai Mozilla CVS query tool
allows remote attackers to execute arbitrary commands as
the www-data user.
Status: Candidate
Phase: Assigned (20030319)
Reference: DEBIAN:DSA-265
Reference:
URL:http://www.debian.org/security/2003/dsa-265
Reference: BID:7162
Reference:
URL:http://www.securityfocus.com/bid/7162
Votes:
Name: CVE-2003-0153
Description:
bonsai Mozilla CVS query tool leaks the absolute
pathname of the tool in certain error messages generated
by (1) cvslog.cgi, (2) cvsview2.cgi, or (3)
multidiff.cgi.
Status: Candidate
Phase: Assigned (20030319)
Reference: BUGTRAQ:20020819 Advisory: Bonsai XSS
and Physical Path Revealing Vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102980129101054&w=2
Reference: DEBIAN:DSA-265
Reference:
URL:http://www.debian.org/security/2003/dsa-265
Reference:
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=187230
Reference: BID:5517
Reference:
URL:http://www.securityfocus.com/bid/5517
Reference: XF:bonsai-path-disclosure(9921)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/9921
Votes:
Name: CVE-2003-0154
Description:
Cross-site scripting vulnerabilities (XSS) in bonsai
Mozilla CVS query tool allow remote attackers to execute
arbitrary web script via (1) the file, root, or rev
parameters to cvslog.cgi, (2) the file or root
parameters to cvsblame.cgi, (3) various parameters to
cvsquery.cgi, (4) the person parameter to
showcheckins.cgi, (5) the module parameter to
cvsqueryform.cgi, and (6) possibly other attack vectors
as identified by Mozilla bug #146244.
Status: Candidate
Phase: Assigned (20030319)
Reference: BUGTRAQ:20020819 Advisory: Bonsai XSS
and Physical Path Revealing Vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102980129101054&w=2
Reference: DEBIAN:DSA-265
Reference:
URL:http://www.debian.org/security/2003/dsa-265
Reference:
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=163573
Reference:
CONFIRM:http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view
Reference:
CONFIRM:http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view
Reference:
MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=146244
Reference: BID:5516
Reference:
URL:http://www.securityfocus.com/bid/5516
Reference: XF:bonsai-error-message-xss(9920)
Reference:
URL:http://www.iss.net/security_center/static/9920.php
Votes:
Name: CVE-2003-0155
Description:
bonsai Mozilla CVS query tool allows remote attackers to
gain access to the parameters page without
authentication.
Status: Candidate
Phase: Assigned (20030319)
Reference: DEBIAN:DSA-265
Reference:
URL:http://www.debian.org/security/2003/dsa-265
Reference: BID:7163
Reference:
URL:http://www.securityfocus.com/bid/7163
Votes:
Name: CVE-2003-0156
Description:
Directory traversal vulnerability in Cross-Referencing
Linux (LXR) allows remote attackers to read arbitrary
files via .. (dot dot) sequences in the v parameter.
Status: Candidate
Phase: Assigned (20030319)
Reference: BUGTRAQ:20030311 Cross-Referencing
Linux vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104739747222492&w=2
Reference: DEBIAN:DSA-264
Reference:
URL:http://www.debian.org/security/2003/dsa-264
Reference: BID:7062
Reference:
URL:http://www.securityfocus.com/bid/7062
Votes:
Name: CVE-2003-0157
Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER.
ConsultIDs: CVE-2003-0138. Reason: This candidate is a
reservation duplicate of CVE-2003-0138 due to incomplete
coordination. Notes: All CVE users should reference
CVE-2003-0138 instead of this candidate. All references
and descriptions in this candidate have been removed to
prevent accidental usage.
Status: Candidate
Phase: Assigned (20030319)
Votes:
Name: CVE-2003-0158
Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER.
ConsultIDs: CVE-2003-0139. Reason: This candidate is a
reservation duplicate of CVE-2003-0139 due to incomplete
coordination. Notes: All CVE users should reference
CVE-2003-0139 instead of this candidate. All references
and descriptions in this candidate have been removed to
prevent accidental usage.
Status: Candidate
Phase: Assigned (20030319)
Votes:
Name: CVE-2003-0159
Description:
Heap-based buffer overflow in the NTLMSSP code for
Ethereal 0.9.9 and earlier allows remote attackers to
cause a denial of service and possibly execute arbitrary
code.
Status: Candidate
Phase: Assigned (20030321)
Reference:
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00008.html
Reference: BUGTRAQ:20030309 GLSA: ethereal
(200303-10)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104741640924709&w=2
Reference: REDHAT:RHSA-2003:077
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-077.html
Reference: SUSE:SuSE-SA:2003:019
Reference:
URL:http://www.novell.com/linux/security/advisories/2003_019_ethereal.html
Reference: MANDRAKE:MDKSA-2003:051
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:051
Reference: BID:7050
Reference:
URL:http://www.securityfocus.com/bid/7050
Reference: OVAL:oval:org.mitre.oval:def:55
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:55
Votes:
Name: CVE-2003-0160
Description:
Multiple cross-site scripting (XSS) vulnerabilities in
SquirrelMail before 1.2.11 allow remote attackers to
inject arbitrary HTML code and steal information from a
client's web browser.
Status: Candidate
Phase: Assigned (20030321)
Reference:
CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988
Reference: REDHAT:RHSA-2003:112
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-112.html
Reference: OVAL:oval:org.mitre.oval:def:614
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:614
Votes:
Name: CVE-2003-0161
Description:
The prescan() function in the address parser
(parseaddr.c) in Sendmail before 8.12.9 does not
properly handle certain conversions from char and int
types, which can cause a length check to be disabled
when Sendmail misinterprets an input value as a special
"NOCHAR" control value, allowing attackers to cause a
denial of service and possibly execute arbitrary code
via a buffer overflow attack using messages, a different
vulnerability than CVE-2002-1337.
Status: Candidate
Phase: Assigned (20030324)
Reference: BUGTRAQ:20030329 Sendmail: -1 gone
wild
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104897487512238&w=2
Reference: BUGTRAQ:20030520 [Fwd: 127 Research
and Development: 127 Day!]
Reference:
URL:http://www.securityfocus.com/archive/1/321997
Reference: BUGTRAQ:20030331 GLSA: sendmail
(200303-27)
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/316961/30/25250/threaded
Reference: BUGTRAQ:20030401 Immunix Secured OS 7+
openssl update
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/317135/30/25220/threaded
Reference: FULLDISC:20030329 Sendmail: -1 gone
wild
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html
Reference: BUGTRAQ:20030329 sendmail 8.12.9
available
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104896621106790&w=2
Reference: GENTOO:GLSA-200303-27
Reference:
URL:http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml
Reference: IMMUNIX:IMNX-2003-7+-002-01
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/317135/30/25220/threaded
Reference: SUNALERT:52620
Reference:
URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1
Reference: SUNALERT:52700
Reference:
URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1
Reference: CERT:CA-2003-12
Reference:
URL:http://www.cert.org/advisories/CA-2003-12.html
Reference: CERT-VN:VU#897604
Reference:
URL:http://www.kb.cert.org/vuls/id/897604
Reference: FREEBSD:FreeBSD-SA-03:07
Reference:
URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc
Reference: REDHAT:RHSA-2003:120
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-120.html
Reference: REDHAT:RHSA-2003:121
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-121.html
Reference: SCO:SCOSA-2004.11
Reference:
URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt
Reference: SUSE:SuSE-SA:2003:023
Reference: SGI:20030401-01-P
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P
Reference: CALDERA:CSSA-2003-016.0
Reference:
URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt
Reference: DEBIAN:DSA-278
Reference:
URL:http://www.debian.org/security/2003/dsa-278
Reference: DEBIAN:DSA-290
Reference:
URL:http://www.debian.org/security/2003/dsa-290
Reference: CONECTIVA:CLA-2003:614
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614
Reference: HP:SSRT3531
Reference: BUGTRAQ:20030330 [OpenPKG-SA-2003.027]
OpenPKG Security Advisory (sendmail)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104914999806315&w=2
Reference:
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00028.html
Reference: BID:7230
Reference:
URL:http://www.securityfocus.com/bid/7230
Votes:
NOOP(1) Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2003:042
(as suggested by Vincent Danen of Mandrake)
Name: CVE-2003-0162
Description:
Ecartis 1.0.0 (formerly listar) before snapshot 20030227
allows remote attackers to reset passwords of other
users and gain privileges by modifying hidden form
fields in the HTML page.
Status: Candidate
Phase: Assigned (20030324)
Reference: BUGTRAQ:20030227 Ecardis Password
Reseting Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104636153214262&w=2
Reference: BUGTRAQ:20030303 Re: Ecardis Password
Reseting Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104673407728323&w=2
Reference: DEBIAN:DSA-271
Reference:
URL:http://www.debian.org/security/2003/dsa-271
Reference: BID:6971
Reference:
URL:http://www.securityfocus.com/bid/6971
Reference: XF:ecartis-password-reset(11431)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11431
Votes:
Name: CVE-2003-0163
Description:
decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and
earlier does not properly validate a message length
parameter, which allows remote attackers to cause a
denial of service (crash) via a negative length, which
overwrites arbitrary heap memory with a zero byte.
Status: Candidate
Phase: Assigned (20030324)
Reference: BUGTRAQ:20030412 R7-0013: Heap
Corruption in Gaim-Encryption Plugin
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105013281120352&w=2
Reference:
MISC:http://www.rapid7.com/advisories/R7-0013.html
Reference: BID:7182
Reference:
URL:http://www.securityfocus.com/bid/7182
Votes:
Name: CVE-2003-0164
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030324)
Votes:
Name: CVE-2003-0165
Description:
Format string vulnerability in Eye Of Gnome (EOG) allows
attackers to execute arbitrary code via format string
specifiers in a command line argument for the file to
display.
Status: Candidate
Phase: Assigned (20030326)
Reference: BUGTRAQ:20030328 CORE-2003-0304-03:
Vulnerability in GNOME's Eye of Gnome
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104887189724146&w=2
Reference: VULNWATCH:20030328 Vulnerability in
GNOME's Eye of Gnome
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0157.html
Reference:
MISC:http://www.coresecurity.com/common/showdoc.php?idx=312&idxseccion=10
Reference: REDHAT:RHSA-2003:128
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-128.html
Reference: MANDRAKE:MDKSA-2003:048
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:048
Reference: CERT-VN:VU#363001
Reference:
URL:http://www.kb.cert.org/vuls/id/363001
Reference: BID:7121
Reference:
URL:http://www.securityfocus.com/bid/7121
Reference: OVAL:oval:org.mitre.oval:def:52
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:52
Votes:
NOOP(1) Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2003:048
(as suggested by Vincent Danen of Mandrake)
Name: CVE-2003-0166
Description:
Integer signedness error in emalloc() function for PHP
before 4.3.2 allow remote attackers to cause a denial of
service (memory consumption) and possibly execute
arbitrary code via negative arguments to functions such
as (1) socket_recv, (2) socket_recvfrom, and possibly
other functions.
Status: Candidate
Phase: Assigned (20030326)
Reference: BUGTRAQ:20030326 @(#)Mordred Labs
advisory - Integer overflow in PHP memory allocator
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104869828526885&w=2
Reference: BUGTRAQ:20030327 RE: FUD-ALARM:
@(#)Mordred Labs advisory - Integer overflow in PHP
memory allocator
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104878100719467&w=2
Reference: BUGTRAQ:20030402 Inaccurate Reports
Concerning PHP Vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2
Reference: CONECTIVA:CLSA-2003:691
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691
Reference: SCO:CSSA-2003-SCO.28
Reference: BID:7197
Reference:
URL:http://www.securityfocus.com/bid/7197
Reference: BID:7198
Reference:
URL:http://www.securityfocus.com/bid/7198
Votes:
Name: CVE-2003-0167
Description:
Multiple off-by-one buffer overflows in the IMAP
capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4
and earlier, allow a remote malicious IMAP server to
cause a denial of service (crash) and possibly execute
arbitrary code via a specially crafted mail folder, a
different vulnerability than CVE-2003-0140.
Status: Candidate
Phase: Assigned (20030327)
Reference: DEBIAN:DSA-274
Reference:
URL:http://www.debian.org/security/2003/dsa-274
Reference: DEBIAN:DSA-300
Reference:
URL:http://www.debian.org/security/2003/dsa-300
Reference: BID:7229
Reference:
URL:http://www.securityfocus.com/bid/7229
Votes:
Name: CVE-2003-0168
Description:
Buffer overflow in Apple QuickTime Player 5.x and 6.0
for Windows allows remote attackers to execute arbitrary
code via a long QuickTime URL.
Status: Candidate
Phase: Assigned (20030327)
Reference: BUGTRAQ:20030401 Fwd: QuickTime 6.1
for Windows is available
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/317141/30/25220/threaded
Reference: BUGTRAQ:20030401 iDEFENSE Security
Advisory 03.31.03: Buffer Overflow in Windows QuickTime
Player
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/317148/30/25220/threaded
Reference: VULNWATCH:20030331 iDEFENSE Security
Advisory 03.31.03: Buffer Overflow in Windows QuickTime
Player
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0166.html
Reference:
MISC:http://www.idefense.com/advisory/03.31.03.txt
Reference:
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00027.html
Reference: APPLE:APPLE-SA-2003-03-31
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/317141/30/25220/threaded
Reference: CERT-VN:VU#112553
Reference:
URL:http://www.kb.cert.org/vuls/id/112553
Reference: BID:7247
Reference:
URL:http://www.securityfocus.com/bid/7247
Reference: OSVDB:10561
Reference: URL:http://www.osvdb.org/10561
Reference: XF:quicktime-url-bo(11671)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11671
Votes:
Name: CVE-2003-0169
Description:
hpnst.exe in the GoAhead-Webs webserver for HP Instant
TopTools before 5.55 allows remote attackers to cause a
denial of service (CPU consumption) via a request to
hpnst.exe that calls itself, which causes an infinite
loop.
Status: Candidate
Phase: Assigned (20030327)
Reference: VULNWATCH:20030331 [DDI-1012]
Malformed request causes denial of service in HP Instant
TopTools
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0164.html
Reference: BUGTRAQ:20030331 [DDI-1012] Malformed
request causes denial of service in HP Instant TopTools
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104914959705949&w=2
Reference: BID:7246
Reference:
URL:http://www.securityfocus.com/bid/7246
Votes:
Name: CVE-2003-0170
Description:
Unknown vulnerability in ftpd in IBM AIX 5.2, when
configured to use Kerberos 5 for authentication, allows
remote attackers to gain privileges via unknown attack
vectors.
Status: Candidate
Phase: Assigned (20030327)
Reference: AIXAPAR:IY42424
Reference:
URL:http://www-1.ibm.com/support/docview.wss?uid=isg1IY42424
Reference: IBM:MSS-OAR-E01-2003.0469.1
Reference:
URL:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0469.1
Reference: BID:7346
Reference:
URL:http://www.securityfocus.com/bid/7346
Reference: OSVDB:4878
Reference: URL:http://www.osvdb.org/4878
Reference: XF:aix-ftpd-gain-access(11823)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11823
Votes:
Name: CVE-2003-0171
Description:
DirectoryServices in MacOS X trusts the PATH environment
variable to locate and execute the touch command, which
allows local users to execute arbitrary commands by
modifying the PATH to point to a directory containing a
malicious touch program.
Status: Candidate
Phase: Assigned (20030328)
Reference: ATSTAKE:A041003-1
Reference:
URL:http://www.atstake.com/research/advisories/2003/a041003-1.txt
Reference:
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00028.html
Votes:
Name: CVE-2003-0172
Description:
Buffer overflow in openlog function for PHP 4.3.1 on
Windows operating system, and possibly other OSes,
allows remote attackers to cause a crash and possibly
execute arbitrary code via a long filename argument.
Status: Candidate
Phase: Assigned (20030328)
Reference: BUGTRAQ:20030327 @(#)Mordred Labs
advisory - PHP for Win32: buffer overflow in openlog()
function
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104878149020152&w=2
Reference: BUGTRAQ:20030402 Inaccurate Reports
Concerning PHP Vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2
Reference: BUGTRAQ:20030327 Re: @(#)Mordred Labs
advisory - PHP for Win32: buffer overflow in openlog()
function
Reference:
URL:http://www.securityfocus.com/archive/1/316583
Reference: BUGTRAQ:20041222 PHP v4.3.x exploit
for Windows.
Reference:
URL:http://www.securityfocus.com/archive/1/385238
Reference: BID:7210
Reference:
URL:http://www.securityfocus.com/bid/7210
Reference: OSVDB:2113
Reference: URL:http://www.osvdb.org/2113
Reference: XF:php-openlog-stack-bo(11637)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11637
Votes:
Name: CVE-2003-0173
Description:
xfsdq in xfsdump does not create quota information files
securely, which allows local users to gain root
privileges.
Status: Candidate
Phase: Assigned (20030328)
Reference: SGI:20030404-01-P
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20030404-01-P
Reference: DEBIAN:DSA-283
Reference:
URL:http://www.debian.org/security/2003/dsa-283
Reference: MANDRAKE:MDKSA-2003:047
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:047
Reference: CERT-VN:VU#111673
Reference:
URL:http://www.kb.cert.org/vuls/id/111673
Votes:
NOOP(1) Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2003:047
(as suggested by Vincent Danen of Mandrake)
Name: CVE-2003-0174
Description:
The LDAP name service (nsd) in IRIX 6.5.19 and earlier
does not properly verify if the USERPASSWORD attribute
has been provided by an LDAP server, which could allow
attackers to log in without a password.
Status: Candidate
Phase: Assigned (20030328)
Reference: SGI:20030407-01-P
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P
Reference: CIAC:N-084
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-084.shtml
Reference: BID:7442
Reference:
URL:http://www.securityfocus.com/bid/7442
Reference:
XF:irix-ldap-authentication-bypass(11860)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11860
Votes:
Name: CVE-2003-0175
Description:
SGI IRIX before 6.5.21 allows local users to cause a
denial of service (kernel panic) via a certain call to
the PIOCSWATCH ioctl.
Status: Candidate
Phase: Assigned (20030328)
Reference: SGI:20030603-01-P
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20030603-01-P
Reference: CERT-VN:VU#142228
Reference:
URL:http://www.kb.cert.org/vuls/id/142228
Reference: SECTRACK:1008770
Reference:
URL:http://www.securitytracker.com/id?1008770
Reference: XF:irix-piocswatch-ioctl-dos(12241)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12241
Reference: BID:7868
Reference:
URL:http://www.securityfocus.com/bid/7868
Votes:
Name: CVE-2003-0176
Description:
The Name Service Daemon (nsd), when running on an NIS
master on SGI IRIX 6.5.x through 6.5.20f, and possibly
earlier versions, allows remote attackers to cause a
denial of service (crash) via a UDP port scan.
Status: Candidate
Phase: Assigned (20030328)
Reference: SGI:20030701-01-P
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P
Votes:
Name: CVE-2003-0177
Description:
SGI IRIX 6.5.x through 6.5.20f, and possibly earlier
versions, does not follow "-" entries in the /etc/group
file, which may cause subsequent group membership
entries to be processed inadvertently.
Status: Candidate
Phase: Assigned (20030328)
Reference: SGI:20030701-01-P
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P
Votes:
Name: CVE-2003-0178
Description:
Multiple buffer overflows in Lotus Domino Web Server
before 6.0.1 allow remote attackers to cause a denial of
service or execute arbitrary code via (1) the s_ViewName
option in the PresetFields parameter for iNotes, (2) the
Foldername option in the PresetFields parameter for
iNotes, or (3) a long Host header, which is inserted
into a long Location header and used during a redirect
operation.
Status: Candidate
Phase: Assigned (20030328)
Reference: BUGTRAQ:20030217 Lotus Domino Web
Server iNotes Overflow (#NISR17022003b)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550063431461&w=2
Reference: NTBUGTRAQ:20030217 Lotus Domino Web
Server iNotes Overflow (#NISR17022003b)
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104558777531350&w=2
Reference: BUGTRAQ:20030217 Lotus Domino Web
Server Host/Location Buffer Overflow Vulnerability
(#NISR17022003a)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550063431463&w=2
Reference: NTBUGTRAQ:20030217 Lotus Domino Web
Server Host/Location Buffer Overflow Vulnerability
(#NISR17022003a)
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104558777331345&w=2
Reference: BUGTRAQ:20030217 Domino Advisories
UPDATE
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550335103136&w=2
Reference: NTBUGTRAQ:20030217 Domino Advisories
UPDATE
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104558778331387&w=2
Reference: VULNWATCH:20030217 Lotus Domino Web
Server Host/Location Buffer Overflow Vulnerability
(#NISR17022003a)
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0080.html
Reference: VULNWATCH:20030217 Lotus Domino Web
Server iNotes Overflow (#NISR17022003b)
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0081.html
Reference: VULNWATCH:20030217 Lotus iNotes Client
ActiveX Control Buffer Overrun (#NISR17022003c)
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html
Reference:
MISC:http://www.nextgenss.com/advisories/lotus-hostlocbo.txt
Reference:
MISC:http://www.nextgenss.com/advisories/lotus-inotesoflow.txt
Reference: CERT:CA-2003-11
Reference:
URL:http://www.cert.org/advisories/CA-2003-11.html
Reference: CERT-VN:VU#206361
Reference:
URL:http://www.kb.cert.org/vuls/id/206361
Reference: CERT-VN:VU#542873
Reference:
URL:http://www.kb.cert.org/vuls/id/542873
Reference: CERT-VN:VU#772817
Reference:
URL:http://www.kb.cert.org/vuls/id/772817
Reference: CIAC:N-065
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-065.shtml
Reference: BID:6870
Reference:
URL:http://www.securityfocus.com/bid/6870
Reference: BID:6871
Reference:
URL:http://www.securityfocus.com/bid/6871
Reference: XF:lotus-domino-hostname-bo(11337)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11337
Reference: XF:lotus-domino-inotes-bo(11336)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11336
Reference: BID:6870
Reference:
URL:http://www.securityfocus.com/bid/6870
Reference: BID:6871
Reference:
URL:http://www.securityfocus.com/bid/6871
Votes:
Name: CVE-2003-0179
Description:
Buffer overflow in the COM Object Control Handler for
Lotus Domino 6.0.1 and earlier allows remote attackers
to execute arbitrary code via multiple attack vectors,
as demonstrated using the InitializeUsingNotesUserName
method in the iNotes ActiveX control.
Status: Candidate
Phase: Assigned (20030328)
Reference: BUGTRAQ:20030217 Lotus iNotes Client
ActiveX Control Buffer Overrun (#NISR17022003c)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550124032513&w=2
Reference: NTBUGTRAQ:20030217 Lotus iNotes Client
ActiveX Control Buffer Overrun (#NISR17022003c)
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104558778131373&w=2
Reference: VULNWATCH:20030217 Lotus iNotes Client
ActiveX Control Buffer Overrun (#NISR17022003c)
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html
Reference:
MISC:http://www.nextgenss.com/advisories/lotus-inotesclientaxbo.txt
Reference: BUGTRAQ:20030217 Domino Advisories
UPDATE
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550335103136&w=2
Reference: NTBUGTRAQ:20030217 Domino Advisories
UPDATE
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104558778331387&w=2
Reference:
CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21104543
Reference: CERT:CA-2003-11
Reference:
URL:http://www.cert.org/advisories/CA-2003-11.html
Reference: CERT-VN:VU#571297
Reference:
URL:http://www.kb.cert.org/vuls/id/571297
Reference: CIAC:N-065
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-065.shtml
Reference: BID:6872
Reference:
URL:http://www.securityfocus.com/bid/6872
Reference: XF:lotus-notes-activex-bo(11339)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11339
Reference: BID:6872
Reference:
URL:http://www.securityfocus.com/bid/6872
Votes:
Name: CVE-2003-0180
Description:
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows
remote attackers to cause a denial of service via an
incomplete POST request, as demonstrated using the
h_PageUI form.
Status: Candidate
Phase: Assigned (20030328)
Reference: VULNWATCH:20030218 More Lotus Domino
Advisories
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html
Reference:
MISC:http://www.nextgenss.com/advisories/lotus-60dos.txt
Reference:
CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21104528
Reference: CERT:CA-2003-11
Reference:
URL:http://www.cert.org/advisories/CA-2003-11.html
Reference: CERT-VN:VU#355169
Reference:
URL:http://www.kb.cert.org/vuls/id/355169
Reference: CIAC:N-065
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-065.shtml
Reference: XF:lotus-incomplete-post-dos(11360)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11360
Reference: BID:6951
Reference:
URL:http://www.securityfocus.com/bid/6951
Votes:
Name: CVE-2003-0181
Description:
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows
remote attackers to cause a denial of service via a
"Fictionary Value Field POST request" as demonstrated
using the s_Validation form with a long, unknown
parameter name.
Status: Candidate
Phase: Assigned (20030328)
Reference: VULNWATCH:20030218 More Lotus Domino
Advisories
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html
Reference:
MISC:http://www.nextgenss.com/advisories/lotus-60dos.txt
Reference: VULNWATCH:20030218 More Lotus Domino
Advisories
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html
Reference:
CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21104528
Reference: CERT:CA-2003-11
Reference:
URL:http://www.cert.org/advisories/CA-2003-11.html
Reference: BID:6951
Reference:
URL:http://www.securityfocus.com/bid/6951
Reference: XF:lotus-invalid-field-dos(11361)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11361
Reference: BID:6951
Reference:
URL:http://www.securityfocus.com/bid/6951
Votes:
Name: CVE-2003-0182
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030401)
Votes:
Name: CVE-2003-0183
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030401)
Votes:
Name: CVE-2003-0184
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030401)
Votes:
Name: CVE-2003-0185
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030401)
Votes:
Name: CVE-2003-0186
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030401)
Votes:
Name: CVE-2003-0187
Description:
The connection tracking core of Netfilter for Linux
2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the
ip_conntrack module loaded, allows remote attackers to
cause a denial of service (resource consumption) due to
an inconsistency with Linux 2.4.20's support of linked
lists, which causes Netfilter to fail to identify
connections with an UNCONFIRMED status and use large
timeouts.
Status: Candidate
Phase: Assigned (20030401)
Reference: BUGTRAQ:20030802 [SECURITY] Netfilter
Security Advisory: Conntrack list_del() DoS
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105986028426824&w=2
Reference: OVAL:oval:org.mitre.oval:def:260
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:260
Votes:
Name: CVE-2003-0188
Description:
lv reads a .lv file from the current working directory,
which allows local users to execute arbitrary commands
as other lv users by placing malicious .lv files into
other directories.
Status: Candidate
Phase: Assigned (20030401)
Reference: REDHAT:RHSA-2003:167
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-167.html
Reference: REDHAT:RHSA-2003:169
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-169.html
Reference: DEBIAN:DSA-304
Reference:
URL:http://www.debian.org/security/2003/dsa-304
Reference: TURBO:TLSA-2003-35
Reference:
URL:http://www.turbolinux.com/security/TLSA-2003-35.txt
Reference: OVAL:oval:org.mitre.oval:def:430
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:430
Votes:
Name: CVE-2003-0189
Description:
The authentication module for Apache 2.0.40 through
2.0.45 on Unix does not properly handle threads safely
when using the crypt_r or crypt functions, which allows
remote attackers to cause a denial of service (failed
Basic authentication with valid usernames and passwords)
when a threaded MPM is used.
Status: Candidate
Phase: Assigned (20030401)
Reference:
CONFIRM:http://www.apache.org/dist/httpd/Announcement2.html
Reference: BUGTRAQ:20030528 [SECURITY] [ANNOUNCE]
Apache 2.0.46 released
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105418115512559&w=2
Reference: REDHAT:RHSA-2003:186
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-186.html
Reference: CONECTIVA:CLA-2003:661
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000661
Reference: CERT-VN:VU#479268
Reference:
URL:http://www.kb.cert.org/vuls/id/479268
Reference: BID:7725
Reference:
URL:http://www.securityfocus.com/bid/7725
Reference: SECUNIA:8881
Reference: URL:http://secunia.com/advisories/8881
Reference:
XF:apache-aprpasswordvalidate-dos(12091)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12091
Votes:
Name: CVE-2003-0190
Description:
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM
support enabled immediately sends an error message when
a user does not exist, which allows remote attackers to
determine valid usernames via a timing attack.
Status: Candidate
Phase: Assigned (20030401)
Reference: BUGTRAQ:20030430 OpenSSH/PAM timing
attack allows remote users identification
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105172058404810&w=2
Reference: FULLDISC:20030430 OpenSSH/PAM timing
attack allows remote users identification
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html
Reference:
MISC:http://lab.mediaservice.net/advisory/2003-01-openssh.txt
Reference: REDHAT:RHSA-2003:222
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-222.html
Reference: REDHAT:RHSA-2003:224
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-224.html
Reference: BUGTRAQ:20030806 [OpenPKG-SA-2003.035]
OpenPKG Security Advisory (openssh)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106018677302607&w=2
Reference: TURBO:TLSA-2003-31
Reference:
URL:http://www.turbolinux.com/security/TLSA-2003-31.txt
Reference: BID:7467
Reference:
URL:http://www.securityfocus.com/bid/7467
Reference: OVAL:oval:org.mitre.oval:def:445
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:445
Votes:
Name: CVE-2003-0192
Description:
Apache 2 before 2.0.47, and certain versions of mod_ssl
for Apache 1.3, do not properly handle "certain
sequences of per-directory renegotiations and the
SSLCipherSuite directive being used to upgrade from a
weak ciphersuite to a strong one," which could cause
Apache to use the weak ciphersuite.
Status: Candidate
Phase: Assigned (20030401)
Reference: BUGTRAQ:20030709 [ANNOUNCE][SECURITY]
Apache 2.0.47 released
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105776593602600&w=2
Reference: MANDRAKE:MDKSA-2003:075
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:075
Reference: REDHAT:RHSA-2003:240
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-240.html
Reference: REDHAT:RHSA-2003:243
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-243.html
Reference: REDHAT:RHSA-2003:244
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-244.html
Reference: SCO:CSSA-2003-SCO.28
Reference: SCO:SCOSA-2004.6
Reference:
URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt
Reference: OVAL:oval:org.mitre.oval:def:169
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:169
Votes:
Name: CVE-2003-0193
Description:
msxlsview.sh in xlsview for catdoc 0.91 and earlier
allows local users to overwrite arbitrary files via a
symlink attack on predictable temporary file names
("word$$.html").
Status: Candidate
Phase: Assigned (20030401)
Reference: DEBIAN:DSA-575
Reference:
URL:http://www.debian.org/security/2004/dsa-575
Reference:
CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525
Reference: BID:11560
Reference:
URL:http://www.securityfocus.com/bid/11560
Reference: OSVDB:11193
Reference: URL:http://www.osvdb.org/11193
Reference: SECUNIA:13021
Reference:
URL:http://secunia.com/advisories/13021/
Reference: SECUNIA:13022
Reference:
URL:http://secunia.com/advisories/13022/
Reference: XF:catdoc-xlsview-symlink(16335)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/16335
Votes:
Name: CVE-2003-0194
Description:
tcpdump does not properly drop privileges to the pcap
user when starting up.
Status: Candidate
Phase: Assigned (20030401)
Reference: REDHAT:RHSA-2003:174
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-174.html
Reference: REDHAT:RHSA-2003:151
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-151.html
Votes:
Name: CVE-2003-0195
Description:
CUPS before 1.1.19 allows remote attackers to cause a
denial of service via a partial printing request to the
IPP port (631), which does not time out.
Status: Candidate
Phase: Assigned (20030401)
Reference: CONECTIVA:CLSA-2003:678
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000678
Reference: REDHAT:RHSA-2003:171
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-171.html
Reference: MANDRAKE:MDKSA-2003:062
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:062
Reference: SUSE:SuSE-SA:2003:028
Reference:
URL:http://www.novell.com/linux/security/advisories/2003_028.html
Reference: DEBIAN:DSA-317
Reference:
URL:http://www.debian.org/security/2003/dsa-317
Reference: TURBO:TLSA-2003-33
Reference:
URL:http://www.turbolinux.com/security/TLSA-2003-33.txt
Reference: BUGTRAQ:20030529 [slackware-security]
CUPS DoS vulnerability fixed (SSA:2003-149-01)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105427288724449&w=2
Reference: BID:7637
Reference:
URL:http://www.securityfocus.com/bid/7637
Reference: OVAL:oval:org.mitre.oval:def:6
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6
Votes:
Name: CVE-2003-0196
Description:
Multiple buffer overflows in Samba before 2.2.8a may
allow remote attackers to execute arbitrary code or
cause a denial of service, as discovered by the Samba
team and a different vulnerability than CVE-2003-0201.
Status: Candidate
Phase: Assigned (20030401)
Reference: BUGTRAQ:20030407 [OpenPKG-SA-2003.028]
OpenPKG Security Advisory (samba)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104973186901597&w=2
Reference: DEBIAN:DSA-280
Reference:
URL:http://www.debian.org/security/2003/dsa-280
Reference: MANDRAKE:MDKSA-2003:044
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:044
Reference: REDHAT:RHSA-2003:137
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-137.html
Reference: BUGTRAQ:20030407 Immunix Secured OS 7+
samba update
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104974612519064&w=2
Reference: OVAL:oval:org.mitre.oval:def:564
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:564
Votes:
Name: CVE-2003-0197
Description:
Buffer overflow gds_lock_mgr of Interbase Database 6.x
allows local users to gain privileges via a long
ISC_LOCK_ENV environment variable (INTERBASE_LOCK).
Status: Candidate
Phase: Assigned (20030403)
Reference: VULNWATCH:20030403 SRT2003-04-03-1300
- Interbase ISC_LOCK_ENV overflow
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html
Reference: BUGTRAQ:20030403 SRT2003-04-03-1300 -
Interbase ISC_LOCK_ENV overflow
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104940730819887&w=2
Reference:
MISC:http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt
Votes:
Name: CVE-2003-0198
Description:
Mac OS X before 10.2.5 allows guest users to modify the
permissions of the DropBox folder and read unauthorized
files.
Status: Candidate
Phase: Assigned (20030404)
Reference:
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00028.html
Votes:
Name: CVE-2003-0199
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030404)
Votes:
Name: CVE-2003-0200
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030404)
Votes:
Name: CVE-2003-0201
Description:
Buffer overflow in the call_trans2open function in
trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and
earlier 2.0.x versions, and Samba-TNG before 0.3.2,
allows remote attackers to execute arbitrary code.
Status: Candidate
Phase: Assigned (20030404)
Reference: BUGTRAQ:20030407 [DDI-1013] Buffer
Overflow in Samba allows remote root compromise
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104972664226781&w=2
Reference:
MISC:http://www.digitaldefense.net/labs/advisories/DDI-1013.txt
Reference: DEBIAN:DSA-280
Reference:
URL:http://www.debian.org/security/2003/dsa-280
Reference: SUSE:SuSE-SA:2003:025
Reference:
URL:http://www.novell.com/linux/security/advisories/2003_025_samba.html
Reference: MANDRAKE:MDKSA-2003:044
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:044
Reference: REDHAT:RHSA-2003:137
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-137.html
Reference: CONECTIVA:CLA-2003:624
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000624
Reference: SGI:20030403-01-P
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20030403-01-P
Reference: BUGTRAQ:20030409 GLSA: samba
(200304-02)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104994564212488&w=2
Reference: BUGTRAQ:20030407 Immunix Secured OS 7+
samba update
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104974612519064&w=2
Reference: BUGTRAQ:20030408 [Sorcerer-spells]
SAMBA--SORCERER2003-04-08
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104981682014565&w=2
Reference: CERT-VN:VU#267873
Reference:
URL:http://www.kb.cert.org/vuls/id/267873
Reference: BID:7294
Reference:
URL:http://www.securityfocus.com/bid/7294
Reference: OVAL:oval:org.mitre.oval:def:567
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:567
Reference: OVAL:oval:org.mitre.oval:def:2163
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2163
Votes:
Name: CVE-2003-0202
Description:
The (1) halstead and (2) gather_stats scripts in metrics
1.0 allow local users to overwrite arbitrary files via a
symlink attack on temporary files.
Status: Candidate
Phase: Assigned (20030404)
Reference: DEBIAN:DSA-279
Reference:
URL:http://www.debian.org/security/2003/dsa-279
Reference: XF:metrics-tmpfile-symlink(11734)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11734
Reference: BID:7293
Reference:
URL:http://www.securityfocus.com/bid/7293
Votes:
Name: CVE-2003-0203
Description:
Buffer overflow in moxftp 2.2 and earlier allows remote
malicious FTP servers to execute arbitrary code via a
long FTP banner.
Status: Candidate
Phase: Assigned (20030408)
Reference: BUGTRAQ:20030223 moxftp arbitrary code
execution poc/advisory
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104610380126860&w=2
Reference: FULLDISC:20030223 moxftp arbitrary
code execution poc/advisory
Reference:
URL:http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-02/0338.html
Reference: DEBIAN:DSA-281
Reference:
URL:http://www.debian.org/security/2003/dsa-281
Reference: BID:6921
Reference:
URL:http://www.securityfocus.com/bid/6921
Reference: SECTRACK:1006156
Reference:
URL:http://www.securitytracker.com/id?1006156
Reference: SECUNIA:8136
Reference: URL:http://secunia.com/advisories/8136
Reference: XF:moxftp-welcome-banner-bo(11399)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11399
Reference: BID:6921
Reference:
URL:http://www.securityfocus.com/bid/6921
Votes:
Name: CVE-2003-0204
Description:
KDE 2 and KDE 3.1.1 and earlier 3.x versions allows
attackers to execute arbitrary commands via (1)
PostScript (PS) or (2) PDF files, related to missing
-dPARANOIDSAFER and -dSAFER arguments when using the
kghostview Ghostscript viewer.
Status: Candidate
Phase: Assigned (20030414)
Reference:
CONFIRM:http://www.kde.org/info/security/advisory-20030409-1.txt
Reference:
CONFIRM:http://bugs.kde.org/show_bug.cgi?id=56808
Reference:
CONFIRM:http://bugs.kde.org/show_bug.cgi?id=53343
Reference: DEBIAN:DSA-284
Reference:
URL:http://www.debian.org/security/2003/dsa-284
Reference: DEBIAN:DSA-293
Reference:
URL:http://www.debian.org/security/2003/dsa-293
Reference: DEBIAN:DSA-296
Reference:
URL:http://www.debian.org/security/2003/dsa-296
Reference: MANDRAKE:MDKSA-2003:049
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:049
Reference: REDHAT:RHSA-2003:002
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-002.html
Reference: CONECTIVA:CLA-2003:668
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668
Reference: CONECTIVA:CLA-2003:747
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
Reference: BUGTRAQ:20030410 GLSA: kde-3.x
(200304-04)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105001557020141&w=2
Reference: BUGTRAQ:20030411 GLSA: kde-2.x
(200304-05)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105012994719099&w=2
Reference: BUGTRAQ:20030414 GLSA: kde-2.x
(200304-05.1)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105034222521369&w=2
Reference: BUGTRAQ:20030412 [Sorcerer-spells]
KDE-SORCERER2003-04-12
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105017403010459&w=2
Votes:
NOOP(1) Christey
Voter Comments:
Christey> MANDRAKE:MDKSA-2003:049
(as suggested by Vincent Danen of Mandrake)
Name: CVE-2003-0205
Description:
gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows
remote attackers to execute arbitrary commands via shell
metacharacters in the ticker title of a URI.
Status: Candidate
Phase: Assigned (20030414)
Reference: BUGTRAQ:20030423 Security problems in
gkrellm-newsticker
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105111327000755&w=2
Reference: DEBIAN:DSA-294
Reference:
URL:http://www.debian.org/security/2003/dsa-294
Votes:
Name: CVE-2003-0206
Description:
gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows
remote attackers to cause a denial of service (crash)
via (1) link or (2) title elements that contain multiple
lines.
Status: Candidate
Phase: Assigned (20030414)
Reference: BUGTRAQ:20030423 Security problems in
gkrellm-newsticker
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105111327000755&w=2
Reference: DEBIAN:DSA-294
Reference:
URL:http://www.debian.org/security/2003/dsa-294
Votes:
Name: CVE-2003-0207
Description:
ps2epsi creates insecure temporary files when calling
ghostscript, which allows local attackers to overwrite
arbitrary files.
Status: Candidate
Phase: Assigned (20030414)
Reference: DEBIAN:DSA-286
Reference:
URL:http://www.debian.org/security/2003/dsa-286
Votes:
Name: CVE-2003-0208
Description:
Cross-site scripting (XSS) vulnerability in Macromedia
Flash ad user tracking capability allows remote
attackers to insert arbitrary Javascript via the
clickTAG field.
Status: Candidate
Phase: Assigned (20030414)
Reference: BUGTRAQ:20030413 Misuse of Macromedia
Flash Ads clickTAG Option May Lead to Privacy Breach
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105033712615013&w=2
Reference: FULLDISC:20030413 Misuse of Macromedia
Flash Ads clickTAG Option May Lead to Privacy Breach
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004514.html
Reference: VULNWATCH:20030413 Misuse of
Macromedia Flash Ads clickTAG Option May Lead to Privacy
Breach
Reference:
MISC:http://www.securiteam.com/securitynews/5XP0B0U9PE.html
Reference:
CONFIRM:http://www.macromedia.com/support/flash/ts/documents/clicktag_security.htm
Votes:
Name: CVE-2003-0209
Description:
Integer overflow in the TCP stream reassembly module
(stream4) for Snort 2.0 and earlier allows remote
attackers to execute arbitrary code via large sequence
numbers in packets, which enable a heap-based buffer
overflow.
Status: Candidate
Phase: Assigned (20030415)
Reference: VULNWATCH:20030415 CORE-2003-0307:
Snort TCP Stream Reassembly Integer Overflow
Vulnerability
Reference: BUGTRAQ:20030415 CORE-2003-0307: Snort
TCP Stream Reassembly Integer Overflow Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105043563016235&w=2
Reference:
MISC:http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10
Reference: BUGTRAQ:20030423 Snort <=1.9.1 exploit
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105111217731583&w=2
Reference: BUGTRAQ:20030422 GLSA: snort
(200304-05)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105103586927007&w=2
Reference: BUGTRAQ:20030428 GLSA: snort
(200304-06)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154530427824&w=2
Reference: DEBIAN:DSA-297
Reference:
URL:http://www.debian.org/security/2003/dsa-297
Reference: ENGARDE:ESA-20030430-013
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105172790914107&w=2
Reference: MANDRAKE:MDKSA-2003:052
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:052
Reference: CERT:CA-2003-13
Reference:
URL:http://www.cert.org/advisories/CA-2003-13.html
Reference: CERT-VN:VU#139129
Reference:
URL:http://www.kb.cert.org/vuls/id/139129
Reference: BID:7178
Reference:
URL:http://www.securityfocus.com/bid/7178
Votes:
Name: CVE-2003-0210
Description:
Buffer overflow in the administration service (CSAdmin)
for Cisco Secure ACS before 3.1.2 allows remote
attackers to cause a denial of service and possibly
execute arbitrary code via a long user parameter to port
2002.
Status: Candidate
Phase: Assigned (20030415)
Reference: BUGTRAQ:20030424 NSFOCUS SA2003-04 :
Remote Buffer Overflow Vulnerability in Web Management
Interface of Cisco Secure ACS
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105120066126196&w=2
Reference: NTBUGTRAQ:20030424 NSFOCUS SA2003-04 :
Remote Buffer Overflow Vulnerability in Web Management
Interface of Cisco Secure ACS
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105118056332344&w=2
Reference: CISCO:20030423 Cisco Secure Access
Control Server for Windows Admin Buffer Overflow
Vulnerability
Reference:
URL:http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml
Reference: CERT-VN:VU#697049
Reference:
URL:http://www.kb.cert.org/vuls/id/697049
Votes:
Name: CVE-2003-0211
Description:
Memory leak in xinetd 2.3.10 allows remote attackers to
cause a denial of service (memory consumption) via a
large number of rejected connections.
Status: Candidate
Phase: Assigned (20030415)
Reference: BUGTRAQ:20030418 Xinetd 2.3.10 Memory
Leaks
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105068673220605&w=2
Reference:
CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537
Reference: REDHAT:RHSA-2003:160
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-160.html
Reference: MANDRAKE:MDKSA-2003:056
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:056
Reference: CONECTIVA:CLA-2003:782
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000782
Reference: OVAL:oval:org.mitre.oval:def:657
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:657
Votes:
Name: CVE-2003-0212
Description:
handleAccept in rinetd before 0.62 does not properly
resize the connection list when it becomes full and sets
an array index incorrectly, which allows remote
attackers to cause a denial of service and possibly
execute arbitrary code via a large number of
connections.
Status: Candidate
Phase: Assigned (20030415)
Reference: BUGTRAQ:20030417 Vulnerability in
rinetd
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105059298502830&w=2
Reference: DEBIAN:DSA-289
Reference:
URL:http://www.debian.org/security/2003/dsa-289
Votes:
Name: CVE-2003-0213
Description:
ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3
allows remote attackers to cause a denial of service via
a length field of 0 or 1, which causes a negative value
to be fed into a read operation, leading to a buffer
overflow.
Status: Candidate
Phase: Assigned (20030422)
Reference: BUGTRAQ:20030409 PoPToP PPTP server
remotely exploitable buffer overflow
Reference:
URL:http://www.securityfocus.com/archive/1/317995
Reference: BUGTRAQ:20030418 Exploit for PoPToP
PPTP server
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105068728421160&w=2
Reference: BUGTRAQ:20030422 Re: Exploit for
PoPToP PPTP server - Linux version
Reference:
URL:http://www.securityfocus.com/archive/1/319428
Reference:
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=138437
Reference: DEBIAN:DSA-295
Reference:
URL:http://www.debian.org/security/2003/dsa-295
Reference: SUSE:SuSE-SA:2003:029
Reference:
URL:http://www.novell.com/linux/security/advisories/2003_029.html
Reference: BUGTRAQ:20030428 GLSA: pptpd
(200304-08)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154539727967&w=2
Reference: CERT-VN:VU#673993
Reference:
URL:http://www.kb.cert.org/vuls/id/673993
Reference: BID:7316
Reference:
URL:http://www.securityfocus.com/bid/7316
Votes:
Name: CVE-2003-0214
Description:
run-mailcap in mime-support 3.22 and earlier allows
local users to overwrite arbitrary files via a symlink
attack on temporary files.
Status: Candidate
Phase: Assigned (20030423)
Reference: DEBIAN:DSA-292
Reference:
URL:http://www.debian.org/security/2003/dsa-292
Votes:
Name: CVE-2003-0215
Description:
SQL injection vulnerability in bttlxeForum 2.0 beta 3
and earlier allows remote attackers to bypass
authentication via the (1) username and (2) password
fields, and possibly other fields.
Status: Candidate
Phase: Assigned (20030423)
Reference: BUGTRAQ:20030424 SQL injection in
BttlxeForum
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105120052725940&w=2
Reference:
CONFIRM:http://www.battleaxesoftware.com/forums/forum.asp?forumid=36&select=1812
Reference: SECTRACK:1006632
Reference:
URL:http://securitytracker.com/id?1006632
Votes:
Name: CVE-2003-0216
Description:
Unknown vulnerability in Cisco Catalyst 7.5(1) allows
local users to bypass authentication and gain access to
the enable mode without a password.
Status: Candidate
Phase: Assigned (20030424)
Reference: CISCO:20030424 Cisco Security
Advisory: Cisco Catalyst Enable Password Bypass
Vulnerability
Reference:
URL:http://www.cisco.com/warp/public/707/cisco-sa-20030424-catos.shtml.
Reference: CERT-VN:VU#443257
Reference:
URL:http://www.kb.cert.org/vuls/id/443257
Votes:
Name: CVE-2003-0217
Description:
Cross-site scripting (XSS) vulnerability in Neoteris
Instant Virtual Extranet (IVE) 3.01 and earlier allows
remote attackers to insert arbitrary web script and
bypass authentication via a certain CGI script.
Status: Candidate
Phase: Assigned (20030425)
Reference: BUGTRAQ:20030513 XSS In Neoteris IVE
Allows Session Hijacking
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105283833617480&w=2
Votes:
Name: CVE-2003-0218
Description:
Buffer overflow in PostMethod() function for Monkey HTTP
Daemon (monkeyd) 0.6.1 and earlier allows remote
attackers to execute arbitrary code via a POST request
with a large body.
Status: Candidate
Phase: Assigned (20030428)
Reference: BUGTRAQ:20030420 Monkey HTTPd Remote
Buffer Overflow
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105094204204166&w=2
Reference: VULNWATCH:20030420 Monkey HTTPd Remote
Buffer Overflow
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0029.html
Reference:
CONFIRM:http://monkeyd.sourceforge.net/Changelog.txt
Reference: BUGTRAQ:20030428 GLSA: monkeyd
(200304-07.1)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154473526898&w=2
Reference: BID:7202
Reference:
URL:http://www.securityfocus.com/bid/7202
Votes:
Name: CVE-2003-0219
Description:
Kerio Personal Firewall (KPF) 2.1.4 and earlier allows
remote attackers to execute administrator commands by
sniffing packets from a valid session and replaying them
against the remote administration server.
Status: Candidate
Phase: Assigned (20030428)
Reference: BUGTRAQ:20030428 CORE-2003-0305-02:
Vulnerabilities in Kerio Personal Firewall
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105155734411836&w=2
Reference: VULNWATCH:20030428 CORE-2003-0305-02:
Vulnerabilities in Kerio Personal Firewall
Reference:
MISC:http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10
Reference: CERT-VN:VU#641012
Reference:
URL:http://www.kb.cert.org/vuls/id/641012
Reference: BID:7179
Reference:
URL:http://www.securityfocus.com/bid/7179
Votes:
Name: CVE-2003-0220
Description:
Buffer overflow in the administrator authentication
process for Kerio Personal Firewall (KPF) 2.1.4 and
earlier allows remote attackers to execute arbitrary
code via a handshake packet.
Status: Candidate
Phase: Assigned (20030428)
Reference: BUGTRAQ:20030428 CORE-2003-0305-02:
Vulnerabilities in Kerio Personal Firewall
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105155734411836&w=2
Reference: VULNWATCH:20030428 CORE-2003-0305-02:
Vulnerabilities in Kerio Personal Firewall
Reference:
MISC:http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10
Reference: CERT-VN:VU#454716
Reference:
URL:http://www.kb.cert.org/vuls/id/454716
Reference: BID:7180
Reference:
URL:http://www.securityfocus.com/bid/7180
Votes:
Name: CVE-2003-0221
Description:
The (1) dupatch and (2) setld utilities in HP Tru64 UNIX
5.1B PK1 and earlier allows local users to overwrite
files and possibly gain root privileges via a symlink
attack.
Status: Candidate
Phase: Assigned (20030428)
Reference: HP:SSRT3471
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-086.shtml
Reference: CIAC:N-086
Reference: BID:7452
Reference:
URL:http://www.securityfocus.com/bid/7452
Reference: XF:tru64-dupatch-setld-symlink(11892)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11892
Votes:
Name: CVE-2003-0222
Description:
Stack-based buffer overflow in Oracle Net Services for
Oracle Database Server 9i release 2 and earlier allows
attackers to execute arbitrary code via a "CREATE
DATABASE LINK" query containing a connect string with a
long USING parameter.
Status: Candidate
Phase: Assigned (20030429)
Reference: BUGTRAQ:20030429 Oracle Database
Server Buffer Overflow Vulnerability (#NISR29042003)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105162831008176&w=2
Reference: NTBUGTRAQ:20030429 Oracle Database
Server Buffer Overflow Vulnerability (#NISR29042003)
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105163376015735&w=2
Reference:
CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf
Reference: CIAC:N-085
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-085.shtml
Reference: BID:7453
Reference:
URL:http://www.securityfocus.com/bid/7453
Reference: XF:oracle-database-link-bo(11885)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11885
Votes:
Name: CVE-2003-0223
Description:
Cross-site scripting vulnerability (XSS) in the ASP
function responsible for redirection in Microsoft
Internet Information Server (IIS) 4.0, 5.0, and 5.1
allows remote attackers to embed a URL containing script
in a redirection message.
Status: Candidate
Phase: Assigned (20030430)
Reference: MS:MS03-018
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
Reference: OVAL:oval:org.mitre.oval:def:66
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:66
Votes:
Name: CVE-2003-0224
Description:
Buffer overflow in ssinc.dll for Microsoft Internet
Information Services (IIS) 5.0 allows local users to
execute arbitrary code via a web page with a Server Side
Include (SSI) directive with a long filename, aka
"Server Side Include Web Pages Buffer Overrun."
Status: Candidate
Phase: Assigned (20030430)
Reference: NTBUGTRAQ:20030530 NSFOCUS SA2003-05:
Microsoft IIS ssinc.dll Over-long Filename Buffer
Overflow Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105431767100944&w=2
Reference: MS:MS03-018
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
Reference: OVAL:oval:org.mitre.oval:def:483
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:483
Votes:
Name: CVE-2003-0225
Description:
The ASP function Response.AddHeader in Microsoft
Internet Information Server (IIS) 4.0 and 5.0 does not
limit memory requests when constructing headers, which
allow remote attackers to generate a large header to
cause a denial of service (memory consumption) with an
ASP page.
Status: Candidate
Phase: Assigned (20030430)
Reference: NTBUGTRAQ:20030418 Microsoft Active
Server Pages DoS
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105110606122772&w=2
Reference:
MISC:http://www.aqtronix.com/Advisories/AQ-2003-01.txt
Reference: MS:MS03-018
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
Reference: OVAL:oval:org.mitre.oval:def:373
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:373
Votes:
Name: CVE-2003-0226
Description:
Microsoft Internet Information Services (IIS) 5.0 and
5.1 allows remote attackers to cause a denial of service
via a long WebDAV request with a (1) PROPFIND or (2)
SEARCH method, which generates an error condition that
is not properly handled.
Status: Candidate
Phase: Assigned (20030430)
Reference: BUGTRAQ:20030528 Internet Information
Services 5.0 Denial of service
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2003-05/0308.html
Reference: NTBUGTRAQ:20030528 Internet
Information Services 5.0 Denial of service
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105421243732552&w=2
Reference: BUGTRAQ:20030529 IIS WEBDAV Denial of
Service attacks
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105427362724860&w=2
Reference:
MISC:http://www.spidynamics.com/iis_alert.html
Reference: MS:MS03-018
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
Reference: OVAL:oval:org.mitre.oval:def:933
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:933
Votes:
Name: CVE-2003-0227
Description:
The logging capability for unicast and multicast
transmissions in the ISAPI extension for Microsoft
Windows Media Services in Microsoft Windows NT 4.0 and
2000, nsiislog.dll, allows remote attackers to cause a
denial of service in Internet Information Server (IIS)
and execute arbitrary code via a certain network
request.
Status: Candidate
Phase: Assigned (20030430)
Reference: NTBUGTRAQ:20030528 MS03-019: DoS or
Code of Choice
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105421176432011&w=2
Reference: NTBUGTRAQ:20030528 Re: Alert:
MS03-019, Microsoft... wrong, again.
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105421127531558&w=2
Reference: BUGTRAQ:20030528 RE: Alert: MS03-019,
Microsoft... wrong, again.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105427615626177&w=2
Reference: MS:MS03-019
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-019.asp
Reference: OVAL:oval:org.mitre.oval:def:936
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:936
Reference: OVAL:oval:org.mitre.oval:def:966
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:966
Votes:
Name: CVE-2003-0228
Description:
Directory traversal vulnerability in Microsoft Windows
Media Player 7.1 and Windows Media Player for Windows XP
allows remote attackers to execute arbitrary code via a
skins file with a URL containing hex-encoded backslash
characters (%5C) that causes an executable to be placed
in an arbitrary location.
Status: Candidate
Phase: Assigned (20030430)
Reference: BUGTRAQ:20030507 Windows Media Player
directory traversal vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105232913516488&w=2
Reference: NTBUGTRAQ:20030507 Windows Media
Player directory traversal vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105233960728901&w=2
Reference: BUGTRAQ:20030508 why i love xs4all +
mediaplayer thingie
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105240528419389&w=2
Reference: MS:MS03-017
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-017.asp
Reference: CERT-VN:VU#384932
Reference:
URL:http://www.kb.cert.org/vuls/id/384932
Reference: BID:7517
Reference:
URL:http://www.securityfocus.com/bid/7517
Reference: OVAL:oval:org.mitre.oval:def:321
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:321
Reference:
XF:mediaplayer-skin-code-execution(11953)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11953
Votes:
Name: CVE-2003-0229
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030430)
Votes:
Name: CVE-2003-0230
Description:
Microsoft SQL Server 7, 2000, and MSDE allows local
users to gain privileges by hijacking a named pipe
during the authentication of another user, aka the
"Named Pipe Hijacking" vulnerability.
Status: Candidate
Phase: Assigned (20030430)
Reference: MS:MS03-031
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/MS03-031.asp
Reference: CERT-VN:VU#556356
Reference:
URL:http://www.kb.cert.org/vuls/id/556356
Reference: OVAL:oval:org.mitre.oval:def:235
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:235
Votes:
Name: CVE-2003-0231
Description:
Microsoft SQL Server 7, 2000, and MSDE allows local or
remote authenticated users to cause a denial of service
(crash or hang) via a long request to a named pipe.
Status: Candidate
Phase: Assigned (20030430)
Reference: ATSTAKE:A072303-2
Reference:
URL:http://www.atstake.com/research/advisories/2003/a072303-2.txt
Reference: MS:MS03-031
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/MS03-031.asp
Reference: CERT-VN:VU#918652
Reference:
URL:http://www.kb.cert.org/vuls/id/918652
Reference: OVAL:oval:org.mitre.oval:def:299
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:299
Votes:
Name: CVE-2003-0232
Description:
Microsoft SQL Server 7, 2000, and MSDE allows local
users to execute arbitrary code via a certain request to
the Local Procedure Calls (LPC) port that leads to a
buffer overflow.
Status: Candidate
Phase: Assigned (20030430)
Reference: ATSTAKE:A072303-3
Reference:
URL:http://www.atstake.com/research/advisories/2003/a072303-3.txt
Reference: MS:MS03-031
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/MS03-031.asp
Reference: CERT-VN:VU#584868
Reference:
URL:http://www.kb.cert.org/vuls/id/584868
Reference: OVAL:oval:org.mitre.oval:def:303
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:303
Votes:
Name: CVE-2003-0233
Description:
Heap-based buffer overflow in plugin.ocx for Internet
Explorer 5.01, 5.5 and 6.0 allows remote attackers to
execute arbitrary code via the Load() method, a
different vulnerability than CVE-2003-0115.
Status: Candidate
Phase: Assigned (20030430)
Reference: BUGTRAQ:20030424 Internet Explorer
Plugin.ocx heap overflow (#NISR24042003)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105120164927952&w=2
Reference: MS:MS03-015
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-015.asp
Reference: XF:ie-plugin-load-bo(11854)
Reference:
URL:http://www.iss.net/security_center/static/11854.php
Reference: OVAL:oval:org.mitre.oval:def:1094
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1094
Votes:
Name: CVE-2003-0234
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030501)
Votes:
Name: CVE-2003-0235
Description:
Format string vulnerability in POP3 client for Mirabilis
ICQ Pro 2003a allows remote malicious servers to execute
arbitrary code via format strings in the response to a
UIDL command.
Status: Candidate
Phase: Assigned (20030501)
Reference: VULNWATCH:20030505 CORE-2003-0303:
Multiple Vulnerabilities in Mirabilis ICQ client
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
Reference: BUGTRAQ:20030505 CORE-2003-0303:
Multiple Vulnerabilities in Mirabilis ICQ client
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105216842131995&w=2
Reference:
MISC:http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
Reference: BID:7461
Reference:
URL:http://www.securityfocus.com/bid/7461
Reference: XF:icq-pop3-format-string(11938)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11938
Votes:
Name: CVE-2003-0236
Description:
Integer signedness errors in the POP3 client for
Mirabilis ICQ Pro 2003a allow remote attackers to
execute arbitrary code via the (1) Subject or (2) Date
headers.
Status: Candidate
Phase: Assigned (20030501)
Reference: VULNWATCH:20030505 CORE-2003-0303:
Multiple Vulnerabilities in Mirabilis ICQ client
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
Reference: BUGTRAQ:20030505 CORE-2003-0303:
Multiple Vulnerabilities in Mirabilis ICQ client
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105216842131995&w=2
Reference:
MISC:http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
Reference: BID:7462
Reference:
URL:http://www.securityfocus.com/bid/7462
Reference: BID:7463
Reference:
URL:http://www.securityfocus.com/bid/7463
Reference: XF:icq-pop3-email-bo(11939)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11939
Votes:
Name: CVE-2003-0237
Description:
The "ICQ Features on Demand" functionality for Mirabilis
ICQ Pro 2003a does not properly verify the authenticity
of software upgrades, which allows remote attackers to
install arbitrary software via a spoofing attack.
Status: Candidate
Phase: Assigned (20030501)
Reference: VULNWATCH:20030505 CORE-2003-0303:
Multiple Vulnerabilities in Mirabilis ICQ client
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
Reference: BUGTRAQ:20030505 CORE-2003-0303:
Multiple Vulnerabilities in Mirabilis ICQ client
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105216842131995&w=2
Reference:
MISC:http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
Reference: BID:7464
Reference:
URL:http://www.securityfocus.com/bid/7464
Reference: XF:icq-features-no-auth(11944)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11944
Votes:
Name: CVE-2003-0238
Description:
The Message Session window in Mirabilis ICQ Pro 2003a
allows remote attackers to cause a denial of service
(CPU consumption) by spoofing the address of an ADS
server and sending HTML with a -1 width in a table tag.
Status: Candidate
Phase: Assigned (20030501)
Reference: VULNWATCH:20030505 CORE-2003-0303:
Multiple Vulnerabilities in Mirabilis ICQ client
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
Reference: BUGTRAQ:20030505 CORE-2003-0303:
Multiple Vulnerabilities in Mirabilis ICQ client
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105216842131995&w=2
Reference:
MISC:http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
Reference: BID:7465
Reference:
URL:http://www.securityfocus.com/bid/7465
Reference: XF:icq-table-tag-dos(11947)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11947
Votes:
Name: CVE-2003-0239
Description:
icqateimg32.dll parsing/rendering library in Mirabilis
ICQ Pro 2003a allows remote attackers to cause a denial
of service via malformed GIF89a headers that do not
contain a GCT (Global Color Table) or an LCT (Local
Color Table) after an Image Descriptor.
Status: Candidate
Phase: Assigned (20030501)
Reference: VULNWATCH:20030505 CORE-2003-0303:
Multiple Vulnerabilities in Mirabilis ICQ client
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html
Reference: BUGTRAQ:20030505 CORE-2003-0303:
Multiple Vulnerabilities in Mirabilis ICQ client
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105216842131995&w=2
Reference:
MISC:http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10
Reference: BID:7466
Reference:
URL:http://www.securityfocus.com/bid/7466
Reference: XF:icq-gif89a-header-dos(11948)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11948
Votes:
Name: CVE-2003-0240
Description:
The web-based administration capability for various Axis
Network Camera products allows remote attackers to
bypass access restrictions and modify configuration via
an HTTP request to the admin/admin.shtml containing a
leading // (double slash).
Status: Candidate
Phase: Assigned (20030501)
Reference: BUGTRAQ:20030527 CORE-2003-0403: Axis
Network Camera HTTP Authentication Bypass
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105406374731579&w=2
Reference:
MISC:http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10
Reference: CERT-VN:VU#799060
Reference:
URL:http://www.kb.cert.org/vuls/id/799060
Reference: BID:7652
Reference:
URL:http://www.securityfocus.com/bid/7652
Reference: OSVDB:4804
Reference: URL:http://www.osvdb.org/4804
Reference: SECTRACK:1006854
Reference:
URL:http://securitytracker.com/id?1006854
Reference: SECUNIA:8876
Reference: URL:http://secunia.com/advisories/8876
Reference:
XF:axis-admin-authentication-bypass(12104)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12104
Votes:
Name: CVE-2003-0241
Description:
FrontRange GoldMine mail agent 5.70 and 6.00 before
30503 directly sends HTML to the default browser without
setting its security zone or otherwise labeling it
untrusted, which allows remote attackers to execute
arbitrary code via a message that is rendered in IE
using a less secure zone.
Status: Candidate
Phase: Assigned (20030501)
Reference: VULNWATCH:20030528 SECNAP Security
Advisory: Invalid HTML processing in GoldMine(tm)
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0091.html
Reference:
MISC:http://www.secnap.net/security/gm001.html
Votes:
Name: CVE-2003-0242
Description:
IPSec in Mac OS X before 10.2.6 does not properly handle
certain incoming security policies that match by port,
which could allow traffic that is not explicitly allowed
by the policies.
Status: Candidate
Phase: Assigned (20030506)
Reference:
CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CERT-VN:VU#869548
Reference:
URL:http://www.kb.cert.org/vuls/id/869548
Reference: BID:7628
Reference:
URL:http://www.securityfocus.com/bid/7628
Reference: SECTRACK:1006796
Reference:
URL:http://securitytracker.com/id?1006796
Reference: SECUNIA:8798
Reference: URL:http://secunia.com/advisories/8798
Reference: XF:macos-ipsec-acl-bypass(12027)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12027
Votes:
Name: CVE-2003-0243
Description:
Happycgi.com Happymall 4.3 and 4.4 allows remote
attackers to execute arbitrary commands via shell
metacharacters in the file parameter for the (1)
normal_html.cgi or (2) member_html.cgi scripts.
Status: Candidate
Phase: Assigned (20030506)
Reference: VULNWATCH:20030507 Happymall
E-Commerce Remote Command Execution
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0058.html
Reference: SECTRACK:1006707
Reference:
URL:http://securitytracker.com/id?1006707
Votes:
Name: CVE-2003-0244
Description:
The route cache implementation in Linux 2.4, and the
Netfilter IP conntrack module, allows remote attackers
to cause a denial of service (CPU consumption) via
packets with forged source addresses that cause a large
number of hash table collisions.
Status: Candidate
Phase: Assigned (20030506)
Reference: VULNWATCH:20030517 Algorithmic
Complexity Attacks and the Linux Networking Code
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0073.html
Reference:
MISC:http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html
Reference:
MISC:http://marc.theaimsgroup.com/?l=linux-kernel&m=104956079213417
Reference: REDHAT:RHSA-2003:145
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-145.html
Reference: REDHAT:RHSA-2003:147
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-147.html
Reference: REDHAT:RHSA-2003:172
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-172.html
Reference: ENGARDE:ESA-20030515-017
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
Reference: DEBIAN:DSA-311
Reference:
URL:http://www.debian.org/security/2003/dsa-311
Reference: DEBIAN:DSA-312
Reference:
URL:http://www.debian.org/security/2003/dsa-312
Reference: DEBIAN:DSA-332
Reference:
URL:http://www.debian.org/security/2003/dsa-332
Reference: DEBIAN:DSA-336
Reference:
URL:http://www.debian.org/security/2003/dsa-336
Reference: DEBIAN:DSA-442
Reference:
URL:http://www.debian.org/security/2004/dsa-442
Reference: MANDRAKE:MDKSA-2003:066
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
Reference: MANDRAKE:MDKSA-2003:074
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
Reference: BUGTRAQ:20030618 [slackware-security]
2.4.21 kernels available (SSA:2003-168-01)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105595901923063&w=2
Reference: BID:7601
Reference:
URL:http://www.securityfocus.com/bid/7601
Reference: OVAL:oval:org.mitre.oval:def:261
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:261
Reference: SECUNIA:8786
Reference:
URL:http://www.secunia.com/advisories/8786/
Reference:
XF:data-algorithmic-complexity-dos(15382)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/15382
Votes:
Name: CVE-2003-0245
Description:
Vulnerability in the apr_psprintf function in the Apache
Portable Runtime (APR) library for Apache 2.0.37 through
2.0.45 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via
long strings, as demonstrated using XML objects to
mod_dav, and possibly other vectors.
Status: Candidate
Phase: Assigned (20030506)
Reference:
CONFIRM:http://www.apache.org/dist/httpd/Announcement2.html
Reference: BUGTRAQ:20030528 [SECURITY] [ANNOUNCE]
Apache 2.0.46 released
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105418115512559&w=2
Reference: VULNWATCH:20030530 iDEFENSE Security
Advisory 05.30.03: Apache Portable Runtime Denial of
Service and Arbitrary Code Execution Vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0095.html
Reference:
MISC:http://www.idefense.com/advisory/05.30.03.txt
Reference: REDHAT:RHSA-2003:186
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-186.html
Reference: CONECTIVA:CLA-2003:661
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000661
Reference: MANDRAKE:MDKSA-2003:063
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:063
Reference: CERT-VN:VU#757612
Reference:
URL:http://www.kb.cert.org/vuls/id/757612
Reference:
XF:apache-aprpsprintf-code-execution(12090)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12090
Reference: BID:7723
Reference:
URL:http://www.securityfocus.com/bid/7723
Votes:
Name: CVE-2003-0246
Description:
The ioperm system call in Linux kernel 2.4.20 and
earlier does not properly restrict privileges, which
allows local users to gain read or write access to
certain I/O ports.
Status: Candidate
Phase: Assigned (20030506)
Reference: REDHAT:RHSA-2003:172
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-172.html
Reference: REDHAT:RHSA-2003:147
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-147.html
Reference: ENGARDE:ESA-20030515-017
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
Reference: DEBIAN:DSA-311
Reference:
URL:http://www.debian.org/security/2003/dsa-311
Reference: DEBIAN:DSA-312
Reference:
URL:http://www.debian.org/security/2003/dsa-312
Reference: DEBIAN:DSA-332
Reference:
URL:http://www.debian.org/security/2003/dsa-332
Reference: DEBIAN:DSA-336
Reference:
URL:http://www.debian.org/security/2003/dsa-336
Reference: DEBIAN:DSA-442
Reference:
URL:http://www.debian.org/security/2004/dsa-442
Reference: MANDRAKE:MDKSA-2003:066
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
Reference: MANDRAKE:MDKSA-2003:074
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
Reference: TURBO:TLSA-2003-41
Reference:
URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
Reference: VULNWATCH:20030520 Linux 2.4 kernel
ioperm vuln
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html
Reference: OVAL:oval:org.mitre.oval:def:278
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:278
Votes:
Name: CVE-2003-0247
Description:
Unknown vulnerability in the TTY layer of the Linux
kernel 2.4 allows attackers to cause a denial of service
("kernel oops").
Status: Candidate
Phase: Assigned (20030506)
Reference: REDHAT:RHSA-2003:187
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-187.html
Reference: REDHAT:RHSA-2003:195
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-195.html
Reference: REDHAT:RHSA-2003:198
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
Reference: DEBIAN:DSA-311
Reference:
URL:http://www.debian.org/security/2003/dsa-311
Reference: DEBIAN:DSA-312
Reference:
URL:http://www.debian.org/security/2003/dsa-312
Reference: DEBIAN:DSA-332
Reference:
URL:http://www.debian.org/security/2003/dsa-332
Reference: DEBIAN:DSA-336
Reference:
URL:http://www.debian.org/security/2003/dsa-336
Reference: DEBIAN:DSA-442
Reference:
URL:http://www.debian.org/security/2004/dsa-442
Reference: MANDRAKE:MDKSA-2003:066
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
Reference: MANDRAKE:MDKSA-2003:074
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
Reference: TURBO:TLSA-2003-41
Reference:
URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
Reference: OVAL:oval:org.mitre.oval:def:284
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:284
Votes:
Name: CVE-2003-0248
Description:
The mxcsr code in Linux kernel 2.4 allows attackers to
modify CPU state registers via a malformed address.
Status: Candidate
Phase: Assigned (20030506)
Reference: REDHAT:RHSA-2003:187
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-187.html
Reference: REDHAT:RHSA-2003:195
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-195.html
Reference: DEBIAN:DSA-311
Reference:
URL:http://www.debian.org/security/2003/dsa-311
Reference: DEBIAN:DSA-312
Reference:
URL:http://www.debian.org/security/2003/dsa-312
Reference: DEBIAN:DSA-332
Reference:
URL:http://www.debian.org/security/2003/dsa-332
Reference: DEBIAN:DSA-336
Reference:
URL:http://www.debian.org/security/2003/dsa-336
Reference: DEBIAN:DSA-442
Reference:
URL:http://www.debian.org/security/2004/dsa-442
Reference: MANDRAKE:MDKSA-2003:066
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
Reference: MANDRAKE:MDKSA-2003:074
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
Reference: TURBO:TLSA-2003-41
Reference:
URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
Reference: OVAL:oval:org.mitre.oval:def:292
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:292
Votes:
Name: CVE-2003-0249
Description:
** DISPUTED ** PHP treats unknown methods such as "PoSt"
as a GET request, which could allow attackers to
intended access restrictions if PHP is running on a
server that passes on all methods, such as Apache httpd
2.0, as demonstrated using a Limit directive. NOTE: this
issue has been disputed by the Apache security team,
saying "It is by design that PHP allows scripts to
process any request method. A script which does not
explicitly verify the request method will hence be
processed as normal for arbitrary methods. It is
therefore expected behaviour that one cannot implement
per-method access control using the Apache configuration
alone, which is the assumption made in this report."
Status: Candidate
Phase: Assigned (20030506)
Reference: IDEFENSE:20030625 PHP/Apache .htaccess
Authentication Bypass Vulnerability
Reference:
URL:http://www.idefense.com/intelligence/vulnerabilities/display.php?id=97
Votes:
Name: CVE-2003-0250
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030506)
Votes:
Name: CVE-2003-0251
Description:
ypserv NIS server before 2.7 allows remote attackers to
cause a denial of service via a TCP client request that
does not respond to the server, which causes ypserv to
block.
Status: Candidate
Phase: Assigned (20030506)
Reference: HP:HPSBTU02132
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/440454/100/0/threaded
Reference: HP:SSRT061154
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/440454/100/0/threaded
Reference: REDHAT:RHSA-2003:173
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-173.html
Reference: MANDRAKE:MDKSA-2003:072
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:072
Reference: REDHAT:RHSA-2003:201
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-201.html
Reference: SUNALERT:55600
Reference:
URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55600&zone_32=category%3Asecurity
Reference: TURBO:TLSA-2003-43
Reference:
URL:http://www.turbolinux.com/security/TLSA-2003-43.txt
Reference: BID:8031
Reference:
URL:http://www.securityfocus.com/bid/8031
Reference: FRSIRT:ADV-2006-2873
Reference:
URL:http://www.frsirt.com/english/advisories/2006/2873
Reference: OVAL:oval:org.mitre.oval:def:667
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:667
Reference: SECTRACK:1016517
Reference:
URL:http://securitytracker.com/id?1016517
Reference: SECUNIA:21112
Reference:
URL:http://secunia.com/advisories/21112
Votes:
Name: CVE-2003-0252
Description:
Off-by-one error in the xlog function of mountd in the
Linux NFS utils package (nfs-utils) before 1.0.4 allows
remote attackers to cause a denial of service and
possibly execute arbitrary code via certain RPC requests
to mountd that do not contain newlines.
Status: Candidate
Phase: Assigned (20030506)
Reference: VULNWATCH:20030714 Linux nfs-utils
xlog() off-by-one bug
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.html
Reference: BUGTRAQ:20030714 Linux nfs-utils
xlog() off-by-one bug
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105820223707191&w=2
Reference:
MISC:http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt
Reference: VULNWATCH:20030714 Reality of the
rpc.mountd bug
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.html
Reference: DEBIAN:DSA-349
Reference:
URL:http://www.debian.org/security/2003/dsa-349
Reference: REDHAT:RHSA-2003:206
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-206.html
Reference: REDHAT:RHSA-2003:207
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-207.html
Reference: SUSE:SuSE-SA:2003:031
Reference:
URL:http://www.novell.com/linux/security/advisories/2003_031_nfs_utils.html
Reference: MANDRAKE:MDKSA-2003:076
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:076
Reference: TURBO:TLSA-2003-44
Reference:
URL:http://www.turbolinux.com/security/TLSA-2003-44.txt
Reference: SCO:CSSA-2003-037.0
Reference: BUGTRAQ:20030715 [slackware-security]
nfs-utils packages replaced (SSA:2003-195-01b)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105830921519513&w=2
Reference: BUGTRAQ:20030716 Immunix Secured OS 7+
nfs-utils update -- bugtraq
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105839032403325&w=2
Reference: CERT-VN:VU#258564
Reference:
URL:http://www.kb.cert.org/vuls/id/258564
Reference: BID:8179
Reference:
URL:http://www.securityfocus.com/bid/8179
Reference: OVAL:oval:org.mitre.oval:def:443
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:443
Reference: SECTRACK:1007187
Reference:
URL:http://securitytracker.com/id?1007187
Reference: SECUNIA:9259
Reference: URL:http://secunia.com/advisories/9259
Reference: XF:nfs-utils-offbyone-bo(12600)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12600
Votes:
Name: CVE-2003-0253
Description:
The prefork MPM in Apache 2 before 2.0.47 does not
properly handle certain errors from accept, which could
lead to a denial of service.
Status: Candidate
Phase: Assigned (20030506)
Reference: BUGTRAQ:20030709 [ANNOUNCE][SECURITY]
Apache 2.0.47 released
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105776593602600&w=2
Reference: MANDRAKE:MDKSA-2003:075
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:075
Reference: REDHAT:RHSA-2003:240
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-240.html
Reference: OVAL:oval:org.mitre.oval:def:173
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:173
Votes:
Name: CVE-2003-0254
Description:
Apache 2 before 2.0.47, when running on an IPv6 host,
allows attackers to cause a denial of service (CPU
consumption by infinite loop) when the FTP proxy server
fails to create an IPv6 socket.
Status: Candidate
Phase: Assigned (20030506)
Reference: BUGTRAQ:20030709 [ANNOUNCE][SECURITY]
Apache 2.0.47 released
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105776593602600&w=2
Reference: MANDRAKE:MDKSA-2003:075
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:075
Reference: REDHAT:RHSA-2003:240
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-240.html
Reference: OVAL:oval:org.mitre.oval:def:183
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:183
Votes:
Name: CVE-2003-0255
Description:
The key validation code in GnuPG before 1.2.2 does not
properly determine the validity of keys with multiple
user IDs and assigns the greatest validity of the most
valid user ID, which prevents GnuPG from warning the
encrypting user when a user ID does not have a trusted
path.
Status: Candidate
Phase: Assigned (20030506)
Reference: BUGTRAQ:20030504 Key validity bug in
GnuPG 1.2.1 and earlier
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105215110111174&w=2
Reference:
MISC:http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html
Reference: CONECTIVA:CLA-2003:694
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694
Reference: ENGARDE:ESA-20030515-016
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301357425157&w=2
Reference: ENGARDE:20030515-016
Reference:
URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html
Reference: REDHAT:RHSA-2003:175
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-175.html
Reference: REDHAT:RHSA-2003:176
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-176.html
Reference: MANDRAKE:MDKSA-2003:061
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:061
Reference: TURBO:TLSA200334
Reference:
URL:http://www.turbolinux.com/security/TLSA-2003-34.txt
Reference: SCO:CSSA-2003-034.0
Reference: BUGTRAQ:20030516 [OpenPKG-SA-2003.029]
OpenPKG Security Advisory (gnupg)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105311804129104&w=2
Reference: BUGTRAQ:20030522 [slackware-security]
GnuPG key validation fix (SSA:2003-141-04)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105362224514081&w=2
Reference: CERT-VN:VU#397604
Reference:
URL:http://www.kb.cert.org/vuls/id/397604
Reference: BID:7497
Reference:
URL:http://www.securityfocus.com/bid/7497
Reference: OSVDB:4947
Reference: URL:http://www.osvdb.org/4947
Reference: OVAL:oval:org.mitre.oval:def:135
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:135
Reference: XF:gnupg-invalid-key-acceptance(11930)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11930
Votes:
Name: CVE-2003-0256
Description:
The GnuPG plugin in kopete before 0.6.2 does not
properly cleanse the command line when executing gpg,
which allows remote attackers to execute arbitrary
commands.
Status: Candidate
Phase: Assigned (20030507)
Reference: MANDRAKE:MDKSA-2003:055
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:055
Reference: CONECTIVA:CLA-2003:665
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000665
Reference:
CONFIRM:http://kopete.kde.org/index.php?page=newsstory&news=Kopete_releases_version_0.6.2
Votes:
Name: CVE-2003-0257
Description:
Format string vulnerability in the printer capability
for IBM AIX .3, 5.1, and 5.2 allows local users to gain
printq or root privileges.
Status: Candidate
Phase: Assigned (20030507)
Reference: AIXAPAR:IY42089
Reference: AIXAPAR:IY42090
Reference: AIXAPAR:IY42091
Reference: IBM:MSS-OAR-E01-2003:0660.1
Reference:
URL:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0660.1
Reference: XF:aix-print-format-string(12000)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12000
Votes:
Name: CVE-2003-0258
Description:
Cisco VPN 3000 series concentrators and Cisco VPN 3002
Hardware Client 3.5.x through 4.0.REL, when enabling
IPSec over TCP for a port on the concentrator, allow
remote attackers to reach the private network without
authentication.
Status: Candidate
Phase: Assigned (20030507)
Reference: CISCO:20030507 Cisco VPN 3000
Concentrator Vulnerabilities
Reference:
URL:http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml
Reference: CERT-VN:VU#727780
Reference:
URL:http://www.kb.cert.org/vuls/id/727780
Reference: XF:cisco-vpn-unauth-access(11954)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11954
Votes:
Name: CVE-2003-0259
Description:
Cisco VPN 3000 series concentrators and Cisco VPN 3002
Hardware Client 2.x.x through 3.6.7 allows remote
attackers to cause a denial of service (reload) via a
malformed SSH initialization packet.
Status: Candidate
Phase: Assigned (20030507)
Reference: CISCO:20030507 Cisco VPN 3000
Concentrator Vulnerabilities
Reference:
URL:http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml
Reference: CERT-VN:VU#317348
Reference:
URL:http://www.kb.cert.org/vuls/id/317348
Reference: XF:cisco-vpn-ssh-dos(11955)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11955
Votes:
Name: CVE-2003-0260
Description:
Cisco VPN 3000 series concentrators and Cisco VPN 3002
Hardware Client 2.x.x through 3.6.7A allow remote
attackers to cause a denial of service (slowdown and
possibly reload) via a flood of malformed ICMP packets.
Status: Candidate
Phase: Assigned (20030507)
Reference: CISCO:20030507 Cisco VPN 3000
Concentrator Vulnerabilities
Reference:
URL:http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml
Reference: CERT-VN:VU#221164
Reference:
URL:http://www.kb.cert.org/vuls/id/221164
Reference: XF:cisco-vpn-icmp-dos(11956)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11956
Votes:
Name: CVE-2003-0261
Description:
fuzz 0.6 and earlier creates temporary files insecurely,
which could allow local users to gain root privileges.
Status: Candidate
Phase: Assigned (20030507)
Reference: DEBIAN:DSA-302
Reference:
URL:http://www.debian.org/security/2003/dsa-302
Votes:
Name: CVE-2003-0262
Description:
leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR
as setuid root, which allows local users to gain root
privileges by exploiting unknown vulnerabilities related
to the escalated privileges, which KATAXWR is not
designed to have.
Status: Candidate
Phase: Assigned (20030507)
Reference: DEBIAN:DSA-299
Reference:
URL:http://www.debian.org/security/2003/dsa-299
Reference: BID:7505
Reference:
URL:http://www.securityfocus.com/bid/7505
Reference: XF:kataxwr-gain-privileges(11945)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11945
Votes:
Name: CVE-2003-0263
Description:
Multiple buffer overflows in Floosietek FTGate Pro Mail
Server (FTGatePro) 1.22 allow remote attackers to
execute arbitrary code via long (1) MAIL FROM or (2)
RCPT TO commands.
Status: Candidate
Phase: Assigned (20030507)
Reference: BUGTRAQ:20030506 Multiple Buffer
Overflow Vulnerabilities Found in FTGate Pro Mail Server
v. 1.22 (1328)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105223471822836&w=2
Reference: VULNWATCH:20030506 Multiple Buffer
Overflow Vulnerabilities Found in FTGate Pro Mail Server
v. 1.22 (1328)
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0052.html
Reference: BID:7506
Reference:
URL:http://www.securityfocus.com/bid/7506
Reference: BID:7508
Reference:
URL:http://www.securityfocus.com/bid/7508
Reference: XF:ftgate-mailfrom-rcptto-bo(11951)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11951
Votes:
Name: CVE-2003-0264
Description:
Multiple buffer overflows in SLMail 5.1.0.4420 allows
remote attackers to execute arbitrary code via (1) a
long EHLO argument to slmail.exe, (2) a long XTRN
argument to slmail.exe, (3) a long string to POPPASSWD,
or (4) a long password to the POP3 server.
Status: Candidate
Phase: Assigned (20030507)
Reference: BUGTRAQ:20030507 Multiple Buffer
Overflow Vulnerabilities in SLMail (#NISR07052003A)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105232506011335&w=2
Reference: NTBUGTRAQ:20030507 Multiple Buffer
Overflow Vulnerabilities in SLMail (#NISR07052003A)
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105233360321895&w=2
Reference:
MISC:http://www.nextgenss.com/advisories/slmail-vulns.txt
Votes:
Name: CVE-2003-0265
Description:
Race condition in SDBINST for SAP database 7.3.0.29
creates critical files with world-writable permissions
before initializing the setuid bits, which allows local
attackers to gain root privileges by modifying the files
before the permissions are changed.
Status: Candidate
Phase: Assigned (20030507)
Reference: BUGTRAQ:20030507 SAP database local
root vulnerability during installation. (fwd)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105232424810097&w=2
Reference: BID:7421
Reference:
URL:http://www.securityfocus.com/bid/7421
Votes:
Name: CVE-2003-0266
Description:
Multiple buffer overflows in SLWebMail 3 on Windows
systems allows remote attackers to cause a denial of
service and possibly execute arbitrary code via (1) a
long Language parameter to showlogin.dll, (2) a long
CompanyID parameter to recman.dll, (3) a long CompanyID
parameter to admin.dll, or (4) a long CompanyID
parameter to globallogin.dll.
Status: Candidate
Phase: Assigned (20030507)
Reference: BUGTRAQ:20030507 Multiple
Vulnerabilities in SLWebmail
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105232436210273&w=2
Reference: NTBUGTRAQ:20030507 Multiple
Vulnerabilities in SLWebmail
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105233363721919&w=2
Reference:
MISC:http://www.nextgenss.com/advisories/slwebmail-vulns.txt
Votes:
Name: CVE-2003-0267
Description:
ShowGodLog.dll in SLWebMail 3 on Windows systems allows
remote attackers to read arbitrary files by directly
calling ShowGodLog.dll with an argument specifying the
full path of the target file.
Status: Candidate
Phase: Assigned (20030507)
Reference: BUGTRAQ:20030507 Multiple
Vulnerabilities in SLWebmail
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105232436210273&w=2
Reference: NTBUGTRAQ:20030507 Multiple
Vulnerabilities in SLWebmail
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105233363721919&w=2
Reference:
MISC:http://www.nextgenss.com/advisories/slwebmail-vulns.txt
Votes:
Name: CVE-2003-0268
Description:
SLWebMail 3 on Windows systems allows remote attackers
to identify the full path of the server via invalid
requests to DLLs such as WebMailReq.dll, which reveals
the path in an error message.
Status: Candidate
Phase: Assigned (20030507)
Reference: BUGTRAQ:20030507 Multiple
Vulnerabilities in SLWebmail
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105232436210273&w=2
Reference: NTBUGTRAQ:20030507 Multiple
Vulnerabilities in SLWebmail
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105233363721919&w=2
Reference:
MISC:http://www.nextgenss.com/advisories/slwebmail-vulns.txt
Votes:
Name: CVE-2003-0269
Description:
Buffer overflow in youbin allows local users to gain
privileges via a long HOME environment variable.
Status: Candidate
Phase: Assigned (20030507)
Reference: BUGTRAQ:20030506 youbin local root
exploit + advisory
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105223947528794&w=2
Reference: VULNWATCH:20030506 youbin local root
exploit + advisory
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0053.html
Reference: FULLDISC:20030506 youbin local root
exploit + advisory
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004892.html
Reference: BID:7503
Reference:
URL:http://www.securityfocus.com/bid/7503
Reference: XF:youbin-home-bo(11949)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11949
Votes:
Name: CVE-2003-0270
Description:
The administration capability for Apple AirPort 802.11
wireless access point devices uses weak encryption (XOR
with a fixed key) for protecting authentication
credentials, which could allow remote attackers to
obtain administrative access via sniffing when the
capability is available via Ethernet or non-WEP
connections.
Status: Candidate
Phase: Assigned (20030508)
Reference: ATSTAKE:A051203-1
Reference:
URL:http://www.atstake.com/research/advisories/2003/a051203-1.txt
Reference: BID:7554
Reference:
URL:http://www.securityfocus.com/bid/7554
Reference: SECTRACK:1006742
Reference:
URL:http://securitytracker.com/id?1006742
Reference: SECUNIA:8773
Reference: URL:http://secunia.com/advisories/8773
Reference:
XF:airport-auth-credentials-disclosure(11980)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11980
Votes:
Name: CVE-2003-0271
Description:
Buffer overflow in Personal FTP Server allows remote
attackers to execute arbitrary code via a long USER
argument.
Status: Candidate
Phase: Assigned (20030508)
Reference: BUGTRAQ:20030331 Personal FTP Server
Reference:
URL:http://www.securityfocus.com/archive/1/316958
Reference: BUGTRAQ:20030508 Remote Stack Overflow
exploit for Personal FTPD
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105240469318622&w=2
Reference:
MISC:http://security.nnov.ru/search/document.asp?docid=4309
Votes:
Name: CVE-2003-0272
Description:
admin.php in miniPortail allows remote attackers to gain
administrative privileges by setting the
miniPortailAdmin cookie to an "adminok" value.
Status: Candidate
Phase: Assigned (20030508)
Reference: BUGTRAQ:20030508 miniPortail (PHP) :
Admin Access
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105240907024660&w=2
Reference:
MISC:http://www.frog-man.org/tutos/miniPortail.txt
Votes:
Name: CVE-2003-0273
Description:
Cross-site scripting (XSS) vulnerability in the web
interface for Request Tracker (RT) 1.0 through 1.0.7
allows remote attackers to execute script via message
bodies.
Status: Candidate
Phase: Assigned (20030508)
Reference: BUGTRAQ:20030508 Fw: [rt-users]
[rt-announce] RT 1.0.7 vulnerable to Cross Site
Scripting attacks
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105240947225275&w=2
Reference:
CONFIRM:http://lists.fsck.com/pipermail/rt-announce/2003-May/000071.html
Votes:
Name: CVE-2003-0274
Description:
Buffer overflow in catmail for ListProc 8.2.09 and
earlier allows remote attackers to execute arbitrary
code via a long ULISTPROC_UMASK value.
Status: Candidate
Phase: Assigned (20030508)
Reference: BUGTRAQ:20030508 SRT2003-05-08-1137 -
ListProc mailing list ULISTPROC_UMASK overflow
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105241224228693&w=2
Votes:
Name: CVE-2003-0275
Description:
SSI.php in YaBB SE 1.5.2 allows remote attackers to
execute arbitrary PHP code by modifying the sourcedir
parameter to reference a URL on a remote web server that
contains the code.
Status: Candidate
Phase: Assigned (20030509)
Reference: BUGTRAQ:20030509 II-Labs Advisory:
Remote code execution in YaBBse 1.5.2 (php version)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105249980809988&w=2
Votes:
Name: CVE-2003-0276
Description:
Buffer overflow in Pi3Web 2.0.1 allows remote attackers
to cause a denial of service (crash) and possibly
execute arbitrary code via a GET request with a large
number of / characters.
Status: Candidate
Phase: Assigned (20030512)
Reference: BUGTRAQ:20030428 Pi3Web 2.0.1 DoS
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105155818012718&w=2
Reference: BUGTRAQ:20030512 Unix Version of the
Pi3web DoS
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105275789410250&w=2
Reference: BID:7555
Reference:
URL:http://www.securityfocus.com/bid/7555
Reference: XF:pi3web-get-request-bo(11889)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11889
Votes:
Name: CVE-2003-0277
Description:
Directory traversal vulnerability in normal_html.cgi in
Happycgi.com Happymall 4.3 and 4.4 allows remote
attackers to read arbitrary files via .. (dot dot)
sequences in the file parameter.
Status: Candidate
Phase: Assigned (20030512)
Reference: BUGTRAQ:20030512 One more flaw in
Happymall
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105276130814262&w=2
Reference: BID:7559
Reference:
URL:http://www.securityfocus.com/bid/7559
Reference:
XF:happymall-dotdot-directory-traversal(11987)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11987
Votes:
Name: CVE-2003-0278
Description:
Cross-site scripting (XSS) vulnerability in
normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4
allows remote attackers to insert arbitrary web script
via the file parameter.
Status: Candidate
Phase: Assigned (20030512)
Reference: BUGTRAQ:20030512 One more flaw in
Happymall
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105276130814262&w=2
Reference: BID:7557
Reference:
URL:http://www.securityfocus.com/bid/7557
Reference: XF:happymall-normalhtml-xss(11988)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11988
Votes:
Name: CVE-2003-0279
Description:
Multiple SQL injection vulnerabilities in the Web_Links
module for PHP-Nuke 5.x through 6.5 allows remote
attackers to steal sensitive information via numeric
fields, as demonstrated using (1) the viewlink function
and cid parameter, or (2) index.php.
Status: Candidate
Phase: Assigned (20030512)
Reference: BUGTRAQ:20030512 Lot of SQL injection
on PHP-Nuke 6.5 (secure weblog!)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105276019312980&w=2
Reference: BUGTRAQ:20030513 More and More SQL
injection on PHP-Nuke 6.5.
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html
Reference: BID:7558
Reference:
URL:http://www.securityfocus.com/bid/7558
Reference: BID:7588
Reference:
URL:http://www.securityfocus.com/bid/7588
Reference: XF:phpnuke-web-sql-injection(11984)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11984
Votes:
Name: CVE-2003-0280
Description:
Multiple buffer overflows in the SMTP Service for ESMTP
CMailServer 4.0.2003.03.27 allow remote attackers to
execute arbitrary code via long (1) MAIL FROM or (2)
RCPT TO commands.
Status: Candidate
Phase: Assigned (20030512)
Reference: BUGTRAQ:20030510 Multiple Buffer
Overflow Vulnerabilities Found in CMailServer 4.0
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105258772101349&w=2
Reference: VULNWATCH:20030510 Multiple Buffer
Overflow Vulnerabilities Found in CMailServer 4.0
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0062.html
Reference: BID:7547
Reference:
URL:http://www.securityfocus.com/bid/7547
Reference: BID:7548
Reference:
URL:http://www.securityfocus.com/bid/7548
Reference: XF:cmailserver-smtp-bo(11975)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11975
Votes:
Name: CVE-2003-0281
Description:
Buffer overflow in Firebird 1.0.2 and other versions
before 1.5, and possibly other products that use the
InterBase codebase, allows local users to execute
arbitrary code via a long INTERBASE environment variable
when calling (1) gds_inet_server, (2) gds_lock_mgr, or
(3) gds_drop.
Status: Candidate
Phase: Assigned (20030512)
Reference: BUGTRAQ:20020617 Interbase 6.0
malloc() issues
Reference:
URL:http://seclists.org/lists/bugtraq/2002/Jun/0212.html
Reference: BUGTRAQ:20030509 Firebird Local
exploit
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105259012802997&w=2
Reference: GENTOO:GLSA-200405-18
Reference:
URL:http://security.gentoo.org/glsa/glsa-200405-18.xml
Reference: BID:7546
Reference:
URL:http://www.securityfocus.com/bid/7546
Reference: SECUNIA:8758
Reference: URL:http://secunia.com/advisories/8758
Reference: XF:firebird-interbase-bo(11977)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11977
Votes:
Name: CVE-2003-0282
Description:
Directory traversal vulnerability in UnZip 5.50 allows
attackers to overwrite arbitrary files via invalid
characters between two . (dot) characters, which are
filtered and result in a ".." sequence.
Status: Candidate
Phase: Assigned (20030512)
Reference: BUGTRAQ:20030509 unzip directory
traversal revisited
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175&w=2
Reference: CALDERA:CSSA-2003-031.0
Reference:
URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt
Reference: CONECTIVA:CLA-2003:672
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672
Reference: DEBIAN:DSA-344
Reference:
URL:http://www.debian.org/security/2003/dsa-344
Reference: IMMUNIX:IMNX-2003-7+-017-01
Reference:
URL:http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-017-01
Reference: MANDRAKE:MDKSA-2003:073
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:073
Reference: REDHAT:RHSA-2003:199
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-199.html
Reference: REDHAT:RHSA-2003:200
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-200.html
Reference: SCO:CSSA-2003-031.0
Reference:
URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt
Reference: TURBO:TLSA-2003-42
Reference:
URL:http://www.turbolinux.com/security/TLSA-2003-42.txt
Reference: BUGTRAQ:20030710 [OpenPKG-SA-2003.033]
OpenPKG Security Advisory (infozip)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105786446329347&w=2
Reference: CIAC:N-111
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-111.shtml
Reference: BID:7550
Reference:
URL:http://www.securityfocus.com/bid/7550
Reference: OVAL:oval:org.mitre.oval:def:619
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:619
Reference:
XF:unzip-dotdot-directory-traversal(12004)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12004
Votes:
Name: CVE-2003-0283
Description:
Cross-site scripting (XSS) vulnerability in Phorum
before 3.4.3 allows remote attackers to inject arbitrary
web script and HTML tags via a message with a "<<"
before a tag name in the (1) subject, (2) author's name,
or (3) author's e-mail.
Status: Candidate
Phase: Assigned (20030512)
Reference: BUGTRAQ:20030509 A Phorum's bug...
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105251043821533&w=2
Reference: BUGTRAQ:20030509 Re: A Phorum's bug...
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105251421925394&w=2
Reference: BID:7545
Reference:
URL:http://www.securityfocus.com/bid/7545
Reference:
XF:phorum-message-html-injection(11974)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11974
Votes:
Name: CVE-2003-0284
Description:
Adobe Acrobat 5 does not properly validate JavaScript in
PDF files, which allows remote attackers to write
arbitrary files into the Plug-ins folder that spread to
other PDF documents, as demonstrated by the W32.Yourde
virus.
Status: Candidate
Phase: Assigned (20030513)
Reference:
CONFIRM:http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121
Reference: CERT-VN:VU#184820
Reference:
URL:http://www.kb.cert.org/vuls/id/184820
Votes:
Name: CVE-2003-0285
Description:
IBM AIX 5.2 and earlier distributes Sendmail with a
configuration file (sendmail.cf) with the (1)
promiscuous_relay, (2) accept_unresolvable_domains, and
(3) accept_unqualified_senders features enabled, which
allows Sendmail to be used as an open mail relay for
sending spam e-mail.
Status: Candidate
Phase: Assigned (20030513)
Reference: BUGTRAQ:20030513 AIX sendmail open
relay
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105284689228961&w=2
Reference:
MISC:http://security.sdsc.edu/advisories/2003.05.13-AIX-sendmail.txt
Reference: CERT-VN:VU#814617
Reference:
URL:http://www.kb.cert.org/vuls/id/814617
Reference: BID:7580
Reference:
URL:http://www.securityfocus.com/bid/7580
Reference: XF:aix-sendmail-mail-relay(11993)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11993
Votes:
Name: CVE-2003-0286
Description:
SQL injection vulnerability in Snitz Forums 2000 before
3.3.03 and earlier allows remote attackers to execute
arbitrary stored procedures via the Email variable.
Status: Candidate
Phase: Assigned (20030513)
Reference: VULNWATCH:20030512 Snitz Forum 3.3.03
Remote Command Execution
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0067.html
Reference: BUGTRAQ:20030513 Snitz Forum 3.3.03
Remote Command Execution
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105277599131134&w=2
Reference: BID:7549
Reference:
URL:http://www.securityfocus.com/bid/7549
Reference: XF:snitz-register-sql-injection(11981)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11981
Votes:
Name: CVE-2003-0287
Description:
Cross-site scripting (XSS) vulnerability in Movable Type
before 2.6, and possibly other versions including 2.63,
allows remote attackers to insert arbitrary web script
or HTML via the Name textbox, possibly when the "Allow
HTML in comments?" option is enabled.
Status: Candidate
Phase: Assigned (20030513)
Reference: BUGTRAQ:20030512 CSS found in Movable
Type
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105276879622636&w=2
Reference: BUGTRAQ:20030512 Re: CSS found in
Movable Type
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105277690132079&w=2
Reference: BUGTRAQ:20030513 Re: CSS found in
Movable Type -- Nope
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105284589927655&w=2
Reference: BID:7560
Reference:
URL:http://www.securityfocus.com/bid/7560
Reference: XF:movable-type-comment-xss(12003)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12003
Votes:
Name: CVE-2003-0288
Description:
Buffer overflow in the file & folder transfer mechanism
for IP Messenger for Win 2.00 through 2.02 allows remote
attackers to execute arbitrary code via file with a long
filename, which triggers the overflow when the user
saves the file.
Status: Candidate
Phase: Assigned (20030513)
Reference: BUGTRAQ:20030513 [SNS Advisory No.64]
IP Messenger for Win Buffer Overflow Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105283843417610&w=2
Reference:
MISC:http://www.lac.co.jp/security/english/snsadv_e/64_e.html
Reference: BID:7566
Reference:
URL:http://www.securityfocus.com/bid/7566
Reference: XF:ip-messenger-filename-bo(11986)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11986
Votes:
Name: CVE-2003-0289
Description:
Format string vulnerability in scsiopen.c of the
cdrecord program in cdrtools 2.0 allows local users to
gain privileges via format string specifiers in the dev
parameter.
Status: Candidate
Phase: Assigned (20030513)
Reference: BUGTRAQ:20030513 cdrtools2.0 Format
String Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105285564307225&w=2
Reference: BUGTRAQ:20030513
Cdrecord_local_root_exploit.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105286031812533&w=2
Reference:
CONFIRM:ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz
Reference: GENTOO:200305-06
Reference:
URL:http://forums.gentoo.org/viewtopic.php?t=54904
Reference: MANDRAKE:MDKSA-2003:058
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:058
Reference:
MISC:http://www.securiteam.com/exploits/5ZP0C2AAAC.html
Reference: BID:7565
Reference:
URL:http://www.securityfocus.com/bid/7565
Reference:
XF:cdrtools-scsiopen-format-string(12007)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12007
Votes:
Name: CVE-2003-0290
Description:
Memory leak in eServ 2.9x allows remote attackers to
cause a denial of service (memory exhaustion) via a
large number of connections, whose memory is not freed
when the connection is terminated.
Status: Candidate
Phase: Assigned (20030513)
Reference: BUGTRAQ:20030511 eServ Memory Leak
Enables Denial of Service Attacks
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105284630228137&w=2
Reference: BUGTRAQ:20030513 eServ Memory Leak
Solution
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105284631428187&w=2
Reference: VULNWATCH:20030511 eServ Memory Leak
Enables Denial of Service Attacks
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0064.html
Reference: BID:7552
Reference:
URL:http://www.securityfocus.com/bid/7552
Reference:
XF:eserv-multiple-connections-dos(11973)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11973
Votes:
Name: CVE-2003-0291
Description:
3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not
properly clear memory from DHCP responses, which allows
remote attackers to identify the contents of previous
HTTP requests by sniffing DHCP packets.
Status: Candidate
Phase: Assigned (20030514)
Reference: BUGTRAQ:20030514 Memory leak in 3COM
812 DSL routers
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105292451702516&w=2
Reference: BUGTRAQ:20030515 RE : Memory leak in
3COM DSL routers
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301488426951&w=2
Reference:
MISC:http://nautopia.coolfreepages.com/vulnerabilidades/3com812_dhcp_leak.htm
Reference: BID:7592
Reference:
URL:http://www.securityfocus.com/bid/7592
Reference:
XF:3com-officeconnect-memory-leak(11999)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11999
Votes:
Name: CVE-2003-0292
Description:
Cross-site scripting (XSS) vulnerability in Inktomi
Traffic-Server 5.5.1 allows remote attackers to insert
arbitrary web script or HTML into an error page that
appears to come from the domain that the client is
visiting, aka "Man-in-the-Middle" XSS.
Status: Candidate
Phase: Assigned (20030514)
Reference: BUGTRAQ:20030514 Inktomi
Traffic-Server XSS: man-in-the-middle XSS !
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105292750807005&w=2
Reference: BID:7596
Reference:
URL:http://www.securityfocus.com/bid/7596
Votes:
Name: CVE-2003-0293
Description:
PalmOS allows remote attackers to cause a denial of
service (CPU consumption) via a flood of ICMP echo
request (ping) packets.
Status: Candidate
Phase: Assigned (20030514)
Reference: BUGTRAQ:20030514 PalmOS ICMP flood
DoS.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105293128612131&w=2
Votes:
Name: CVE-2003-0294
Description:
autohtml.php in php-proxima 6.0 and earlier allows
remote attackers to read arbitrary files via the name
parameter in a modload operation.
Status: Candidate
Phase: Assigned (20030514)
Reference: BUGTRAQ:20030514 php-proxima Remote
File Access Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105293834421549&w=2
Votes:
Name: CVE-2003-0295
Description:
Cross-site scripting (XSS) vulnerability in private.php
for vBulletin 3.0.0 Beta 2 allows remote attackers to
inject arbitrary web script and HTML via the "Preview
Message" capability.
Status: Candidate
Phase: Assigned (20030514)
Reference: BUGTRAQ:20030514 VBulletin Preview
Message - XSS Vuln
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105292832607981&w=2
Reference: BUGTRAQ:20030514 Re: VBulletin Preview
Message - XSS Vuln
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105293890422210&w=2
Votes:
Name: CVE-2003-0296
Description:
The IMAP Client for Evolution 1.2.4 allows remote
malicious IMAP servers to cause a denial of service and
possibly execute arbitrary code via certain large
literal size values that cause either integer signedness
errors or integer overflow errors.
Status: Candidate
Phase: Assigned (20030514)
Reference: BUGTRAQ:20030514 Buffer overflows in
multiple IMAP clients
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105294024124163&w=2
Votes:
Name: CVE-2003-0297
Description:
c-client IMAP Client, as used in imap-2002b and Pine
4.53, allows remote malicious IMAP servers to cause a
denial of service (crash) and possibly execute arbitrary
code via certain large (1) literal and (2) mailbox size
values that cause either integer signedness errors or
integer overflow errors.
Status: Candidate
Phase: Assigned (20030514)
Reference: BUGTRAQ:20030514 Buffer overflows in
multiple IMAP clients
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105294024124163&w=2
Reference: FEDORA:FLSA:184074
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/430302/100/0/threaded
Reference: REDHAT:RHSA-2005:015
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2005-015.html
Reference: REDHAT:RHSA-2005:114
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2005-114.html
Votes:
Name: CVE-2003-0298
Description:
The IMAP Client for Mozilla 1.3 and 1.4a allows remote
malicious IMAP servers to cause a denial of service and
possibly execute arbitrary code via certain large (1)
literal and possibly (2) mailbox size values that cause
either integer signedness errors or integer overflow
errors.
Status: Candidate
Phase: Assigned (20030514)
Reference: BUGTRAQ:20030514 Buffer overflows in
multiple IMAP clients
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105294024124163&w=2
Votes:
Name: CVE-2003-0299
Description:
The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10,
allows remote malicious IMAP servers to cause a denial
of service and possibly execute arbitrary code via
certain large mailbox size values that cause either
integer signedness errors or integer overflow errors.
Status: Candidate
Phase: Assigned (20030514)
Reference: BUGTRAQ:20030514 Buffer overflows in
multiple IMAP clients
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105294024124163&w=2
Votes:
Name: CVE-2003-0300
Description:
The IMAP Client for Sylpheed 0.8.11 allows remote
malicious IMAP servers to cause a denial of service
(crash) via certain large literal size values that cause
either integer signedness errors or integer overflow
errors.
Status: Candidate
Phase: Assigned (20030514)
Reference: BUGTRAQ:20030514 Buffer overflows in
multiple IMAP clients
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105294024124163&w=2
Votes:
Name: CVE-2003-0301
Description:
The IMAP Client for Outlook Express 6.00.2800.1106
allows remote malicious IMAP servers to cause a denial
of service (crash) via certain large literal size values
that cause either integer signedness errors or integer
overflow errors.
Status: Candidate
Phase: Assigned (20030514)
Reference: BUGTRAQ:20030514 Buffer overflows in
multiple IMAP clients
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105294024124163&w=2
Votes:
Name: CVE-2003-0302
Description:
The IMAP Client for Eudora 5.2.1 allows remote malicious
IMAP servers to cause a denial of service and possibly
execute arbitrary code via certain large literal size
values that cause either integer signedness errors or
integer overflow errors.
Status: Candidate
Phase: Assigned (20030514)
Reference: BUGTRAQ:20030514 Buffer overflows in
multiple IMAP clients
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105294024124163&w=2
Votes:
Name: CVE-2003-0303
Description:
SQL injection vulnerability in one||zero (aka One or
Zero) Helpdesk 1.4 rc4 allows remote attackers to modify
arbitrary ticket number descriptions via the sg
parameter.
Status: Candidate
Phase: Assigned (20030515)
Reference: BUGTRAQ:20030515 OneOrZero Security
Problems (PHP)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105302025601231&w=2
Reference: VULNWATCH:20030515 OneOrZero Security
Problems (PHP)
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0070.html
Reference: BID:7609
Reference:
URL:http://www.securityfocus.com/bid/7609
Votes:
Name: CVE-2003-0304
Description:
one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows
remote attackers to create administrator accounts by
directly calling the install.php Helpdesk Installation
script.
Status: Candidate
Phase: Assigned (20030515)
Reference: BUGTRAQ:20030515 OneOrZero Security
Problems (PHP)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105302025601231&w=2
Reference: VULNWATCH:20030515 OneOrZero Security
Problems (PHP)
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0070.html
Votes:
Name: CVE-2003-0305
Description:
The Service Assurance Agent (SAA) in Cisco IOS 12.0
through 12.2, aka Response Time Reporter (RTR), allows
remote attackers to cause a denial of service (crash)
via malformed RTR packets to port 1967.
Status: Candidate
Phase: Assigned (20030515)
Reference: CISCO:20030515 Cisco Security
Advisory: Cisco IOS Software Processing of SAA Packets
Reference:
URL:http://www.cisco.com/warp/public/707/cisco-sa-20030515-saa.shtml
Votes:
Name: CVE-2003-0306
Description:
Buffer overflow in EXPLORER.EXE on Windows XP allows
attackers to execute arbitrary code as the XP user via a
desktop.ini file with a long .ShellClassInfo parameter.
Status: Candidate
Phase: Assigned (20030515)
Reference: VULN-DEV:20030507 Buffer overflow in
Explorer.exe
Reference:
URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=105241032526289&w=2
Reference: BUGTRAQ:20030511 Detailed analysis:
Buffer overflow in Explorer.exe on Windows XP SP1
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105284486526310&w=2
Reference: BUGTRAQ:20030515 Re[2]: EXPLOIT:
Buffer overflow in Explorer.exe on Windows XP SP1
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301349925036&w=2
Reference: MS:MS03-027
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-027.asp
Reference: OVAL:oval:org.mitre.oval:def:3095
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3095
Votes:
Name: CVE-2003-0307
Description:
Poster version.two allows remote authenticated users to
gain administrative privileges by appending the "|"
field separator and an "admin" value into the email
address field.
Status: Candidate
Phase: Assigned (20030515)
Reference: BUGTRAQ:20030514 [VULNERABILITY] PHP
'poster version.two'
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105295155004969&w=2
Votes:
Name: CVE-2003-0308
Description:
The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does
not securely create temporary files, which could allow
local users to gain additional privileges via (1) expn,
(2) checksendmail, or (3) doublebounce.pl.
Status: Candidate
Phase: Assigned (20030516)
Reference: DEBIAN:DSA-305
Reference:
URL:http://www.debian.org/security/2003/dsa-305
Votes:
Name: CVE-2003-0309
Description:
Internet Explorer 5.01, 5.5, and 6.0 allows remote
attackers to bypass security zone restrictions and
execute arbitrary programs via a web document with a
large number of duplicate file:// or other requests that
point to the program and open multiple file download
dialogs, which eventually cause Internet Explorer to
execute the program, as demonstrated using a large
number of FRAME or IFRAME tags, aka the "File Download
Dialog Vulnerability."
Status: Candidate
Phase: Assigned (20030516)
Reference: BUGTRAQ:20030508 Flooding Internet
Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL]
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105249399103214&w=2
Reference: NTBUGTRAQ:20030508 Flooding Internet
Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL]
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105294162726096&w=2
Reference: BUGTRAQ:20030513 Flooding Internet
Explorer 6.0.2800 (6.x?) security zones ! - UPDATED
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105294081325040&w=2
Reference: NTBUGTRAQ:20030513 Flooding Internet
Explorer 6.0.2800 (6.x?) security zones ! - UPDATED
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105294162726096&w=2
Reference: MS:MS03-020
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-020.asp
Reference: CERT-VN:VU#251788
Reference:
URL:http://www.kb.cert.org/vuls/id/251788
Reference: BID:7539
Reference:
URL:http://www.securityfocus.com/bid/7539
Reference: OVAL:oval:org.mitre.oval:def:948
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:948
Reference: SECUNIA:8807
Reference: URL:http://secunia.com/advisories/8807
Reference: XF:ie-frame-restrictions-bypass(12019)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12019
Votes:
Name: CVE-2003-0310
Description:
Cross-site scripting (XSS) vulnerability in
articleview.php for eZ publish 2.2 allows remote
attackers to insert arbitrary web script.
Status: Candidate
Phase: Assigned (20030516)
Reference: BUGTRAQ:20030516 EzPublish Directory
XSS Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105310013606680&w=2
Votes:
Name: CVE-2003-0311
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030516)
Votes:
Name: CVE-2003-0312
Description:
Directory traversal vulnerability in Snowblind Web
Server 1.0 allows remote attackers to read arbitrary
files via a .. (dot dot) in an HTTP request.
Status: Candidate
Phase: Assigned (20030516)
Reference: BUGTRAQ:20030516 Snowblind Web Server:
multiple issues
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105311719128173&w=2
Votes:
Name: CVE-2003-0313
Description:
Directory traversal vulnerability in Snowblind Web
Server 1.0 allows remote attackers to list arbitrary
directory contents via a ... (triple dot) in an HTTP
request.
Status: Candidate
Phase: Assigned (20030516)
Reference: BUGTRAQ:20030516 Snowblind Web Server:
multiple issues
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105311719128173&w=2
Votes:
Name: CVE-2003-0314
Description:
Snowblind Web Server 1.0 allows remote attackers to
cause a denial of service (crash) via a URL that ends in
a "</" sequence.
Status: Candidate
Phase: Assigned (20030516)
Reference: BUGTRAQ:20030516 Snowblind Web Server:
multiple issues
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105311719128173&w=2
Votes:
Name: CVE-2003-0315
Description:
Snowblind Web Server 1.0 allows remote attackers to
cause a denial of service (crash) and possibly execute
arbitrary code via a long HTTP request, which may
trigger a buffer overflow.
Status: Candidate
Phase: Assigned (20030516)
Reference: BUGTRAQ:20030516 Snowblind Web Server:
multiple issues
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105311719128173&w=2
Votes:
Name: CVE-2003-0316
Description:
Venturi Client before 2.2, as used in certain Fourelle
and Venturi Wireless products, can be used as an open
proxy for various protocols, including an open relay for
SMTP, which allows it to be abused by spammers.
Status: Candidate
Phase: Assigned (20030516)
Reference: BUGTRAQ:20030516 Venturi Client 2.1
confirmed as open relay [Verizon Wireless Mobile Office]
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2003-05/0188.html
Reference:
MISC:http://www.venturiwireless.com/tech_support/Q_and_A/Q_A_09.htm
Votes:
Name: CVE-2003-0317
Description:
iisPROTECT 2.1 and 2.2 allows remote attackers to bypass
authentication via an HTTP request containing
URL-encoded characters.
Status: Candidate
Phase: Assigned (20030519)
Reference: IDEFENSE:20030522 Authentication
Bypass in iisPROTECT
Reference:
URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=25
Votes:
Name: CVE-2003-0318
Description:
Cross-site scripting (XSS) vulnerability in the
Statistics module for PHP-Nuke 6.0 and earlier allows
remote attackers to insert arbitrary web script via the
year parameter.
Status: Candidate
Phase: Assigned (20030519)
Reference: BUGTRAQ:20030517 PHP-Nuke code
injection in Yearly Stats at Statistics module
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105319538308834&w=2
Votes:
Name: CVE-2003-0319
Description:
Buffer overflow in the IMAP server (IMAPMax) for
SmartMax MailMax 5.0.10.8 and earlier allows remote
authenticated users to execute arbitrary code via a long
SELECT command.
Status: Candidate
Phase: Assigned (20030519)
Reference: BUGTRAQ:20030517 Buffer overflow
vulnerability found in MailMax version 5
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105319299407291&w=2
Reference: VULNWATCH:20030517 Buffer overflow
vulnerability found in MailMax version 5
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0072.html
Votes:
Name: CVE-2003-0320
Description:
header.php in ttCMS 2.3 and earlier allows remote
attackers to inject arbitrary PHP code by setting the
ttcms_user_admin parameter to "1" and modifying the
admin_root parameter to point to a URL that contains a
Trojan horse header.inc.php script.
Status: Candidate
Phase: Assigned (20030519)
Reference: BUGTRAQ:20030517 Remote code execution
in ttCMS <=v2.3
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105320172212990&w=2
Votes:
Name: CVE-2003-0321
Description:
Multiple buffer overflows in BitchX IRC client 1.0-0c19
and earlier allow remote malicious IRC servers to cause
a denial of service (crash) and possibly execute
arbitrary code via long hostnames, nicknames, or channel
names, which are not properly handled by the functions
(1) send_ctcp, (2) cannot_join_channel, (3) cluster, (4)
BX_compress_modes, (5) handle_oper_vision, and (6)
ban_it.
Status: Candidate
Phase: Assigned (20030519)
Reference: BUGTRAQ:20030313 Buffer overflows in
ircII-based clients
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104766521328322&w=2
Reference: BUGTRAQ:20030324 GLSA: bitchx
(200303-21)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104852615211913&w=2
Reference: DEBIAN:DSA-306
Reference:
URL:http://www.debian.org/security/2003/dsa-306
Reference:
MISC:http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz
Reference: CONECTIVA:CLA-2003:655
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000655
Reference: BID:7096
Reference:
URL:http://www.securityfocus.com/bid/7096
Reference: BID:7097
Reference:
URL:http://www.securityfocus.com/bid/7097
Reference: BID:7099
Reference:
URL:http://www.securityfocus.com/bid/7099
Reference: BID:7100
Reference:
URL:http://www.securityfocus.com/bid/7100
Votes:
Name: CVE-2003-0322
Description:
Integer overflow in BitchX IRC client 1.0-0c19 and
earlier allows remote malicious IRC servers to cause a
denial of service (crash).
Status: Candidate
Phase: Assigned (20030519)
Reference: DEBIAN:DSA-306
Reference:
URL:http://www.debian.org/security/2003/dsa-306
Reference:
MISC:http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz
Votes:
Name: CVE-2003-0323
Description:
Multiple buffer overflows in ircII 20020912 allows
remote malicious IRC servers to cause a denial of
service (crash) and possibly execute arbitrary code via
responses that are not properly fed to the my_strcat
function by (1) ctcp_buffer, (2) cannot_join_channel,
(3) status_make_printable for Statusbar drawing, (4)
create_server_list, and possibly other functions.
Status: Candidate
Phase: Assigned (20030519)
Reference: BUGTRAQ:20030313 Buffer overflows in
ircII-based clients
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104766521328322&w=2
Reference: BUGTRAQ:20030319 [OpenPKG-SA-2003.024]
OpenPKG Security Advisory (ircii)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104808915402926&w=2
Reference: DEBIAN:DSA-291
Reference:
URL:http://www.debian.org/security/2003/dsa-291
Reference: DEBIAN:DSA-298
Reference:
URL:http://www.debian.org/security/2003/dsa-298
Reference: BID:7098
Reference:
URL:http://www.securityfocus.com/bid/7098
Votes:
Name: CVE-2003-0324
Description:
Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows
remote malicious IRC servers to cause a denial of
service (crash) and possibly execute arbitrary code via
long replies that are not properly handled by the (1)
userhost_cmd_returned function, or (2) Statusbar
capability.
Status: Candidate
Phase: Assigned (20030519)
Reference: BUGTRAQ:20030313 Buffer overflows in
ircII-based clients
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104766521328322&w=2
Reference: DEBIAN:DSA-287
Reference:
URL:http://www.debian.org/security/2003/dsa-287
Reference: BID:7091
Reference:
URL:http://www.securityfocus.com/bid/7091
Votes:
Name: CVE-2003-0325
Description:
Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier
allows local users to execute arbitrary code via a long
-server command line argument.
Status: Candidate
Phase: Assigned (20030519)
Reference: BUGTRAQ:20030518 Maelstrom Buffer
Overflow
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105337792703887&w=2
Reference: BUGTRAQ:20030519 Maelstrom exploit
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105344501331344&w=2
Reference: BUGTRAQ:20030520 Maelstrom Local
Buffer Overflow Exploit, FreeBSD 4.8 edition
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105346309123217&w=2
Votes:
Name: CVE-2003-0326
Description:
Integer overflow in parse_decode_path() of slocate may
allow attackers to execute arbitrary code via a
LOCATE_PATH with a large number of ":" (colon)
characters, whose count is used in a call to malloc.
Status: Candidate
Phase: Assigned (20030519)
Reference: BUGTRAQ:20030519 bazarr slocate
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105337692202626&w=2
Reference: BID:7629
Reference:
URL:http://www.securityfocus.com/bid/7629
Votes:
Name: CVE-2003-0327
Description:
Sybase Adaptive Server Enterprise (ASE) 12.5 allows
remote attackers to cause a denial of service (hang) via
a remote password array with an invalid length, which
triggers a heap-based buffer overflow.
Status: Candidate
Phase: Assigned (20030520)
Reference: BUGTRAQ:20031120 R7-0016: Sybase ASE
12.5 Remote Password Array Denial of Service
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106936096103805&w=2
Reference:
MISC:http://www.rapid7.com/advisories/R7-0016.html
Reference: XF:sybase-passwordarray-bo(13800)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/13800
Votes:
Name: CVE-2003-0328
Description:
EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly
later versions, allows remote malicious IRC servers to
cause a denial of service (crash) and possibly execute
arbitrary code via a CTCP request from a large nickname,
which causes an incorrect length calculation.
Status: Candidate
Phase: Assigned (20030520)
Reference:
CONFIRM:ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1
Reference: DEBIAN:DSA-306
Reference:
URL:http://www.debian.org/security/2003/dsa-306
Reference: DEBIAN:DSA-399
Reference:
URL:http://www.debian.org/security/2003/dsa-399
Reference: REDHAT:RHSA-2003:342
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-342.html
Votes:
Name: CVE-2003-0329
Description:
CesarFTP 0.99g stores user names and passwords in
plaintext in the settings.ini file, which could allow
local users to gain privileges.
Status: Candidate
Phase: Assigned (20030520)
Reference: BUGTRAQ:20030520 Plaintext Password in
Settings.ini of CesarFTP
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105344578100315&w=2
Reference: VULNWATCH:20030520 Plaintext Password
in Settings.ini of CesarFTP
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0074.html
Votes:
Name: CVE-2003-0330
Description:
Buffer overflow in unknown versions of Maelstrom allows
local users to execute arbitrary code via a long -player
command line argument.
Status: Candidate
Phase: Assigned (20030520)
Reference: BUGTRAQ:20030520 Maelstrom Local
Buffer Overflow Exploit
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105344891005369&w=2
Reference: SECTRACK:1008832
Reference:
URL:http://www.securitytracker.com/id?1008832
Votes:
Name: CVE-2003-0331
Description:
SQL injection vulnerability in ttForum allows remote
attackers to execute arbitrary SQL and gain ttForum
Administrator privileges via the Ignorelist-Textfield
argument in the Preferences page.
Status: Candidate
Phase: Assigned (20030520)
Reference: BUGTRAQ:20030520 More vulnerabilities
in ttForum/ttCMS -> SQL injection
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105345273210334&w=2
Votes:
Name: CVE-2003-0332
Description:
The ISAPI extension in BadBlue 1.7 through 2.2, and
possibly earlier versions, modifies the first two
letters of a filename extension after performing a
security check, which allows remote attackers to bypass
authentication via a filename with a .ats extension
instead of a .hts extension.
Status: Candidate
Phase: Assigned (20030520)
Reference: BUGTRAQ:20030520 BadBlue Remote
Administrative Interface Access Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105346382524169&w=2
Reference: VULNWATCH:20030520 BadBlue Remote
Administrative Interface Access Vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0075.html
Votes:
Name: CVE-2003-0333
Description:
Multiple buffer overflows in kermit in HP-UX 10.20 and
11.00 (C-Kermit 6.0.192 and possibly other versions
before 8.0) allow local users to gain privileges via
long arguments to (1) ask, (2) askq, (3) define, (4)
assign, and (5) getc, some of which may share the same
underlying function "doask," a different vulnerability
than CVE-2001-0085.
Status: Candidate
Phase: Assigned (20030521)
Reference: BUGTRAQ:20030502 HP-UX 11.0
/usr/bin/kermit
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105189670912220&w=2
Reference: BUGTRAQ:20030502 Re: from bugtraq:
HP-UX 11.0 /usr/bin/kermit (fwd)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105190667523456&w=2
Reference: HP:HPSBUX0305-259
Reference:
URL:http://archives.neohapsis.com/archives/hp/current/0044.html
Reference: CERT-VN:VU#971364
Reference:
URL:http://www.kb.cert.org/vuls/id/971364
Reference: BID:7627
Reference:
URL:http://www.securityfocus.com/bid/7627
Reference: XF:hp-ckermit-bo(11929)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11929
Votes:
Name: CVE-2003-0334
Description:
BitchX IRC client 1.0c20cvs and earlier allows attackers
to cause a denial of service (core dump) via certain
channel mode changes that are not properly handled in
names.c.
Status: Candidate
Phase: Assigned (20030522)
Reference: BUGTRAQ:20030510 BitchX: Crash when
channel modes change
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105259643606984&w=2
Reference: CONECTIVA:CLA-2003:655
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000655
Reference: MANDRAKE:MDKSA-2003:069
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:069
Reference: BID:7551
Reference:
URL:http://www.securityfocus.com/bid/7551
Reference: XF:bitchx-mode-change-dos(12008)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12008
Votes:
Name: CVE-2003-0335
Description:
rc.M in Slackware 9.0 calls quotacheck with the -M
option, which causes the filesystem to be remounted and
possibly reset security-relevant mount flags such as
nosuid, nodev, and noexec.
Status: Candidate
Phase: Assigned (20030522)
Reference: BUGTRAQ:20030522 [slackware-security]
quotacheck security fix in rc.M (SSA:2003-141-06)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105361968110719&w=2
Votes:
Name: CVE-2003-0336
Description:
Qualcomm Eudora 5.2.1 allows remote attackers to read
arbitrary files via an email message with a carriage
return (CR) character in a spoofed "Attachment
Converted:" string, which is not properly handled by
Eudora.
Status: Candidate
Phase: Assigned (20030522)
Reference: BUGTRAQ:20030522 Eudora 5.2.1
attachment spoof
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105362278914731&w=2
Votes:
Name: CVE-2003-0337
Description:
The ckconfig command in lsadmin for Load Sharing
Facility (LSF) 5.1 allows local users to execute
arbitrary programs by modifying the LSF_ENVDIR
environment variable to reference an alternate lsf.conf
file, then modifying LSF_SERVERDIR to point to a
malicious lim program, which lsadmin then executes.
Status: Candidate
Phase: Assigned (20030522)
Reference: BUGTRAQ:20030522 Security advisory:
LSF 5.1 local root exploit
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105361879109409&w=2
Votes:
Name: CVE-2003-0338
Description:
Directory traversal vulnerability in WsMp3 daemon
(WsMp3d) 0.0.10 and earlier allows remote attackers to
read and execute arbitrary files via .. (dot dot)
sequences in HTTP GET or POST requests.
Status: Candidate
Phase: Assigned (20030522)
Reference: BUGTRAQ:20030521 [INetCop Security
Advisory] WsMP3d Directory Traversing Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105353168619211&w=2
Reference: VULNWATCH:20030521 [INetCop Security
Advisory] WsMP3d Directory Traversing Vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0077.html
Votes:
Name: CVE-2003-0339
Description:
Multiple heap-based buffer overflows in WsMp3 daemon
(WsMp3d) 0.0.10 and earlier allow remote attackers to
execute arbitrary code via long HTTP requests.
Status: Candidate
Phase: Assigned (20030522)
Reference: BUGTRAQ:20030522 WsMp3d remote
exploit.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105361764807746&w=2
Reference: BUGTRAQ:20030521 Remote Heap
Corruption Overflow vulnerability in WsMp3d.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105353178019353&w=2
Reference: VULNWATCH:20030521 Remote Heap
Corruption Overflow vulnerability in WsMp3d.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105353178019353&w=2
Votes:
Name: CVE-2003-0340
Description:
Demarc Puresecure 1.6 stores authentication information
for the logging server in plaintext, which allows
attackers to steal login names and passwords to gain
privileges.
Status: Candidate
Phase: Assigned (20030522)
Reference: BUGTRAQ:20030521 Demarc Puresecure
v1.6 - Plaintext password issue -
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2003-05/0230.html
Votes:
Name: CVE-2003-0341
Description:
Cross-site scripting (XSS) vulnerability in Owl Intranet
Engine 0.71 and earlier allows remote attackers to
insert arbitrary script via the Search field.
Status: Candidate
Phase: Assigned (20030522)
Reference: BUGTRAQ:20030521 [AP] Owl Intranet
Engine CSS Bug
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105353266220520&w=2
Votes:
Name: CVE-2003-0342
Description:
BlackMoon FTP Server 2.6 Free Edition, and possibly
other distributions and versions, stores user names and
passwords in plaintext in the blackmoon.mdb file, which
can allow local users to gain privileges.
Status: Candidate
Phase: Assigned (20030522)
Reference: BUGTRAQ:20030520 [[ TH 026 Inc. ]] SA
#4 - Blackmoon FTP Server cleartext passwords and User
enumeration
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105353283720837&w=2
Votes:
Name: CVE-2003-0343
Description:
BlackMoon FTP Server 2.6 Free Edition, and possibly
other distributions and versions, generates an "Account
does not exist" error message when an invalid username
is entered, which makes it easier for remote attackers
to conduct brute force attacks.
Status: Candidate
Phase: Assigned (20030522)
Reference: BUGTRAQ:20030520 [[ TH 026 Inc. ]] SA
#4 - Blackmoon FTP Server cleartext passwords and User
enumeration
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105353283720837&w=2
Votes:
Name: CVE-2003-0344
Description:
Buffer overflow in Microsoft Internet Explorer 5.01,
5.5, and 6.0 allows remote attackers to execute
arbitrary code via / (slash) characters in the Type
property of an Object tag in a web page.
Status: Candidate
Phase: Assigned (20030528)
Reference: BUGTRAQ:20030604 Internet Explorer
Object Type Property Overflow
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105476381609135&w=2
Reference: FULLDISC:20030709 IE Object Type
Overflow Exploit
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html
Reference: EEYE:AD20030604
Reference:
URL:http://www.eeye.com/html/Research/Advisories/AD20030604.html
Reference: MS:MS03-020
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-020.asp
Reference: CERT-VN:VU#679556
Reference:
URL:http://www.kb.cert.org/vuls/id/679556
Reference: OVAL:oval:org.mitre.oval:def:922
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:922
Reference: SECUNIA:8943
Reference: URL:http://secunia.com/advisories/8943
Votes:
Name: CVE-2003-0345
Description:
Buffer overflow in the SMB capability for Microsoft
Windows XP, 2000, and NT allows remote attackers to
cause a denial of service and possibly execute arbitrary
code via an SMB packet that specifies a smaller buffer
length than is required.
Status: Candidate
Phase: Assigned (20030528)
Reference: MS:MS03-024
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-024.asp
Reference: CERT-VN:VU#337764
Reference:
URL:http://www.kb.cert.org/vuls/id/337764
Reference: OVAL:oval:org.mitre.oval:def:146
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:146
Reference: XF:win-smb-bo(12544)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12544
Reference: BID:8152
Reference:
URL:http://www.securityfocus.com/bid/8152
Reference: OVAL:oval:org.mitre.oval:def:118
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:118
Reference: OVAL:oval:org.mitre.oval:def:3391
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3391
Reference: SECTRACK:1007154
Reference:
URL:http://securitytracker.com/id?1007154
Reference: SECUNIA:9225
Reference: URL:http://secunia.com/advisories/9225
Votes:
Name: CVE-2003-0346
Description:
Multiple integer overflows in a Microsoft Windows
DirectX MIDI library (QUARTZ.DLL) allow remote attackers
to execute arbitrary code via a MIDI (.mid) file with
(1) large length for a Text or Copyright string, or (2)
a large number of tracks, which leads to a heap-based
buffer overflow.
Status: Candidate
Phase: Assigned (20030528)
Reference: BUGTRAQ:20030723 EEYE: Windows MIDI
Decoder (QUARTZ.DLL) Heap Corruption
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105899759824008&w=2
Reference: MS:MS03-030
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/MS03-030.asp
Reference: CERT:CA-2003-18
Reference:
URL:http://www.cert.org/advisories/CA-2003-18.html
Reference: CERT-VN:VU#561284
Reference:
URL:http://www.kb.cert.org/vuls/id/561284
Reference: CERT-VN:VU#265232
Reference:
URL:http://www.kb.cert.org/vuls/id/265232
Reference: OVAL:oval:org.mitre.oval:def:218
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:218
Reference: OVAL:oval:org.mitre.oval:def:1095
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1095
Reference: OVAL:oval:org.mitre.oval:def:1104
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1104
Votes:
Name: CVE-2003-0347
Description:
Heap-based buffer overflow in VBE.DLL and VBE6.DLL of
Microsoft Visual Basic for Applications (VBA) SDK 5.0
through 6.3 allows remote attackers to execute arbitrary
code via a document with a long ID parameter.
Status: Candidate
Phase: Assigned (20030528)
Reference: VULNWATCH:20030903 EEYE: VBE Document
Property Buffer Overflow
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html
Reference: BUGTRAQ:20030903 EEYE: VBE Document
Property Buffer Overflow
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106262077829157&w=2
Reference: MS:MS03-037
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-037.asp
Reference: CERT-VN:VU#804780
Reference:
URL:http://www.kb.cert.org/vuls/id/804780
Reference: BID:8534
Reference:
URL:http://www.securityfocus.com/bid/8534
Reference: SECUNIA:9666
Reference: URL:http://secunia.com/advisories/9666
Votes:
Name: CVE-2003-0348
Description:
A certain Microsoft Windows Media Player 9 Series
ActiveX control allows remote attackers to view and
manipulate the Media Library on the local system via
HTML script.
Status: Candidate
Phase: Assigned (20030528)
Reference: MS:MS03-021
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-021.asp
Reference: CERT-VN:VU#320516
Reference:
URL:http://www.kb.cert.org/vuls/id/320516
Reference: BID:8034
Reference:
URL:http://www.securityfocus.com/bid/8034
Reference:
XF:mediaplayer-activex-obtain-information(12440)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12440
Votes:
Name: CVE-2003-0349
Description:
Buffer overflow in the streaming media component for
logging multicast requests in the ISAPI for the logging
capability of Microsoft Windows Media Services
(nsiislog.dll), as installed in IIS 5.0, allows remote
attackers to execute arbitrary code via a large POST
request to nsiislog.dll.
Status: Candidate
Phase: Assigned (20030528)
Reference: NTBUGTRAQ:20030626 Windows Media
Services Remote Command Execution #2
Reference:
URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0306&L=NTBUGTRAQ&P=R4563
Reference: BUGTRAQ:20030626 Windows Media
Services Remote Command Execution #2
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105665030925504&w=2
Reference: MS:MS03-022
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-022.asp
Reference: CERT-VN:VU#113716
Reference:
URL:http://www.kb.cert.org/vuls/id/113716
Reference: OVAL:oval:org.mitre.oval:def:938
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:938
Reference: SECTRACK:1007059
Reference:
URL:http://securitytracker.com/id?1007059
Reference: SECUNIA:9115
Reference: URL:http://secunia.com/advisories/9115
Votes:
Name: CVE-2003-0350
Description:
The control for listing accessibility options in the
Accessibility Utility Manager on Windows 2000 (ListView)
does not properly handle Windows messages, which allows
local users to execute arbitrary code via a "Shatter"
style message to the Utility Manager that references a
user-controlled callback function.
Status: Candidate
Phase: Assigned (20030528)
Reference: VULNWATCH:20030709 Microsoft Utility
Manager Local Privilege Escalation
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0015.html
Reference: BUGTRAQ:20030709 Microsoft Utility
Manager Local Privilege Escalation
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105777681615939&w=2
Reference:
MISC:http://www.ngssoftware.com/advisories/utilitymanager.txt
Reference: MS:MS03-025
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/ms03-025.asp
Reference: XF:win2k-accessibility-gain-privileges
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12543
Reference: BID:8154
Reference:
URL:http://www.securityfocus.com/bid/8154
Reference: OVAL:oval:org.mitre.oval:def:451
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:451
Votes:
Name: CVE-2003-0351
Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER.
ConsultIDs: CVE-2003-0306. Reason: This candidate is a
reservation duplicate of CVE-2003-0306. Notes: All CVE
users should reference CVE-2003-0306 instead of this
candidate. All references and descriptions in this
candidate have been removed to prevent accidental usage.
Status: Candidate
Phase: Assigned (20030528)
Votes:
Name: CVE-2003-0352
Description:
Buffer overflow in a certain DCOM interface for RPC in
Microsoft Windows NT 4.0, 2000, XP, and Server 2003
allows remote attackers to execute arbitrary code via a
malformed message, as exploited by the
Blaster/MSblast/LovSAN and Nachi/Welchia worms.
Status: Candidate
Phase: Assigned (20030528)
Reference: BUGTRAQ:20030716 [LSD] Critical
security vulnerability in Microsoft Operating Systems
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105838687731618&w=2
Reference: BUGTRAQ:20030725 The Analysis of LSD's
Buffer Overrun in Windows RPC Interface(code revised )
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105914789527294&w=2
Reference: FULLDISC:20030726 Re: The French
BUGTRAQ (New Win RPC Exploit)
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.html
Reference: FULLDISC:20030730 rpcdcom Universal
offsets
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.html
Reference:
MISC:http://www.xfocus.org/documents/200307/2.html
Reference: MS:MS03-026
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
Reference: CERT:CA-2003-16
Reference:
URL:http://www.cert.org/advisories/CA-2003-16.html
Reference: CERT:CA-2003-19
Reference:
URL:http://www.cert.org/advisories/CA-2003-19.html
Reference: CERT-VN:VU#568148
Reference:
URL:http://www.kb.cert.org/vuls/id/568148
Reference: OVAL:oval:org.mitre.oval:def:194
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:194
Reference: OVAL:oval:org.mitre.oval:def:2343
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2343
Reference: XF:win-rpc-dcom-bo(12629)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12629
Reference: BID:8205
Reference:
URL:http://www.securityfocus.com/bid/8205
Reference: OVAL:oval:org.mitre.oval:def:296
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:296
Votes:
Name: CVE-2003-0353
Description:
Buffer overflow in a component of SQL-DMO for Microsoft
Data Access Components (MDAC) 2.5 through 2.7 allows
remote attackers to execute arbitrary code via a long
response to a broadcast request to UDP port 1434.
Status: Candidate
Phase: Assigned (20030528)
Reference: BUGTRAQ:20030821 AppSecInc Security
Alert: Buffer Overflow in UDP broadcasts for Microsoft
SQL Server client utilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106149556627778&w=2
Reference: NTBUGTRAQ:20030821 AppSecInc Security
Alert: Buffer Overflow in UDP broadcasts for Microsoft
SQL Server client utilities
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=106251069107953&w=2
Reference: MS:MS03-033
Reference:
URL:http://www.microsoft.com/technet/security/bulletin/MS03-033.asp
Reference: OVAL:oval:org.mitre.oval:def:1039
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1039
Reference: OVAL:oval:org.mitre.oval:def:961
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:961
Reference: OVAL:oval:org.mitre.oval:def:962
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:962
Votes:
Name: CVE-2003-0354
Description:
Unknown vulnerability in GNU Ghostscript before 7.07
allows attackers to execute arbitrary commands, even
when -dSAFER is enabled, via a PostScript file that
causes the commands to be executed from a malicious
print job.
Status: Candidate
Phase: Assigned (20030529)
Reference: REDHAT:RHSA-2003:181
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-181.html
Reference: REDHAT:RHSA-2003:182
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-182.html
Reference: MANDRAKE:MDKSA-2003:065
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:065
Reference: BUGTRAQ:20030603 [OpenPKG-SA-2003.030]
OpenPKG Security Advisory (ghostscript)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105465818929172&w=2
Reference: OVAL:oval:org.mitre.oval:def:133
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:133
Votes:
Name: CVE-2003-0355
Description:
Safari 1.0 Beta 2 (v73) and earlier does not validate
the Common Name (CN) field for X.509 Certificates, which
could allow remote attackers to spoof certificates.
Status: Candidate
Phase: Assigned (20030529)
Reference: BUGTRAQ:20030507 Problem: Multiple Web
Browsers do not do not validate CN on certificates.
Reference:
URL:http://www.securityfocus.com/archive/1/320707
Votes:
Name: CVE-2003-0356
Description:
Multiple off-by-one vulnerabilities in Ethereal 0.9.11
and earlier allow remote attackers to cause a denial of
service and possibly execute arbitrary code via the (1)
AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake,
(6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP,
and (11) TSP dissectors, which do not properly use the
tvb_get_nstringz and tvb_get_nstringz0 functions.
Status: Candidate
Phase: Assigned (20030529)
Reference:
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00009.html
Reference: DEBIAN:DSA-313
Reference:
URL:http://www.debian.org/security/2003/dsa-313
Reference: MANDRAKE:MDKSA-2003:067
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:067
Reference: REDHAT:RHSA-2003:077
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-077.html
Reference: CERT-VN:VU#641013
Reference:
URL:http://www.kb.cert.org/vuls/id/641013
Reference: OVAL:oval:org.mitre.oval:def:69
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:69
Votes:
Name: CVE-2003-0357
Description:
Multiple integer overflow vulnerabilities in Ethereal
0.9.11 and earlier allow remote attackers to cause a
denial of service and possibly execute arbitrary code
via the (1) Mount and (2) PPP dissectors.
Status: Candidate
Phase: Assigned (20030529)
Reference:
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00009.html
Reference: DEBIAN:DSA-313
Reference:
URL:http://www.debian.org/security/2003/dsa-313
Reference: MANDRAKE:MDKSA-2003:067
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:067
Reference: REDHAT:RHSA-2003:077
Reference:
URL:http://rhn.redhat.com/errata/RHSA-2003-077.html
Reference: CERT-VN:VU#232164
Reference:
URL:http://www.kb.cert.org/vuls/id/232164
Reference: CERT-VN:VU#361700
Reference:
URL:http://www.kb.cert.org/vuls/id/361700
Reference: BID:7494
Reference:
URL:http://www.securityfocus.com/bid/7494
Reference: BID:7495
Reference:
URL:http://www.securityfocus.com/bid/7495
Reference: OVAL:oval:org.mitre.oval:def:73
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:73
Votes:
Name: CVE-2003-0358
Description:
Buffer overflow in (1) nethack 3.4.0 and earlier, and
(2) falconseye 1.9.3 and earlier, which is based on
nethack, allows local users to gain privileges via a
long -s command line option.
Status: Candidate
Phase: Assigned (20030529)
Reference: BUGTRAQ:20030209 #!ICadv-02.09.03:
nethack 3.4.0 local buffer overflow
Reference:
URL:http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0
Reference:
CONFIRM:http://nethack.sourceforge.net/v340/bugmore/secpatch.txt
Reference: DEBIAN:DSA-316
Reference:
URL:http://www.debian.org/security/2003/dsa-316
Reference: DEBIAN:DSA-350
Reference:
URL:http://www.debian.org/security/2003/dsa-350
Reference: BID:6806
Reference:
URL:http://www.securityfocus.com/bid/6806
Reference: XF:nethack-s-command-bo(11283)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11283
Votes:
Name: CVE-2003-0359
Description:
nethack 3.4.0 and earlier installs certain setgid
binaries with insecure permissions, which allows local
users to gain privileges by replacing the original
binaries with malicious code.
Status: Candidate
Phase: Assigned (20030529)
Reference: DEBIAN:DSA-316
Reference:
URL:http://www.debian.org/security/2003/dsa-316
Votes:
Name: CVE-2003-0360
Description:
Multiple buffer overflows in gPS before 1.0.0 allow
attackers to cause a denial of service and possibly
execute arbitrary code.
Status: Candidate
Phase: Assigned (20030529)
Reference: DEBIAN:DSA-307
Reference:
URL:http://www.debian.org/security/2003/dsa-307
Reference:
CONFIRM:http://gps.seul.org/changelog.html
Votes:
Name: CVE-2003-0361
Description:
gPS before 1.1.0 does not properly follow the rgpsp
connection source acceptation policy as specified in the
rgpsp.conf file, which could allow unauthorized remote
attackers to connect to rgpsp.
Status: Candidate
Phase: Assigned (20030529)
Reference: DEBIAN:DSA-307
Reference:
URL:http://www.debian.org/security/2003/dsa-307
Reference:
CONFIRM:http://gps.seul.org/changelog.html
Votes:
Name: CVE-2003-0362
Description:
Buffer overflow in gPS before 0.10.2 may allow local
users to cause a denial of service (SIGSEGV) in rgpsp
via long command lines.
Status: Candidate
Phase: Assigned (20030529)
Reference: DEBIAN:DSA-307
Reference:
URL:http://www.debian.org/security/2003/dsa-307
Reference:
CONFIRM:http://gps.seul.org/changelog.html
Votes:
Name: CVE-2003-0363
Description:
Format string vulnerability in LICQ 1.2.6, 1.0.3 and
possibly other versions allows remote attackers to
perform unknown actions via format string specifiers.
Status: Candidate
Phase: Assigned (20030530)
Reference:
MISC:http://csdl.computer.org/comp/proceedings/hicss/2004/2056/09/205690277.pdf
Votes:
Name: CVE-2003-0364
Description:
The TCP/IP fragment reassembly handling in the Linux
kernel 2.4 allows remote attackers to cause a denial of
service (CPU consumption) via certain packets that cause
a large number of hash table collisions.
Status: Candidate
Phase: Assigned (20030530)
Reference: REDHAT:RHSA-2003:187
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-187.html
Reference: REDHAT:RHSA-2003:195
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-195.html
Reference: REDHAT:RHSA-2003:198
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
Reference: DEBIAN:DSA-311
Reference:
URL:http://www.debian.org/security/2003/dsa-311
Reference: DEBIAN:DSA-312
Reference:
URL:http://www.debian.org/security/2003/dsa-312
Reference: DEBIAN:DSA-332
Reference:
URL:http://www.debian.org/security/2003/dsa-332
Reference: DEBIAN:DSA-336
Reference:
URL:http://www.debian.org/security/2003/dsa-336
Reference: DEBIAN:DSA-442
Reference:
URL:http://www.debian.org/security/2004/dsa-442
Reference: TURBO:TLSA-2003-41
Reference:
URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
Reference: OVAL:oval:org.mitre.oval:def:295
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:295
Votes:
Name: CVE-2003-0365
Description:
ICQLite 2003a creates the ICQ Lite directory with an ACE
for "Full Control" privileges for Interactive Users,
which allows local users to gain privileges as other
users by replacing the executables with malicious
programs.
Status: Candidate
Phase: Assigned (20030530)
Reference: BUGTRAQ:20030529 ICQLite executable
trojaning
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105427404625027&w=2
Votes:
Name: CVE-2003-0366
Description:
lyskom-server 2.0.7 and earlier allows unauthenticated
users to cause a denial of service (CPU consumption) via
a large query.
Status: Candidate
Phase: Assigned (20030601)
Reference: DEBIAN:DSA-318
Reference:
URL:http://www.debian.org/security/2003/dsa-318
Votes:
Name: CVE-2003-0367
Description:
znew in the gzip package allows local users to overwrite
arbitrary files via a symlink attack on temporary files.
Status: Candidate
Phase: Assigned (20030601)
Reference: DEBIAN:DSA-308
Reference:
URL:http://www.debian.org/security/2003/dsa-308
Reference: MANDRAKE:MDKSA-2003:068
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:068
Reference:
CONFIRM:http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html
Reference: TURBO:TLSA-2003-38
Reference:
URL:http://www.turbolinux.com/security/TLSA-2003-38.txt
Reference: BID:7872
Reference:
URL:http://www.securityfocus.com/bid/7872
Votes:
Name: CVE-2003-0368
Description:
Nokia Gateway GPRS support node (GGSN) allows remote
attackers to cause a denial of service (kernel panic)
via a malformed IP packet with a 0xFF TCP option.
Status: Candidate
Phase: Assigned (20030602)
Reference: ATSTAKE:A060903-1
Reference:
URL:http://www.atstake.com/research/advisories/2003/a060903-1.txt
Reference: CERT-VN:VU#924812
Reference:
URL:http://www.kb.cert.org/vuls/id/924812
Reference: BID:7854
Reference:
URL:http://www.securityfocus.com/bid/7854
Reference: XF:nokia-ggsn-ip-dos(12221)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12221
Votes:
Name: CVE-2003-0369
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030602)
Votes:
Name: CVE-2003-0370
Description:
Konqueror Embedded and KDE 2.2.2 and earlier does not
validate the Common Name (CN) field for X.509
Certificates, which could allow remote attackers to
spoof certificates via a man-in-the-middle attack.
Status: Candidate
Phase: Assigned (20030603)
Reference:
CONFIRM:http://www.kde.org/info/security/advisory-20030602-1.txt
Reference: FULLDISC:20030510 [forward]Apple
Safari and Konqueror Embedded Common Name Verification
Vulnerability
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html
Reference: BUGTRAQ:20030507 Problem: Multiple Web
Browsers do not do not validate CN on certificates.
Reference:
URL:http://www.securityfocus.com/archive/1/320707
Reference: REDHAT:RHSA-2003:192
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-192.html
Reference: REDHAT:RHSA-2003:193
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-193.html
Reference: TURBO:TLSA-2003-36
Reference:
URL:http://www.turbolinux.com/security/TLSA-2003-36.txt
Reference: DEBIAN:DSA-361
Reference:
URL:http://www.debian.org/security/2003/dsa-361
Reference: BID:7520
Reference:
URL:http://www.securityfocus.com/bid/7520
Votes:
Name: CVE-2003-0371
Description:
Buffer overflow in Prishtina FTP client 1.x allows
remote FTP servers to cause a denial of service (crash)
and possibly execute arbitrary code via a long FTP
banner.
Status: Candidate
Phase: Assigned (20030604)
Reference: BUGTRAQ:20030522 Prishtina FTP v.1.*:
remote DoS
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105370592729044&w=2
Votes:
Name: CVE-2003-0372
Description:
Signed integer vulnerability in libnasl in Nessus before
2.0.6 allows local users with plugin upload privileges
to cause a denial of service (core dump) and possibly
execute arbitrary code by causing a negative argument to
be provided to the insstr function as used in a NASL
script.
Status: Candidate
Phase: Assigned (20030604)
Reference: BUGTRAQ:20030522 Potential security
vulnerability in Nessus
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105364059803427&w=2
Reference: BUGTRAQ:20030523 nessus NASL scripting
engine security issues
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105369506714849&w=2
Reference: BID:7664
Reference:
URL:http://www.securityfocus.com/bid/7664
Votes:
Name: CVE-2003-0373
Description:
Multiple buffer overflows in libnasl in Nessus before
2.0.6 allow local users with plugin upload privileges to
cause a denial of service (core dump) and possibly
execute arbitrary code via (1) a long proto argument to
the scanner_add_port function, (2) a long user argument
to the ftp_log_in function, (3) a long pass argument to
the ftp_log_in function.
Status: Candidate
Phase: Assigned (20030604)
Reference: BUGTRAQ:20030522 Potential security
vulnerability in Nessus
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105364059803427&w=2
Reference: BUGTRAQ:20030523 nessus NASL scripting
engine security issues
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105369506714849&w=2
Reference: BID:7664
Reference:
URL:http://www.securityfocus.com/bid/7664
Votes:
Name: CVE-2003-0374
Description:
Multiple unknown vulnerabilities in Nessus before 2.0.6,
in libnessus and possibly libnasl, a different set of
vulnerabilities than those identified by CVE-2003-0372
and CVE-2003-0373, aka "similar issues in other nasl
functions as well as in libnessus."
Status: Candidate
Phase: Assigned (20030604)
Reference: BUGTRAQ:20030522 Potential security
vulnerability in Nessus
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105364059803427&w=2
Reference: BID:7664
Reference:
URL:http://www.securityfocus.com/bid/7664
Votes:
Name: CVE-2003-0375
Description:
Cross-site scripting (XSS) vulnerability in member.php
of XMBforum XMB 1.8.x (aka Partagium) allows remote
attackers to insert arbitrary HTML and web script via
the "member" parameter.
Status: Candidate
Phase: Assigned (20030604)
Reference: BUGTRAQ:20030522 XMB 1.8 Partagium
cross site scripting vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105363936402228&w=2
Reference:
MISC:http://forums.xmbforum.com/viewthread.php?tid=773046
Reference: BID:7662
Reference:
URL:http://www.securityfocus.com/bid/7662
Votes:
Name: CVE-2003-0376
Description:
Buffer overflow in Eudora 5.2.1 allows remote attackers
to cause a denial of service (crash and failed restart)
and possibly execute arbitrary code via an Attachment
Converted argument with a large number of . (dot)
characters.
Status: Candidate
Phase: Assigned (20030604)
Reference: BUGTRAQ:20030523 Eudora 5.2.1 buffer
overflow DoS
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105370625529452&w=2
Votes:
Name: CVE-2003-0377
Description:
SQL injection vulnerability in the web-based
administration interface for iisPROTECT 2.2-r4, and
possibly earlier versions, allows remote attackers to
insert arbitrary SQL and execute code via certain
variables, as demonstrated using the GroupName variable
in SiteAdmin.ASP.
Status: Candidate
Phase: Assigned (20030604)
Reference: BUGTRAQ:20030523 iisPROTECT SQL
injection in admin interface
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105370528728225&w=2
Votes:
Name: CVE-2003-0378
Description:
The Kerberos login authentication feature in Mac OS X,
when used with an LDAPv3 server and LDAP bind
authentication, may send cleartext passwords to the LDAP
server when the AuthenticationAuthority attribute is not
set.
Status: Candidate
Phase: Assigned (20030605)
Reference:
CONFIRM:http://docs.info.apple.com/article.html?artnum=107579
Reference: CERT-VN:VU#467828
Reference:
URL:http://www.kb.cert.org/vuls/id/467828
Votes:
Name: CVE-2003-0379
Description:
Unknown vulnerability in Apple File Service (AFP Server)
for Mac OS X Server, when sharing files on a UFS or
re-shared NFS volume, allows remote attackers to
overwrite arbitrary files.
Status: Candidate
Phase: Assigned (20030609)
Reference:
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00030.html
Votes:
Name: CVE-2003-0380
Description:
Buffer overflow in atftp daemon (atftpd) 0.6.1 and
earlier, and possibly later versions, allows remote
attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a long filename.
Status: Candidate
Phase: Assigned (20030609)
Reference: VULN-DEV:20030604 possible remote
buffer overflow in atftpd
Reference:
URL:http://www.securityfocus.com/archive/82/323886/2003-06-02/2003-06-08/0
Reference: BUGTRAQ:20030606 atftpd bug
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2003-06/0056.html
Reference: DEBIAN:DSA-314
Reference:
URL:http://www.debian.org/security/2003/dsa-314
Votes:
Name: CVE-2003-0381
Description:
Multiple vulnerabilities in noweb 2.9 and earlier
creates temporary files insecurely, which allows local
users to overwrite arbitrary files via multiple vectors
including the noroff script.
Status: Candidate
Phase: Assigned (20030609)
Reference: DEBIAN:DSA-323
Reference:
URL:http://www.debian.org/security/2003/dsa-323
Votes:
Name: CVE-2003-0382
Description:
Buffer overflow in Eterm 0.9.2 allows local users to
gain privileges via a long ETERMPATH environment
variable.
Status: Candidate
Phase: Assigned (20030609)
Reference: BUGTRAQ:20030509 BAZARR CODE NINER
PINK TEAM GO GO GO
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105427580626001&w=2
Reference: DEBIAN:DSA-309
Reference:
URL:http://www.debian.org/security/2003/dsa-309
Reference: BID:7708
Reference:
URL:http://www.securityfocus.com/bid/7708
Votes:
Name: CVE-2003-0384
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030609)
Votes:
Name: CVE-2003-0385
Description:
Buffer overflow in xaos 3.0-23 and earlier, when running
setuid, allows local users to gain root privileges via a
long -language option.
Status: Candidate
Phase: Assigned (20030609)
Reference: BUGTRAQ:20030605 BAZARR LOCAL ROOT
AGAIN. HI GUYS. DONT READ THIS
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105491469815197&w=2
Reference: DEBIAN:DSA-310
Reference:
URL:http://www.debian.org/security/2003/dsa-310
Votes:
Name: CVE-2003-0386
Description:
OpenSSH 3.6.1 and earlier, when restricting host access
by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and
"user@host" address restrictions by connecting to a host
from a system whose reverse DNS hostname contains the
numeric IP address.
Status: Candidate
Phase: Assigned (20030609)
Reference: BUGTRAQ:20030605 OpenSSH remote clent
address restriction circumvention
Reference:
URL:http://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0
Reference:
CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm
Reference:
CONFIRM:http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
Reference:
CONFIRM:http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
Reference: REDHAT:RHSA-2006:0298
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2006-0298.html
Reference: REDHAT:RHSA-2006:0698
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2006-0698.html
Reference: SGI:20060703-01-P
Reference:
URL:ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
Reference: CERT-VN:VU#978316
Reference:
URL:http://www.kb.cert.org/vuls/id/978316
Reference:
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
Reference: BID:7831
Reference:
URL:http://www.securityfocus.com/bid/7831
Reference: SECUNIA:21129
Reference:
URL:http://secunia.com/advisories/21129
Reference: SECUNIA:21262
Reference:
URL:http://secunia.com/advisories/21262
Reference: SECUNIA:21724
Reference:
URL:http://secunia.com/advisories/21724
Reference: SECUNIA:22196
Reference:
URL:http://secunia.com/advisories/22196
Reference: SECUNIA:23680
Reference:
URL:http://secunia.com/advisories/23680
Votes:
Name: CVE-2003-0387
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030609)
Votes:
Name: CVE-2003-0388
Description:
pam_wheel in Linux-PAM 0.78, with the trust option
enabled and the use_uid option disabled, allows local
users to spoof log entries and gain privileges by
causing getlogin() to return a spoofed user name.
Status: Candidate
Phase: Assigned (20030609)
Reference: BUGTRAQ:20030616 FW: iDEFENSE Security
Advisory 06.16.03: Linux-PAM getlogin() Spoofing
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105577915506761&w=2
Reference:
MISC:http://www.idefense.com/advisory/06.16.03.txt
Reference: REDHAT:RHSA-2004:304
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2004-304.html
Votes:
Name: CVE-2003-0389
Description:
Cross-site scripting (XSS) vulnerability in the secure
redirect function of RSA ACE/Agent 5.0 for Windows, and
5.x for Web, allows remote attackers to insert arbitrary
web script and possibly cause users to enter a
passphrase via a GET request containing the script.
Status: Candidate
Phase: Assigned (20030609)
Reference: VULNWATCH:20030619 R7-0014: RSA
SecurID ACE Agent Cross Site Scripting
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0112.html
Reference:
MISC:http://www.rapid7.com/advisories/R7-0014.html
Votes:
Name: CVE-2003-0390
Description:
Multiple buffer overflows in Options Parsing Tool (OPT)
shared library 3.18 and earlier, when used in setuid
programs, may allow local users to execute arbitrary
code via long command line options that are fed into
macros such as opt_warn_2, as used in functions such as
opt_atoi.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030424 SRT2003-04-24-1532 -
Options Parsing Tool library buffer overflows.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105121918523320&w=2
Reference: BUGTRAQ:20030523 Re: Options Parsing
Tool library buffer overflows.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105371246204866&w=2
Reference:
CONFIRM:http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gz
Votes:
Name: CVE-2003-0391
Description:
Format string vulnerability in Magic WinMail Server 2.3,
and possibly other 2.x versions, allows remote attackers
to cause a denial of service (crash) and possibly
execute arbitrary code via format string specifiers in
the PASS command.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030523 Magic Winmail Server
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105370528428222&w=2
Reference:
MISC:http://www.magicwinmail.net/changelog.asp
Votes:
Name: CVE-2003-0392
Description:
Directory traversal vulnerability in ST FTP Service 3.0
allows remote attackers to list arbitrary directories
via a CD command with a DoS drive letter argument (e.g.
E:).
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030523 ST FTP Service v3.0:
directory traversal
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105372353017778&w=2
Votes:
Name: CVE-2003-0393
Description:
Privacyware Privatefirewall 3.0 does not block certain
incoming packets when in "Filter Internet Traffic" or
Deny Internet Traffic" modes, which allows remote
attackers to identify running services via FIN scans or
Xmas scans.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030524 Some problems in
Privatefirewall 3.0
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105380229532320&w=2
Reference: BID:7700
Reference:
URL:http://www.securityfocus.com/bid/7700
Votes:
Name: CVE-2003-0394
Description:
objects.inc.php4 in BLNews 2.1.3 allows remote attackers
to execute arbitrary PHP code via a Server[path]
parameter that points to malicious code on an
attacker-controlled web site.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030524 PHP source code
injection in BLNews
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105379530927567&w=2
Reference: BID:7677
Reference:
URL:http://www.securityfocus.com/bid/7677
Votes:
Name: CVE-2003-0395
Description:
Ultimate PHP Board (UPB) 1.9 allows remote attackers to
execute arbitrary PHP code with UPB administrator
privileges via an HTTP request containing the code in
the User-Agent header, which is executed when the
administrator executes admin_iplog.php.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030524 UPB: Discussion
Board/Web-Site Takeover
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105379741528925&w=2
Reference:
MISC:http://f0kp.iplus.ru/bz/024.en.txt
Votes:
Name: CVE-2003-0396
Description:
Buffer overflow in les for ATM on Linux (linux-atm)
before 2.4.1, if used setuid, allows local users to gain
privileges via a long -f command line argument.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030428 ATM on Linux Exploit
Code Release (les, local)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105154433926396&w=2
Reference:
MISC:http://www.securiteam.com/exploits/5EP0M1P9PO.html
Reference: BUGTRAQ:20030524 ATM on linux
Exploit(les,local)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105405560021979&w=2
Reference:
MISC:http://sourceforge.net/project/shownotes.php?release_id=156242
Reference: BID:7437
Reference:
URL:http://www.securityfocus.com/bid/7437
Reference: XF:atmonlinux-les-command-bo(11903)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/11903
Votes:
Name: CVE-2003-0397
Description:
Buffer overflow in FastTrack (FT) network code, as used
in Kazaa 2.0.2 and possibly other versions and products,
allows remote attackers to execute arbitrary code via a
packet containing a large list of supernodes, aka
"Packet 0' death."
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526 The PACKET 0' DEATH
FastTrack network vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105405708923565&w=2
Reference: XF:fastrack-packet-0-bo(12086)
Reference:
URL:http://www.iss.net/security_center/static/12086.php
Reference: BID:7680
Reference:
URL:http://www.securityfocus.com/bid/7680
Votes:
Name: CVE-2003-0398
Description:
Vignette StoryServer 4 and 5, and Vignette V/5 and V/6,
with the SSI EXEC feature enabled, allows remote
attackers to execute arbitrary code via a text variable
to a Vignette Application that is later displayed.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526 S21SEC-016 - Vignette
SSI Injection
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105405734223874&w=2
Reference:
MISC:http://www.s21sec.com/es/avisos/s21sec-016-en.txt
Reference:
XF:vignette-ssi-command-execution(12077)
Reference:
URL:http://www.iss.net/security_center/static/12077.php
Reference: BID:7685
Reference:
URL:http://www.securityfocus.com/bid/7685
Votes:
Name: CVE-2003-0399
Description:
Vignette StoryServer 4 and 5, Vignette V/5, and possibly
other versions allows remote attackers to perform
unauthorized SELECT queries by setting the vgn_creds
cookie to an arbitrary value and directly accessing the
save template.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526 S21SEC-017 - Vignette
/vgn/legacy/save SQL access
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105405874325673&w=2
Reference:
MISC:http://www.s21sec.com/es/avisos/s21sec-017-en.txt
Reference:
XF:vignette-save-obtain-information(12076)
Reference:
URL:http://www.iss.net/security_center/static/12076.php
Reference: BID:7683
Reference:
URL:http://www.securityfocus.com/bid/7683
Votes:
Name: CVE-2003-0400
Description:
Vignette StoryServer and Vignette V/5 does not properly
calculate the size of text variables, which causes
Vignette to return unauthorized portions of memory, as
demonstrated using the "-->" string in a CookieName
argument to the login template, referred to as a "memory
leak" in some reports.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526 S21SEC-018 - Vignette
memory leak AIX Platform
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105405985126857&w=2
Reference:
MISC:http://www.s21sec.com/es/avisos/s21sec-018-en.txt
Reference: XF:vignette-memory-leak(12075)
Reference:
URL:http://www.iss.net/security_center/static/12075.php
Reference: BID:7684
Reference:
URL:http://www.securityfocus.com/bid/7684
Votes:
Name: CVE-2003-0401
Description:
Vignette StoryServer and Vignette V/5 allows remote
attackers to obtain sensitive information via a request
for the /vgn/style template.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526 S21SEC-019 - Vignette
/vgn/style internal information leak
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105405793324661&w=2
Reference:
MISC:http://www.s21sec.com/es/avisos/s21sec-019-en.txt
Reference:
XF:vignette-style-info-disclosure(12074)
Reference:
URL:http://www.iss.net/security_center/static/12074.php
Reference: BID:7688
Reference:
URL:http://www.securityfocus.com/bid/7688
Votes:
Name: CVE-2003-0402
Description:
The default login template (/vgn/login) in Vignette
StoryServer 5 and Vignette V/5 generates different
responses whether a user exists or not, which allows
remote attackers to identify valid usernames via brute
force attacks.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526 S21SEC-020 - Vignette
user enumeration
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105405880325755&w=2
Reference:
MISC:http://www.s21sec.com/en/avisos/s21sec-020-en.txt
Reference:
XF:vignette-login-account-bruteforce(12073)
Reference:
URL:http://www.iss.net/security_center/static/12073.php
Reference: BID:7691
Reference:
URL:http://www.securityfocus.com/bid/7691
Votes:
Name: CVE-2003-0403
Description:
Vignette StoryServer 5 and Vignette V/5 allows remote
attackers to read and modify license information, and
cause a denial of service (service halt) by directly
accessing the /vgn/license template.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526 S21SEC-021 - Vignette
License access and modification
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105405789924612&w=2
Reference:
MISC:http://www.s21sec.com/es/avisos/s21sec-021-en.txt
Reference:
XF:vignette-license-modification(12072)
Reference:
URL:http://www.iss.net/security_center/static/12072.php
Reference: BID:7694
Reference:
URL:http://www.securityfocus.com/bid/7694
Votes:
Name: CVE-2003-0404
Description:
Multiple Cross Site Scripting (XSS) vulnerabilities in
Vignette StoryServer 4 and 5, and Vignette V/5 and V/6,
allow remote attackers to insert arbitrary HTML and
script via text variables, as demonstrated using the
errInfo parameter of the default login template.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526 S21SEC-023 - Vignette
multiple Cross Site Scripting vulnerabilities
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105406028027360&w=2
Reference:
MISC:http://www.s21sec.com/es/avisos/s21sec-023-en.txt
Reference: XF:vignette-multiple-xss(12071)
Reference:
URL:http://www.iss.net/security_center/static/12071.php
Reference: BID:7687
Reference:
URL:http://www.securityfocus.com/bid/7687
Votes:
Name: CVE-2003-0405
Description:
Vignette StoryServer 5 and Vignette V/6 allows remote
attackers to execute arbitrary TCL code via (1) an HTTP
query or cookie which is processed in the NEEDS command,
or (2) an HTTP Referrer that is processed in the
VALID_PATHS command.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526 S21SEC-024 - Vignette
TCL Injection
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105405922826197&w=2
Reference:
MISC:http://www.s21sec.com/es/avisos/s21sec-024-en.txt
Reference: XF:vignette-tcl-code-execution(12070)
Reference:
URL:http://www.iss.net/security_center/static/12070.php
Reference: BID:7690
Reference:
URL:http://www.securityfocus.com/bid/7690
Reference: BID:7692
Reference:
URL:http://www.securityfocus.com/bid/7692
Votes:
Name: CVE-2003-0406
Description:
PalmVNC 1.40 and earlier stores passwords in plaintext
in the PalmVNCDB, which is backed up to PCs that the
Palm is synchronized with, which could allow attackers
to gain privileges.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526 PalmVNC 1.40 Insecure
Records
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105405691423389&w=2
Reference: XF:palmvnc-plaintext-passwords(12083)
Reference:
URL:http://www.iss.net/security_center/static/12083.php
Reference: BID:7696
Reference:
URL:http://www.securityfocus.com/bid/7696
Votes:
Name: CVE-2003-0407
Description:
Buffer overflow in gbnserver for Gnome Batalla Naval
1.0.4 allows remote attackers to execute arbitrary code
via a long connection string.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526
[Priv8security_Advisory]_Batalla_Naval_remote_overflow
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105405668423102&w=2
Reference: XF:batalla-naval-bo(12087)
Reference:
URL:http://www.iss.net/security_center/static/12087.php
Reference: BID:7699
Reference:
URL:http://www.securityfocus.com/bid/7699
Votes:
Name: CVE-2003-0408
Description:
Buffer overflow in Uptime Client (UpClient) 5.0b7, and
possibly other versions, allows local users to gain
privileges via a long -p argument.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030527 NuxAcid#002 - Buffer
Overflow in UpClient
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105405629622652&w=2
Reference: XF:upclient-command-line-bo(12131)
Reference:
URL:http://www.iss.net/security_center/static/12131.php
Reference: BID:7703
Reference:
URL:http://www.securityfocus.com/bid/7703
Votes:
Name: CVE-2003-0409
Description:
Buffer overflow in BRS WebWeaver 1.04 and earlier allows
remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a long HTTP (1)
POST or (2) HEAD request.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030527 BRS WebWeaver: POST
and HEAD Overflaws
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105405836025160&w=2
Reference: XF:webweaver-head-post-bo(12107)
Reference:
URL:http://www.iss.net/security_center/static/12107.php
Reference: BID:7695
Reference:
URL:http://www.securityfocus.com/bid/7695
Votes:
Name: CVE-2003-0410
Description:
Buffer overflow in AnalogX Proxy 4.13 allows remote
attackers to execute arbitrary code via a long URL to
port 6588.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526 NII Advisory - Buffer
Overflow in Analogx Proxy
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105406759403978&w=2
Reference: VULNWATCH:20030526 NII Advisory -
Buffer Overflow in Analogx Proxy
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0082.html
Reference:
CONFIRM:http://www.analogx.com/contents/download/network/proxy.htm
Reference: XF:analogx-proxy-url-bo(12068)
Reference:
URL:http://www.iss.net/security_center/static/12068.php
Reference: BID:7681
Reference:
URL:http://www.securityfocus.com/bid/7681
Votes:
Name: CVE-2003-0411
Description:
Sun ONE Application Server 7.0 for Windows 2000/XP
allows remote attackers to obtain JSP source code via a
request that uses the uppercase ".JSP" extension instead
of the lowercase .jsp extension.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526 Multiple
Vulnerabilities in Sun-One Application Server
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105409846029475&w=2
Reference:
MISC:http://www.spidynamics.com/sunone_alert.html
Reference: SUNALERT:55221
Reference:
URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity
Reference: CIAC:N-103
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-103.shtml
Reference: XF:sunone-jsp-source-disclosure(12093)
Reference:
URL:http://www.iss.net/security_center/static/12093.php
Reference: BID:7709
Reference:
URL:http://www.securityfocus.com/bid/7709
Votes:
Name: CVE-2003-0412
Description:
Sun ONE Application Server 7.0 for Windows 2000/XP does
not log the complete URI of a long HTTP request, which
could allow remote attackers to hide malicious
activities.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526 Multiple
Vulnerabilities in Sun-One Application Server
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105409846029475&w=2
Reference:
MISC:http://www.spidynamics.com/sunone_alert.html
Reference: SUNALERT:55221
Reference:
URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity
Reference: CIAC:N-103
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-103.shtml
Reference: BID:7711
Reference:
URL:http://www.securityfocus.com/bid/7711
Votes:
Name: CVE-2003-0413
Description:
Cross-site scripting (XSS) vulnerability in the
webapps-simple sample application for (1) Sun ONE
Application Server 7.0 for Windows 2000/XP or (2) Sun
Java System Web Server 6.1 allows remote attackers to
insert arbitrary web script or HTML via an HTTP request
that generates an "Invalid JSP file" error, which
inserts the text in the resulting error message.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526 Multiple
Vulnerabilities in Sun-One Application Server
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105409846029475&w=2
Reference:
MISC:http://www.spidynamics.com/sunone_alert.html
Reference: SUNALERT:55221
Reference:
URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity
Reference: SUNALERT:57605
Reference:
URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57605
Reference: CIAC:N-103
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-103.shtml
Reference: XF:sunone-http-error-xss(12095)
Reference:
URL:http://www.iss.net/security_center/static/12095.php
Reference: BID:7710
Reference:
URL:http://www.securityfocus.com/bid/7710
Votes:
Name: CVE-2003-0414
Description:
The installation of Sun ONE Application Server 7.0 for
Windows 2000/XP creates a statefile with world-readable
permissions, which allows local users to gain privileges
by reading a plaintext password in the statefile.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030526 Multiple
Vulnerabilities in Sun-One Application Server
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105409846029475&w=2
Reference:
MISC:http://www.spidynamics.com/sunone_alert.html
Reference: SUNALERT:55221
Reference:
URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity
Reference: CIAC:N-103
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-103.shtml
Reference:
XF:sunone-insecure-file-permissions(12096)
Reference:
URL:http://www.iss.net/security_center/static/12096.php
Reference: BID:7712
Reference:
URL:http://www.securityfocus.com/bid/7712
Votes:
Name: CVE-2003-0415
Description:
Remote PC Access Server 2.2 allows remote attackers to
cause a denial of service (crash) by receiving packets
from the server and sending them back to the server.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030528 Remote PC Access
Server 2.2 Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105417988811698&w=2
Reference:
MISC:http://www.ytech.co.il/advisories/rpca/rpcaccess.htm
Reference: BID:7698
Reference:
URL:http://www.securityfocus.com/bid/7698
Votes:
Name: CVE-2003-0416
Description:
Cross-site scripting (XSS) vulnerability in index.cgi
for Bandmin 1.4 allows remote attackers to insert
arbitrary HTML or script via (1) the year parameter in a
showmonth action, (2) the month parameter in a showmonth
action, or (3) the host parameter in a showhost action.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030528 Bandmin 1.4 XSS
Exploit
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105418152212771&w=2
Reference: XF:bandmin-index-xss(12108)
Reference:
URL:http://www.iss.net/security_center/static/12108.php
Reference: BID:7729
Reference:
URL:http://www.securityfocus.com/bid/7729
Votes:
Name: CVE-2003-0417
Description:
Directory traversal vulnerability in Son hServer 0.2
allows remote attackers to read arbitrary files via
".|." (modified dot-dot) sequences.
Status: Candidate
Phase: Assigned (20030610)
Reference: BUGTRAQ:20030529 Son hServer v0.2:
directory traversal
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105417983711685&w=2
Reference:
XF:sonhserver-pipe-directory-traversal(12103)
Reference:
URL:http://www.iss.net/security_center/static/12103.php
Reference: BID:7717
Reference:
URL:http://www.securityfocus.com/bid/7717
Votes:
Name: CVE-2003-0418
Description:
The Linux 2.0 kernel IP stack does not properly
calculate the size of an ICMP citation, which causes it
to include portions of unauthorized memory in ICMP error
responses.
Status: Candidate
Phase: Assigned (20030611)
Reference: BUGTRAQ:20030609 Linux 2.0 remote info
leak from too big icmp citation
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105519179005065&w=2
Reference:
MISC:http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt
Reference: CERT-VN:VU#471084
Reference:
URL:http://www.kb.cert.org/vuls/id/471084
Votes:
Name: CVE-2003-0419
Description:
SMC Networks Barricade Wireless Cable/DSL Broadband
Router SMC7004VWBR allows remote attackers to cause a
denial of service via certain packets to PPTP port 1723
on the internal interface.
Status: Candidate
Phase: Assigned (20030611)
Reference:
MISC:http://www.idefense.com/advisory/06.11.03.txt
Votes:
Name: CVE-2003-0420
Description:
Information leak in dsimportexport for Apple Macintosh
OS X Server 10.2.6 allows local users to obtain the
username and password of the account running the tool.
Status: Candidate
Phase: Assigned (20030611)
Reference:
MISC:http://www.kb.cert.org/vuls/id/JPLA-5NTL8E
Reference: AUSCERT:ESB-2003.0415
Reference:
URL:http://www.auscert.org.au/render.html?it=3165
Reference: BID:7894
Reference:
URL:http://www.securityfocus.com/bid/7894
Reference: SECUNIA:9025
Reference:
URL:http://secunia.com/advisories/9025/
Reference:
XF:macos-dsimportexport-obtain-information(12342)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12342
Votes:
Name: CVE-2003-0421
Description:
Apple QuickTime / Darwin Streaming Server before 4.1.3f
allows remote attackers to cause a denial of service
(crash) via an MS-DOS device name (e.g. AUX) in a
request to HTTP port 1220, a different vulnerability
than CVE-2003-0502.
Status: Candidate
Phase: Assigned (20030611)
Reference: VULNWATCH:20030723 R7-0015: Multiple
Vulnerabilities Apple QuickTime/Darwin Streaming Server
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html
Reference:
MISC:http://www.rapid7.com/advisories/R7-0015.html
Votes:
Name: CVE-2003-0422
Description:
Apple QuickTime / Darwin Streaming Server before 4.1.3f
allows remote attackers to cause a denial of service
(crash) via a request to view_broadcast.cgi that does
not contain the required parameters.
Status: Candidate
Phase: Assigned (20030611)
Reference: VULNWATCH:20030723 R7-0015: Multiple
Vulnerabilities Apple QuickTime/Darwin Streaming Server
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html
Reference:
MISC:http://www.rapid7.com/advisories/R7-0015.html
Votes:
Name: CVE-2003-0423
Description:
parse_xml.cgi in Apple QuickTime / Darwin Streaming
Server before 4.1.3g allows remote attackers to obtain
the source code for parseable files via the filename
parameter.
Status: Candidate
Phase: Assigned (20030611)
Reference: VULNWATCH:20030723 R7-0015: Multiple
Vulnerabilities Apple QuickTime/Darwin Streaming Server
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html
Reference:
MISC:http://www.rapid7.com/advisories/R7-0015.html
Votes:
Name: CVE-2003-0424
Description:
Apple QuickTime / Darwin Streaming Server before 4.1.3f
allows remote attackers to obtain the source code for
scripts by appending encoded space (%20) or . (%2e)
characters to an HTTP request for the script, e.g.
view_broadcast.cgi.
Status: Candidate
Phase: Assigned (20030611)
Reference: VULNWATCH:20030723 R7-0015: Multiple
Vulnerabilities Apple QuickTime/Darwin Streaming Server
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html
Reference:
MISC:http://www.rapid7.com/advisories/R7-0015.html
Votes:
Name: CVE-2003-0425
Description:
Directory traversal vulnerability in Apple QuickTime /
Darwin Streaming Server before 4.1.3f allows remote
attackers to read arbitrary files via a ... (triple dot)
in an HTTP request.
Status: Candidate
Phase: Assigned (20030611)
Reference: VULNWATCH:20030723 R7-0015: Multiple
Vulnerabilities Apple QuickTime/Darwin Streaming Server
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html
Reference:
MISC:http://www.rapid7.com/advisories/R7-0015.html
Votes:
Name: CVE-2003-0426
Description:
The installation of Apple QuickTime / Darwin Streaming
Server before 4.1.3f starts the administration server
with a "Setup Assistant" page that allows remote
attackers to set the administrator password and gain
privileges before the real administrator.
Status: Candidate
Phase: Assigned (20030611)
Reference: VULNWATCH:20030723 R7-0015: Multiple
Vulnerabilities Apple QuickTime/Darwin Streaming Server
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html
Reference:
MISC:http://www.rapid7.com/advisories/R7-0015.html
Votes:
Name: CVE-2003-0427
Description:
Buffer overflow in mikmod 3.1.6 and earlier allows
remote attackers to execute arbitrary code via an
archive file that contains a file with a long filename.
Status: Candidate
Phase: Assigned (20030613)
Reference: DEBIAN:DSA-320
Reference:
URL:http://www.debian.org/security/2003/dsa-320
Reference: REDHAT:RHSA-2005:506
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2005-506.html
Reference: OVAL:oval:org.mitre.oval:def:647
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:647
Votes:
Name: CVE-2003-0428
Description:
Unknown vulnerability in the DCERPC (DCE/RPC) dissector
in Ethereal 0.9.12 and earlier allows remote attackers
to cause a denial of service (memory consumption) via a
certain NDR string.
Status: Candidate
Phase: Assigned (20030613)
Reference:
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00010.html
Reference: DEBIAN:DSA-324
Reference:
URL:http://www.debian.org/security/2003/dsa-324
Reference: CONECTIVA:CLA-2003:662
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662
Reference: REDHAT:RHSA-2003:077
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-077.html
Reference: SCO:CSSA-2003-030.0
Reference:
URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt
Reference: CERT-VN:VU#542540
Reference:
URL:http://www.kb.cert.org/vuls/id/542540
Reference: SECUNIA:9007
Reference: URL:http://secunia.com/advisories/9007
Reference: OVAL:oval:org.mitre.oval:def:75
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:75
Votes:
Name: CVE-2003-0429
Description:
The OSI dissector in Ethereal 0.9.12 and earlier allows
remote attackers to cause a denial of service and
possibly execute arbitrary code via invalid IPv4 or IPv6
prefix lengths, possibly triggering a buffer overflow.
Status: Candidate
Phase: Assigned (20030613)
Reference:
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00010.html
Reference: DEBIAN:DSA-324
Reference:
URL:http://www.debian.org/security/2003/dsa-324
Reference: CONECTIVA:CLA-2003:662
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662
Reference: REDHAT:RHSA-2003:077
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-077.html
Reference: SCO:CSSA-2003-030.0
Reference:
URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt
Reference: SECUNIA:9007
Reference: URL:http://secunia.com/advisories/9007
Reference: OVAL:oval:org.mitre.oval:def:84
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:84
Votes:
Name: CVE-2003-0430
Description:
The SPNEGO dissector in Ethereal 0.9.12 and earlier
allows remote attackers to cause a denial of service
(crash) via an invalid ASN.1 value.
Status: Candidate
Phase: Assigned (20030613)
Reference:
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00010.html
Reference: CONECTIVA:CLA-2003:662
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662
Reference: REDHAT:RHSA-2003:077
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-077.html
Reference: SCO:CSSA-2003-030.0
Reference:
URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt
Reference: SECUNIA:9007
Reference: URL:http://secunia.com/advisories/9007
Reference: OVAL:oval:org.mitre.oval:def:88
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:88
Votes:
Name: CVE-2003-0431
Description:
The tvb_get_nstringz0 function in Ethereal 0.9.12 and
earlier does not properly handle a zero-length buffer
size, with unknown consequences.
Status: Candidate
Phase: Assigned (20030613)
Reference:
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00010.html
Reference: DEBIAN:DSA-324
Reference:
URL:http://www.debian.org/security/2003/dsa-324
Reference: CONECTIVA:CLA-2003:662
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662
Reference: REDHAT:RHSA-2003:077
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-077.html
Reference: SCO:CSSA-2003-030.0
Reference:
URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt
Reference: SECUNIA:9007
Reference: URL:http://secunia.com/advisories/9007
Reference: OVAL:oval:org.mitre.oval:def:101
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:101
Votes:
Name: CVE-2003-0432
Description:
Ethereal 0.9.12 and earlier does not handle certain
strings properly, with unknown consequences, in the (1)
BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP,
(7) CLNP, (8) ISIS, and (9) RMI dissectors.
Status: Candidate
Phase: Assigned (20030613)
Reference:
CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00010.html
Reference: DEBIAN:DSA-324
Reference:
URL:http://www.debian.org/security/2003/dsa-324
Reference: CONECTIVA:CLA-2003:662
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662
Reference: REDHAT:RHSA-2003:077
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-077.html
Reference: SCO:CSSA-2003-030.0
Reference:
URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt
Reference: SECUNIA:9007
Reference: URL:http://secunia.com/advisories/9007
Reference: OVAL:oval:org.mitre.oval:def:106
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:106
Votes:
Name: CVE-2003-0433
Description:
Multiple buffer overflows in gnocatan 0.6.1 and earlier
allow attackers to execute arbitrary code.
Status: Candidate
Phase: Assigned (20030613)
Reference: DEBIAN:DSA-315
Reference:
URL:http://www.debian.org/security/2003/dsa-315
Votes:
Name: CVE-2003-0434
Description:
Various PDF viewers including (1) Adobe Acrobat 5.06 and
(2) Xpdf 1.01 allow remote attackers to execute
arbitrary commands via shell metacharacters in an
embedded hyperlink.
Status: Candidate
Phase: Assigned (20030616)
Reference: FULLDISC:20030613 -10Day CERT Advisory
on PDF Files
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html
Reference: BUGTRAQ:20030709 xpdf vulnerability -
CAN-2003-0434
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105777963019186&w=2
Reference: REDHAT:RHSA-2003:196
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-196.html
Reference: REDHAT:RHSA-2003:197
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-197.html
Reference: MANDRAKE:MDKSA-2003:071
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:071
Reference: CERT-VN:VU#200132
Reference:
URL:http://www.kb.cert.org/vuls/id/200132
Reference: OVAL:oval:org.mitre.oval:def:664
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:664
Reference: SECUNIA:9037
Reference: URL:http://secunia.com/advisories/9037
Reference: SECUNIA:9038
Reference: URL:http://secunia.com/advisories/9038
Votes:
Name: CVE-2003-0435
Description:
Buffer overflow in net_swapscore for typespeed 0.4.1 and
earlier allows remote attackers to execute arbitrary
code.
Status: Candidate
Phase: Assigned (20030616)
Reference: BUGTRAQ:20030612 BAZARR THUG LIFE ,
DONT READ OR VIRUS INFECT YOU
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105553002105111&w=2
Reference: DEBIAN:DSA-322
Reference:
URL:http://www.debian.org/security/2003/dsa-322
Votes:
Name: CVE-2003-0436
Description:
Buffer overflow in search.cgi for mnoGoSearch 3.1.20
allows remote attackers to execute arbitrary code via a
long ul parameter.
Status: Candidate
Phase: Assigned (20030618)
Reference: FULLDISC:20030610 mnogosearch 3.1.20
and 3.2.10 buffer overflow
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005543.html
Reference: BID:7865
Reference:
URL:http://www.securityfocus.com/bid/7865
Votes:
Name: CVE-2003-0437
Description:
Buffer overflow in search.cgi for mnoGoSearch 3.2.10
allows remote attackers to execute arbitrary code via a
long tmplt parameter.
Status: Candidate
Phase: Assigned (20030618)
Reference: FULLDISC:20030610 mnogosearch 3.1.20
and 3.2.10 buffer overflow
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005543.html
Reference: BID:7866
Reference:
URL:http://www.securityfocus.com/bid/7866
Votes:
Name: CVE-2003-0438
Description:
eldav WebDAV client for Emacs, version 0.7.2 and
earlier, allows local users to create or overwrite
arbitrary files via a symlink attack on temporary files.
Status: Candidate
Phase: Assigned (20030618)
Reference: DEBIAN:DSA-325
Reference:
URL:http://www.debian.org/security/2003/dsa-325
Votes:
Name: CVE-2003-0439
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030618)
Votes:
Name: CVE-2003-0440
Description:
The (1) semi MIME library 1.14.5 and earlier, and (2)
wemi 1.14.0 and possibly other versions, allows local
users to overwrite arbitrary files via a symlink attack
on temporary files.
Status: Candidate
Phase: Assigned (20030618)
Reference: DEBIAN:DSA-339
Reference:
URL:http://www.debian.org/security/2003/dsa-339
Reference: REDHAT:RHSA-2003:231
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-231.html
Reference: REDHAT:RHSA-2003:234
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-234.html
Reference: OVAL:oval:org.mitre.oval:def:569
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:569
Votes:
Name: CVE-2003-0441
Description:
Multiple buffer overflows in Orville Write
(orville-write) 2.53 and earlier allow local users to
gain privileges.
Status: Candidate
Phase: Assigned (20030618)
Reference: DEBIAN:DSA-326
Reference:
URL:http://www.debian.org/security/2003/dsa-326
Reference: BID:7988
Reference:
URL:http://www.securityfocus.com/bid/7988
Reference: XF:orvillewrite-variables-bo(12381)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12381
Votes:
Name: CVE-2003-0442
Description:
Cross-site scripting (XSS) vulnerability in the
transparent SID support capability for PHP before 4.3.2
(session.use_trans_sid) allows remote attackers to
insert arbitrary script via the PHPSESSID parameter.
Status: Candidate
Phase: Assigned (20030618)
Reference: BUGTRAQ:20030530 PHP Trans SID XSS
(Was: New php release with security fixes)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105449314612963&w=2
Reference:
MISC:http://shh.thathost.com/secadv/2003-05-11-php.txt
Reference: REDHAT:RHSA-2003:204
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-204.html
Reference: CONECTIVA:CLSA-2003:691
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691
Reference: DEBIAN:DSA-351
Reference:
URL:http://www.debian.org/security/2003/dsa-351
Reference: MANDRAKE:MDKSA-2003:082
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:082
Reference: SCO:CSSA-2003-SCO.28
Reference: BUGTRAQ:20030707 [OpenPKG-SA-2003.032]
OpenPKG Security Advisory (php)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2
Reference: TURBO:TLSA-2003-47
Reference:
URL:http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt
Reference: CIAC:N-112
Reference:
URL:http://www.ciac.org/ciac/bulletins/n-112.shtml
Reference: BID:7761
Reference:
URL:http://www.securityfocus.com/bid/7761
Reference: OSVDB:4758
Reference: URL:http://www.osvdb.org/4758
Reference: OVAL:oval:org.mitre.oval:def:485
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:485
Reference: SECTRACK:1008653
Reference:
URL:http://www.securitytracker.com/id?1008653
Reference: XF:php-session-id-xss(12259)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12259
Votes:
Name: CVE-2003-0443
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030619)
Votes:
Name: CVE-2003-0444
Description:
Heap-based buffer overflow in GTKSee 0.5 and 0.5.1
allows remote attackers to execute arbitrary code via a
PNG image of certain color depths.
Status: Candidate
Phase: Assigned (20030619)
Reference: DEBIAN:DSA-337
Reference:
URL:http://www.debian.org/security/2003/dsa-337
Reference: XF:gtksee-png-bo(12462)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12462
Reference: BID:8061
Reference:
URL:http://www.securityfocus.com/bid/8061
Votes:
Name: CVE-2003-0445
Description:
Buffer overflow in webfs before 1.17.1 allows remote
attackers to execute arbitrary code via an HTTP request
with a long Request-URI.
Status: Candidate
Phase: Assigned (20030619)
Reference: DEBIAN:DSA-328
Reference:
URL:http://www.debian.org/security/2003/dsa-328
Votes:
Name: CVE-2003-0446
Description:
Cross-site scripting (XSS) in Internet Explorer 5.5 and
6.0, possibly in a component that is also used by other
Microsoft products, allows remote attackers to insert
arbitrary web script via an XML file that contains a
parse error, which inserts the script in the resulting
error message.
Status: Candidate
Phase: Assigned (20030619)
Reference: BUGTRAQ:20030617 Cross-Site Scripting
in Unparsable XML Files (GM#013-IE)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105585986015421&w=2
Reference: BUGTRAQ:20030617 Re: [Full-Disclosure]
Cross-Site Scripting in Unparsable XML Files
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105595990924165&w=2
Reference: BUGTRAQ:20030617 Re: Cross-Site
Scripting in Unparsable XML Files (GM#013-IE)
Reference:
URL:http://archives.neohapsis.com/archives/bugtraq/2003-06/0120.html
Reference: NTBUGTRAQ:20030617 Cross-Site
Scripting in Unparsable XML Files (GM#013-IE)
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105585001905002&w=2
Reference: FULLDISC:20030617 Cross-Site Scripting
in Unparsable XML Files (GM#013-IE)
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005762.html
Reference:
MISC:http://security.greymagic.com/adv/gm013-ie/
Reference: BID:7938
Reference:
URL:http://www.securityfocus.com/bid/7938
Reference: OSVDB:3065
Reference: URL:http://www.osvdb.org/3065
Reference: SECUNIA:9055
Reference: URL:http://secunia.com/advisories/9055
Reference: XF:ie-msxml-xss(12334)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12334
Votes:
Name: CVE-2003-0447
Description:
The Custom HTTP Errors capability in Internet Explorer
5.01, 5.5 and 6.0 allows remote attackers to execute
script in the Local Zone via an argument to shdocvw.dll
that causes a "javascript:" link to be generated.
Status: Candidate
Phase: Assigned (20030619)
Reference: FULLDISC:20030617 Script Injection to
Custom HTTP Errors in Local Zone (GM#014-IE)
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005763.html
Reference: BUGTRAQ:20030617 Script Injection to
Custom HTTP Errors in Local Zone (GM#014-IE)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105585933614773&w=2
Reference: NTBUGTRAQ:20030617 Script Injection to
Custom HTTP Errors in Local Zone (GM#014-IE)
Reference:
URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=105585142406147&w=2
Reference:
MISC:http://security.greymagic.com/adv/gm014-ie/
Votes:
Name: CVE-2003-0448
Description:
Portmon 1.7 and possibly earlier versions allows local
users to read and write arbitrary files via the (1) -c
(host file) or (2) -l (log file) command line options.
Status: Candidate
Phase: Assigned (20030619)
Reference: BUGTRAQ:20030618 Portmon file
arbitrary read/write access vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105588111714856&w=2
Votes:
Name: CVE-2003-0449
Description:
Progress Database 9.1 to 9.1D06 trusts user input to
find and load libraries using dlopen, which allows local
users to gain privileges via (1) a PATH environment
variable that points to malicious libraries, as
demonstrated using libjutil.so in_proapsv, or (2) the
-installdir command line parameter, as demonstrated
using librocket_r.so in _dbagent.
Status: Candidate
Phase: Assigned (20030619)
Reference: BUGTRAQ:20030614 SRT2003-06-13-0945 -
Progress PATH based dlopen() issue
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105561134624665&w=2
Reference: BUGTRAQ:20030614 SRT2003-06-13-1009 -
Progress _dbagent -installdir dlopen() issue
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105561189625082&w=2
Reference:
MISC:http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt
Reference:
MISC:http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt
Votes:
Name: CVE-2003-0450
Description:
Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and
earlier allows remote attackers to cause a denial of
service and possibly execute arbitrary code via a large
value in an NAS-Port attribute, which is interpreted as
a negative number and causes a buffer overflow.
Status: Candidate
Phase: Assigned (20030619)
Reference:
MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196063
Reference: SUSE:SuSE-SA:2003:030
Reference:
URL:http://www.novell.com/linux/security/advisories/2003_030_radiusd_cistron.html
Reference: DEBIAN:DSA-321
Reference:
URL:http://www.debian.org/security/2003/dsa-321
Reference: CONECTIVA:CLA-2003:664
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000664
Reference: TURBO:TLSA-2003-40
Reference:
URL:http://www.turbolinux.com/security/TLSA-2003-40.txt
Votes:
Name: CVE-2003-0451
Description:
Multiple buffer overflows in xbl before 1.0k allow local
users to gain privileges via certain long command line
arguments.
Status: Candidate
Phase: Assigned (20030623)
Reference: DEBIAN:DSA-327
Reference:
URL:http://www.debian.org/security/2003/dsa-327
Votes:
Name: CVE-2003-0452
Description:
Buffer overflows in osh before 1.7-11 allow local users
to execute arbitrary code and bypass shell restrictions
via (1) long environment variables or (2) long "file
redirections."
Status: Candidate
Phase: Assigned (20030623)
Reference: DEBIAN:DSA-329
Reference:
URL:http://www.debian.org/security/2003/dsa-329
Votes:
Name: CVE-2003-0453
Description:
traceroute-nanog 6.1.1 allows local users to overwrite
unauthorized memory and possibly execute arbitrary code
via certain "nprobes" and "max_ttl" arguments that cause
an integer overflow that is used when allocating memory,
which leads to a buffer overflow.
Status: Candidate
Phase: Assigned (20030623)
Reference: BUGTRAQ:20030620 BAZARR FAREWELL
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105613905425563&w=2
Reference: DEBIAN:DSA-348
Reference:
URL:http://www.debian.org/security/2003/dsa-348
Votes:
Name: CVE-2003-0454
Description:
Multiple buffer overflows in xgalaga 2.0.34 and earlier
allow local users to gain privileges via a long HOME
environment variable.
Status: Candidate
Phase: Assigned (20030623)
Reference: DEBIAN:DSA-334
Reference:
URL:http://www.debian.org/security/2003/dsa-334
Votes:
Name: CVE-2003-0455
Description:
The imagemagick libmagick library 5.5 and earlier
creates temporary files insecurely, which allows local
users to create or overwrite arbitrary files.
Status: Candidate
Phase: Assigned (20030623)
Reference: DEBIAN:DSA-331
Reference:
URL:http://www.debian.org/security/2003/dsa-331
Reference: REDHAT:RHSA-2004:494
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2004-494.html
Reference: BUGTRAQ:20030710 [OpenPKG-SA-2003.034]
OpenPKG Security Advisory (imagemagick)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105786393628728&w=2
Votes:
Name: CVE-2003-0456
Description:
VisNetic WebSite 3.5 allows remote attackers to obtain
the full pathname of the server via a request containing
a folder that does not exist, which leaks the pathname
in an error message, as demonstrated using
_vti_bin/fpcount.exe.
Status: Candidate
Phase: Assigned (20030623)
Reference: BUGTRAQ:20030701 VisNetic WebSite Path
Disclosure Vulnerability
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105733894003737&w=2
Reference: VULNWATCH:20030701 VisNetic WebSite
Path Disclosure Vulnerability
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html
Reference:
MISC:http://www.krusesecurity.dk/advisories/vis0103.txt
Reference:
XF:visnetic-website-path-disclosure(12483)
Reference:
URL:http://xforce.iss.net/xforce/xfdb/12483
Reference: BID:8075
Reference:
URL:http://www.securityfocus.com/bid/8075
Votes:
Name: CVE-2003-0457
Description:
** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when
announcing a new security problem. When the candidate
has been publicized, the details for this candidate will
be provided.
Status: Candidate
Phase: Assigned (20030624)
Votes:
Name: CVE-2003-0458
Description:
Unknown vulnerability in HP NonStop Server D40.00
through D48.03, and G01.00 through G06.20, allows local
users to gain additional privileges.
Status: Candidate
Phase: Assigned (20030625)
Reference: HP:SSRT3488
Reference:
URL:http://www.securityfocus.com/advisories/5545
Reference: BID:8080
Reference:
URL:http://www.securityfocus.com/bid/8080
Votes:
Name: CVE-2003-0459
Description:
KDE Konqueror for KDE 3.1.2 and earlier does not remove
authentication credentials from URLs of the
"user:password@host" form in the HTTP-Referer header,
which could allow remote web sites to steal the
credentials for pages that link to the sites.
Status: Candidate
Phase: Assigned (20030626)
Reference:
CONFIRM:http://www.kde.org/info/security/advisory-20030729-1.txt
Reference: FULLDISC:20030729 KDE Security
Advisory: Konqueror Referrer Authentication Leak
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html
Reference: REDHAT:RHSA-2003:235
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-235.html
Reference: REDHAT:RHSA-2003:236
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-236.html
Reference: MANDRAKE:MDKSA-2003:079
Reference:
URL:http://www.mandriva.com/security/advisories?name=MDKSA-2003:079
Reference: TURBO:TLSA-2003-45
Reference:
URL:http://www.turbolinux.com/security/TLSA-2003-45.txt
Reference: DEBIAN:DSA-361
Reference:
URL:http://www.debian.org/security/2003/dsa-361
Reference: CONECTIVA:CLA-2003:747
Reference:
URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
Reference: BUGTRAQ:20030802 [slackware-security]
KDE packages updated (SSA:2003-213-01)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105986238428061&w=2
Reference: OVAL:oval:org.mitre.oval:def:411
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:411
Votes:
Name: CVE-2003-0460
Description:
The rotatelogs program on Apache before 1.3.28, for
Windows and OS/2 systems, does not properly ignore
certain control characters that are received over the
pipe, which could allow remote attackers to cause a
denial of service.
Status: Candidate
Phase: Assigned (20030626)
Reference:
CONFIRM:http://www.apache.org/dist/httpd/Announcement.html
Reference: CERT-VN:VU#694428
Reference:
URL:http://www.kb.cert.org/vuls/id/694428
Votes:
Name: CVE-2003-0461
Description:
/proc/tty/driver/serial in Linux 2.4.x reveals the exact
number of characters used in serial links, which could
allow local users to obtain potentially sensitive
information such as the length of passwords.
Status: Candidate
Phase: Assigned (20030626)
Reference:
MISC:http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html
Reference: REDHAT:RHSA-2003:238
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
Reference: REDHAT:RHSA-2004:188
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
Reference: DEBIAN:DSA-358
Reference:
URL:http://www.debian.org/security/2004/dsa-358
Reference: DEBIAN:DSA-423
Reference:
URL:http://www.debian.org/security/2004/dsa-423
Reference: OVAL:oval:org.mitre.oval:def:304
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:304
Reference: OVAL:oval:org.mitre.oval:def:997
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:997
Votes:
Name: CVE-2003-0462
Description:
A race condition in the way env_start and env_end
pointers are initialized in the execve system call and
used in fs/proc/base.c on Linux 2.4 allows local users
to cause a denial of service (crash).
Status: Candidate
Phase: Assigned (20030626)
Reference: REDHAT:RHSA-2003:198
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
Reference: REDHAT:RHSA-2003:238
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
Reference: DEBIAN:DSA-358
Reference:
URL:http://www.debian.org/security/2004/dsa-358
Reference: DEBIAN:DSA-423
Reference:
URL:http://www.debian.org/security/2004/dsa-423
Reference: REDHAT:RHSA-2003:239
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-239.html
Reference: OVAL:oval:org.mitre.oval:def:309
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:309
Votes:
Name: CVE-2003-0463
Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER.
ConsultIDs: none. Reason: This candidate was withdrawn
by its CNA. Further investigation showed that it was not
a security issue. Notes: none.
Status: Candidate
Phase: Assigned (20030626)
Votes:
Name: CVE-2003-0464
Description:
The RPC code in Linux kernel 2.4 sets the reuse flag
when sockets are created, which could allow local users
to bind to UDP ports that are used by privileged
services such as nfsd.
Status: Candidate
Phase: Assigned (20030626)
Reference: REDHAT:RHSA-2003:238
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
Reference: SUSE:SuSE-SA:2003:034
Reference: OVAL:oval:org.mitre.oval:def:311
Reference:
URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:311
Votes:
Name: CVE-2003-0465
Description:
The kernel strncpy function in Linux 2.4 and 2.5 does
not %NUL pad the buffer on architectures other than x86,
as opposed to the expected behavior of strncpy as
implemented in libc, which could lead to information
leaks.
Status: Candidate
Phase: Assigned (20030626)
Reference:
CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2
Reference:
CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796415223490&w=2
Reference: REDHAT:RHSA-2004:188
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
Votes:
Name: CVE-2003-0466
Description:
Off-by-one error in the fb_realpath() function, as
derived from the realpath function in BSD, may allow
attackers to execute arbitrary code, as demonstrated in
wu-ftpd 2.5.0 through 2.6.2 via commands that cause
pathnames of length MAXPATHLEN+1 to trigger a buffer
overflow, including (1) STOR, (2) RETR, (3) APPE, (4)
DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
Status: Candidate
Phase: Assigned (20030626)
Reference: BUGTRAQ:20030731 wu-ftpd fb_realpath()
off-by-one bug
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105967301604815&w=2
Reference: VULNWATCH:20030731 wu-ftpd
fb_realpath() off-by-one bug
Reference:
URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html
Reference:
MISC:http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
Reference: BUGTRAQ:20030804 Off-by-one Buffer
Overflow Vulnerability in BSD libc realpath(3)
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106002488209129&w=2
Reference: BUGTRAQ:20030804 wu-ftpd-2.6.2
off-by-one remote exploit.
Reference:
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=106001702232325&w=2
Reference: REDHAT:RHSA-2003:245
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-245.html
Reference: REDHAT:RHSA-2003:246
Reference:
URL:http://www.redhat.com/support/errata/RHSA-2003-246.html
Reference: SUSE:SuSE-SA:2003:032
Reference:
URL:http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html
Reference: MANDRAKE:MDKSA-2003:080
| 
