CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 4573 | CVE-2002-0180 | Candidate | Buffer overflow in Webalizer 2.01-06, when configured to use reverse DNS lookups, allows remote attackers to execute arbitrary code by connecting to the monitored web server from an IP address that resolves to a long hostname. | Modified (20050510) | ACCEPT(4) Baker, Cole, Cox, Green | MODIFY(2) Frech, Jones | NOOP(4) Armstrong, Christey, Foat, Wall | Cox> According to the author of Webalizer the issue is not remotely | exploitable, but this hasn"t been confirmed by us yet. Needs | investigation. | | http://www.mrunix.net/webalizer/news.html | CHANGE> [Cox changed vote from MODIFY to REVIEWING] | Cox> Author says this cannot be exploited to execute arbitrary code | Jones> Description of acknowledged vulnerability indicates remotely | exploitable (buffer overflow is in code which is processing | input from a remote system (a DNS server)); root or non-root | depends on privileges of resolver process (which is likely | same as privileges of Webalizer process). So, remotely | exploitable to run arbitrary code with privileges of the | Webalizer process. | Cox> I actually meant that the author doesn"t think this is an exploitable | overflow at all, see | | ---------- Forwarded message ---------- | Date: Wed, 17 Apr 2002 02:19:37 -0400 (EDT) | From: Bradford L. Barrett <brad@mrunix.net> | To: Franck Coppola <franck@hosting42.com> | Cc: Spybreak <spybreak@host.sk>, bugtraq@securityfocus.com, | vulnwatch@vulnwatch.org | Subject: Re: Remote buffer overflow in Webalizer | | | > Here is a patch to fix the vulnerability (tested against webalizer-2.01-06). | | Bad fix.. while it will prevent the buffer from overflowing (which I still | fail to see how can be used to execute a "root" exploit, even with a LOT | of imagination), but will cause the buffer to be filled with a non-null | terminated string which will do all sorts of nasty things to your output, | not to mention wreak havoc on the stats since you are cutting off the | domain portion, not the hostname part, and adding random garbage at the | end. | | Anyway, Version 2.01-10 has been released, which fixes this and a few | other buglets that have been discovered in the last month or so. Get it | at the usual place (web: www.mrunix.net/webalizer/ or www.webalizer.org | or ftp: ftp.mrunix.net/pub/webalizer/), and should be on the mirror sites | soon. | | -- | Bradford L. Barrett brad@mrunix.net | A free electron in a sea of neutrons DoD#1750 KD4NAW | | | Christey> XF:webalizer-reverse-dns-bo(8837) | URL:http://www.iss.net/security_center/static/8837.php | BID:4504 | URL:http://www.securityfocus.com/bid/4504 | VULNWATCH:20020415 [VulnWatch] Remote buffer overflow in Webalizer | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0017.html | ENGARDE:ESA-20020423-009 | CONECTIVA:CLA-2002:476 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000476 | CHANGE> [Cox changed vote from REVIEWING to ACCEPT] | Cox> after reviewing I agree with the description given | Frech> XF: webalizer-reverse-dns-bo(8837) | Christey> REDHAT:RHSA-2002:254 | Christey> CALDERA:CSSA-2002-036.0 | (note: CVE-2002-1234 was accidentally assigned to that Caldera | advisory, but this is the correct CAN to use) | View |
| 5779 | CVE-2002-1395 | Candidate | Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz. | Modified (20071113) | ACCEPT(2) Cole, Green | MODIFY(1) Cox | Cox> 141-18 is an internal Debian package version, it should read "(IM) 141 | and earlier". For verification see http://tats.iris.ne.jp/im/ | Addref: RHSA-2003:038 | View |
| 4664 | CVE-2002-0272 | Candidate | Buffer overflows in mpg321 before 0.2.9 allows local and possibly remote attackers to execute arbitrary code via a long URL to (1) a command line option, (2) an HTTP request, or (3) an FTP request. | Proposed (20020502) | ACCEPT(2) Armstrong, Cole | MODIFY(2) Cox, Frech | NOOP(3) Christey, Foat, Wall | Cox> "possibly" is vague. It can be exploited by remote attackers | if doing network streaming. | Christey> REDHAT:RHSA-2002:078 | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:mpg321-long-filename-bo(10032) | View |
| 2615 | CVE-2000-1046 | Candidate | Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands. | Modified (20040723) | ACCEPT(2) Baker, Mell | MODIFY(1) Collins | NOOP(2) Cole, Wall | Collins> http://www.synnergy.net/downloads/advisories/SLA-2000-07.typsoft-ftpd.txt | Baker> Reference by Collins was entered into the wrong CAN Entry... | It should have been for 2000-1035, not this CAN | CHANGE> [Baker changed vote from REVIEWING to ACCEPT] | View |
| 2472 | CVE-2000-0903 | Candidate | Directory traversal vulnerability in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | Proposed (20001129) | ACCEPT(2) Baker, Mell | NOOP(3) Cole, Collins, Wall | Collins> Assigning CVE numbers for demo software is not appropriate | Baker> Was this a beta version in the demo disk? I don"t think it was. While we do have an exclusion for beta software, | software that is distributed as production software, just limited in scope, does not mean beta.. | The current version is 4, but it is still offered for free download from their website for use. | CHANGE> [Baker changed vote from REVIEWING to ACCEPT] | Baker> SHould change vote from review to accept | View |
Page 258 of 20943, showing 5 records out of 104715 total, starting on record 1286, ending on 1290
