CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 643 | CVE-1999-0661 | Candidate | A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. | Modified (20050529) | ACCEPT(4) Baker, Hill, Northcutt, Wall | REVIEWING(1) Christey | Christey> Should add the specific CERT advisory references for | well-known Trojaned software. | TCP Wrappers -> CERT:CA-1999-01 | CERT:CA-1999-02 includes util-linux | wuarchive - CERT:CA-94.07 | IRC client - CERT:CA-1994-14 | Christey> BUGTRAQ:20020801 trojan horse in recent openssh (version 3.4 portable 1) | Modify description to use dot notation. | Christey> CERT:CA-2002-24 | URL:http://www.cert.org/advisories/CA-2002-24.html | XF:openssh-backdoor(9763) | URL:http://www.iss.net/security_center/static/9763.php | BID:5374 | URL:http://www.securityfocus.com/bid/5374 | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> Add libpcap and tcpdump: | BUGTRAQ:20021113 Latest libpcap & tcpdump sources from tcpdump.org contain a trojan | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103722456708471&w=2 | CERT:CA-2002-30 | URL:http://www.cert.org/advisories/CA-2002-30.html | | This CAN has been active for over 4 years. At this moment, my | thinking is that we should SPLIT this CAN into each separate | trojaned product, then create some criteria that restrict | creation of new CANs to "widespread" or "important" products only. | View |
| 5532 | CVE-2002-1145 | Candidate | The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. | Modified (20050529) | ACCEPT(3) Cole, Green, Wall | NOOP(1) Cox | View | |
| 5361 | CVE-2002-0973 | Candidate | Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl. | Modified (20050529) | ACCEPT(3) Armstrong, Baker, Cole | MODIFY(1) Frech | NOOP(4) Christey, Cox, Foat, Wall | Christey> BID:5493 | URL:http://online.securityfocus.com/bid/5493 | Frech> XF:freebsd-negative-system-call-bo(9903) | View |
| 5617 | CVE-2002-1233 | Candidate | A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131. | Modified (20050529) | ACCEPT(3) Armstrong, Cole, Green | NOOP(1) Cox | Cox> Many vendors have included fixes for CVE-2001-0131 in their distributions | of Apache even though this has not been fixed upstream. I still believe | that this is not worthy of a separate CVE name since this is just Debian | forgetting to include their fix for CVE-2001-0131 in one of their versions, | and then correcting it. | View |
| 4623 | CVE-2002-0231 | Candidate | Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the client via a long nickname. | Modified (20050528) | ACCEPT(1) Green | NOOP(3) Cole, Foat, Wall | View |
Page 518 of 20943, showing 5 records out of 104715 total, starting on record 2586, ending on 2590
