| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 1 Dec 2003 15:13:58 -0500 (EST) From: "Steven M. Christey" <coley@...re.org> To: bugtraq@...urityfocus.com, vuln-dev@...urityfocus.com, submissions@...ketstormsecurity.org, vulnwatch@...nwatch.org, vulndiscuss@...nwatch.org Subject: Re: Multiple Remote Issues in Applied Watch IDS Suite (advisory attached) bugtraq@...traq.org said: >CVE Candidate: CAN-2003-0970 - Authentication Bypass to Add IDS Rules > CAN-2003-0971 - Authentication Bypass to Add Users These numbers are incorrect. > CAN-2003-0960 - Logical error in Applied Watch Console allowing user-adds > CAN-2003-0961 - Logical error in Applied Watch Nodes allowing rule-adds These numbers are different from the first two. They are also incorrect. The proper CVE candidate number for the Applied Watch issue is CAN-2003-0974, which can be confirmed at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0974 (If you are curious as to why a single identifier was used, see http://cve.mitre.org/cve/contentdecisions.html for some background information on CVE content decisions.) The IDs as referenced in the original advisory are actually related to the following issues: CAN-2003-0960 - OpenCA certificate chain error CAN-2003-0961 - Linux kernel do_brk() "bounds checking" flaw CAN-2003-0970 - Sun Fire ARP packet DoS CAN-2003-0971 - GnuPG ElGamal breakable sign+encrypt keys These other IDs can also be confirmed on the CVE web site. Steve Christey CVE Editor
Powered by blists - more mailing lists