OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)

From: Steven M. Christey (coleymitre.org)
Date: Mon Dec 01 2003 - 14:13:58 CST


bugtraqbugtraq.org said:

>CVE Candidate: CAN-2003-0970 - Authentication Bypass to Add IDS Rules
> CAN-2003-0971 - Authentication Bypass to Add Users

These numbers are incorrect.

> CAN-2003-0960 - Logical error in Applied Watch Console allowing user-adds
> CAN-2003-0961 - Logical error in Applied Watch Nodes allowing rule-adds

These numbers are different from the first two. They are also
incorrect.

The proper CVE candidate number for the Applied Watch issue is
CAN-2003-0974, which can be confirmed at:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0974

(If you are curious as to why a single identifier was used, see
http://cve.mitre.org/cve/contentdecisions.html for some background
information on CVE content decisions.)

The IDs as referenced in the original advisory are actually related to
the following issues:

  CAN-2003-0960 - OpenCA certificate chain error
  CAN-2003-0961 - Linux kernel do_brk() "bounds checking" flaw
  CAN-2003-0970 - Sun Fire ARP packet DoS
  CAN-2003-0971 - GnuPG ElGamal breakable sign+encrypt keys

These other IDs can also be confirmed on the CVE web site.

Steve Christey
CVE Editor