Bug 33242 (CVE-2002-1306) - VUL-0: CVE-2002-1306: Security problems in lanbrowser
Summary: VUL-0: CVE-2002-1306: Security problems in lanbrowser
Status: RESOLVED FIXED
Alias: CVE-2002-1306
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: E-mail List
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2002-1306: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2002-08-23 19:53 UTC by Olaf Kirch
Modified: 2021-09-30 15:04 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
List of issues with lanbrowser (1.52 KB, patch)
2002-08-23 19:53 UTC, Olaf Kirch 		Details | Diff
Proposed patch - was unable to test it because lanbrowsing didn't work at all :) (16.44 KB, patch)
2002-08-30 16:47 UTC, Olaf Kirch 		Details | Diff
new version of the patch (16.46 KB, patch)
2002-08-30 22:44 UTC, Olaf Kirch 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Olaf Kirch 2002-08-23 19:53:27 UTC 
There are several major security problems in lanbrowser (see attached list)
Please correct these bugs.

I would also suggest to exclude the lanbrowser daemon from UL/SLES completely
by putting it into a separate package. Please discuss with autobuild people.
Comment 1 Olaf Kirch 2002-08-23 19:53:50 UTC 
Created attachment 10231 [details]
List of issues with lanbrowser
Comment 2 Olaf Kirch 2002-08-30 16:47:44 UTC 
Created attachment 10303 [details]
Proposed patch - was unable to test it because lanbrowsing didn't work at all :)
Comment 3 Adrian Schröter 2002-08-30 17:25:15 UTC 
hm. before your patch it worked ;) 
 
I try to find it.
Comment 4 Olaf Kirch 2002-08-30 17:33:10 UTC 
On Fri, Aug 30, 2002 at 11:25:16AM +0200, bugzilla-daemon@suse.de wrote:

Sorry, I wasn't precise enough here. It didn't work yesterday when I
created the patch. Then I submitted the bug report, you fixed everything,
but I didn't get around to testing it with the latest kdenetwork3 rpm.

Olaf
Comment 5 Olaf Kirch 2002-08-30 22:44:25 UTC 
Created attachment 10309 [details]
new version of the patch
Comment 6 Adrian Schröter 2002-08-31 20:07:34 UTC 
patch is applied
Comment 7 Marcus Meissner 2007-03-24 15:46:11 UTC 
CVE-2002-1306
Comment 8 Thomas Biege 2009-10-13 19:32:30 UTC 
CVE-2002-1306: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)