[VIM] vendor inquiry on eRoom issues
Steven M. Christey
coley at mitre.org
Fri Oct 28 17:13:25 EDT 2005
FYI, I sent an email inquiry to EMC about the eRoom vulns from July
(see below). We got an inquiry about it.
They are investigating the issue.
- Steve
======================================================
Name: CVE-2005-2184
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2184
Reference: BUGTRAQ:20050706 eRoom Multiple Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112069267700034&w=2
eRoom 6.x does not properly restrict files that can be attached, which
allows remote attackers to execute arbitrary commands via a .lnk file.
======================================================
Name: CVE-2005-2185
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2185
Reference: BUGTRAQ:20050706 eRoom Multiple Security Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112069267700034&w=2
eRoom does not set an expiration for Cookies, which allows remote
attackers to capture cookies and conduct replay attacks.
More information about the VIM
mailing list