[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: First candidate cluster for validation: CERT
- To: "Steven M. Christey" <coley@linus.mitre.org>, cve-review@linus.mitre.org
- Subject: Re: First candidate cluster for validation: CERT
- From: Adam Shostack <adam@netect.com>
- Date: Wed, 9 Jun 1999 13:51:51 -0400
- In-Reply-To: <199906091726.NAA24034@basie.mitre.org>; from Steven M. Christey on Wed, Jun 09, 1999 at 01:26:56PM -0400
- References: <199906091726.NAA24034@basie.mitre.org>
- Reply-To: adam@netect.com
On Wed, Jun 09, 1999 at 01:26:56PM -0400, Steven M. Christey wrote: | Here's the first review that came in from Steve Northcutt. I've | forwarded it along to the list. I'll comment on his non-ACCEPTs | later. I comment here only on Steve's non-accepts, and will add full comments on the bulk later. | ------------------------------------------ | Candidate: CAN-1999-0017 | Proposer: 001 | Assigned: 19990607 | Announced: 19990607 | Category: SF | Reference: CERT:CA-97.27.FTP_bounce | Reference: XF:ftp-bounce | Reference: XF:ftp-privileged-port | | FTP bounce attack to connect to arbitrary ports on machines other than | the FTP client. | MODIFY - the primary vulnerability is in some FTP server implementations | that allow this as opposed to the actual connecting to the ports I don't think that the text of the CVE entry says where the vulnerability is, and have NO OPINION here. | Candidate: CAN-1999-0067 | Proposer: 001 | Assigned: 19990607 | Announced: 19990607 | Category: SF | Reference: CERT:CA-96.06.cgi_example_code | Reference: XF:http-cgi-phf | | CGI phf program allows remote command execution | MODIFY, this is not about phf it is about escape_shell_cmd(), | you had the same thing with php and so forth. I disagree, failure to properly handle shell commands in input is not the appropriate level of abstraction, and suggest ACCEPT | ------------------------------------------ | Candidate: CAN-1999-0513 | Proposer: 001 | Assigned: 19990607 | Announced: 19990607 | Category: CF | Reference: CERT:CA-98.01.smurf | Reference: FreeBSD:FreeBSD-SA-98:06 | Reference: XF:smurf | | ICMP messages to broadcast addresses are allowed, allowing for a | Smurf attack that can cause a denial of service. | | MODIFY - If you put it this way then ping mapping becomes part of | smurf. I would consider calling the vulnerability ICMP to broadcast | addresses | and in the text state allowing for a Smurf denial or service or ICMP ping | mapping | to acquire intelligence data about a network. I believe that ping mapping is indeed part of smurf, and suggest ACCEPT.
- References:
- RE: First candidate cluster for validation: CERT
- From: "Steven M. Christey" <coley@linus.mitre.org>
- RE: First candidate cluster for validation: CERT
- Prev by Date: RE: First candidate cluster for validation: CERT
- Next by Date: Re: First candidate cluster for validation: CERT
- Prev by thread: RE: First candidate cluster for validation: CERT
- Next by thread: Re: First candidate cluster for validation: CERT
- Index(es):
