[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PROPOSAL: Cluster 11 - BUF (32 candidates)

-----Original Message-----
From: Steven M. Christey [mailto:coley@linus.mitre.org]
Sent: Wednesday, June 23, 1999 4:50 PM
To: cve-review@linus.mitre.org
Subject: PROPOSAL: Cluster 11 - BUF (32 candidates)



The following cluster is a Low controversy cluster of vulnerabilities
for buffer overflows that occur in a single application.

- Steve


Summary of votes to use (in ascending order of "severity"):

ACCEPT - member accepts the candidate as proposed
NOOP - member has no opinion on the candidate
MODIFY - member wants to change some minor detail (e.g.
reference/description)
REVIEWING - member is reviewing/researching the candidate
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

Please write your vote on the line that starts with "VOTE: ".  If you
want to add comments or details, add them to lines after the VOTE: line.


=================================
Candidate: CAN-1999-0047
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.05.sendmail

MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.

VOTE: accept

=================================
Candidate: CAN-1999-0058
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: NAI:NAI-12
Reference: XF:http-phpbo
Reference: XF:http-cgi-phpbo

Buffer overflow in PHP cgi program, php.cgi allows shell access.

VOTE: accept

=================================
Candidate: CAN-1999-0064
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:lquerylv-bo

Buffer overflow in AIX lquerylv program gives root access to local users.

VOTE: accept, additional source
AIX 4.2 lguerylv "Georgi Guninski"
http://www.securityfocus.com
=================================
Candidate: CAN-1999-0071
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-apache-cookie
Reference: NAI:NAI-2

Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.

VOTE: accept

=================================
Candidate: CAN-1999-0085
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:rwhod
Reference: XF:rwhod-vuln

rwhod buffer overflow in AIX

VOTE: accept, additional source
Bugtraq
" rwhod buffer overflow"  David J. Meltzer
http://www.securityfocus.com/bugtraq/1996_3/0380.htm

=================================
Candidate: CAN-1999-0102
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:slmail-fromheader-overflow

Buffer overflow in SLmail 3.x allows attackers to execute commands
using a large FROM line.

VOTE: agree

=================================
Candidate: CAN-1999-0108
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

The printers program in IRIX has a buffer overflow that gives root
access to local users.

VOTE: modify, believe this is the IRIX netprint BO in /usr/sbin/printers,
ref'd in SGI Security Bulletin 19961203-02-PX and on Bugtraq "Another
day,another buffer overflow by David Hedley.  Can't be sure based on the
description and lack of ref here.

=================================
Candidate: CAN-1999-0109
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

Buffer overflow in ffbconfig in Solaris 2.5.1

VOTE: modify, according to Sun, affects both 2.5 and 2.5.1...add ref
Sun Security Bulletin 140
http://sunsolve.sun.com

=================================
Candidate: CAN-1999-0112
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

Buffer overflow in AIX dtterm program for the CDE

VOTE: accept, add ref
Bugtraq
"AIX 4.2 dtterm exploit"
http://www.securityfocus.com

=================================
Candidate: CAN-1999-0122
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

Buffer overflow in AIX lchangelv gives root access.

VOTE: accept, add ref
Bugtraq
"AIX lchangelv"
http://www.securityfocus.com/

=================================
Candidate: CAN-1999-0139
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIE

Buffer overflow in Solaris x86 mkcookie allows local users to
obtain root access.

VOTE: accept

=================================
Candidate: CAN-1999-0182
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: CIAC:H-110
Reference: XF:nt-samba-bo

Samba has a buffer overflow which allows a remote attacker to obtain
root access by specifying a long password.

VOTE: accept, additional ref
VB-97.10.samba
ftp://info.cert.org/pub/cert_bulletins/VB-97.10.sanba

=================================
Candidate: CAN-1999-0187
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: SUN:00179

The rdist program in Solaris has some buffer overflows that allow
attackers to gain root access.

VOTE: recast,  The Sun Patches in Ref roll-up fixes for an earlier BO in
rdist lookup( )(ref CERT 96.14)as well as the BO in rdist function expstr()
(ref CERT 97-23) and various vendor bulletins.  However both of these rdist
BO's affect many more OSs than just Sun, i.e., BSD/OS 2.1, DEC OSF's, AIX,
FreeBSD, SCO, SGI, etc.  Believe this falls into the SF-codebase content
decision
=================================
Candidate: CAN-1999-0192
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: SNI:SNI-20
Reference: XF:bsd-tel-tgetent

Buffer overflow in telnet daemon tgetent routing allows remote
attackers to gain root access via the TERMCAP environmental variable.

VOTE: accept

=================================
Candidate: CAN-1999-0206
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.

VOTE: accept, additional ref
AUSCERT Advisory AA-96.06a
http://www.auscert.org.au/

=================================
Candidate: CAN-1999-0219
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:ftp-servu

Buffer overflow in Serv-U FTP server when user performs a cwd to a
directory with a long name.

VOTE: accept

=================================
Candidate: CAN-1999-0230
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

Buffer overflow in Cisco 760 routers through the telnet service.

VOTE: Modify, the BO affect any 7xx router running a vulnerable version of
IOS/700 OS.  Addtional ref
Field Notice:
7xx Router Password Buffer Overflow
http://www.cisco.com/warp/public/770/pwbuf-pub.shtml#summary

=================================
Candidate: CAN-1999-0232
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

Buffer overflow in NCSA WebServer (version 1.5c) gives remote access.

VOTE: noop

=================================
Candidate: CAN-1999-0235
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.

VOTE: accept

=================================
Candidate: CAN-1999-0244
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: NAI:NAI-23

Livingston RADIUS code has a buffer overflow which can allow remote
execution of commands as root.

VOTE: accept

=================================
Candidate: CAN-1999-0255
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

Buffer overflow in ircd allows arbitrary command execution.

VOTE: noop

=================================
Candidate: CAN-1999-0256
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:war-ftpd

Buffer overflow in War FTP allows remote execution of commands.

VOTE: accept

=================================
Candidate: CAN-1999-0276
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF

mSQL v2.0.1 and below allows remote execution through a buffer overflow.

VOTE: accept, additional ref
Sekure SDI Advisory sekure.01-99.msql
http://www.sekure.org

=================================
Candidate: CAN-1999-0297
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: NAI:NAI-3

Buffer overflow in Vixie Cron 2.1 allows local users to obtain root
access.

VOTE: recast,  This appears to be the same as the Cron BO reported in CIAC
H-17 which affects versions of the vixie cron package up to and including
3.0

=================================
Candidate: CAN-1999-0315
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:fdformat-bo

Buffer overflow in Solaris fdformat command gives root access to local
users.

VOTE: accept, add ref
Sun Security Bulletin 00138
http://sunsolve.sun.com/

=================================
Candidate: CAN-1999-0317
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:su-bo

Buffer overflow in Linux su command gives root access to local
users.

VOTE: noop
=================================
Candidate: CAN-1999-0318
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:xmcd-envbo

Buffer overflow in xmcd 2.0p12 allows local users to gain access
through an environmental variable.

VOTE: noop

=================================
Candidate: CAN-1999-0319
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:xmcd-tiflestr

Buffer overflow in xmcd 2.1 allows local users to gain access
through a user resource setting.

VOTE: noop

=================================
Candidate: CAN-1999-0339
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: XF:sol-sun-libauth

Buffer overflow in the libauth library in Solaris allows local users
to gain additional privileges, possibly root access.

VOTE: accept, Sun never did release a bulletin for this BO but did release
patches for affected systems.add ref,
RSI Alert Advisory RSI.0007.05-26-98
www.repsec.com

=================================
Candidate: CAN-1999-0373
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: ISS:Buffer Overflow in "Super" package in Debian Linux

Buffer overflow in the "Super" utility in Debian Linux and other
operating systems allows local users to execute commands as root.

VOTE: accept

=================================
Candidate: CAN-1999-0375
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: NAI:February 16, 1999
Reference: BUGTRAQ:Feb16,1999

Buffer overflow in webd in Network Flight Recorder (NFR)
2.0.2-Research allows remote attackers to execute commands.

VOTE: noop

=================================
Candidate: CAN-1999-0405
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990623
Assigned: 19990607
Category: SF
Reference: HERT:002
Reference: BUGTRAQ:Feb18,1999

A buffer overflow in lsof allows local users to obtain root
privilege.

VOTE: accept
Page Last Updated or Reviewed: May 22, 2007