[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: First candidate cluster for validation: CERT



On Wed, Jun 09, 1999 at 01:26:56PM -0400, Steven M. Christey wrote:
| Here's the first review that came in from Steve Northcutt.  I've
| forwarded it along to the list.  I'll comment on his non-ACCEPTs
| later.

I comment here only on Steve's non-accepts, and will add full comments 
on the bulk later.

| ------------------------------------------
| Candidate: CAN-1999-0017
| Proposer: 001
| Assigned: 19990607
| Announced: 19990607
| Category: SF
| Reference: CERT:CA-97.27.FTP_bounce
| Reference: XF:ftp-bounce
| Reference: XF:ftp-privileged-port
| 
| FTP bounce attack to connect to arbitrary ports on machines other than
| the FTP client.
| MODIFY - the primary vulnerability is in some FTP server implementations
| that allow this as opposed to the actual connecting to the ports

I don't think that the text of the CVE entry says where the
vulnerability is, and have NO OPINION here.

| Candidate: CAN-1999-0067
| Proposer: 001
| Assigned: 19990607
| Announced: 19990607
| Category: SF
| Reference: CERT:CA-96.06.cgi_example_code
| Reference: XF:http-cgi-phf
| 
| CGI phf program allows remote command execution
| MODIFY, this is not about phf it is about escape_shell_cmd(),
| you had the same thing with php and so forth.

I disagree, failure to properly handle shell commands in input is not
the appropriate level of abstraction, and suggest ACCEPT

| ------------------------------------------
| Candidate: CAN-1999-0513
| Proposer: 001
| Assigned: 19990607
| Announced: 19990607
| Category: CF
| Reference: CERT:CA-98.01.smurf
| Reference: FreeBSD:FreeBSD-SA-98:06
| Reference: XF:smurf
| 
| ICMP messages to broadcast addresses are allowed, allowing for a
| Smurf attack that can cause a denial of service.
| 
| MODIFY - If you put it this way then ping mapping becomes part of 
| smurf.  I would consider calling the vulnerability ICMP to broadcast
| addresses
| and in the text state allowing for a Smurf denial or service or ICMP ping
| mapping
| to acquire intelligence data about a network.

I believe that ping mapping is indeed part of smurf, and suggest ACCEPT.



Page Last Updated or Reviewed: May 22, 2007