[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

INTERIM DECISION: ACCEPT 11 candidates from VEN-SUN (Final 7/5)


I have made an Interim Decision to ACCEPT the following candidates
from VEN-SUN.  I will make a Final Decision on July 5th.

The remaining candidates in VEN-SUN are affected by the current
content decision debates.

- Steve


=================================
Candidate: CAN-1999-0054
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00171
Reference: XF:sun-ftpd

Sun's ftpd daemon is subject to a denial of service

Modifications:
  ADDREF XF:sun-ftpd

VOTES:
ACCEPT (3) Northcutt, Christey, Prosser
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:sun-ftpd


=================================
Candidate: CAN-1999-0056
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00174
Reference: XF:sun-ping

Buffer overflow in Sun's ping program can give root access to local users.

VOTES:
ACCEPT (4) Frech, Northcutt, Christey, Prosser

=================================
Candidate: CAN-1999-0069
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00169
Reference: XF:sun-ufsrestore

Solaris ufsrestore buffer overflow.

Modifications:
  ADDREF XF:sun-ufsrestore

VOTES:
ACCEPT (3) Northcutt, Christey, Prosser
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:sun-ufsrestore


=================================
Candidate: CAN-1999-0188
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00182
Reference: XF:sun-passwd-dos

The passwd command in Solaris could be subjected to a denial of service.

VOTES:
ACCEPT (4) Frech, Northcutt, Christey, Prosser

=================================
Candidate: CAN-1999-0263
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00173
Reference: XF:sun-sunwadmap

Solaris SUNWadmap can be exploited to obtain root access.

VOTES:
ACCEPT (4) Frech, Northcutt, Christey, Prosser

=================================
Candidate: CAN-1999-0296
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00162
Reference: XF:sun-volrmmount

Solaris volrmmount program allows attackers to read any file.

VOTES:
ACCEPT (4) Frech, Northcutt, Christey, Prosser

=================================
Candidate: CAN-1999-0300
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00155
Reference: XF:sun-niscache

nis_cachemgr for Solaris NIS+ allows attackers to add malicious
NIS+ servers.

VOTES:
ACCEPT (4) Frech, Northcutt, Christey, Prosser

=================================
Candidate: CAN-1999-0301
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00149
Reference: AUSCERT:AUSCERT-97.17
Reference: XF:sun-ps2bo

Buffer overflow in SunOS/Solaris ps command.

VOTES:
ACCEPT (4) Frech, Northcutt, Christey, Prosser

=================================
Candidate: CAN-1999-0302
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00176
Reference: XF:sun-ftp-server

SunOS/Solaris FTP clients can be forced to execute arbitrary commands
from a malicious FTP server.

VOTES:
ACCEPT (4) Frech, Northcutt, Christey, Prosser

=================================
Candidate: CAN-1999-0320
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00166
Reference: XF:sun-rpc.cmsd

SunOS rpc.cmsd allows attackers to obtain root access by overwriting
arbitrary files.

Modifications:
  ADDREF XF:sun-rpc.cmsd

VOTES:
ACCEPT (3) Northcutt, Christey, Prosser
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:sun-rpc.cmsd


=================================
Candidate: CAN-1999-0369
Published: 
Final-Decision: 
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SUN:00183
Reference: XF:sun-sdtcm-convert-bo

The Sun sdtcm_convert calendar utility for OpenWindows has a buffer
overflow which can gain root access.

Modifications:
  ADDREF XF:sun-sdtcm-convert-bo

VOTES:
ACCEPT (3) Northcutt, Christey, Prosser
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:sun-sdtcm-convert-bo
Page Last Updated or Reviewed: May 22, 2007