[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
PROPOSAL: Cluster 14 - RESTLOW (39 candidates)
The following cluster contains the remaining low-controversy
candidates.
Phase schedule:
scheduled-modification 7/7
scheduled-interim 7/12
scheduled-final 7/16
Assuming a 50% ACCEPT rate for all low-vulnerability clusters and no
significant slippage in Interim Decision dates, the Editorial Board
will have validated approximately 140 vulnerabilities by July 16th.
Note that I have cleansed today's proposed clusters to remove
vulnerabilities that could be affected by content decision debates
(why don't I just go and start calling them "content meta-decisions"
;-)
- Steve
Summary of votes to use (in ascending order of "severity"):
ACCEPT - member accepts the candidate as proposed
NOOP - member has no opinion on the candidate
MODIFY - member wants to change some minor detail (e.g. reference/description)
REVIEWING - member is reviewing/researching the candidate
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.
Please write your vote on the line that starts with "VOTE: ". If you
want to add comments or details, add them to lines after the VOTE: line.
=================================
Candidate: CAN-1999-0037
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.14.metamail
Arbitrary command execution via metamail package using message
headers, when user processes attacker's message using metamail.
VOTE:
=================================
Candidate: CAN-1999-0059
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: NAI:NAI-16
Reference: XF:irix-fam
IRIX fam service allows an attacker to obtain a list of all files
on the server.
VOTE:
=================================
Candidate: CAN-1999-0061
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: NAI:NAI-20
Reference: XF:bsd-lpd
File creation and deletion, and remote execution, in the BSD
line printer daemon (lpd).
VOTE:
=================================
Candidate: CAN-1999-0084
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:nfs-mknod
NFS mknod bug
VOTE:
=================================
Candidate: CAN-1999-0095
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:smtp-debug
Sendmail debug command allows attackers to execute root commands
VOTE:
=================================
Candidate: CAN-1999-0096
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:smtp-dcod
Sendmail decode alias can be used to overwrite sensitive files
VOTE:
=================================
Candidate: CAN-1999-0145
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Sendmail WIZ command enabled, allowing root access.
VOTE:
=================================
Candidate: CAN-1999-0150
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
The Perl fingerd program allows arbitrary command execution from
remote users.
VOTE:
=================================
Candidate: CAN-1999-0151
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: CERT:CA-95.07a.REVISED.satan.vul
Reference: CERT:CA-95.06.satan.vul
The SATAN session key may be disclosed if the user points the web
browser to other sites, possibly allowing root access.
VOTE:
=================================
Candidate: CAN-1999-0152
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:dgux-fingerd
The DG/UX finger daemon allows remote command execution.
VOTE:
=================================
Candidate: CAN-1999-0167
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:nfs-guess
In SunOS, NFS file handles could be guessed, giving unauthorized
access to the exported file system.
VOTE:
=================================
Candidate: CAN-1999-0175
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:http-nov-convert
The convert.bas program in the Novell web server allows a remote
attackers to read any file on the system that is internally accessible
by the web server.
VOTE:
=================================
Candidate: CAN-1999-0183
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:linux-tftp
Linux implementations of TFTP would allow access to files outside the
restricted directory.
VOTE:
=================================
Candidate: CAN-1999-0202
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:ftp-exectar
The GNU tar command, when used in FTP sessions, may allow an attacker
to execute arbitrary commands.
VOTE:
=================================
Candidate: CAN-1999-0203
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
In Sendmail, attackers can gain root privileges via SMTP by specifying
an improper "mail from" address and an invalid "rcpt to" address that would
cause the mail to bounce to a program.
VOTE:
=================================
Candidate: CAN-1999-0204
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Sendmail 8.6.9 allows remote attackers to execute root commands, using
ident.
VOTE:
=================================
Candidate: CAN-1999-0205
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Denial of service in Sendmail 8.6.11 and 8.6.12.
VOTE:
=================================
Candidate: CAN-1999-0241
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:http-xguess-cookie
Guessable magic cookies in X Windows allows remote attackers to
execute commands, e.g. through xterm.
VOTE:
=================================
Candidate: CAN-1999-0245
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:linux-plus
Some configurations of NIS+ in Linux allowed attackers
to log in as the user "+"
VOTE:
=================================
Candidate: CAN-1999-0246
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:hp-remote
HP Remote Watch allows a remote user to gain root access.
VOTE:
=================================
Candidate: CAN-1999-0260
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
The jj CGI program allows command execution via shell metacharacters.
VOTE:
=================================
Candidate: CAN-1999-0280
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Remote command execution in Microsoft Internet Explorer using .lnk and
.url files.
VOTE:
=================================
Candidate: CAN-1999-0281
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Denial of service in IIS using long URLs.
VOTE:
=================================
Candidate: CAN-1999-0289
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
The Apache web server for Win32 may provide access to restricted
files when a . (dot) is appended to a requested URL.
VOTE:
=================================
Candidate: CAN-1999-0290
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Denial of service in the Telnet proxy in WinGate.
VOTE:
=================================
Candidate: CAN-1999-0291
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Remote users can redirect their connections through a WinGate proxy.
VOTE:
=================================
Candidate: CAN-1999-0304
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:bsd-mmap
Reference: FreeBSD:FreeBSD-SA-98:02
mmap function in BSD allows local attackers in the kmem group to
modify memory through devices.
VOTE:
=================================
Candidate: CAN-1999-0322
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: FreeBSD:FreeBSD-SA-97:05
Reference: XF:freebsd-open
The open() function in FreeBSD allows local attackers to write
to arbitrary files.
VOTE:
=================================
Candidate: CAN-1999-0323
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: FreeBSD:FreeBSD-SA-98:04
FreeBSD mmap function allows users to modify append-only or immutable
files.
VOTE:
=================================
Candidate: CAN-1999-0350
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: L0PHT:Jan8,1999
Race condition in the db_loader program in ClearCase gives local
users root access by setting SUID bits.
VOTE:
=================================
Candidate: CAN-1999-0388
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:datalynx-suguard-relative-paths
Reference: L0PHT:Jan3,1999
DataLynx suGuard trusts the PATH environment variable to execute the
ps command, allowing local users to execute commands as root.
VOTE:
=================================
Candidate: CAN-1999-0391
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: L0PHT:Jan. 5, 1999
The cryptographic challenge of SMB authentication in Windows 95 and
Windows 98 is reused, allowing an attacker to replay the response and
inpersonate a user.
VOTE:
=================================
Candidate: CAN-1999-0395
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: ISS:Vulnerability in the BackWeb Polite Agent Protocol
A race condition in the BackWeb Polite Agent Protocol allows an
attacker to spoof a BackWeb server.
VOTE:
=================================
Candidate: CAN-1999-0421
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: ISS:Short-Term High-Risk Vulnerability During Slackware 3.6 Network Installations
During a reboot after an installation of Linux Slackware 3.6, a remote
attacker can obtain root access by logging in to the root account
without a password.
VOTE:
=================================
Candidate: CAN-1999-0458
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan6,1999
L0phtcrack 2.5 used temporary files in the system TEMP directory which
could contain password information.
VOTE:
=================================
Candidate: CAN-1999-0494
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: SF
Reference: XF:wingate-pop3-user-bo
Denial of service in WinGate proxy through a buffer overflow in
POP3.
VOTE:
=================================
Candidate: CAN-1999-0498
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: CF
TFTP is not running in a restricted directory, allowing a remote
attacker to access sensitive information such as password files.
VOTE:
=================================
Candidate: CAN-1999-0514
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: CF
UDP messages to broadcast addresses are allowed, allowing for a
Fraggle attack.
VOTE:
=================================
Candidate: CAN-1999-0526
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990630
Assigned: 19990607
Category: CF
An X server has no access control and allows anyone to connect to the
display, e.g. through an "xhost +" command.
VOTE: