|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Cluster 02: VEN-AIX
- To: "Prosser, Mike" <mike.prosser@l-3security.com>
- Subject: RE: Cluster 02: VEN-AIX
- From: "Andre Frech (ISS)" <afrech@iss.net>
- Date: Wed, 30 Jun 1999 17:41:43 -0400
- Cc: "CVE Review List" <cve-review@linus.mitre.org>
- Importance: Normal
- In-Reply-To: <FD38C4FC4464D211A06900A0C9E47AE03D6254@catbert.l-3security.com>
- Reply-To: <afrech@iss.net>
Don't worry; you're not the only one... > -----Original Message----- > From: Prosser, Mike [mailto:mike.prosser@L-3Security.com] > Sent: Wednesday, June 30, 1999 3:49 PM > To: cve-review@linus.mitre.org > Subject: RE: Cluster 02: VEN-AIX > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Yes, > I know I am behind but humor me, it's been a rough couple of weeks!!! > - -mike > > - -----Original Message----- > From: Steven M. Christey [mailto:coley@linus.mitre.org] > Sent: Thursday, June 17, 1999 2:06 PM > To: cve-review@linus.mitre.org > Subject: Cluster 02: VEN-AIX > > > > This cluster has 10 vulnerabilities. > > > - ------------------------------------------ > Candidate: CAN-1999-0072 > Proposer: 001 > Assigned: 19990617 > Announced: 19990617 > Category: SF > Reference: ERS:ERS-SVA-E01-1997:004.1 > > Buffer overflow in AIX xdat gives root access to local users. > > Accept > > > - ------------------------------------------ > Candidate: CAN-1999-0086 > Proposer: 001 > Assigned: 19990617 > Announced: 19990617 > Category: SF > Reference: ERS:ERS-SVA-E01-1998:001.1 > > AIX routed allows remote users to modify sensitive files. > > Modify: This vulnerability allows debug mode to be turned on which is > the problem. Should this be more specific in the description? This > one also affects SGI OSes, ref SGI Security Advisory 19981004-PX which > is in the SGI cluster, shouldn't these be cross-referenced as the same > vuln affects multiple OSes. > > - ------------------------------------------ > Candidate: CAN-1999-0088 > Proposer: 001 > Assigned: 19990617 > Announced: 19990617 > Category: SF > Reference: ERS:ERS-SVA-E01-1998:004.1 > > IRIX and AIX automountd services (autofsd) allow remote users to > execute root commands. > Modify: Include the SGI Alert as well since it is mentioned in the > description. > SGI Security Advisory 19981005-01-PX > > - ------------------------------------------ > Candidate: CAN-1999-0089 > Proposer: 001 > Assigned: 19990617 > Announced: 19990617 > Category: SF > Reference: ERS:ERS-SVA-E01-1997:005.1 > > Buffer overflow in AIX libDtSvc library can allow local users > to gain root access. > > Modify: The overflow is in the dtaction utility. Also affects > dtaction in the CDE on versions of SunOS (SUN 164). Probably should be > specific. > - ------------------------------------------ > Candidate: CAN-1999-0090 > Proposer: 001 > Assigned: 19990617 > Announced: 19990617 > Category: SF > Reference: ERS:ERS-SVA-E01-1997:005.1 > > Buffer overflow in AIX rcp command allows local users to obtain > root access. > > Accept > - ------------------------------------------ > Candidate: CAN-1999-0091 > Proposer: 001 > Assigned: 19990617 > Announced: 19990617 > Category: SF > Reference: ERS:ERS-SVA-E01-1997:005.1 > > Buffer overflow in AIX writesrv command allows local users to obtain > root access. > > Accept > - ------------------------------------------ > Candidate: CAN-1999-0093 > Proposer: 001 > Assigned: 19990617 > Announced: 19990617 > Category: SF > Reference: ERS:ERS-SVA-E01-1997:008.1 > > AIX nslookup command allows local users to obtain root access by not > dropping privileges correctly. > > accept > - ------------------------------------------ > Candidate: CAN-1999-0094 > Proposer: 001 > Assigned: 19990617 > Announced: 19990617 > Category: SF > Reference: ERS:ERS-SVA-E01-1997:007.1 > > AIX piodmgrsu command allows local users to gain additional > group privileges. > > Accept > - ------------------------------------------ > Candidate: CAN-1999-0097 > Proposer: 001 > Assigned: 19990617 > Announced: 19990617 > Category: SF > Reference: ERS:ERS-SVA-E01-1997:009.1 > > The AIX FTP client can be forced to execute commands from a malicious > server through shell metacharacters, i.e. in files whose name begins > with a > pipe character. > > Modify: Concur with Adam's modification > > > - ------------------------------------------ > Candidate: CAN-1999-0100 > Proposer: 001 > Assigned: 19990617 > Announced: 19990617 > Category: SF > Reference: ERS:ERS-SVA-E01-1997:002.1 > > Remote access in AIX innd 1.5.1, using control messages. > > accept > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.0.2 > > iQA/AwUBN3p2yBIUaHPadf5hEQJp1QCePG0LtqQfTfKyr/0c8Jj9zkmKw+UAmQFD > 4ivqnyIWOXg92l18+TvytgoU > =4OSd > -----END PGP SIGNATURE----- >
- References:
- RE: Cluster 02: VEN-AIX
- From: "Prosser, Mike" <mike.prosser@L-3Security.com>
- RE: Cluster 02: VEN-AIX
- Prev by Date: RE: Cluster 02: VEN-AIX
- Next by Date: RE: Cluster 06: VEN-others
- Prev by thread: RE: Cluster 02: VEN-AIX
- Next by thread: Re: Cluster 02: VEN-AIX
- Index(es):