FINAL DECISION: ACCEPT 16 candidates from CERT MODIFY-01

To: cve-review@linus.mitre.org
Subject: FINAL DECISION: ACCEPT 16 candidates from CERT MODIFY-01
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Mon, 5 Jul 1999 19:11:15 -0400 (EDT)

I have made a Final Decision to ACCEPT the 16 candidates listed below.
38 of the original 60 CERT candidates have been accepted.  It has been
almost a month since they were originally proposed.

The candidates are assigned CVE names as indicated.  Voting details
and comments are provided afterwards.


Candidate Number	CVE Name	Votes
----------------	----------	-----
CAN-1999-0003		CVE-1999-0003	ACCEPT(4)
CAN-1999-0049		CVE-1999-0049	ACCEPT(4)
CAN-1999-0051		CVE-1999-0051	ACCEPT(4)
CAN-1999-0117		CVE-1999-0117	ACCEPT(4)
CAN-1999-0130		CVE-1999-0130	ACCEPT(4)
CAN-1999-0131		CVE-1999-0131	ACCEPT(4)
CAN-1999-0134		CVE-1999-0134	ACCEPT(3) MODIFY(1)
CAN-1999-0135		CVE-1999-0135	ACCEPT(4)
CAN-1999-0136		CVE-1999-0136	ACCEPT(4)
CAN-1999-0137		CVE-1999-0137	ACCEPT(4)
CAN-1999-0141		CVE-1999-0141	ACCEPT(3) MODIFY(1)
CAN-1999-0155		CVE-1999-0155	ACCEPT(4)
CAN-1999-0164		CVE-1999-0164	ACCEPT(4)
CAN-1999-0209		CVE-1999-0209	ACCEPT(4)
CAN-1999-0267		CVE-1999-0267	ACCEPT(3) MODIFY(1)
CAN-1999-0277		CVE-1999-0277	ACCEPT(4)




=================================
Candidate: CAN-1999-0003
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990621-01
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:aix-ttdbserver
Reference: XF:tooltalk
Reference: CERT:CA-98.11.tooltalk
Reference: NAI:NAI-29
Reference: SGI:19981101-01-A
Reference: SGI:19981101-01-PX

Execute commands as root via buffer overflow in Tooltalk database
server (rpc.ttdbserverd)

Modifications:
  ADDREF XF:aix-ttdbserver
  ADDREF XF:tooltalk

VOTES:
ACCEPT (4) Shostack, Landfield, Frech, Northcutt

=================================
Candidate: CAN-1999-0049
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990621-01
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:sgi-csetup
Reference: CERT:CA-97.03.csetup

Csetup under IRIX allows arbitrary file creation or overwriting.

Modifications:
  ADDREF XF:sgi-csetup

VOTES:
ACCEPT (4) Shostack, Landfield, Frech, Northcutt

=================================
Candidate: CAN-1999-0051
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990621-01
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:sgi-licensemanager
Reference: CERT:CA-97.01.flex_lm
Reference: AUSCERT:AA-96.03

Arbitrary file creation and program execution using FLEXlm
LicenseManager, from versions 4.0 to 5.0, in IRIX.

Modifications:
  ADDREF XF:sgi-licensemanager

VOTES:
ACCEPT (4) Shostack, Landfield, Frech, Northcutt

=================================
Candidate: CAN-1999-0117
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990621-01
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:ibm-passwd
Reference: CERT:CA-92:07.AIX.passwd.vulnerability

AIX passwd allows local users to gain root access.

Modifications:
  ADDREF XF:ibm-passwd

VOTES:
ACCEPT (4) Shostack, Landfield, Frech, Northcutt

=================================
Candidate: CAN-1999-0130
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990621-01
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:sendmail-daemon-mode
Reference: CERT:CA-96.24.sendmail.daemon.mode

Local users can start Sendmail in daemon mode and gain root privileges.

Modifications:
  ADDREF XF:sendmail-daemon-mode

VOTES:
ACCEPT (4) Shostack, Landfield, Frech, Northcutt

=================================
Candidate: CAN-1999-0131
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990621-01
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:smtp-875bo
Reference: CERT:CA-96.20.sendmail_vul

Buffer overflow and denial of service in Sendmail 8.7.5 and
earlier through GECOS field gives root access to local users.

Modifications:
  ADDREF XF:smtp-875bo

VOTES:
ACCEPT (4) Shostack, Landfield, Frech, Northcutt

=================================
Candidate: CAN-1999-0134
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990628-02
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:sol-voldtmp
Reference: CERT:CA-96.17.Solaris_vold_vul
Reference: AUSCERT:AL-96.04

vold in Solaris 2.x allows local users to gain root access.

Modifications:
  DESC added period at end of sentence
  ADDREF XF:sol-voldtmp

VOTES:
ACCEPT (3) Shostack, Landfield, Northcutt
MODIFY (1) Frech

COMMENTS:
 Frech> Period follows the end of a sentence in the description.


=================================
Candidate: CAN-1999-0135
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990621-01
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:sun-admintool
Reference: CERT:CA-96.16.Solaris_admintool_vul
Reference: AUSCERT:AL-96.03

admintool in Solaris allows a local user to write to arbitrary files
and gain root access.

Modifications:
  ADDREF XF:sun-admintool

VOTES:
ACCEPT (4) Shostack, Landfield, Frech, Northcutt

=================================
Candidate: CAN-1999-0136
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990621-01
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:sol-KCMSvuln
Reference: AUSCERT:AL-96.02
Reference: CERT:CA-96.15.Solaris_KCMS_vul

Kodak Color Management System (KCMS) on Solaris allows a local user to
write to arbitrary files and gain root access.

Modifications:
  ADDREF XF:sol-KCMSvuln

VOTES:
ACCEPT (4) Shostack, Landfield, Frech, Northcutt

=================================
Candidate: CAN-1999-0137
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990621-01
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:linux-dipbo
Reference: CERT:CA-96.13.dip_vul
Reference: XF:dip-bo

The dip program on many Linux systems allows local users to gain root
access via a buffer overflow.

Modifications:
  ADDREF XF:linux-dipbo

VOTES:
ACCEPT (4) Shostack, Landfield, Frech, Northcutt

=================================
Candidate: CAN-1999-0141
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990628-02
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:http-java-applet
Reference: CERT:CA-96.07.java_bytecode_verifier
Reference: SUN:00134

Java Bytecode Verifier allows malicious applets to execute
arbitrary commands as the user of the applet.

Modifications:
  DESC changed to present tense
  ADDREF XF:http-java-applet

VOTES:
ACCEPT (3) Shostack, Landfield, Northcutt
MODIFY (1) Frech

COMMENTS:
 Frech> "allows malicious applets..." since this vuln relates to the time
 Frech> when this vulnerability existed.


=================================
Candidate: CAN-1999-0155
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990621-01
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:gscript-dsafer
Reference: CERT:CA-95.10.ghostscript

The ghostscript command with the -dSAFER option allows remote
attackers to execute commands.

Modifications:
  ADDREF XF:gscript-dsafer

VOTES:
ACCEPT (4) Shostack, Landfield, Frech, Northcutt

=================================
Candidate: CAN-1999-0164
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990621-01
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:sol-pstmprace
Reference: AUSCERT:AA-95.07
Reference: CERT:CA-95.09.Solaris.ps.vul

A race condition in the Solaris ps command allows an attacker to
overwrite critical files.

Modifications:
  ADDREF XF:sol-pstmprace

VOTES:
ACCEPT (4) Shostack, Landfield, Frech, Northcutt

=================================
Candidate: CAN-1999-0209
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990621-01
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:selsvc
Reference: CERT:CA-90.05.sunselection.vulnerability

The SunView (SunTools) selection_svc facility allows remote users to
read files.

Modifications:
  ADDREF XF:selsvc

VOTES:
ACCEPT (4) Shostack, Landfield, Frech, Northcutt

=================================
Candidate: CAN-1999-0267
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990628-02
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:http-port
Reference: CERT:CA-95.04.NCSA.http.daemon.for.unix.vulnerability

Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.

Modifications:
  DESC changed to present tense
  ADDREF XF:http-port

VOTES:
ACCEPT (3) Shostack, Landfield, Northcutt
MODIFY (1) Frech

COMMENTS:
 Frech> "allows remote..." (keeping it in present tense)


=================================
Candidate: CAN-1999-0277
Published: 
Final-Decision: 19990705
Interim-Decision: 19990628
Modified: 19990621-01
Announced: 19990607
Assigned: 19990607
Category: SF
Reference: XF:workman
Reference: CERT:CA-96.23.workman_vul

The WorkMan program can be used to overwrite any file to get root access.

Modifications:
  ADDREF XF:workman

VOTES:
ACCEPT (4) Shostack, Landfield, Frech, Northcutt
Prev by Date: RE: List configuration question: Reply to Sender, or to List?
Next by Date: FINAL DECISION: ACCEPT 3 candidates from CERT cluster
Prev by thread: Final Decision on Same Attack/Same Codebase to occur next Friday
Next by thread: FINAL DECISION: ACCEPT 3 candidates from CERT cluster
Index(es):
- Date
- Thread