FINAL DECISION: ACCEPT 6 candidates from VEN-AIX cluster

To: cve-review@linus.mitre.org
Subject: FINAL DECISION: ACCEPT 6 candidates from VEN-AIX cluster
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Mon, 5 Jul 1999 19:50:08 -0400 (EDT)


I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  Voting
details and comments are provided afterwards.

Note that 2 candidates from VEN-AIX remain in Interim Decision.  They
may be affected by the Same Attack/Same Codebase content decision.

The CVE names for candidates that reach Final Decision should be
regarded as stable.  In the case of these and all other candidates
that reach Final Decision during this validation period, accepted
candidates won't reach Publication phase until the CVE goes fully
public.  The only difference between Publication and Final Decision is
that the CVE name is officially "announced" by MITRE during
Publication.

- Steve

Candidate       CVE Name        Votes
---------       ----------      -----
CAN-1999-0072   CVE-1999-0072	ACCEPT(4) MODIFY(1)
CAN-1999-0090   CVE-1999-0090	ACCEPT(4) MODIFY(1)
CAN-1999-0091   CVE-1999-0091	ACCEPT(4) MODIFY(1)
CAN-1999-0093   CVE-1999-0093	ACCEPT(4) MODIFY(1)
CAN-1999-0094   CVE-1999-0094	ACCEPT(4) MODIFY(1)
CAN-1999-0100   CVE-1999-0100	ACCEPT(4) MODIFY(1)


=================================
Candidate: CAN-1999-0072
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:004.1
Reference: XF:ibm-xdat

Buffer overflow in AIX xdat gives root access to local users.

Modifications:
  ADDREF XF:ibm-xdat

VOTES:
ACCEPT (4) Shostack, Northcutt, Christey, Prosser
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:ibm-xdat


=================================
Candidate: CAN-1999-0090
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:005.1
Reference: XF:ibm-rcp

Buffer overflow in AIX rcp command allows local users to obtain
root access.

Modifications:
  ADDREF XF:ibm-rcp

VOTES:
ACCEPT (4) Shostack, Northcutt, Christey, Prosser
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:ibm-rcp


=================================
Candidate: CAN-1999-0091
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:005.1
Reference: XF:ibm-writesrv

Buffer overflow in AIX writesrv command allows local users to obtain
root access.

Modifications:
  ADDREF XF:ibm-writesrv

VOTES:
ACCEPT (4) Shostack, Northcutt, Christey, Prosser
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:ibm-writesrv


=================================
Candidate: CAN-1999-0093
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:008.1
Reference: XF:ibm-nslookup

AIX nslookup command allows local users to obtain root access by not
dropping privileges correctly.

Modifications:
  ADDREF XF:ibm-nslookup

VOTES:
ACCEPT (4) Shostack, Northcutt, Christey, Prosser
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:ibm-nslookup


=================================
Candidate: CAN-1999-0094
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:007.1
Reference: XF:ibm-piodmgrsu

AIX piodmgrsu command allows local users to gain additional
group privileges.

Modifications:
  ADDREF XF:ibm-piodmgrsu

VOTES:
ACCEPT (4) Shostack, Northcutt, Christey, Prosser
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:ibm-piodmgrsu


=================================
Candidate: CAN-1999-0100
Published: 
Final-Decision: 19990705
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:002.1
Reference: XF:inn-controlmsg

Remote access in AIX innd 1.5.1, using control messages.

Modifications:
  ADDREF XF:inn-controlmsg

VOTES:
ACCEPT (4) Shostack, Northcutt, Christey, Prosser
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:inn-controlmsg

Prev by Date: FINAL DECISION: ACCEPT 3 candidates from CERT cluster
Next by Date: FINAL DECISION: ACCEPT 11 candidates from VEN-SUN cluster
Prev by thread: FINAL DECISION: ACCEPT 3 candidates from CERT cluster
Next by thread: FINAL DECISION: ACCEPT 11 candidates from VEN-SUN cluster
Index(es):
- Date
- Thread