FINAL DECISION: ACCEPT 6 candidates from VEN-SGI cluster

["Steven M. Christey" <coley@linus.mitre.org>]

I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  Voting
details and comments are provided afterwards.

The CVE names for candidates that reach Final Decision should be
regarded as stable.  In the case of these and all other candidates
that reach Final Decision during this validation period, accepted
candidates won't reach Publication phase until the CVE goes fully
public.  The only difference between Publication and Final Decision is
that the CVE name is officially "announced" by MITRE during
Publication.

- Steve


Candidate       CVE Name        Votes
---------       ----------      -----
CAN-1999-0044   CVE-1999-0044	ACCEPT(3) MODIFY(1)
CAN-1999-0215   CVE-1999-0215	ACCEPT(3) MODIFY(1)
CAN-1999-0327   CVE-1999-0327	ACCEPT(3) MODIFY(1)
CAN-1999-0329   CVE-1999-0329	ACCEPT(3) MODIFY(1)
CAN-1999-0413   CVE-1999-0413	ACCEPT(3) MODIFY(1)
CAN-1999-0463   CVE-1999-0463	ACCEPT(3) MODIFY(1)


=================================
Candidate: CAN-1999-0044
Published: 
Final-Decision: 19990706
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SGI:19970301-01-P
Reference: XF:sgi-fsdump

fsdump command in IRIX allows local users to obtain root access
by modifying sensitive files.

Modifications:
  CHANGEREF HP:19970301-01-P SGI:19970301-01-P
  CHANGEREF ISS:sgi-fsdump XF:sgi-fsdump

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> HP reference should probably be SGI
 Frech> ISS reference should be XF


=================================
Candidate: CAN-1999-0215
Published: 
Final-Decision: 19990706
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SGI:19981004-01-PX
Reference: CIAC:J-012
Reference: XF:ripapp

Routed allows attackers to append data to files.

Modifications:
  ADDREF XF:ripapp

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:ripapp


=================================
Candidate: CAN-1999-0327
Published: 
Final-Decision: 19990706
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SGI:19971103-01-PX
Reference: XF:sgi-syserr

SGI syserr program allows local users to corrupt files.

Modifications:
  ADDREF XF:sgi-syserr

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:sgi-syserr


=================================
Candidate: CAN-1999-0329
Published: 
Final-Decision: 19990706
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SGI:19980602-01-PX
Reference: XF:sgi-mediad

SGI mediad program allows local users to gain root access.

Modifications:
  ADDREF XF:sgi-mediad

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:sgi-mediad


=================================
Candidate: CAN-1999-0413
Published: 
Final-Decision: 19990706
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SGI:19990301-01-PX
Reference: XF:irix-font-path-overflow

A buffer overflow in the SGI X server allows local users to gain root
access through the X server font path.

Modifications:
  ADDREF XF:irix-font-path-overflow

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:irix-font-path-overflow


=================================
Candidate: CAN-1999-0463
Published: 
Final-Decision: 19990706
Interim-Decision: 19990630
Modified: 
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: SGI:19981201-01-PX
Reference: XF:sgi-fcagent-dos

Remote attackers can perform a denial of service using IRIX fcagent.

Modifications:
  ADDREF XF:sgi-fcagent-dos

VOTES:
ACCEPT (3) Shostack, Northcutt, Christey
MODIFY (1) Frech

COMMENTS:
 Frech> Reference: XF:sgi-fcagent-dos