|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PROPOSAL: Cluster 16 - NOREFS (23 candidates)
- To: cve-editorial-board-list@lists.mitre.org
- Subject: PROPOSAL: Cluster 16 - NOREFS (23 candidates)
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Date: Wed, 14 Jul 1999 02:30:49 -0400 (EDT)
- Sender: owner-cve-editorial-board-list@lists.mitre.org
The following NOREFS cluster contains 23 candidates. None of these candidates has a public reference, although they were likely obtained from some security tool database. I looked for a vendor advisory for most of these candidates and wasn't able to find one. Proposed: 7/13 Scheduled Proposed: 7/6 Scheduled Interim Decision: 7/19 Scheduled Final Decision: 7/23 - Steve Summary of votes to use (in ascending order of "severity"): ACCEPT - member accepts the candidate as proposed NOOP - member has no opinion on the candidate MODIFY - member wants to change some minor detail (e.g. reference/description) REVIEWING - member is reviewing/researching the candidate RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. ================================= Candidate: CAN-1999-0020 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Buffer overflow in Linux lpr command gives root access. VOTE: ================================= Candidate: CAN-1999-0107 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Buffer overflow in HTTP Apache 1.2 or earlier, up to 1.2.5. VOTE: ================================= Candidate: CAN-1999-0110 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Buffer overflow in fbformat command in Solaris. VOTE: ================================= Candidate: CAN-1999-0114 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Local users can execute commands as other users, and read other users' files, through the filter command in the Elm elm-2.4 mail package using a symlink attack. VOTE: ================================= Candidate: CAN-1999-0115 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF AIX bugfiler program allows local users to gain root access. VOTE: ================================= Candidate: CAN-1999-0118 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF AIX infod allows local users to gain root access through an X display. VOTE: ================================= Candidate: CAN-1999-0194 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Denial of service in in.comsat allows attackers to generate messages. VOTE: ================================= Candidate: CAN-1999-0195 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Denial of service in RPC portmapper allows attackers to register or unregister RPC services, or spoof RPC services. VOTE: ================================= Candidate: CAN-1999-0200 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF WFTP would allow an attacker to log into the FTP server using any username and password. VOTE: ================================= Candidate: CAN-1999-0210 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Automount daemon in Solaris allows local or remote users privileged access, and access to remote users in conjunction with rpc.statd. VOTE: ================================= Candidate: CAN-1999-0217 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems. VOTE: ================================= Candidate: CAN-1999-0218 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Livingston portmaster machines could be rebooted via a series of commands. VOTE: ================================= Candidate: CAN-1999-0222 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Denial of service in Cisco IOS web server allows attackers to reboot the router using a long URL. VOTE: ================================= Candidate: CAN-1999-0223 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry. VOTE: ================================= Candidate: CAN-1999-0227 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Denial of service in LSASS.EXE program in Windows NT. VOTE: ================================= Candidate: CAN-1999-0229 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Denial of service in Windows NT IIS server using ..\.. VOTE: ================================= Candidate: CAN-1999-0239 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. VOTE: ================================= Candidate: CAN-1999-0242 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Remote attackers can access mail files via POP3 in some Linux systems that are using shadow passwords. VOTE: ================================= Candidate: CAN-1999-0243 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Linux cfingerd could be exploited to gain root access. VOTE: ================================= Candidate: CAN-1999-0249 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Windows NT RSHSVC program allows remote users to execute arbitrary commands. VOTE: ================================= Candidate: CAN-1999-0286 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF In some NT web servers, appending a space at the end of a URL may allows attackers to read source code for active pages. VOTE: ================================= Candidate: CAN-1999-0287 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Vulnerability in the Wguest CGI program. VOTE: ================================= Candidate: CAN-1999-0330 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: SF Linux bdash game has a buffer overflow that allows local users to gain root access. VOTE:
- Follow-Ups:
- Re: PROPOSAL: Cluster 16 - NOREFS (23 candidates)
- From: Adam Shostack <adam@netect.com>
- Re: PROPOSAL: Cluster 16 - NOREFS (23 candidates)
- Prev by Date: PROPOSAL: Cluster 15 - ONEREF (43 candidates)
- Next by Date: PROPOSAL: Cluster 17 - MULT2 (14 candidates)
- Prev by thread: PROPOSAL: Cluster 15 - ONEREF (43 candidates)
- Next by thread: Re: PROPOSAL: Cluster 16 - NOREFS (23 candidates)
- Index(es):