[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Re: PROPOSAL: Cluster 16 - NOREFS (23 candidates)
On Wed, Jul 14, 1999 at 02:30:49AM -0400, Steven M. Christey wrote:
| The following NOREFS cluster contains 23 candidates. None of these
| candidates has a public reference, although they were likely obtained
| from some security tool database. I looked for a vendor advisory for
| most of these candidates and wasn't able to find one.
|
| Proposed: 7/13
| Scheduled Proposed: 7/6
| Scheduled Interim Decision: 7/19
| Scheduled Final Decision: 7/23
|
| - Steve
|
|
|
| Summary of votes to use (in ascending order of "severity"):
|
| ACCEPT - member accepts the candidate as proposed
| NOOP - member has no opinion on the candidate
| MODIFY - member wants to change some minor detail (e.g. reference/description)
| REVIEWING - member is reviewing/researching the candidate
| RECAST - candidate must be significantly modified, e.g. split or merged
| REJECT - candidate is "not a vulnerability", or a duplicate, etc.
|
| Please write your vote on the line that starts with "VOTE: ". If you
| want to add comments or details, add them to lines after the VOTE: line.
|
|
| =================================
| Candidate: CAN-1999-0020
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Buffer overflow in Linux lpr command gives root access.
|
| VOTE: NOOP
|
| =================================
| Candidate: CAN-1999-0107
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Buffer overflow in HTTP Apache 1.2 or earlier, up to 1.2.5.
|
| VOTE: noop
|
| =================================
| Candidate: CAN-1999-0110
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Buffer overflow in fbformat command in Solaris.
|
| VOTE: noop
|
| =================================
| Candidate: CAN-1999-0114
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Local users can execute commands as other users, and read other users'
| files, through the filter command in the Elm elm-2.4 mail package
| using a symlink attack.
|
| VOTE: accept
|
| =================================
| Candidate: CAN-1999-0115
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| AIX bugfiler program allows local users to gain root access.
|
| VOTE: noop
|
| =================================
| Candidate: CAN-1999-0118
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| AIX infod allows local users to gain root access through an X display.
|
| VOTE: noop
|
| =================================
| Candidate: CAN-1999-0194
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Denial of service in in.comsat allows attackers to generate messages.
|
| VOTE: accept
|
| =================================
| Candidate: CAN-1999-0195
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Denial of service in RPC portmapper allows attackers to register or
| unregister RPC services, or spoof RPC services.
|
| VOTE: accept
|
| =================================
| Candidate: CAN-1999-0200
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| WFTP would allow an attacker to log into the FTP server using any
| username and password.
|
| VOTE: modify. WFTP is not sufficient; is this wu-, ws-, war-, or
another?
|
| =================================
| Candidate: CAN-1999-0210
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Automount daemon in Solaris allows local or remote users privileged access,
| and access to remote users in conjunction with rpc.statd.
|
| VOTE: modify I think there was an SNI advisory on this
|
| =================================
| Candidate: CAN-1999-0217
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Malicious option settings in UDP packets could force a reboot in SunOS
| 4.1.3 systems.
|
| VOTE: modify, make Andre give us a reference. :)
|
| =================================
| Candidate: CAN-1999-0218
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Livingston portmaster machines could be rebooted via a series
| of commands.
|
| VOTE: accept
|
| =================================
| Candidate: CAN-1999-0222
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Denial of service in Cisco IOS web server allows attackers to reboot
| the router using a long URL.
|
| VOTE: modify. I follow cisco announcements and problems pretty
closely, and haven't seen this. Source?
|
| =================================
| Candidate: CAN-1999-0223
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Solaris syslogd crashes when receiving a message from a host that
| doesn't have an inverse DNS entry.
|
| VOTE: noop
|
| =================================
| Candidate: CAN-1999-0227
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Denial of service in LSASS.EXE program in Windows NT.
|
| VOTE: accept
|
| =================================
| Candidate: CAN-1999-0229
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Denial of service in Windows NT IIS server using ..\..
|
| VOTE: accept
|
| =================================
| Candidate: CAN-1999-0239
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Netscape FastTrack Web server lists files when a lowercase "get"
| command is used instead of an uppercase GET.
|
| VOTE: modify, needs ref
|
| =================================
| Candidate: CAN-1999-0242
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Remote attackers can access mail files via POP3 in some Linux systems
| that are using shadow passwords.
|
| VOTE: noop
|
| =================================
| Candidate: CAN-1999-0243
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Linux cfingerd could be exploited to gain root access.
|
| VOTE: accept
|
| =================================
| Candidate: CAN-1999-0249
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Windows NT RSHSVC program allows remote users to execute arbitrary
| commands.
|
| VOTE: noop
|
| =================================
| Candidate: CAN-1999-0286
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| In some NT web servers, appending a space at the end of a URL may
| allows attackers to read source code for active pages.
|
| VOTE: accept
|
| =================================
| Candidate: CAN-1999-0287
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Vulnerability in the Wguest CGI program.
|
| VOTE: modify, allows file reading
|
| =================================
| Candidate: CAN-1999-0330
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990714
| Assigned: 19990607
| Category: SF
|
| Linux bdash game has a buffer overflow that allows local users to
| gain root access.
|
| VOTE: noop