[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
FINAL DECISION: ACCEPT 10 candidates from VEN-ROUTER cluster
I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below. Voting
details and comments are provided afterwards.
The CVE names for candidates that reach Final Decision should be
regarded as stable. In the case of these and all other candidates
that reach Final Decision during this validation period, accepted
candidates won't reach Publication phase until the CVE goes fully
public. The only difference between Publication and Final Decision is
that the CVE name is officially "announced" by MITRE during
Publication.
- Steve
Candidate CVE Name
--------- ----------
CAN-1999-0060 CVE-1999-0060
CAN-1999-0160 CVE-1999-0160
CAN-1999-0161 CVE-1999-0161
CAN-1999-0157 CVE-1999-0157
CAN-1999-0158 CVE-1999-0158
CAN-1999-0159 CVE-1999-0159
CAN-1999-0162 CVE-1999-0162
CAN-1999-0293 CVE-1999-0293
CAN-1999-0430 CVE-1999-0430
CAN-1999-0445 CVE-1999-0445
=================================
Candidate: CAN-1999-0060
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: NAI:NAI-26
Reference: XF:ascend-config-kill
Reference: ASCEND:http://www.ascend.com/2695.html
Attackers can cause a denial of service in Ascend MAX and Pipeline
routers with a malformed packet to the discard port, which is used by
the Java Configurator tool.
VOTES:
ACCEPT(3) Northcutt, Hill, Frech
=================================
Candidate: CAN-1999-0157
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990712-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: CISCO:http://www.cisco.com/warp/public/770/nifrag.shtml
Reference: XF:cisco-fragmented-attacks
Cisco PIX firewall and CBAC IP fragmentation attack results in a
denial of service.
Modifications:
ADDREF XF:cisco-fragmented-attacks
VOTES:
ACCEPT(2) Northcutt, Hill
MODIFY(1) Frech
COMMENTS:
Frech> Reference: XF:cisco-fragmented-attacks
=================================
Candidate: CAN-1999-0158
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990712-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: CISCO:http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml
Reference: XF:cisco-pix-file-exposure
Cisco PIX firewall manager (PFM) on Windows NT allows attackers to
connect to port 8080 on the PFM server and retrieve any file whose
name and location is known.
Modifications:
ADDREF Reference: XF:cisco-pix-file-exposure
VOTES:
ACCEPT(2) Northcutt, Hill
MODIFY(1) Frech
COMMENTS:
Frech> Reference: XF:cisco-pix-file-exposure
=================================
Candidate: CAN-1999-0159
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990712-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: CISCO:http://www.cisco.com/warp/public/770/ioslogin-pub.shtml
Reference: XF:cisco-ios-crash
Attackers can crash a Cisco IOS router or device, provided they can
get to an interactive prompt (such as a login). This applies to some
IOS 9.x, 10.x, and 11.x releases.
Modifications:
ADDREF Reference: XF:cisco-ios-crash
VOTES:
ACCEPT(2) Northcutt, Hill
MODIFY(1) Frech
COMMENTS:
Frech> Reference: XF:cisco-ios-crash
=================================
Candidate: CAN-1999-0160
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: CISCO:http://www.cisco.com/warp/public/770/chapvuln-pub.shtml
Reference: XF:cisco-chap
Some classic Cisco IOS devices have a vulnerability in the PPP CHAP
authentication to establish unauthorized PPP connections.
VOTES:
ACCEPT(3) Northcutt, Hill, Frech
=================================
Candidate: CAN-1999-0161
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: CISCO:http://www.cisco.com/warp/public/707/1.html
Reference: XF:cisco-acl-tacacs
In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended
IP access control list could bypass filtering.
VOTES:
ACCEPT(3) Northcutt, Hill, Frech
=================================
Candidate: CAN-1999-0162
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990712-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: CISCO:http://www.cisco.com/warp/public/707/2.html
Reference: XF:cisco-acl-established
The "established" keyword in some Cisco IOS software allowed
an attacker to bypass filtering.
Modifications:
ADDREF XF:cisco-acl-established
VOTES:
ACCEPT(2) Northcutt, Hill
MODIFY(1) Frech
COMMENTS:
Frech> Reference: XF:cisco-acl-established
=================================
Candidate: CAN-1999-0293
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990712-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: CISCO:http://www.cisco.com/warp/public/770/aaapair-pub.shtml
Reference: XF:cisco-ios-aaa-auth
AAA authentication on Cisco systems allows attackers to execute
commands without authorization.
Modifications:
ADDREF XF:cisco-ios-aaa-auth
VOTES:
ACCEPT(2) Northcutt, Hill
MODIFY(1) Frech
COMMENTS:
Frech> Reference: XF:cisco-ios-aaa-auth
=================================
Candidate: CAN-1999-0430
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990712-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: ISS:Remote Denial of Service Vulnerability in Cisco Catalyst Series Ethernet Switches
Reference: CISCO:Cisco Catalyst Supervisor Remote Reload
Reference: XF:cisco-catalyst-crash
Cisco Catalyst LAN switches running Catalyst 5000 supervisor software
allows remote attackers to perform a denial of service by forcing the
supervisor module to reload.
Modifications:
ADDREF XF:cisco-catalyst-crash
CHANGEREF CISCO:Cisco Catalyst Supervisor Remote Reload http://www.cisco.com/warp/public/770/cat7161-pub.shtml
VOTES:
ACCEPT(2) Northcutt, Hill
MODIFY(1) Frech
COMMENTS:
Frech> Reference: XF:cisco-catalyst-crash
Frech> CISCO reference should be
Frech> http://www.cisco.com/warp/public/770/cat7161-pub.shtml
=================================
Candidate: CAN-1999-0445
Published:
Final-Decision: 19990718
Interim-Decision: 19990712
Modified: 19990712-01
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: CISCO:Cisco IOS(R) Software Input Access List Leakage with NAT
Reference: XF:cisco-natacl-leakage
In Cisco routers under some versions of IOS 12.0 running NAT, some
packets may not be filtered by input access list filters.
Modifications:
ADDREF XF:cisco-natacl-leakage
VOTES:
ACCEPT(2) Northcutt, Hill
MODIFY(1) Frech
COMMENTS:
Frech> Reference: XF:cisco-natacl-leakage
Frech> CISCO reference should be
Frech> http://www.cisco.com/warp/public/770/iosnatacl-pub.shtml