[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FINAL DECISION: ACCEPT 9 candidates from VEN-BSD cluster



I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  Voting
details and comments are provided afterwards.

The CVE names for candidates that reach Final Decision should be
regarded as stable.  In the case of these and all other candidates
that reach Final Decision during this validation period, accepted
candidates won't reach Publication phase until the CVE goes fully
public.  The only difference between Publication and Final Decision is
that the CVE name is officially "announced" by MITRE during
Publication.

- Steve


Candidate	CVE Name
---------	----------
CAN-1999-0367	CVE-1999-0367
CAN-1999-0420	CVE-1999-0420
CAN-1999-0422	CVE-1999-0422
CAN-1999-0446	CVE-1999-0446
CAN-1999-0466	CVE-1999-0466
CAN-1999-0481	CVE-1999-0481
CAN-1999-0482	CVE-1999-0482
CAN-1999-0483	CVE-1999-0483
CAN-1999-0484	CVE-1999-0484



=================================
Candidate: CAN-1999-0367
Published:
Final-Decision: 19990718
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: NETBSD:1999-002

NetBSD netstat command allows local users to access kernel memory.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0420
Published:
Final-Decision: 19990718
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: NETBSD:1999-006

umapfs allows local users to gain root privileges by changing their
uid through a malicious mount_umap program.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0422
Published:
Final-Decision: 19990718
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: NETBSD:1999-007

In some cases, NetBSD 1.3.3 mount allows local users to execute
programs in some file systems that have the "noexec" flag set.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0446
Published:
Final-Decision: 19990718
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: NETBSD:1999-008
Reference: XF:netbsd-vfslocking-panic

Local users can perform a denial of service in NetBSD 1.3.3 and
earlier versions by creating an unusual symbolic link with the ln
command, triggering a bug in VFS.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0466
Published:
Final-Decision: 19990718
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: NETBSD:1999-009

The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier
allows a local user to read or write arbitrary files on the disk
associated with that device.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0481
Published:
Final-Decision: 19990718
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: OPENBSD:Mar22,1999

Denial of service in "poll" in OpenBSD.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0482
Published:
Final-Decision: 19990718
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: OPENBSD:Mar21,1999

OpenBSD kernel crash through TSS handling, as caused by the crashme
program.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0483
Published:
Final-Decision: 19990718
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: OPENBSD:Feb25,1999

OpenBSD crash using nlink value in FFS and EXT2FS filesystems.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0484
Published:
Final-Decision: 19990718
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: OPENBSD:Feb23,1999

Buffer overflow in OpenBSD ping.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill

Page Last Updated or Reviewed: May 22, 2007