|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PROPOSAL: Cluster 22 - CDEC (15 candidates)
- To: cve-editorial-board-list@lists.mitre.org
- Subject: PROPOSAL: Cluster 22 - CDEC (15 candidates)
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Date: Mon, 26 Jul 1999 19:59:33 -0400 (EDT)
- Sender: owner-cve-editorial-board-list@lists.mitre.org
These candidates are affected by various content decisions that are being discussed by the Board. Dot Notation: most of these candidates will be affected by a content decision that has to do with a Level of Abstraction choice, so a Dot Notation approach might be used in some cases, if Dot Notation is adopted. Same Codebase: CAN-1999-0002, CAN-1999-0098, CAN-1999-0265, CAN-1999-0428 Different Functionality/Multiple Executables - CAN-1999-0042, CAN-1999-0411, CAN-1999-0449 Different Attack or Time of Discovery - CAN-1999-0015, CAN-1999-0104, CAN-1999-0257, CAN-1999-0258 Default Passwords - CAN-1999-0186, CAN-1999-0254, CAN-1999-0452 Same Checkbox/Different Functionality - CAN-1999-0537 Note that either CAN-1999-0186/CAN-1999-0254 or CAN-1999-0452 *must* be REJECTed once that content decision is decided, due to the requirement that the CVE should not contain any overlapping vulnerabilities. - Steve CDEC (15 candidates) -------------------- Proposed: 7/26 Scheduled Interim Decision: 8/23 Scheduled Final Decision: 8/27 Candidates affected by current content decision debates Summary of votes to use (in ascending order of "severity"): ACCEPT - member accepts the candidate as proposed NOOP - member has no opinion on the candidate MODIFY - member wants to change some minor detail (e.g. reference/description) REVIEWING - member is reviewing/researching the candidate RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. ================================= Candidate: CAN-1999-0002 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: CERT:CA-98.12.mountd Reference: XF:linux-mountd-bo Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. VOTE: ================================= Candidate: CAN-1999-0015 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: CERT:CA-97.28.Teardrop_Land Reference: XF:teardrop Teardrop IP denial of service. VOTE: ================================= Candidate: CAN-1999-0042 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: NAI:NAI-21 Reference: CERT:CA-97.09.imap_pop Reference: XF:popimap-bo Buffer overflow in University of Washington's implementation of IMAP and POP servers. VOTE: ================================= Candidate: CAN-1999-0098 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: XF:smtp-helo-bo Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities. VOTE: ================================= Candidate: CAN-1999-0104 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: CERT:CA-97.28.Teardrop_Land Reference: XF:teardrop-mod A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2 VOTE: ================================= Candidate: CAN-1999-0186 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: SUN:00178 Reference: XF:snmp-backdoor-access In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters. VOTE: ================================= Candidate: CAN-1999-0254 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: ISS:Hidden SNMP community in HP OpenView Reference: XF:hpov-hidden-snmp-comm A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information. VOTE: ================================= Candidate: CAN-1999-0257 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Nestea variation of teardrop IP fragmentation denial of service. VOTE: ================================= Candidate: CAN-1999-0258 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Bonk variation of teardrop IP fragmentation denial of service. VOTE: ================================= Candidate: CAN-1999-0265 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: XF:icmp-redirect Reference: XF:icmp-redirects ICMP redirect messages may crash or lock up a host. VOTE: ================================= Candidate: CAN-1999-0411 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb19,1999 Reference: XF:sco-startup-scripts Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, including S84rpcinit, S95nis, S85tcp, and S89nfs, are vulnerable to a symlink attack, allowing a local user to gain root access. VOTE: ================================= Candidate: CAN-1999-0428 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Mar22,1999 Reference: XF:ssl-session-reuse OpenSSL and SSLeay allows remote attackers to reuse SSL sessions. VOTE: ================================= Candidate: CAN-1999-0449 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan26,1999 Reference: XF:iis-exair-dos Reference: SF:193 Denial of service in IIS 4 with scripts from the ExAir sample site. VOTE: ================================= Candidate: CAN-1999-0452 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF A service or application has a backdoor password that was placed there by the developer. VOTE: ================================= Candidate: CAN-1999-0537 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: CF A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. VOTE:
- Prev by Date: PROPOSAL: Cluster 21 - MORELOW (37 candidates)
- Next by Date: PROPOSAL: Cluster 23 NETCONF - (12 candidates)
- Prev by thread: Re: PROPOSAL: Cluster 21 - MORELOW (37 candidates)
- Next by thread: PROPOSAL: Cluster 23 NETCONF - (12 candidates)
- Index(es):