[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)



These candidates are mentioned in at least one security tool (possibly
more), but there are no other available references for them.  In most
cases the tool vendor(s) do not have a presence on the Editorial
Board, so I have not yet consulted with them to verify the candidates.
Some of the candidates are extremely vague (as were their sources), so
they may be REJECTed or NOOPed outright, or they could remain in
proposal phase indefinitely.

- Steve



VERIFY-TOOL (7 candidates)
--------------------
Proposed: 7/27
Scheduled Interim Decision: 8/23
Scheduled Final Decision: 8/27

Problems mentioned in a tool, but not seen in other VDB's




Summary of votes to use (in ascending order of "severity"):

ACCEPT - member accepts the candidate as proposed
NOOP - member has no opinion on the candidate
MODIFY - member wants to change some minor detail (e.g. reference/description)
REVIEWING - member is reviewing/researching the candidate
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

Please write your vote on the line that starts with "VOTE: ".  If you
want to add comments or details, add them to lines after the VOTE: line.


=================================
Candidate: CAN-1999-0220
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF

Attackers can do a denial of service of IRC by crashing the server.

VOTE:

=================================
Candidate: CAN-1999-0226
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF

Windows NT TCP/IP processes fragmented IP packets improperly, causing
a denial of service.

VOTE:

=================================
Candidate: CAN-1999-0240
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF

Some filters or firewalls allow fragmented SYN packets with IP
reserved bits in violation of their implemented policy.

VOTE:

=================================
Candidate: CAN-1999-0247
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF

Buffer overflow in nnrpd program in INN allows remote users to execute
arbitrary commands.

VOTE:

=================================
Candidate: CAN-1999-0248
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF

sshd 1.2.17 can be compromised through the SSH protocol.

VOTE:

=================================
Candidate: CAN-1999-0493
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF

A remote attacker can bounce RPC calls through rpc.statd.

VOTE:

=================================
Candidate: CAN-1999-0495
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF

A remote attacker can gain access to a file system using ..  (dot dot)
when accessing SMB shares.

VOTE:

Page Last Updated or Reviewed: May 22, 2007