Re: PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)

To: "Steven M. Christey" <coley@linus.mitre.org>, cve-editorial-board-list@lists.mitre.org
Subject: Re: PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)
From: Adam Shostack <adam@netect.com>
Date: Wed, 28 Jul 1999 14:23:32 -0400
In-Reply-To: <199907280135.VAA11320@basie.mitre.org>; from Steven M. Christey on Tue, Jul 27, 1999 at 09:35:04PM -0400
References: <199907280135.VAA11320@basie.mitre.org>
Reply-To: adam@netect.com

On Tue, Jul 27, 1999 at 09:35:04PM -0400, Steven M. Christey wrote:

| Candidate: CAN-1999-0248
| Published:
| Final-Decision:
| Interim-Decision:
| Modified:
| Announced: 19990728
| Assigned: 19990607
| Category: SF
| 
| sshd 1.2.17 can be compromised through the SSH protocol.
| 

| VOTE: modify http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html
looks to me to be about the correct message that came from Tatu.
There are comments in changelog: * Improved the security of
auth_input_request_forwarding().

I'm not in favor of moving this forward without additional detail, but 
thought I'd add a confirming URL and comment.  We have insufficient
detail to accept it as a CVE.

Adam

References:
- PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)
  - From: "Steven M. Christey" <coley@linus.mitre.org>

Prev by Date: Editorial Board archives available
Next by Date: What is sufficient detail for a CVE vulnerability?
Prev by thread: PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)
Next by thread: CONTENT DECISION: Distinctive descriptions to support lookup
Index(es):
- Date
- Thread

Page Last Updated or Reviewed: May 22, 2007

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.