[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PROPOSAL: Cluster 30 - NOVULN (19 candidates)



Some of these candidates fall under the "Not a CVE Vulnerability"
content decisions proposed in my previous email.  If those content
decisions are accepted, then those candidates should be REJECTed.

It's likely that the other candidates will not be considered
vulnerabilities, either, but most of them also satisfy the current CVE
definition.


Beta Code Exception - CAN-1999-0119, CAN-1999-0459, possibly
   CAN-1999-0397

Client-Side Denial of Service Exception - CAN-1999-0465


CAN-1999-0361, CAN-1999-0364, and CAN-1999-0397 deal with
vulnerabilities where a password is stored or transmitted in
cleartext.  But was it an intentional design choice?  Were the users
aware that this was the case?  Does the surrounding environment
(e.g. the OS) prevent this from being otherwise?  Should we treat
cleartext the same way we treat weak encryption?  Should we
distinguish between "critical" passwords that are stored in cleartext,
versus other passwords?

CAN-1999-0403 is more a hardware problem than a software problem, but
it can be exploited from software.  Should we stay away from hardware
problems, even if they can be exploited through software and cause
significant damage or increased access?

CAN-1999-0453 and CAN-1999-0454 deal with fingerprinting, i.e. being
able to tell the characteristics of an application or OS by how it
behaves, thus being useful for information gathering.  Is it a
vulnerability that nmap and queso are fairly accurate in remotely
determining a host's OS?  How about being able to determine the
existence of a file or user by comparing responses from the server -
even if the responses are compliant with the protocol?

CAN-1999-0570 and CAN-1999-0584 are cases where something is *NOT*
being used.  These do not really satisfy the CVE vulnerability
definition.  Note that CAN-1999-0570 is used in several tools, and
CAN-1999-0584 has been referenced in many security books.

CAN-1999-0592, CAN-1999-0593, CAN-1999-0594, CAN-1999-0595,
CAN-1999-0596, CAN-1999-0597, CAN-1999-0603, CAN-1999-0654 are all
Windows NT related configuration problems.  Some are associated with
C2 compliance, others are related to information gathering, and others
can not be proven to satisfy the CVE vulnerability definition
(e.g. CAN-1999-0603).  All, however, are referenced by a number of
tools.


=================================
Candidate: CAN-1999-0119
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF

Windows NT 4.0 beta allows users to read and delete shares.

=================================
Candidate: CAN-1999-0361
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan29,1999

NetWare version of LaserFiche stores usernames and passwords
unencrypted, and allows administrative changes without logging.

=================================
Candidate: CAN-1999-0364
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb04,1999

Microsoft Access 97 stores a database password as plaintext in a
foreign mdb, allowing access to data.

=================================
Candidate: CAN-1999-0397
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: L0PHT:Jan21,1999
Reference: BUGTRAQ:Jan21,1999

The demo version of the Quakenbush NT Password Appraiser sends
passwords across the network in plaintext.

=================================
Candidate: CAN-1999-0403
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb4,1999
Reference: XF:cyrix-hang

A bug in Cyrix CPU's on Linux allows local users to perform a denial
of service.

=================================
Candidate: CAN-1999-0453
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF

An attacker can identify a CISCO device by sending a SYN packet to
port 1999, which is for the Cisco Dicsovery Protocol (CDP).

=================================
Candidate: CAN-1999-0454
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF

A remote attacker can sometimes identify the operating system of a
host based on how it reacts to some IP or ICMP packets, using a tool
such as nmap or queso.

=================================
Candidate: CAN-1999-0459
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: XF:linux-milo-halt

Local users can perform a denial of service in Alpha Linux, using MILO
to force a reboot.

=================================
Candidate: CAN-1999-0465
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SF
Reference: XF:http-img-overflow

Remote attackers can crash Lynx and Internet Explorer using an IMG tag
with a large width parameter.

=================================
Candidate: CAN-1999-0570
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.

=================================
Candidate: CAN-1999-0584
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

A Windows NT file system is not NTFS.

=================================
Candidate: CAN-1999-0592
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

The Logon box of a Windows NT system displays the name of the last
user who logged in.

=================================
Candidate: CAN-1999-0593
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

A user is allowed to shut down a Windows NT system without logging in.

=================================
Candidate: CAN-1999-0594
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

A Windows NT system does not restrict access to removable media drives
such as a floppy disk drive or CDROM drive.

=================================
Candidate: CAN-1999-0595
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

A Windows NT system does not clear the system page file during
shutdown.

=================================
Candidate: CAN-1999-0596
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

A Windows NT log file has an inappropriate maximum size or retention
period.

=================================
Candidate: CAN-1999-0597
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

A Windows NT account policy does not forcibly disconnect remote users
from the server when their logon hours expire.

=================================
Candidate: CAN-1999-0603
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: CF

In Windows NT, an inappropriate user is a member of a group,
e.g. Administrator, Backup Operators, Domain Admins, Domain Guests,
Power Users, Print Operators, Replicators, System Operators, etc.

=================================
Candidate: CAN-1999-0654
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990728
Assigned: 19990607
Category: SA

The OS/2 or POSIX subsystem in NT is enabled.

Page Last Updated or Reviewed: May 22, 2007