INTERIM DECISION: ACCEPT 45 various candidates (Final Sep. 10)

To: cve-editorial-board-list@lists.mitre.org
Subject: INTERIM DECISION: ACCEPT 45 various candidates (Final Sep. 10)
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Sun, 5 Sep 1999 21:34:27 -0400 (EDT)
Delivery-Date: Sun Sep 5 21:37:07 1999
Sender: owner-cve-editorial-board-list@lists.mitre.org
I have made an Interim Decision to ACCEPT the following 45 candidates.
15 come from the CGI cluster, 21 from BUF, and 9 from MORELOW.  They
are universal vulnerabilities that are not affected by any outstanding
content decisions, and have at least 3 non-MITRE votes for inclusion
(i.e. ACCEPT or MODIFY).

I will make a Final Decision on these candidates on Friday, September
10.

- Steve

=================================
Candidate: CAN-1999-0047
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.05.sendmail
Reference: XF:sendmail-mime-bo2

MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.

Modifications:
  ADDREF XF:sendmail-mime-bo2

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:sendmail-mime-bo2


=================================
Candidate: CAN-1999-0058
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: NAI:NAI-12
Reference: XF:http-cgi-phpbo

Buffer overflow in PHP cgi program, php.cgi allows shell access.

Modifications:
  DELREF XF:http-phpbo

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> Delete XF:http-phpbo


=================================
Candidate: CAN-1999-0063
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: AUSCERT:ESB-98.197
Reference: CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.shtml
Reference: XF:cisco-syslog-crash

Cisco IOS 12.0 and other versions can be crashed by malicious UDP
packets to the syslog port.

Modifications:
  ADDREF XF:cisco-syslog-crash
  DESC removed nmap, added UDP/syslog

VOTES:
   ACCEPT(2) Wall, Ozancin
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:cisco-syslog-crash


=================================
Candidate: CAN-1999-0064
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:May28,1997
Reference: XF:lquerylv-bo

Buffer overflow in AIX lquerylv program gives root access to local users.

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> AIX 4.2 lguerylv "Georgi Guninski"
 Prosser> http://www.securityfocus.com


=================================
Candidate: CAN-1999-0066
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jul31,1995
Reference: XF:http-cgi-anyform

AnyForm CGI remote execution

Modifications:
  ADDREF BUGTRAQ:Jul31,1995

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> might want to add the reference BUGTRAG
 Prosser> "SECURITY HOLE:  "AnyForm" CGI
 Prosser> http://www.securityfocus.com/bugtraq/


=================================
Candidate: CAN-1999-0070
Published:
Final-Decision:
Interim-Decision: 19990906
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-test

test-cgi program allows an attacker to list files on the server

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech


=================================
Candidate: CAN-1999-0071
Published:
Final-Decision:
Interim-Decision: 19990906
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-apache-cookie
Reference: NAI:NAI-2

Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech


=================================
Candidate: CAN-1999-0085
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Aug21,1996
Reference: XF:rwhod
Reference: XF:rwhod-vuln

rwhod buffer overflow in AIX

Modifications:
  ADDREF BUGTRAQ:Aug21,1996

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> Bugtraq
 Prosser> " rwhod buffer overflow"  David J. Meltzer
 Prosser> http://www.securityfocus.com/bugtraq/1996_3/0380.htm


=================================
Candidate: CAN-1999-0102
Published:
Final-Decision:
Interim-Decision: 19990906
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:slmail-fromheader-overflow

Buffer overflow in SLmail 3.x allows attackers to execute commands
using a large FROM line.

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech


=================================
Candidate: CAN-1999-0109
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: SUN:00140
Reference: AUSCERT:AA-97.06
Reference: XF:ffbconfig-bo

Buffer overflow in ffbconfig in Solaris 2.5.1

Modifications:
  ADDREF XF:ffbconfig-bo

VOTES:
   ACCEPT(2) Northcutt, Hill
   MODIFY(2) Prosser, Frech

COMMENTS:
 Prosser> according to Sun, affects both 2.5 and 2.5.1...add ref
 Prosser> Sun Security Bulletin 140
 Prosser> http://sunsolve.sun.com
 Frech> XF:ffbconfig-bo


=================================
Candidate: CAN-1999-0112
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:May20,1997
Reference: XF:dtterm-bo

Buffer overflow in AIX dtterm program for the CDE

Modifications:
  ADDREF BUGTRAQ:May20,1997
  ADDREF XF:dtterm-bo

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Prosser> add ref
 Prosser> Bugtraq
 Prosser> "AIX 4.2 dtterm exploit"
 Prosser> http://www.securityfocus.com
 Frech> XF:dtterm-bo


=================================
Candidate: CAN-1999-0122
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jul21,1999
Reference: XF:lchangelv-bo

Buffer overflow in AIX lchangelv gives root access.

Modifications:
  ADDREF BUGTRAQ:Jul21,1999
  ADDREF XF:lchangelv-bo

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Prosser> add ref
 Prosser> Bugtraq
 Prosser> "AIX lchangelv"
 Prosser> http://www.securityfocus.com/
 Frech> XF:lchangelv-bo


=================================
Candidate: CAN-1999-0139
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:sol-mkcookie
Reference: RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIE

Buffer overflow in Solaris x86 mkcookie allows local users to
obtain root access.

Modifications:
  ADDREF XF:sol-mkcookie

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:sol-mkcookie


=================================
Candidate: CAN-1999-0146
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jul15,1997
Reference: XF:http-cgi-campas

The campas CGI program provided with some NCSA web servers allows an
attacker to read arbitrary files.

Modifications:
  ADDREF BUGTRAQ:Jul15,1997

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> additional source,
 Prosser> Bugtraq
 Prosser> "Francisco Torres"
 Prosser> http://www.securityfocus.com


=================================
Candidate: CAN-1999-0147
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-glimpse
Reference: AUSCERT:AA-97.28

The aglimpse CGI program of the Glimpse package allows remote
execution of arbitrary commands

Modifications:
  ADDREF AUSCERT:AA-97.28

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> AUSCERT Alert AA-97.28
 Prosser> http://www.auscert.org.au


=================================
Candidate: CAN-1999-0148
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: SGI:19970501-02-PX
Reference: XF:http-sgi-handler

The handler CGI program in IRIX allows arbitrary command execution.

Modifications:
  ADDREF SGI:19970501-02-PX

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> SGI Security Advisory 19970501-02-PX
 Prosser> http://www.sgi.com/Support/security/advisories.html


=================================
Candidate: CAN-1999-0149
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-sgi-wrap
Reference: SGI:19970501-02-PX

The wrap CGI program in IRIX allows arbitrary command execution from
remote users.

Modifications:
  ADDREF SGI:19970501-02-PX

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> SGI Security Advisory 19970501-02-PX
 Prosser> http://www.sgi.com/Support/security/advisories.html


=================================
Candidate: CAN-1999-0172
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-formmail-exe
Reference: BUGTRAQ:Aug02,1995

FormMail CGI program allows remote execution of commands.

Modifications:
  ADDREF BUGTRAQ:Aug02,1995

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> BUGTRAQ
 Prosser> "Security Hole:  FormMail"
 Prosser> http://www.securityfocus.com/bugtraq/1995


=================================
Candidate: CAN-1999-0176
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jul10,1997
Reference: XF:http-webgais-query

The Webgais program allows a remote user to execute arbitrary
commands.

Modifications:
  ADDREF BUGTRAQ:Jul10,1997

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> BUGTRAQ
 Prosser> "Vulnerability in WEBgais" Razvan Dragomirescu
 Prosser> http://www.securityfocus.com/bugtraq/1997_3/0057.html


=================================
Candidate: CAN-1999-0182
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CIAC:H-110
Reference: CERT:VB-97.10.samba
Reference: XF:nt-samba-bo

Samba has a buffer overflow which allows a remote attacker to obtain
root access by specifying a long password.

Modifications:
  ADDREF CERT:VB-97.10.samba

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech

COMMENTS:
 Prosser> additional ref
 Prosser> VB-97.10.samba
 Prosser> ftp://info.cert.org/pub/cert_bulletins/VB-97.10.sanba


=================================
Candidate: CAN-1999-0192
Published:
Final-Decision:
Interim-Decision: 19990906
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: SNI:SNI-20
Reference: XF:bsd-tel-tgetent

Buffer overflow in telnet daemon tgetent routing allows remote
attackers to gain root access via the TERMCAP environmental variable.

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech


=================================
Candidate: CAN-1999-0196
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-webgais-smail
Reference: BUGTRAQ:Jul08,1997

The websendmail program in the Webgais program allows a remote user to
access arbitrary files.

Modifications:
  ADDREF BUGTRAQ:Jul08,1997

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech
   NOOP(1) Christey

COMMENTS:
 Prosser> additional source
 Prosser> BUGTRAQ
 Prosser> "Vulnerability in WEBgais" Razvan Dragomirescu
 Prosser> http://www.securityfocus.com/bugtraq/1997_3/0057.htm
 Christey> Actually, the proper reference is "Vulnerability in
 Christey> websendmail" by Razvan Dragomirescu, as forwarded to Bugtraq
 Christey> by Julian Assange on July 8, 1997


=================================
Candidate: CAN-1999-0206
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:sendmail-mime-bo
Reference: AUSCERT:AA-96.06a

MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.

Modifications:
  ADDREF XF:sendmail-mime-bo
  ADDREF AUSCERT:AA-96.06a

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Prosser> additional ref
 Prosser> AUSCERT Advisory AA-96.06a
 Prosser> http://www.auscert.org.au/
 Frech> XF:sendmail-mime-bo


=================================
Candidate: CAN-1999-0219
Published:
Final-Decision:
Interim-Decision: 19990906
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:ftp-servu

Buffer overflow in Serv-U FTP server when user performs a cwd to a
directory with a long name.

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech


=================================
Candidate: CAN-1999-0230
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtml

Buffer overflow in Cisco 7xx routers through the telnet service.

Modifications:
  DESC Change to 7xx
  ADDREF CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtml

VOTES:
   ACCEPT(2) Northcutt, Hill
   MODIFY(2) Prosser, Frech
   NOOP(1) Christey

COMMENTS:
 Prosser> the BO affect any 7xx router running a vulnerable version of
 Prosser> IOS/700 OS.  Addtional ref
 Prosser> Field Notice:
 Prosser> 7xx Router Password Buffer Overflow
 Prosser> http://www.cisco.com/warp/public/770/pwbuf-pub.shtml#summary
 Frech> We indicate that this can occur on 7xx routers. It would be wise to verify
 Frech> before changing it, since I don't have the entire database in front of me.
 Frech> XF:cisco-7xxcrash
 Christey> Verified the 7xx versions


=================================
Candidate: CAN-1999-0237
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-guestbook
Reference: CERT:VB-97.02

Remote execution of arbitrary commands through Guestbook CGI program.

Modifications:
  ADDREF CERT:VB-97.02

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> CERT Vendor Bulletin VB-97-02
 Prosser> http://www.cert.org


=================================
Candidate: CAN-1999-0244
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: NAI:NAI-23
Reference: XF:radius-accounting-overflow

Livingston RADIUS code has a buffer overflow which can allow remote
execution of commands as root.

Modifications:
  ADDREF XF:radius-accounting-overflow

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:radius-accounting-overflow


=================================
Candidate: CAN-1999-0256
Published:
Final-Decision:
Interim-Decision: 19990906
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:war-ftpd

Buffer overflow in War FTP allows remote execution of commands.

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech


=================================
Candidate: CAN-1999-0262
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-faxsurvey
Reference: BUGTRAQ:Aug04,1998

faxsurvey CGI script on Linux allows remote command execution via
shell metacharacters.

Modifications:
  ADDREF XF:http-cgi-faxsurvey
  ADDREF BUGTRAQ:Aug04,1998

VOTES:
   ACCEPT(2) Northcutt, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:http-cgi-faxsurvey


=================================
Candidate: CAN-1999-0264
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-htmlscript-file-access
Reference: BUGTRAQ:Jan27,1998

htmlscript CGI program allows remote read access to files.

Modifications:
  ADDREF XF:http-htmlscript-file-access
  ADDREF BUGTRAQ:Jan27,1998

VOTES:
   ACCEPT(2) Northcutt, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:http-htmlscript-file-access


=================================
Candidate: CAN-1999-0269
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:netscape-server-pageservices

Netscape Enterprise servers may list files through the PageServices query.

Modifications:
  ADDREF XF:netscape-server-pageservices

VOTES:
   ACCEPT(2) Northcutt, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:netscape-server-pageservices


=================================
Candidate: CAN-1999-0276
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:msql-debug-bo
Reference: SEKURE:sekure.01-99.msql

mSQL v2.0.1 and below allows remote execution through a buffer overflow.

Modifications:
  ADDREF XF:msql-debug-bo
  ADDREF SEKURE:sekure.01-99.msql

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Prosser> additional ref
 Prosser> Sekure SDI Advisory sekure.01-99.msql
 Prosser> http://www.sekure.org
 Frech> XF:msql-debug-bo


=================================
Candidate: CAN-1999-0278
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: MS:MS98-003
Reference: XF:iis-asp-data-check

In IIS, remote attackers can obtain source code for ASP files by appending
"::$DATA" to the URL.

Modifications:
  ADDREF MS:MS98-003
  ADDREF XF:iis-asp-data-check

VOTES:
   ACCEPT(2) Northcutt, Prosser
   MODIFY(1) Frech

COMMENTS:
 Prosser> additional source
 Prosser> Microsoft Security Bulletin MS98-003
 Prosser> http://www.microsoft.com/security
 Frech> XF:iis-asp-data-check


=================================
Candidate: CAN-1999-0279
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:VB-98.01.excite
Reference: XF:excite-cgi-search-vuln

Excite for Web Servers (EWS) allows remote command execution via
shell metacharacters.

Modifications:
  ADDREF XF:excite-cgi-search-vuln

VOTES:
   ACCEPT(2) Northcutt, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:excite-cgi-search-vuln


=================================
Candidate: CAN-1999-0315
Published:
Final-Decision:
Interim-Decision: 19990906
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:fdformat-bo
Reference: SUN:00138

Buffer overflow in Solaris fdformat command gives root access to local
users.

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech

COMMENTS:
 Prosser> add ref
 Prosser> Sun Security Bulletin 00138
 Prosser> http://sunsolve.sun.com/


=================================
Candidate: CAN-1999-0339
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:sol-sun-libauth
Reference: RSI:RSI.0007.05-26-98

Buffer overflow in the libauth library in Solaris allows local users
to gain additional privileges, possibly root access.

Modifications:
  ADDREF RSI:RSI.0007.05-26-98

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech

COMMENTS:
 Prosser> Sun never did release a bulletin for this BO but did release
 Prosser> patches for affected systems.add ref,
 Prosser> RSI Alert Advisory RSI.0007.05-26-98
 Prosser> www.repsec.com


=================================
Candidate: CAN-1999-0355
Published:
Final-Decision:
Interim-Decision: 19990906
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software
Reference: XF:controlit-reboot

Local or remote users can force ControlIT 4.5 to reboot or force a
user to log out, resulting in a denial of service.

VOTES:
   ACCEPT(3) Wall, Ozancin, Frech


=================================
Candidate: CAN-1999-0363
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb02,1999
Reference: XF:plp-lpc-bo
Reference: SF:328

SuSE 5.2 PLP lpc program has a buffer overflow that leads to root
compromise.

Modifications:
  DESC Change SuSe to SuSE

VOTES:
   ACCEPT(2) Wall, Ozancin
   MODIFY(1) Frech

COMMENTS:
 Frech> Change SuSe to SuSE.


=================================
Candidate: CAN-1999-0365
Published:
Final-Decision:
Interim-Decision: 19990906
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb04,1999
Reference: XF:metamail-header-commands

The metamail package allows remote command execution using shell
metacharacters that are not quoted in a mailcap entry.

VOTES:
   ACCEPT(3) Wall, Ozancin, Frech


=================================
Candidate: CAN-1999-0371
Published:
Final-Decision:
Interim-Decision: 19990906
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb11,1999
Reference: XF:lynx-temp-files-race

Lynx allows a local user to overwrite sensitive files through /tmp
symlinks.

VOTES:
   ACCEPT(3) Wall, Ozancin, Frech


=================================
Candidate: CAN-1999-0404
Published:
Final-Decision:
Interim-Decision: 19990906
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb14,1999
Reference: XF:mailmax-bo

Buffer overflow in the Mail-Max SMTP server for Windows systems allows
remote command execution.

VOTES:
   ACCEPT(3) Wall, Ozancin, Frech


=================================
Candidate: CAN-1999-0405
Published:
Final-Decision:
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: HERT:002
Reference: BUGTRAQ:Feb18,1999
Reference: XF:lsof-bo

A buffer overflow in lsof allows local users to obtain root
privilege.

Modifications:
  ADDREF XF:lsof-bo

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:lsof-bo


=================================
Candidate: CAN-1999-0410
Published:
Final-Decision:
Interim-Decision: 19990906
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Mar5,1999
Reference: XF:sol-cancel
Reference: SF:293

The cancel command in Solaris 2.6 (i386) has a buffer overflow that
allows local users to obtain root access.

VOTES:
   ACCEPT(3) Wall, Ozancin, Frech


=================================
Candidate: CAN-1999-0417
Published:
Final-Decision:
Interim-Decision: 19990906
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Mar9,1999
Reference: XF:solaris-psinfo-crash
Reference: SF:448

64 bit Solaris 7 procfs allows local users to perform a denial of
service.

VOTES:
   ACCEPT(3) Wall, Ozancin, Frech


=================================
Candidate: CAN-1999-0441
Published:
Final-Decision:
Interim-Decision: 19990906
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: EEYE:AD02221999
Reference: XF:wingate-redirector-dos
Reference: SF:509

Remote attackers can perform a denial of service in WinGate machines
using a buffer overflow in the Winsock Redirector Service.

VOTES:
   ACCEPT(3) Wall, Ozancin, Frech
Prev by Date: Comma-separated list of all "official" CVE Entries
Next by Date: FINAL DECISION: ACCEPT 45 various candidates
Prev by thread: Comma-separated list of all "official" CVE Entries
Next by thread: FINAL DECISION: ACCEPT 45 various candidates
Index(es):
- Date
- Thread