FINAL DECISION: ACCEPT 45 various candidates

To: cve-editorial-board-list@lists.mitre.org
Subject: FINAL DECISION: ACCEPT 45 various candidates
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Sat, 11 Sep 1999 14:16:20 -0400 (EDT)
Delivery-Date: Tue Sep 14 13:05:11 1999
Sender: owner-cve-editorial-board-list@lists.mitre.org
I have made a Final Decision to ACCEPT the following 45 candidates.
15 come from the CGI cluster, 21 from BUF, and 9 from MORELOW.  These
candidates are now assigned CVE names as noted below.  Voting details
and comments are provided afterwards.

This brings our total to 185 validated CVE entries.

The CVE names for candidates that reach Final Decision should be
regarded as stable.  In the case of these and all other candidates
that reach Final Decision during this validation period, accepted
candidates won't reach Publication phase until the CVE goes fully
public.  The only difference between Publication and Final Decision is
that the CVE name is officially "announced" by MITRE during
Publication.

- Steve


Candidate	CVE Name
---------	----------
CAN-1999-0047	CVE-1999-0047
CAN-1999-0058	CVE-1999-0058
CAN-1999-0063	CVE-1999-0063
CAN-1999-0064	CVE-1999-0064
CAN-1999-0066	CVE-1999-0066
CAN-1999-0070	CVE-1999-0070
CAN-1999-0071	CVE-1999-0071
CAN-1999-0085	CVE-1999-0085
CAN-1999-0102	CVE-1999-0102
CAN-1999-0109	CVE-1999-0109
CAN-1999-0112	CVE-1999-0112
CAN-1999-0122	CVE-1999-0122
CAN-1999-0139	CVE-1999-0139
CAN-1999-0146	CVE-1999-0146
CAN-1999-0147	CVE-1999-0147
CAN-1999-0148	CVE-1999-0148
CAN-1999-0149	CVE-1999-0149
CAN-1999-0172	CVE-1999-0172
CAN-1999-0176	CVE-1999-0176
CAN-1999-0182	CVE-1999-0182
CAN-1999-0192	CVE-1999-0192
CAN-1999-0196	CVE-1999-0196
CAN-1999-0206	CVE-1999-0206
CAN-1999-0219	CVE-1999-0219
CAN-1999-0230	CVE-1999-0230
CAN-1999-0237	CVE-1999-0237
CAN-1999-0244	CVE-1999-0244
CAN-1999-0256	CVE-1999-0256
CAN-1999-0262	CVE-1999-0262
CAN-1999-0264	CVE-1999-0264
CAN-1999-0269	CVE-1999-0269
CAN-1999-0276	CVE-1999-0276
CAN-1999-0278	CVE-1999-0278
CAN-1999-0279	CVE-1999-0279
CAN-1999-0315	CVE-1999-0315
CAN-1999-0339	CVE-1999-0339
CAN-1999-0355	CVE-1999-0355
CAN-1999-0363	CVE-1999-0363
CAN-1999-0365	CVE-1999-0365
CAN-1999-0371	CVE-1999-0371
CAN-1999-0404	CVE-1999-0404
CAN-1999-0405	CVE-1999-0405
CAN-1999-0410	CVE-1999-0410
CAN-1999-0417	CVE-1999-0417
CAN-1999-0441	CVE-1999-0441




=================================
Candidate: CAN-1999-0047
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.05.sendmail
Reference: XF:sendmail-mime-bo2

MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.

Modifications:
  ADDREF XF:sendmail-mime-bo2

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:sendmail-mime-bo2


=================================
Candidate: CAN-1999-0058
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: NAI:NAI-12
Reference: XF:http-cgi-phpbo

Buffer overflow in PHP cgi program, php.cgi allows shell access.

Modifications:
  DELREF XF:http-phpbo

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> Delete XF:http-phpbo


=================================
Candidate: CAN-1999-0063
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: AUSCERT:ESB-98.197
Reference: CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.shtml
Reference: XF:cisco-syslog-crash

Cisco IOS 12.0 and other versions can be crashed by malicious UDP
packets to the syslog port.

Modifications:
  ADDREF XF:cisco-syslog-crash
  DESC removed nmap, added UDP/syslog

VOTES:
   ACCEPT(2) Wall, Ozancin
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:cisco-syslog-crash


=================================
Candidate: CAN-1999-0064
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:May28,1997
Reference: XF:lquerylv-bo

Buffer overflow in AIX lquerylv program gives root access to local users.

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> AIX 4.2 lguerylv "Georgi Guninski"
 Prosser> http://www.securityfocus.com


=================================
Candidate: CAN-1999-0066
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jul31,1995
Reference: XF:http-cgi-anyform

AnyForm CGI remote execution

Modifications:
  ADDREF BUGTRAQ:Jul31,1995

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> might want to add the reference BUGTRAG
 Prosser> "SECURITY HOLE:  "AnyForm" CGI
 Prosser> http://www.securityfocus.com/bugtraq/


=================================
Candidate: CAN-1999-0070
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-test

test-cgi program allows an attacker to list files on the server

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech


=================================
Candidate: CAN-1999-0071
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-apache-cookie
Reference: NAI:NAI-2

Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech


=================================
Candidate: CAN-1999-0085
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Aug21,1996
Reference: XF:rwhod
Reference: XF:rwhod-vuln

rwhod buffer overflow in AIX

Modifications:
  ADDREF BUGTRAQ:Aug21,1996

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> Bugtraq
 Prosser> " rwhod buffer overflow"  David J. Meltzer
 Prosser> http://www.securityfocus.com/bugtraq/1996_3/0380.htm


=================================
Candidate: CAN-1999-0102
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:slmail-fromheader-overflow

Buffer overflow in SLmail 3.x allows attackers to execute commands
using a large FROM line.

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech


=================================
Candidate: CAN-1999-0109
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: SUN:00140
Reference: AUSCERT:AA-97.06
Reference: XF:ffbconfig-bo

Buffer overflow in ffbconfig in Solaris 2.5.1

Modifications:
  ADDREF XF:ffbconfig-bo

VOTES:
   ACCEPT(2) Northcutt, Hill
   MODIFY(2) Prosser, Frech

COMMENTS:
 Prosser> according to Sun, affects both 2.5 and 2.5.1...add ref
 Prosser> Sun Security Bulletin 140
 Prosser> http://sunsolve.sun.com
 Frech> XF:ffbconfig-bo


=================================
Candidate: CAN-1999-0112
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:May20,1997
Reference: XF:dtterm-bo

Buffer overflow in AIX dtterm program for the CDE

Modifications:
  ADDREF BUGTRAQ:May20,1997
  ADDREF XF:dtterm-bo

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Prosser> add ref
 Prosser> Bugtraq
 Prosser> "AIX 4.2 dtterm exploit"
 Prosser> http://www.securityfocus.com
 Frech> XF:dtterm-bo


=================================
Candidate: CAN-1999-0122
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jul21,1999
Reference: XF:lchangelv-bo

Buffer overflow in AIX lchangelv gives root access.

Modifications:
  ADDREF BUGTRAQ:Jul21,1999
  ADDREF XF:lchangelv-bo

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Prosser> add ref
 Prosser> Bugtraq
 Prosser> "AIX lchangelv"
 Prosser> http://www.securityfocus.com/
 Frech> XF:lchangelv-bo


=================================
Candidate: CAN-1999-0139
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:sol-mkcookie
Reference: RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIE

Buffer overflow in Solaris x86 mkcookie allows local users to
obtain root access.

Modifications:
  ADDREF XF:sol-mkcookie

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:sol-mkcookie


=================================
Candidate: CAN-1999-0146
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jul15,1997
Reference: XF:http-cgi-campas

The campas CGI program provided with some NCSA web servers allows an
attacker to read arbitrary files.

Modifications:
  ADDREF BUGTRAQ:Jul15,1997

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> additional source,
 Prosser> Bugtraq
 Prosser> "Francisco Torres"
 Prosser> http://www.securityfocus.com


=================================
Candidate: CAN-1999-0147
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-glimpse
Reference: AUSCERT:AA-97.28

The aglimpse CGI program of the Glimpse package allows remote
execution of arbitrary commands

Modifications:
  ADDREF AUSCERT:AA-97.28

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> AUSCERT Alert AA-97.28
 Prosser> http://www.auscert.org.au


=================================
Candidate: CAN-1999-0148
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: SGI:19970501-02-PX
Reference: XF:http-sgi-handler

The handler CGI program in IRIX allows arbitrary command execution.

Modifications:
  ADDREF SGI:19970501-02-PX

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> SGI Security Advisory 19970501-02-PX
 Prosser> http://www.sgi.com/Support/security/advisories.html


=================================
Candidate: CAN-1999-0149
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-sgi-wrap
Reference: SGI:19970501-02-PX

The wrap CGI program in IRIX allows arbitrary command execution from
remote users.

Modifications:
  ADDREF SGI:19970501-02-PX

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> SGI Security Advisory 19970501-02-PX
 Prosser> http://www.sgi.com/Support/security/advisories.html


=================================
Candidate: CAN-1999-0172
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-formmail-exe
Reference: BUGTRAQ:Aug02,1995

FormMail CGI program allows remote execution of commands.

Modifications:
  ADDREF BUGTRAQ:Aug02,1995

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> BUGTRAQ
 Prosser> "Security Hole:  FormMail"
 Prosser> http://www.securityfocus.com/bugtraq/1995


=================================
Candidate: CAN-1999-0176
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jul10,1997
Reference: XF:http-webgais-query

The Webgais program allows a remote user to execute arbitrary
commands.

Modifications:
  ADDREF BUGTRAQ:Jul10,1997

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> BUGTRAQ
 Prosser> "Vulnerability in WEBgais" Razvan Dragomirescu
 Prosser> http://www.securityfocus.com/bugtraq/1997_3/0057.html


=================================
Candidate: CAN-1999-0182
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CIAC:H-110
Reference: CERT:VB-97.10.samba
Reference: XF:nt-samba-bo

Samba has a buffer overflow which allows a remote attacker to obtain
root access by specifying a long password.

Modifications:
  ADDREF CERT:VB-97.10.samba

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech

COMMENTS:
 Prosser> additional ref
 Prosser> VB-97.10.samba
 Prosser> ftp://info.cert.org/pub/cert_bulletins/VB-97.10.sanba


=================================
Candidate: CAN-1999-0192
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: SNI:SNI-20
Reference: XF:bsd-tel-tgetent

Buffer overflow in telnet daemon tgetent routing allows remote
attackers to gain root access via the TERMCAP environmental variable.

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech


=================================
Candidate: CAN-1999-0196
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-webgais-smail
Reference: BUGTRAQ:Jul08,1997

The websendmail program in the Webgais program allows a remote user to
access arbitrary files.

Modifications:
  ADDREF BUGTRAQ:Jul08,1997

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech
   NOOP(1) Christey

COMMENTS:
 Prosser> additional source
 Prosser> BUGTRAQ
 Prosser> "Vulnerability in WEBgais" Razvan Dragomirescu
 Prosser> http://www.securityfocus.com/bugtraq/1997_3/0057.htm
 Christey> Actually, the proper reference is "Vulnerability in
 Christey> websendmail" by Razvan Dragomirescu, as forwarded to Bugtraq
 Christey> by Julian Assange on July 8, 1997


=================================
Candidate: CAN-1999-0206
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:sendmail-mime-bo
Reference: AUSCERT:AA-96.06a

MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.

Modifications:
  ADDREF XF:sendmail-mime-bo
  ADDREF AUSCERT:AA-96.06a

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Prosser> additional ref
 Prosser> AUSCERT Advisory AA-96.06a
 Prosser> http://www.auscert.org.au/
 Frech> XF:sendmail-mime-bo


=================================
Candidate: CAN-1999-0219
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:ftp-servu

Buffer overflow in Serv-U FTP server when user performs a cwd to a
directory with a long name.

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech


=================================
Candidate: CAN-1999-0230
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtml

Buffer overflow in Cisco 7xx routers through the telnet service.

Modifications:
  DESC Change to 7xx
  ADDREF CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtml

VOTES:
   ACCEPT(2) Northcutt, Hill
   MODIFY(2) Prosser, Frech
   NOOP(1) Christey

COMMENTS:
 Prosser> the BO affect any 7xx router running a vulnerable version of
 Prosser> IOS/700 OS.  Addtional ref
 Prosser> Field Notice:
 Prosser> 7xx Router Password Buffer Overflow
 Prosser> http://www.cisco.com/warp/public/770/pwbuf-pub.shtml#summary
 Frech> We indicate that this can occur on 7xx routers. It would be wise to verify
 Frech> before changing it, since I don't have the entire database in front of me.
 Frech> XF:cisco-7xxcrash
 Christey> Verified the 7xx versions


=================================
Candidate: CAN-1999-0237
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-guestbook
Reference: CERT:VB-97.02

Remote execution of arbitrary commands through Guestbook CGI program.

Modifications:
  ADDREF CERT:VB-97.02

VOTES:
   ACCEPT(3) Northcutt, Prosser, Frech

COMMENTS:
 Prosser> additional source
 Prosser> CERT Vendor Bulletin VB-97-02
 Prosser> http://www.cert.org


=================================
Candidate: CAN-1999-0244
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: NAI:NAI-23
Reference: XF:radius-accounting-overflow

Livingston RADIUS code has a buffer overflow which can allow remote
execution of commands as root.

Modifications:
  ADDREF XF:radius-accounting-overflow

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:radius-accounting-overflow


=================================
Candidate: CAN-1999-0256
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:war-ftpd

Buffer overflow in War FTP allows remote execution of commands.

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech


=================================
Candidate: CAN-1999-0262
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-faxsurvey
Reference: BUGTRAQ:Aug04,1998

faxsurvey CGI script on Linux allows remote command execution via
shell metacharacters.

Modifications:
  ADDREF XF:http-cgi-faxsurvey
  ADDREF BUGTRAQ:Aug04,1998

VOTES:
   ACCEPT(2) Northcutt, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:http-cgi-faxsurvey


=================================
Candidate: CAN-1999-0264
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-htmlscript-file-access
Reference: BUGTRAQ:Jan27,1998

htmlscript CGI program allows remote read access to files.

Modifications:
  ADDREF XF:http-htmlscript-file-access
  ADDREF BUGTRAQ:Jan27,1998

VOTES:
   ACCEPT(2) Northcutt, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:http-htmlscript-file-access


=================================
Candidate: CAN-1999-0269
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:netscape-server-pageservices

Netscape Enterprise servers may list files through the PageServices query.

Modifications:
  ADDREF XF:netscape-server-pageservices

VOTES:
   ACCEPT(2) Northcutt, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:netscape-server-pageservices


=================================
Candidate: CAN-1999-0276
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:msql-debug-bo
Reference: SEKURE:sekure.01-99.msql

mSQL v2.0.1 and below allows remote execution through a buffer overflow.

Modifications:
  ADDREF XF:msql-debug-bo
  ADDREF SEKURE:sekure.01-99.msql

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Prosser> additional ref
 Prosser> Sekure SDI Advisory sekure.01-99.msql
 Prosser> http://www.sekure.org
 Frech> XF:msql-debug-bo


=================================
Candidate: CAN-1999-0278
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: MS:MS98-003
Reference: XF:iis-asp-data-check

In IIS, remote attackers can obtain source code for ASP files by appending
"::$DATA" to the URL.

Modifications:
  ADDREF MS:MS98-003
  ADDREF XF:iis-asp-data-check

VOTES:
   ACCEPT(2) Northcutt, Prosser
   MODIFY(1) Frech

COMMENTS:
 Prosser> additional source
 Prosser> Microsoft Security Bulletin MS98-003
 Prosser> http://www.microsoft.com/security
 Frech> XF:iis-asp-data-check


=================================
Candidate: CAN-1999-0279
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: CERT:VB-98.01.excite
Reference: XF:excite-cgi-search-vuln

Excite for Web Servers (EWS) allows remote command execution via
shell metacharacters.

Modifications:
  ADDREF XF:excite-cgi-search-vuln

VOTES:
   ACCEPT(2) Northcutt, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:excite-cgi-search-vuln


=================================
Candidate: CAN-1999-0315
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:fdformat-bo
Reference: SUN:00138

Buffer overflow in Solaris fdformat command gives root access to local
users.

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech

COMMENTS:
 Prosser> add ref
 Prosser> Sun Security Bulletin 00138
 Prosser> http://sunsolve.sun.com/


=================================
Candidate: CAN-1999-0339
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:sol-sun-libauth
Reference: RSI:RSI.0007.05-26-98

Buffer overflow in the libauth library in Solaris allows local users
to gain additional privileges, possibly root access.

Modifications:
  ADDREF RSI:RSI.0007.05-26-98

VOTES:
   ACCEPT(4) Northcutt, Hill, Prosser, Frech

COMMENTS:
 Prosser> Sun never did release a bulletin for this BO but did release
 Prosser> patches for affected systems.add ref,
 Prosser> RSI Alert Advisory RSI.0007.05-26-98
 Prosser> www.repsec.com


=================================
Candidate: CAN-1999-0355
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software
Reference: XF:controlit-reboot

Local or remote users can force ControlIT 4.5 to reboot or force a
user to log out, resulting in a denial of service.

VOTES:
   ACCEPT(3) Wall, Ozancin, Frech


=================================
Candidate: CAN-1999-0363
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb02,1999
Reference: XF:plp-lpc-bo
Reference: SF:328

SuSE 5.2 PLP lpc program has a buffer overflow that leads to root
compromise.

Modifications:
  DESC Change SuSe to SuSE

VOTES:
   ACCEPT(2) Wall, Ozancin
   MODIFY(1) Frech

COMMENTS:
 Frech> Change SuSe to SuSE.


=================================
Candidate: CAN-1999-0365
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb04,1999
Reference: XF:metamail-header-commands

The metamail package allows remote command execution using shell
metacharacters that are not quoted in a mailcap entry.

VOTES:
   ACCEPT(3) Wall, Ozancin, Frech


=================================
Candidate: CAN-1999-0371
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb11,1999
Reference: XF:lynx-temp-files-race

Lynx allows a local user to overwrite sensitive files through /tmp
symlinks.

VOTES:
   ACCEPT(3) Wall, Ozancin, Frech


=================================
Candidate: CAN-1999-0404
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb14,1999
Reference: XF:mailmax-bo

Buffer overflow in the Mail-Max SMTP server for Windows systems allows
remote command execution.

VOTES:
   ACCEPT(3) Wall, Ozancin, Frech


=================================
Candidate: CAN-1999-0405
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: HERT:002
Reference: BUGTRAQ:Feb18,1999
Reference: XF:lsof-bo

A buffer overflow in lsof allows local users to obtain root
privilege.

Modifications:
  ADDREF XF:lsof-bo

VOTES:
   ACCEPT(3) Northcutt, Hill, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:lsof-bo


=================================
Candidate: CAN-1999-0410
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Mar5,1999
Reference: XF:sol-cancel
Reference: SF:293

The cancel command in Solaris 2.6 (i386) has a buffer overflow that
allows local users to obtain root access.

VOTES:
   ACCEPT(3) Wall, Ozancin, Frech


=================================
Candidate: CAN-1999-0417
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Mar9,1999
Reference: XF:solaris-psinfo-crash
Reference: SF:448

64 bit Solaris 7 procfs allows local users to perform a denial of
service.

VOTES:
   ACCEPT(3) Wall, Ozancin, Frech


=================================
Candidate: CAN-1999-0441
Published:
Final-Decision: 19990911
Interim-Decision: 19990906
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: EEYE:AD02221999
Reference: XF:wingate-redirector-dos
Reference: SF:509

Remote attackers can perform a denial of service in WinGate machines
using a buffer overflow in the Winsock Redirector Service.

VOTES:
   ACCEPT(3) Wall, Ozancin, Frech
Prev by Date: INTERIM DECISION: ACCEPT 45 various candidates (Final Sep. 10)
Next by Date: 20 CVE Entries for Interoperability Demo
Prev by thread: INTERIM DECISION: ACCEPT 45 various candidates (Final Sep. 10)
Next by thread: FINAL DECISION: ACCEPT 45 various candidates
Index(es):
- Date
- Thread