INTERIM DECISION: ACCEPT 45 various candidates (Final 9/24)

To: cve-editorial-board-list@lists.mitre.org
Subject: INTERIM DECISION: ACCEPT 45 various candidates (Final 9/24)
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Wed, 22 Sep 1999 01:17:03 -0400 (EDT)
Delivery-Date: Wed Sep 22 01:20:05 1999
Sender: owner-cve-editorial-board-list@lists.mitre.org
I have made an Interim Decision to ACCEPT the following candidates
from various clusters.  I will make a Final Decision on September 24.

These candidates satisfy the minimum vote requirement, as approved by
the Board in the INCLUSION content decision.  However, many of them
only have 2 non-MITRE votes.  Each candidate satisfies the other
portion of the voting requirement, however, i.e.  a non-voter's tool
checks for it, and/or the software vendor has confirmed the problem.

The candidates come from the following clusters:

   6 CGI
   1 BUF
  16 NTLOW
   4 DENY
   4 NOREFS
   4 MULT2
   7 MORELOW
   3 CDEC


- Steve


=================================
Candidate: CAN-1999-0002
Published:
Final-Decision:
Interim-Decision: 19990922
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: CERT:CA-98.12.mountd
Reference: XF:linux-mountd-bo

Buffer overflow in NFS mountd gives root access to remote attackers,
mostly in Linux systems.

VOTES:
   ACCEPT(2) Frech, Northcutt
   NOOP(1) Wall


=================================
Candidate: CAN-1999-0042
Published:
Final-Decision:
Interim-Decision: 19990922
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: NAI:NAI-21
Reference: CERT:CA-97.09.imap_pop
Reference: XF:popimap-bo

Buffer overflow in University of Washington's implementation of
IMAP and POP servers.

VOTES:
   ACCEPT(2) Wall, Frech


=================================
Candidate: CAN-1999-0048
Published:
Final-Decision:
Interim-Decision: 19990922
Modified:
Proposed: 19990714
Assigned: 19990607
Category: SF
Reference: CERT:CA-97.04.talkd
Reference: FreeBSD:FreeBSD-SA-96:21
Reference: AUSCERT:AA-97.01
Reference: SUN:00147
Reference: XF:talkd-bo

Talkd, when given corrupt DNS information, can be used to execute
arbitrary commands with root privileges.

VOTES:
   ACCEPT(1) Northcutt
   MODIFY(1) Frech
   NOOP(1) Shostack

COMMENTS:
 Frech> Add to references:
 Frech> XF:netkit-talkd


=================================
Candidate: CAN-1999-0125
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: XF:sgi-mailx-bo
Reference: SGI:19980605-01-PX

Buffer overflow in SGI IRIX mailx program.

Modifications:
  CHANGEREF XF:si-mailx-bo XF:sgi-mailx-bo

VOTES:
   ACCEPT(1) Ozancin
   MODIFY(1) Frech
   NOOP(1) Wall

COMMENTS:
 Frech> Change XF:si-mailx-bo to XF:sgi-mailx-bo


=================================
Candidate: CAN-1999-0153
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: XF:win-oob

Windows 95/NT out of band (OOB) data denial of service through NETBIOS
port, aka WinNuke.

Modifications:
  ADDREF XF:win-oob

VOTES:
   ACCEPT(3) Hill, Wall, Northcutt
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:win-oob


=================================
Candidate: CAN-1999-0173
Published:
Final-Decision:
Interim-Decision: 19990922
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-formmail-use

FormMail CGI program can be used by web servers other than the
host server that the program resides on.

VOTES:
   ACCEPT(2) Northcutt, Frech
   NOOP(1) Prosser


=================================
Candidate: CAN-1999-0174
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-viewsrc

The view-source CGI program allows remote attackers to read any file on
the system that is internally accessible by the web server.

Modifications:
  ADDREF XF:http-cgi-viewsrc

VOTES:
   ACCEPT(1) Northcutt
   MODIFY(1) Frech
   NOOP(1) Prosser

COMMENTS:
 Frech> XF:http-cgi-viewsrc


=================================
Candidate: CAN-1999-0177
Published:
Final-Decision:
Interim-Decision: 19990922
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-website-uploader

The uploader program in the WebSite web server allows a remote
attacker to execute arbitrary programs.

VOTES:
   ACCEPT(2) Northcutt, Frech
   NOOP(1) Prosser


=================================
Candidate: CAN-1999-0178
Published:
Final-Decision:
Interim-Decision: 19990922
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-website-winsample

The win-c-sample program in the WebSite web server has a buffer
overflow that allows remote execution of commands.

VOTES:
   ACCEPT(2) Northcutt, Frech
   NOOP(1) Prosser


=================================
Candidate: CAN-1999-0179
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: MSKB:Q140818
Reference: XF:nt-samba-dotdot
Reference: XF:nt-351
Reference: XF:nt-35

Windows NT crashes or locks up when a Samba client executes a "cd .."
command on a file share.

Modifications:
  ADDREF XF:nt-351
  ADDREF XF:nt-35

VOTES:
   ACCEPT(2) Hill, Wall
   MODIFY(1) Frech

COMMENTS:
 Frech> Also add:
 Frech> XF:nt-351
 Frech> XF:nt-35


=================================
Candidate: CAN-1999-0180
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990714
Assigned: 19990607
Category: SF
Reference: XF:rsh-null

in.rshd allows users to login with a NULL username and execute commands.

Modifications:
  ADDREF XF:rsh-null

VOTES:
   ACCEPT(1) Northcutt
   MODIFY(2) Shostack, Frech

COMMENTS:
 Shostack> more info
 Frech> XF:rsh-null


=================================
Candidate: CAN-1999-0191
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-newdsn

IIS newdsn.exe CGI script allows remote users to overwrite files.

Modifications:
  ADDREF XF:http-cgi-newdsn

VOTES:
   ACCEPT(1) Northcutt
   MODIFY(1) Frech
   NOOP(1) Prosser

COMMENTS:
 Frech> XF:http-cgi-newdsn


=================================
Candidate: CAN-1999-0194
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990714
Assigned: 19990607
Category: SF
Reference: XF:comsat

Denial of service in in.comsat allows attackers to generate messages.

Modifications:
  ADDREF XF:comsat

VOTES:
   ACCEPT(1) Shostack
   MODIFY(1) Frech
   NOOP(2) Northcutt, Wall

COMMENTS:
 Frech> XF:comsat


=================================
Candidate: CAN-1999-0211
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990714
Assigned: 19990607
Category: SF
Reference: CERT:CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability

Extra long export lists over 256 characters in some mount daemons
allows NFS directories to be mounted by anyone.

Modifications:
  DESC per Adam's comments
  ADDREF CERT:CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability

VOTES:
   ACCEPT(1) Northcutt
   MODIFY(1) Shostack
   REVIEWING(1) Frech

COMMENTS:
 Shostack> caused server to export to world


=================================
Candidate: CAN-1999-0217
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990714
Assigned: 19990607
Category: SF
Reference: XF:udp-bomb

Malicious option settings in UDP packets could force a reboot in SunOS
4.1.3 systems.

Modifications:
  ADDREF XF:udp-bomb

VOTES:
   MODIFY(2) Shostack, Frech
   NOOP(2) Northcutt, Wall

COMMENTS:
 Shostack> make Andre give us a reference. :)
 Frech> XF:udp-bomb


=================================
Candidate: CAN-1999-0218
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990714
Assigned: 19990607
Category: SF
Reference: XF:portmaster-reboot

Livingston portmaster machines could be rebooted via a series
of commands.

Modifications:
  ADDREF XF:portmaster-reboot

VOTES:
   ACCEPT(1) Shostack
   MODIFY(1) Frech
   NOOP(2) Northcutt, Wall

COMMENTS:
 Frech> XF:portmaster-reboot


=================================
Candidate: CAN-1999-0221
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: XF:ascend-150-kill

Denial of service of Ascend routers through port 150 (remote
administration).

Modifications:
  ADDREF XF:ascend-150-kill

VOTES:
   ACCEPT(2) Hill, Meunier
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:ascend-150-kill


=================================
Candidate: CAN-1999-0224
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: XF:nt-messenger

Denial of service in Windows NT messenger service through a long
username.

Modifications:
  ADDREF XF:nt-messenger

VOTES:
   ACCEPT(2) Hill, Wall
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:nt-messenger


=================================
Candidate: CAN-1999-0234
Published:
Final-Decision:
Interim-Decision: 19990922
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: XF:bash-cmd
Reference: CERT:CA-96.22.bash_vuls

Bash treats any character with a value of 255 as a command separator.

VOTES:
   ACCEPT(2) Ozancin, Frech
   NOOP(1) Wall


=================================
Candidate: CAN-1999-0236
Published:
Final-Decision:
Interim-Decision: 19990922
Modified:
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: XF:http-scriptalias

ScriptAlias directory in NCSA and Apache httpd allowed attackers to
read CGI programs.

VOTES:
   ACCEPT(2) Northcutt, Frech
   NOOP(1) Prosser


=================================
Candidate: CAN-1999-0239
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990714
Assigned: 19990607
Category: SF
Reference: XF:fastrack-get-directory-list

Netscape FastTrack Web server lists files when a lowercase "get"
command is used instead of an uppercase GET.

Modifications:
  ADDREF XF:fastrack-get-directory-list

VOTES:
   MODIFY(2) Shostack, Frech
   NOOP(2) Northcutt, Wall

COMMENTS:
 Shostack> needs ref
 Frech> XF:fastrack-get-directory-list (note only one 't' in 'fastrack')


=================================
Candidate: CAN-1999-0265
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: MSKB:Q154174
Reference: ISS:ICMP Redirects Against Embedded Controllers
Reference: XF:icmp-redirect

ICMP redirect messages may crash or lock up a host.

Modifications:
  ADDREF MSKB:Q154174
  ADDREF ISS:ICMP Redirects Against Embedded Controllers
  DELREF XF:icmp-redirects

VOTES:
   MODIFY(2) Wall, Frech

COMMENTS:
 Wall> Reference Q154174
 Frech> Remove XF:icmp-redirects
 Frech> Add ISS: ICMP Redirects Against Embedded Controllers


=================================
Candidate: CAN-1999-0266
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990714
Assigned: 19990607
Category: SF
Reference: XF:http-cgi-info2www

The info2www CGI script allows remote file access or remote
command execution.

Modifications:
  ADDREF XF:http-cgi-info2www

VOTES:
   ACCEPT(1) Northcutt
   MODIFY(1) Frech
   NOOP(1) Shostack

COMMENTS:
 Frech> XF:http-cgi-info2www


=================================
Candidate: CAN-1999-0272
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: XF:slmail-username-bo

Denial of service in Slmail v2.5 through the POP3 port.

Modifications:
  ADDREF XF:slmail-username-bo

VOTES:
   ACCEPT(2) Hill, Meunier
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:slmail-username-bo


=================================
Candidate: CAN-1999-0274
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: NAI:NAI-5
Reference: XF:nt-dns-dos

Denial of service in Windows NT DNS servers through malicious packet
which contains a response to a query that wasn't made.

Modifications:
  ADDREF XF:nt-dns-dos

VOTES:
   ACCEPT(2) Hill, Wall
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:nt-dns-dos


=================================
Candidate: CAN-1999-0288
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: XF:nt-winsupd-fix

Denial of service in WINS with malformed data to port 137 (NETBIOS
Name Service).

Modifications:
  ADDREF XF:nt-winsupd-fix

VOTES:
   ACCEPT(2) Hill, Meunier
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:nt-winsupd-fix


=================================
Candidate: CAN-1999-0292
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: XF:nt-winpopup

Denial of service through Winpopup using large user names.

Modifications:
  ADDREF XF:nt-winpopup

VOTES:
   ACCEPT(2) Hill, Wall
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:nt-winpopup


=================================
Candidate: CAN-1999-0299
Published:
Final-Decision:
Interim-Decision: 19990922
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: NAI:NAI-9

Buffer overflow in FreeBSD lpd through long DNS hostnames.

VOTES:
   ACCEPT(2) Wall, Ozancin
   REVIEWING(1) Frech

COMMENTS:
 Frech> Can't find in database. See
 Frech> http://www.nai.com/nai_labs/asp_set/advisory/09_lpd_adv.asp


=================================
Candidate: CAN-1999-0349
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: EEYE:IIS Remote FTP Exploit/DoS Attack
Reference: MS:MS99-003
Reference: MSKB:Q188348
Reference: BUGTRAQ:Jan27,1999
Reference: XF:iis-remote-ftp

A buffer overflow in the FTP list (ls) command in IIS allows remote
attackers to conduct a denial of service and, in some cases, execute
arbitrary commands.

Modifications:
  ADDREF XF:iis-remote-ftp

VOTES:
   ACCEPT(2) Hill, Wall
   MODIFY(1) Frech
   NOOP(1) Christey

COMMENTS:
 Frech> XF:iis-remote-ftp
 Frech> It is extremely hard to find articles by their dates, especially
 Frech> for heavily trafficked groups like *Bugtraq. Is it possible to convert them
 Frech> to titles instead?
 Christey> Future references to Bugtraq postings will try to encode the
 Christey> date and the subject.  URLs are too unstable to reference
 Christey> directly.


=================================
Candidate: CAN-1999-0366
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-004
Reference: MSKB:Q214840
Reference: XF:nt-sp4-auth-error

In some cases, Service Pack 4 for Windows NT 4.0 can allow access to
network shares using a blank password, through a problem with a null
NT hash value.

Modifications:
  ADDREF XF:nt-sp4-auth-error

VOTES:
   ACCEPT(2) Hill, Wall
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:nt-sp4-auth-error


=================================
Candidate: CAN-1999-0372
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-005
Reference: XF:nt-backoffice-setup
Reference: MSKB:Q217004

The installer for BackOffice Server includes account names and
passwords in a setup file (reboot.ini) which is not deleted.

Modifications:
  ADDREF XF:nt-backoffice-setup
  ADDREF MSKB:Q217004
  DESC list reboot.ini file

VOTES:
   ACCEPT(1) Hill
   MODIFY(2) Wall, Frech

COMMENTS:
 Wall> "The installer for BackOffice Server 4.0 includes account names
 Wall> and passwords in a setup file (reboot.ini) which is not deleted."
 Wall> Also reference Q217004
 Frech> XF:nt-backoffice-setup


=================================
Candidate: CAN-1999-0375
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990905-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: NAI:February 16, 1999
Reference: BUGTRAQ:Feb16,1999
Reference: XF:nfr-webd-overflow

Buffer overflow in webd in Network Flight Recorder (NFR)
2.0.2-Research allows remote attackers to execute commands.

Modifications:
  ADDREF XF:nfr-webd-overflow

VOTES:
   ACCEPT(2) Northcutt, Hill
   MODIFY(1) Frech
   NOOP(1) Prosser

COMMENTS:
 Frech> XF:nfr-webd-overflow


=================================
Candidate: CAN-1999-0376
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-006
Reference: BUGTRAQ:Feb20,1999
Reference: L0PHT:Feb18,1999
Reference: XF:nt-knowndlls-list

Local users in Windows NT can obtain administrator privileges by
changing the KnownDLLs list to reference malicious programs.

Modifications:
  ADDREF XF:nt-knowndlls-list

VOTES:
   ACCEPT(2) Hill, Wall
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:nt-knowndlls-list


=================================
Candidate: CAN-1999-0379
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb22,1999
Reference: MS:MS99-007
Reference: XF:win-resourcekit-taskpads

Microsoft Taskpads feature allows remote web sites to execute commands
on the visiting user's machine.

Modifications:
  ADDREF XF:win-resourcekit-taskpads

VOTES:
   ACCEPT(2) Hill, Wall
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:win-resourcekit-taskpads


=================================
Candidate: CAN-1999-0382
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-008
Reference: XF:nt-screen-saver

The screen saver in Windows NT does not verify that its security
context has been changed properly, allowing attackers to run programs
with elevated privileges.

Modifications:
  ADDREF XF:nt-screen-saver

VOTES:
   ACCEPT(2) Hill, Wall
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:nt-screen-saver


=================================
Candidate: CAN-1999-0384
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: XF:forms-vuln-patch
Reference: MS:MS99-001

The Forms 2.0 ActiveX control (included with Visual Basic for
Applications 5.0) can be used to read text from a user's
clipboard when the user accesses documents with ActiveX content.

Modifications:
  ADDREF XF:forms-vuln-patch

VOTES:
   ACCEPT(2) Hill, Wall
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:forms-vuln-patch


=================================
Candidate: CAN-1999-0385
Published:
Final-Decision:
Interim-Decision: 19990922
Modified:
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-009
Reference: ISS:LDAP Buffer overflow against Microsoft Directory Services
Reference: XF:ldap-exchange-overflow
Reference: XF:ldap-mds-dos

The LDAP bind function in Exchange 5.5 has a buffer overflow that
allows a remote attacker to conduct a denial of service or execute
commands.

Modifications:
  ADDREF XF:ldap-exchange-overflow
  ADDREF XF:ldap-mds-dos

VOTES:
   ACCEPT(2) Hill, Wall
   MODIFY(1) Frech

COMMENTS:
 Frech> Change ISS:LDAP Buffer overflow against Microsoft Directory Services
 Frech> XF:ldap-exchange-overflow
 Frech> XF:ldap-mds-dos


=================================
Candidate: CAN-1999-0386
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-010
Reference: XF:pws-file-access

Microsoft Personal Web Server and FrontPage Personal Web Server in
some Windows systems allows a remote attacker to read files on the
server by using a nonstandard URL.

Modifications:
  ADDREF XF:pws-file-access

VOTES:
   ACCEPT(2) Hill, Wall
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:pws-file-access


=================================
Candidate: CAN-1999-0392
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan10,1999
Reference: XF:http-cgic-library-bo

Buffer overflow in Thomas Boutell's cgic library version up to 1.05.

Modifications:
  DESC version isn't just 1.05

VOTES:
   ACCEPT(1) Ozancin
   MODIFY(1) Frech
   NOOP(1) Wall

COMMENTS:
 Frech> Change version 1.05 to versions up to and including 1.05.


=================================
Candidate: CAN-1999-0402
Published:
Final-Decision:
Interim-Decision: 19990922
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb2,1999
Reference: XF:wget-permissions
Reference: DEBIAN:19990220

wget 1.5.3 follows symlinks to change permissions of the target file
instead of the symlink itself.

VOTES:
   ACCEPT(2) Ozancin, Frech
   NOOP(1) Wall


=================================
Candidate: CAN-1999-0442
Published:
Final-Decision:
Interim-Decision: 19990922
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan7,1999
Reference: SF:327

Solaris ff.core allows local users to modify files.

VOTES:
   ACCEPT(2) Wall, Ozancin
   REVIEWING(1) Frech


=================================
Candidate: CAN-1999-0457
Published:
Final-Decision:
Interim-Decision: 19990922
Modified:
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan17,1999
Reference: DEBIAN:19990117
Reference: XF:ftpwatch-vuln
Reference: SF:317

Linux ftpwatch program allows local users to gain root privileges.

VOTES:
   ACCEPT(1) Frech
   MODIFY(1) Ozancin
   NOOP(2) Wall, Christey

COMMENTS:
 Ozancin> A little vague.
 Christey> Unfortunately, the advisory is also vague.


=================================
Candidate: CAN-1999-0487
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: MS:MS99-011
Reference: XF:ie-dhtml-control

The DHTML Edit ActiveX control in Internet Explorer allows remote
attackers to read arbitrary files.

Modifications:
  ADDREF XF:ie-dhtml-control

VOTES:
   ACCEPT(2) Hill, Wall
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:ie-dhtml-control


=================================
Candidate: CAN-1999-0496
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: MSKB:Q146965
Reference: XF:nt-getadmin
Reference: XF:nt-getadmin-present

A Windows NT 4.0 user can gain administrative rights by forcing
NtOpenProcessToken to succeed regardless of the user's permissions,
aka GetAdmin.

Modifications:
  DESC Change the wording to describe the specific problem
  ADDREF XF:nt-getadmin
  ADDREF XF:nt-getadmin-present
  ADDREF MSKB:Q146965

VOTES:
   ACCEPT(2) Hill, Northcutt
   MODIFY(2) Wall, Frech
   NOOP(1) Christey

COMMENTS:
 Wall> "A Windows NT 4.0 user can gain administrative rights, aka Getadmin"
 Wall> Also reference CIAC H-14 and Microsoft Knowledge Base article Q146965.
 Frech> XF:nt-getadmin
 Frech> XF:nt-getadmin-present
 Frech> XF:mssql-get-admin
 Christey> CIAC H-14 has to do with SGI problems


=================================
Candidate: CAN-1999-0566
Published:
Final-Decision:
Interim-Decision: 19990922
Modified: 19990922-01
Proposed: 19990630
Assigned: 19990607
Category: CF
Reference: XF:ibm-syslogd
Reference: XF:syslog-flood

An attacker can write to syslog files from any location, causing a
denial of service by filling up the logs, and hiding activities.

Modifications:
  ADDREF XF:ibm-syslogd
  ADDREF XF:syslog-flood

VOTES:
   ACCEPT(2) Hill, Meunier
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:ibm-syslogd
 Frech> XF:syslog-flood
Prev by Date: INTERIM DECISION: ACCEPT 37 various candidates (Final 9/24)
Next by Date: CVE Language/Terminology Changes
Prev by thread: INTERIM DECISION: ACCEPT 37 various candidates (Final 9/24)
Next by thread: CVE Language/Terminology Changes
Index(es):
- Date
- Thread