[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster 43 - CERT2 (26 candidates)



The following cluster contains 26 candidates, all of which are
associated with CERT advisories that have not been covered in previous
candidates.

Proposed: 12/8
Scheduled Proposed: 12/6
Scheduled Interim Decision: 12/20
Scheduled Final Decision: 12/24



Summary of votes to use (in ascending order of "severity"):

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

=================================
Candidate: CAN-1999-0687
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990913 Vulnerability in ttsession
Reference: CIAC:J-051
Reference: CERT:CA-99-11
Reference: BID:637
Reference: SUN:00185
Reference: HP:HPSBUX9909-103
Reference: COMPAQ:SSRT0617U_TTSESSION

The Tooltalk ttsession daemon uses weak RPC authentication.

VOTE:

=================================
Candidate: CAN-1999-0689
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991125
Category: SF
Reference: BID:636
Reference: BUGTRAQ:19990913 Vulnerability in dtspcd
Reference: SUN:00185
Reference: HP:HPSBUX9909-103
Reference: CERT:CA-99-11

The CDE dtspcd daemon allows local users to gain privileges through a
symlink attack.

VOTE:

=================================
Candidate: CAN-1999-0691
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991125
Category: SF
Reference: CERT:CA-99-11
Reference: BID:635
Reference: BUGTRAQ:19990913 Vulnerability in dtaction
Reference: SUN:00185
Reference: HP:HPSBUX9909-103
Reference: COMPAQ:SSRTO615U_DTACTION

Buffer overflow in CDE dtaction utility through a long user name.

VOTE:

=================================
Candidate: CAN-1999-0692
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991125
Category: CF
Reference: CERT:CA-99-09
Reference: CIAC:J-052
Reference: SGI:19990701-01-P

The default configuration of the Array Services daemon (arrayd)
disables authentication, allowing remote users to gain root
privileges.

VOTE:

=================================
Candidate: CAN-1999-0693
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991125
Category: SF
Reference: CERT:CA-99-11
Reference: BID:641
Reference: SUN:00185
Reference: HP:HPSBUX9909-103

Buffer overflow in TT_SESSION environment variable in ToolTalk shared
library.

VOTE:

=================================
Candidate: CAN-1999-0696
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991125
Category: SF
Reference: J-051
Reference: CIAC:J-051
Reference: SUN:00188
Reference: CERT:CA-99-08
Reference: HP:00102
Reference: COMPAQ:SSRT0614U_RPC_CMSD

Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd)

VOTE:

=================================
Candidate: CAN-1999-0704
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991125
Category: SF
Reference: REDHAT:RHSA-1999:032-01
Reference: CALDERA:CSSA-1999:024.0
Reference: FREEBSD:SA-99:06
Reference: DEBIAN:19991018
Reference: BID:614
Reference: CERT:CA-99-12
Reference: XF:amd-bo

Buffer overflow in Berkeley automounter daemon (amd) logging facility
provided in the Linux am-utils package and others.

VOTE:

=================================
Candidate: CAN-1999-0722
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991125
Category: CF
Reference: CERT:CA-99-10

The default configuration of Cobalt RaQ2 servers allows remote
users to install arbitrary software packages.

VOTE:

=================================
Candidate: CAN-1999-0833
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: CERT:CA-99-14

Buffer overflow in BIND 8.2 via NXT records.

VOTE:

=================================
Candidate: CAN-1999-0835
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: CERT:CA-99-14

Denial of service in BIND named via SIG records.

VOTE:

=================================
Candidate: CAN-1999-0837
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: CERT:CA-99-14

Denial of service in BIND by improperly closing TCP sessions via
so_linger.

VOTE:

=================================
Candidate: CAN-1999-0848
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: CERT:CA-99-14

Denial of service in BIND named via consuming more than "fdmax" file
descriptors.

VOTE:

=================================
Candidate: CAN-1999-0849
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: CERT:CA-99-14

Denial of service in BIND named via maxdname.

VOTE:

=================================
Candidate: CAN-1999-0851
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: CERT:CA-99-14

Denial of service in BIND named via naptr.

VOTE:

=================================
Candidate: CAN-1999-0868
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: CERT:CA-97.08

ucbmail allows remote attackers to execute commands via shell
metacharacters that are passed to it from INN.

VOTE:

=================================
Candidate: CAN-1999-0878
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: ftp://ftp.wu-ftpd.org/pub/wu-ftpd-attic/auscert.org.au/AA-1999.02.multi.wu-ftpd.vuls
Reference: CERT:CA-99-13
Reference: REDHAT:RHSA1999031_01
Reference: BID:599

Buffer overflow in WU-FTPD and related FTP servers allows remote
attackers to gain root privileges via MAPPING_CHDIR.

VOTE:

=================================
Candidate: CAN-1999-0879
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: CERT:CA-99-13

Buffer overflow in WU-FTPD and related FTP servers allows remote
attackers to gain root privileges via macro variables in a message
file.

VOTE:

=================================
Candidate: CAN-1999-0880
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: CERT:CA-99-13

Denial of service in WU-FTPD via memory leak in the SITE NEWER
command.

VOTE:

=================================
Candidate: CAN-1999-0938
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: CERT:VN-99-03

MBone SDR Package allows remote attackers to execute commands via
shell metacharacters in Sesion Initiation Protocol (SIP) messages.

VOTE:

=================================
Candidate: CAN-1999-0955
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: CERT:CA-94.08
Reference: CIAC:E-17

Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain
root access via the SITE EXEC command.

VOTE:

=================================
Candidate: CAN-1999-0956
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: CERT:CA-93.02a

The NeXT NetInfo _writers property allows local users to gain root
privileges or conduct a denial of service.

VOTE:

=================================
Candidate: CAN-1999-0959
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: AUSCERT:AA-97-05
Reference: SGI:19980301-01-PX

IRIX startmidi and stopmidi programs allow local users to modify
arbitrary files via a symlink attack.

VOTE:

=================================
Candidate: CAN-1999-0960
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: AUSCERT:AA-96.11
Reference: SGI:19980301-01-PX

IRIX cdplayer allows local users to create directories in arbitrary
locations via a command line option.

VOTE:

=================================
Candidate: CAN-1999-0962
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: AUSCERT:AA-96.13
Reference: HP:HPSBUX9701-045

Buffer overflow in HPUX passwd command allows local users to gain root
privileges via a command line option.

VOTE:

=================================
Candidate: CAN-1999-0963
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19960316 BoS: SECURITY BUG in FreeBS
Reference: CERT:VB-96.06

FreeBSD mount_union command allows local users to gain root privileges
via a symlink attack.

VOTE:

=================================
Candidate: CAN-1999-0965
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: CERT:CA-93.17

Race condition in xterm allows local users to modify arbitrary files
via the logging option.

VOTE:

Page Last Updated or Reviewed: May 22, 2007