[PROPOSAL] Cluster 46 - LINUX (30 candidates)

To: cve-editorial-board-list@lists.mitre.org
Subject: [PROPOSAL] Cluster 46 - LINUX (30 candidates)
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Mon, 13 Dec 1999 20:23:55 -0500 (EST)
Delivery-Date: Mon Dec 13 20:26:30 1999
Sender: owner-cve-editorial-board-list@lists.mitre.org
The following cluster contains 30 candidates and includes Linux
problems which have been acknowledged by at least one Linux vendor.

- Steve


Proposed: 12/13
Scheduled Proposed: 12/13
Scheduled Interim Decision: 12/27
Scheduled Final Decision: 12/31



Summary of votes to use (in ascending order of "severity"):

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

=================================
Candidate: CAN-1999-0705
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: XF:inn-inews-bo
Reference: REDHAT:RHSA1999033_01
Reference: CALDERA:CSSA-1999-026
Reference: DEBIAN:19990907
Reference: BID:616

Buffer overflow in INN inews program.

VOTE:

=================================
Candidate: CAN-1999-0706
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: DEBIAN:19990807
Reference: BID:583

xmonisdn in the Debian isdnutils package allows local users to
gain root privileges by modifying the IFS or PATH environmental
variables.

VOTE:

=================================
Candidate: CAN-1999-0708
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: DEBIAN:19990806
Reference: BUGTRAQ: cfingerd Buffer Oveflow Vulnerability
Reference: BID:651

Buffer overflow in Debian cfingerd.

VOTE:

=================================
Candidate: CAN-1999-0710
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: unknown
Reference: REDHAT:RHSA-1999:025-01
Reference: BUGTRAQ:19990725 Redhat 6.0 cachemgr.cgi lameness

The RedHat squid program installs cachemegr.cgi in a public web
directory, allowing remote attackers to use it as an intermediary to
connect to other systems.

VOTE:

=================================
Candidate: CAN-1999-0712
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: CALDERA:CSSA-1999:009
Reference: XF:linux-coas

A vulnerability in Caldera Open Administration System (COAS) allows
the /etc/shadow password file to be made world-readable.

VOTE:

=================================
Candidate: CAN-1999-0730
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: DEBIAN:19990612

The zsoelim program in the Debian man-db package allows local users to
overwrite files via a symlink attack.

VOTE:

=================================
Candidate: CAN-1999-0731
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ: Security flaw in klock
Reference: CALDERA:CSSA-1999:017

The KDE klock program allows local users to unlock a session using
malformed input.

VOTE:

=================================
Candidate: CAN-1999-0732
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: DEBIAN:19990823b
Reference: XF:smtp-refuser-tmp

The logging facilitity of the Debian smtp-refuser package allows local
users to delete arbitrary files using symbolic links.

VOTE:

=================================
Candidate: CAN-1999-0735
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: CALDERA:CSSA-1999:016
Reference: ISS:KDE K-Mail File Creation Vulnerability

KDE K-Mail allows local users to gain privileges via a symlink attack
in temporary user directories.

VOTE:

=================================
Candidate: CAN-1999-0742
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: DEBIAN:19990623

The Debian mailman package uses weak authentication, which allows
attackers to gain privileges.

VOTE:

=================================
Candidate: CAN-1999-0743
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: XF:trn-symlinks
Reference: DEBIAN:19990823c

Trn allows local users to overwrite other users' files via symlinks.

VOTE:

=================================
Candidate: CAN-1999-0748
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: REDHAT:RHSA-1999:017-01

Buffer overflows in Red Hat net-tools package.

VOTE:

=================================
Candidate: CAN-1999-0768
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BID:602
Reference: REDHAT:RHSA-1999:030-02

Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO
environmental variable.

VOTE:

=================================
Candidate: CAN-1999-0769
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: REDHAT:RHSA-1999:030-02
Reference: CALDERA:CSSA-1999:023.0
Reference: BID:611

Vixie Cron on Linux systems allows local users to set parameters of
sendmail commands via the MAILTO environmental variable.

VOTE:

=================================
Candidate: CAN-1999-0774
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990830 Babcia Padlina Ltd. security advisory: mars_nwe buffer overf
Reference: REDHAT:RHSA1999037_01
Reference: BID:617

Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via
long directory names.

VOTE:

=================================
Candidate: CAN-1999-0804
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990601 Linux kernel 2.2.x vulnerability/exploit
Reference: DEBIAN:19990607
Reference: CALDERA:CSSA-1999:013
Reference: SUSE:19990602 Denial of Service on the 2.2 kernel
Reference: BID:302

Denial of service in Linux 2.2.x kernels via malformed ICMP packets
containing unusual types, codes, and IP header lengths.

VOTE:

=================================
Candidate: CAN-1999-0810
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Reference: REDHAT:RHSA-1999:022-02

Denial of service in Samba NETBIOS name service daemon (nmbd).

VOTE:

=================================
Candidate: CAN-1999-0811
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Reference: REDHAT:RHSA-1999:022-02

Buffer overflow in Samba smbd program.

VOTE:

=================================
Candidate: CAN-1999-0812
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Reference: REDHAT:RHSA-1999:022-02

Race condition in Samba smbmnt allows local users to mount file
systems in arbitrary locations.

VOTE:

=================================
Candidate: CAN-1999-0814
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: unknown
Reference: REDHAT:RHSA-1999:027

Red Hat pump DHCP client allows remote attackers to gain root access
in some configurations.

VOTE:

=================================
Candidate: CAN-1999-0817
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: SUSE:19990915 Security hole in lynx

Lynx WWW client allows a remote attacker to specify command-line
parameters which Lynx uses when calling external programs to handle
certain protocols, e.g. telnet.

VOTE:

=================================
Candidate: CAN-1999-0872
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BID:759
Reference: BID:611
Reference: REDHAT:RHSA-1999:030-02

Buffer overflow in Vixie cron allows local users to gain root access
via a long MAILTO environment variable in a crontab file.

VOTE:

=================================
Candidate: CAN-1999-0894
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: REDHAT:RHSA1999042-01

Red Hat Linux screen program does not use Unix98 ptys, allowing
local users to write to other terminals.

VOTE:

=================================
Candidate: CAN-1999-0900
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: REDHAT:RHSA1999046-01

Buffer overflow in rpc.yppasswdd allows a local user to gain
privileges via MD5 hash generation.

VOTE:

=================================
Candidate: CAN-1999-0901
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: REDHAT:RHSA1999046-01

ypserv allows a local user to modify the GECOS and login shells
of other users.

VOTE:

=================================
Candidate: CAN-1999-0902
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: REDHAT:RHSA1999046-01

ypserv allows local administrators to modify password tables.

VOTE:

=================================
Candidate: CAN-1999-0907
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990916 SuSE 6.2 /usr/bin/sccw read any file
Reference: SUSE:19990921 Security Hole in sccw-1.1 and earlier

sccw allows local users to read arbitrary files.

VOTE:

=================================
Candidate: CAN-1999-0914
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: DEBIAN:19990104
Reference: BUGTRAQ:19990103 [SECURITY] New versions of netstd fixes buffer overflows
Reference: BID:324

Buffer overflow in the FTP client in the Debian GNU/Linux netstd
package.

VOTE:

=================================
Candidate: CAN-1999-0939
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990826 [SECURITY] New versions of epic4 fixes possible DoS vulnerability
Reference: BID:605
Reference: DEBIAN:19990826

Denial of service in Debian IRC Epic/epic4 client via a long string.

VOTE:

=================================
Candidate: CAN-1999-0940
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: CALDERA:CSSA-1999-031

Buffer overflow in mutt mail client allows remote attackers to execute
commands via malformed MIME messages.

VOTE:
Prev by Date: [PROPOSAL] Cluster 45 - RECENT-02 (20 candidates)
Next by Date: [PROPOSAL] Cluster 47 - UNIX-VEN (25 candidates)
Prev by thread: [PROPOSAL] Cluster 45 - RECENT-02 (20 candidates)
Next by thread: [PROPOSAL] Cluster 47 - UNIX-VEN (25 candidates)
Index(es):
- Date
- Thread