[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster 51 - NET-01 (12 candidates)



This cluster deals with various problems in network devices and
protocols.

Proposed: 12/21
Scheduled Proposed: 12/20
Scheduled Interim Decision: 1/3
Scheduled Final Decision: 1/7


- Steve


Summary of votes to use (in ascending order of "severity"):

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-1999-0667
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991008
Category: SF

The ARP protocol allows any host to spoof ARP replies and poison the
ARP cache to conduct IP address spoofing or a denial of service.

VOTE:

=================================
Candidate: CAN-1999-0675
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BID:576

Firewall-1 can be subjected to a denial of service via UDP packets
that are sent through VPN-1 to port 0 of a host.

VOTE:

=================================
Candidate: CAN-1999-0683
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: XF:gauntlet-dos
Reference: BUGTRAQ:19990729 Remotely Lock Up Gauntlet 5.0

Denial of service in Gauntlet Firewall via a malformed ICMP packet.

VOTE:

=================================
Candidate: CAN-1999-0734
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: CF
Reference: CISCO: CiscoSecure Access Control Server for UNIX Remote Administration Vulnerability
Reference: XF:ciscosecure-read-write

A default configuration of CiscoSecure Access Control Server (ACS)
allows remote users to modify the server database without
authentication.

VOTE:

=================================
Candidate: CAN-1999-0770
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990729 Simple DOS attack on FW-1
Reference: BID:549
Reference: CHECKPOINT:ACK DOS ATTACK

Firewall-1 sets a long timeout for connections that begin with ACK or
other packets except SYN, allowing an attacker to conduct a denial of
service via a large number of connection attempts to unresponsive
systems.

VOTE:

=================================
Candidate: CAN-1999-0775
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: CISCO:Cisco IOS Software established Access List Keyword Error

Cisco Gigabit Switch routers running IOS allow remote attackers to
forward unauthorized packets due to improper handling of the
"established" keyword in an access list.

VOTE:

=================================
Candidate: CAN-1999-0816
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19980510 Security Vulnerability in Motorola CableRouters

The Motorola CableRouter allows any remote user to connect to and
configure the router on port 1024.

VOTE:

=================================
Candidate: CAN-1999-0875
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: CF
Reference: L0PHT:19990811
Reference: MSKB:Q216141
Reference: BID:578

DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow
remote attackers to modify their default routes.

VOTE:

=================================
Candidate: CAN-1999-0889
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990810 Cisco 675 password nonsense

Cisco 675 routers running CBOS allow remote attackers to establish
telnet sessions if an exec or superuser password has not been set.

VOTE:

=================================
Candidate: CAN-1999-0895
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication

Firewall-1 does not properly restrict access to LDAP attributes.

VOTE:

=================================
Candidate: CAN-1999-0905
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991020 Remote DoS in Axent's Raptor 6.0

Denial of service in Axent Raptor firewall via malformed zero-length
IP options.

VOTE:

=================================
Candidate: CAN-1999-0919
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19980510 Security Vulnerability in Motorola CableRouters

A memory leak in a Motorola CableRouter allows remote attackers to
conduct a denial of service via a large number of telnet connections.

VOTE:

Page Last Updated or Reviewed: May 22, 2007