[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[INTERIM] ACCEPT 22 candidates from LINUX (Final 1/3/2000)
I have made an Interim Decision to ACCEPT the following 22 candidates
from the LINUX cluster. I will make a Final Decision on January 3,
2000.
Voters:
Christey NOOP(2)
Cole ACCEPT(19) MODIFY(3)
Stracener ACCEPT(7) MODIFY(15)
Blake ACCEPT(21) NOOP(1)
- Steve
=================================
Candidate: CAN-1999-0705
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: XF:inn-inews-bo
Reference: REDHAT:RHSA1999033_01
Reference: CALDERA:CSSA-1999-026
Reference: SUSE:19990831 Security hole in INN
Reference: DEBIAN:19990907
Reference: BID:616
Buffer overflow in INN inews program.
Modifications:
ADDREF SUSE:19990831 Security hole in INN
INFERRED VOTE: CAN-1999-0705 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Cole, Blake
MODIFY(1) Stracener
COMMENTS:
Stracener> Add Ref: SUSE: Security hole in INN 31.08.99
=================================
Candidate: CAN-1999-0706
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: DEBIAN:19990807
Reference: SUSE:19990817 Security hole in i4l (xmonisdn)
Reference: BID:583
Linux xmonisdn package allows local users to gain root privileges by
modifying the IFS or PATH environmental variables.
Modifications:
ADDREF SUSE:19990817 Security hole in i4l (xmonisdn)
DESC remove Debian - applies to various Linuxes
INFERRED VOTE: CAN-1999-0706 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Cole, Blake
MODIFY(1) Stracener
COMMENTS:
Stracener> Add Ref: SUSE: Security Hole in i4l (xmonisdn) 17.08.1999
Stracener> Add Ref: CSSA-1999-019.0 Security problem with xmonisdn
Stracener> The issue with xmonisdn is not isolated to the Debian isdnutils package. The
Stracener> description should be rewritten to encompass a greater level of generality.
Stracener> I suggest: "xmonisdn allows local users to gain root privileges by modifying
Stracener> the IFS or PATH environmental variables."
=================================
Candidate: CAN-1999-0710
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: CF
Reference: REDHAT:RHSA-1999:025-01
Reference: BUGTRAQ:19990725 Redhat 6.0 cachemgr.cgi lameness
The RedHat squid program installs cachemegr.cgi in a public web
directory, allowing remote attackers to use it as an intermediary to
connect to other systems.
INFERRED VOTE: CAN-1999-0710 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Cole, Blake
MODIFY(1) Stracener
COMMENTS:
Stracener> I recommend we categorize this as a Configuration Error (CF) as cachemgr.cgi
Stracener> shipped with insecure default permissions.
=================================
Candidate: CAN-1999-0730
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: DEBIAN:19990612
The zsoelim program in the Debian man-db package allows local users to
overwrite files via a symlink attack.
INFERRED VOTE: CAN-1999-0730 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0731
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990623 Security flaw in klock
Reference: CALDERA:CSSA-1999:017
Reference: SUSE:19990629 Security hole in Klock
Reference: BID:489
The KDE klock program allows local users to unlock a session using
malformed input.
Modifications:
ADDREF SUSE:19990629 Security hole in Klock
ADDREF BID:489
CHANGEREF BUGTRAQ [add date]
INFERRED VOTE: CAN-1999-0731 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Cole, Blake
MODIFY(1) Stracener
COMMENTS:
Stracener> Add Red: SUSE: Security hole in Klock 29.06.1999:
=================================
Candidate: CAN-1999-0732
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: DEBIAN:19990823b
Reference: XF:smtp-refuser-tmp
The logging facilitity of the Debian smtp-refuser package allows local
users to delete arbitrary files using symbolic links.
INFERRED VOTE: CAN-1999-0732 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0735
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: ISS:KDE K-Mail File Creation Vulnerability
Reference: CALDERA:CSSA-1999:016
Reference: REDHAT:RHSA-1999:015-01
KDE K-Mail allows local users to gain privileges via a symlink attack
in temporary user directories.
Modifications:
ADDREF REDHAT:RHSA-1999:015-01
INFERRED VOTE: CAN-1999-0735 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Cole, Blake
MODIFY(1) Stracener
COMMENTS:
Stracener> Add Ref: REDHAT: RHSA-1999:015-01
=================================
Candidate: CAN-1999-0769
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: REDHAT:RHSA-1999:030-02
Reference: CALDERA:CSSA-1999:023.0
Reference: SUSE:19990829 Security hole in cron
Reference: DEBIAN:19990830 cron
Reference: BID:611
Vixie Cron on Linux systems allows local users to set parameters of
sendmail commands via the MAILTO environmental variable.
Modifications:
ADDREF SUSE:19990829 Security hole in cron
ADDREF DEBIAN:19990830 cron
INFERRED VOTE: CAN-1999-0769 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(1) Blake
MODIFY(2) Cole, Stracener
COMMENTS:
Cole> It is done by failure to validate the contents.
Stracener> Add Ref: DEBIAN: cron [30 Aug 1999]
Stracener> Add Ref: SUSE: Security hole in cron 29.08.1999:
=================================
Candidate: CAN-1999-0774
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990830 Babcia Padlina Ltd. security advisory: mars_nwe buffer overf
Reference: REDHAT:RHSA1999037_01
Reference: SUSE:19990916 Security hole in mars nwe
Reference: BID:617
Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via
long directory names.
Modifications:
ADDREF SUSE:19990916 Security hole in mars nwe
INFERRED VOTE: CAN-1999-0774 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Cole, Blake
MODIFY(1) Stracener
COMMENTS:
Stracener> Add Ref: SUSE: Security hole in mars nwe 16.09.1999
=================================
Candidate: CAN-1999-0804
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990601 Linux kernel 2.2.x vulnerability/exploit
Reference: DEBIAN:19990607
Reference: CALDERA:CSSA-1999:013
Reference: SUSE:19990602 Denial of Service on the 2.2 kernel
Reference: REDHAT:19990603 Kernel Update
Reference: BID:302
Denial of service in Linux 2.2.x kernels via malformed ICMP packets
containing unusual types, codes, and IP header lengths.
Modifications:
ADDREF REDHAT:19990603 Kernel Update
INFERRED VOTE: CAN-1999-0804 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Cole, Blake
MODIFY(1) Stracener
COMMENTS:
Stracener> Add Ref: REDHAT: Kernel Update 03-June-1999
=================================
Candidate: CAN-1999-0810
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Reference: REDHAT:RHSA-1999:022-02
Reference: CALDERA:CSSA-1999:018.0
Reference: SUSE:19990816 Security hole in Samba
Reference: DEBIAN:19990731 Samba
Denial of service in Samba NETBIOS name service daemon (nmbd).
Modifications:
ADDREF CALDERA:CSSA-1999:018.0
ADDREF SUSE:19990816 Security hole in Samba
ADDREF DEBIAN:19990731 Samba
INFERRED VOTE: CAN-1999-0810 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Cole, Blake
MODIFY(1) Stracener
COMMENTS:
Stracener> Add Ref: CALDERA: CSSA-1999:018.0
Stracener> Add Ref: DEBIAN: Samba [31-Jul-1999]
Stracener> Add Ref: SUSE: Security hole in Samba 16.08.1999
=================================
Candidate: CAN-1999-0812
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Reference: REDHAT:RHSA-1999:022-02
Reference: CALDERA:CSSA-1999:018.0
Reference: SUSE:19990816 Security hole in Samba
Reference: DEBIAN:19990731 Samba
Race condition in Samba smbmnt allows local users to mount file
systems in arbitrary locations.
Modifications:
ADDREF CALDERA:CSSA-1999:018.0
ADDREF SUSE:19990816 Security hole in Samba
ADDREF DEBIAN:19990731 Samba
INFERRED VOTE: CAN-1999-0812 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Cole, Blake
MODIFY(1) Stracener
COMMENTS:
Stracener> Add Ref: CALDERA: CSSA-1999:018.0
Stracener> Add Ref: DEBIAN: Samba [31-Jul-1999]
Stracener> Add Ref: SUSE: Security hole in Samba 16.08.1999
=================================
Candidate: CAN-1999-0814
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: unknown
Reference: REDHAT:RHSA-1999:027
Red Hat pump DHCP client allows remote attackers to gain root access
in some configurations.
INFERRED VOTE: CAN-1999-0814 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Cole, Blake
MODIFY(1) Stracener
NOOP(1) Christey
COMMENTS:
Stracener> Recommend Category CF
Christey> The advisory says that the problem occurs in some
Christey> configurations, but is it a software bug that's only
Christey> exploitable in some configs? That'd be an SF... or is it
Christey> a configuration that's insecure? That'd be a CF.
=================================
Candidate: CAN-1999-0817
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: SUSE:19990915 Security hole in lynx
Lynx WWW client allows a remote attacker to specify command-line
parameters which Lynx uses when calling external programs to handle
certain protocols, e.g. telnet.
INFERRED VOTE: CAN-1999-0817 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0894
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: REDHAT:RHSA1999042-01
Red Hat Linux screen program does not use Unix98 ptys, allowing
local users to write to other terminals.
INFERRED VOTE: CAN-1999-0894 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0900
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: REDHAT:RHSA1999046-01
Reference: SUSE:19991023 Security hole in ypserv < 1.3.9
Reference: DEBIAN:19991027 nis
Buffer overflow in rpc.yppasswdd allows a local user to gain
privileges via MD5 hash generation.
Modifications:
ADDREF SUSE:19991023 Security hole in ypserv < 1.3.9
ADDREF DEBIAN:19991027 nis
INFERRED VOTE: CAN-1999-0900 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Cole, Blake
MODIFY(1) Stracener
COMMENTS:
Stracener> Add Ref: SUSE: Security hole in ypserv < 1.3.9 23.10.1999
Stracener> Add Ref: DEBIAN: nis [27-OCT-1999]
=================================
Candidate: CAN-1999-0901
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: REDHAT:RHSA1999046-01
Reference: SUSE:19991023 Security hole in ypserv < 1.3.9
Reference: DEBIAN:19991027 nis
ypserv allows a local user to modify the GECOS and login shells
of other users.
Modifications:
ADDREF SUSE:19991023 Security hole in ypserv < 1.3.9
ADDREF DEBIAN:19991027 nis
INFERRED VOTE: CAN-1999-0901 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Cole, Blake
MODIFY(1) Stracener
COMMENTS:
Stracener> Add Ref: SUSE: Security hole in ypserv < 1.3.9 23.10.1999
Stracener> Add Ref: DEBIAN: nis [27-OCT-1999]
=================================
Candidate: CAN-1999-0902
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: REDHAT:RHSA1999046-01
Reference: SUSE:19991023 Security hole in ypserv < 1.3.9
Reference: DEBIAN:19991027 nis
ypserv allows local administrators to modify password tables.
Modifications:
ADDREF SUSE:19991023 Security hole in ypserv < 1.3.9
ADDREF DEBIAN:19991027 nis
INFERRED VOTE: CAN-1999-0902 ACCEPT_ACK (2 accept, 4 ack, 0 review)
VOTES:
ACCEPT(1) Cole
MODIFY(1) Stracener
NOOP(1) Blake
COMMENTS:
Stracener> Add Ref: SUSE: Security hole in ypserv < 1.3.9 23.10.1999
Stracener> Add Ref: DEBIAN: nis [27-OCT-1999]
=================================
Candidate: CAN-1999-0907
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990916 SuSE 6.2 /usr/bin/sccw read any file
Reference: SUSE:19990921 Security Hole in sccw-1.1 and earlier
sccw allows local users to read arbitrary files.
INFERRED VOTE: CAN-1999-0907 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0914
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: DEBIAN:19990104
Reference: BUGTRAQ:19990103 [SECURITY] New versions of netstd fixes buffer overflows
Reference: BID:324
Buffer overflow in the FTP client in the Debian GNU/Linux netstd
package.
INFERRED VOTE: CAN-1999-0914 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Blake, Stracener
MODIFY(1) Cole
NOOP(1) Christey
COMMENTS:
Cole> This actually results in two DOS attacks, one in the bootp server
Cole> and one in the ftp server.
Christey> The bootp problem is CAN-1999-0389 in the UNIX-UNCONF
Christey> cluster.
=================================
Candidate: CAN-1999-0939
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990826 [SECURITY] New versions of epic4 fixes possible DoS vulnerability
Reference: DEBIAN:19990826
Reference: BID:605
Denial of service in Debian IRC Epic/epic4 client via a long string.
INFERRED VOTE: CAN-1999-0939 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Blake, Stracener
MODIFY(1) Cole
COMMENTS:
Cole> This can result in either the client crashing or arbitrary code
Cole> being sent to the screen.
=================================
Candidate: CAN-1999-0940
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: CALDERA:CSSA-1999-031
Reference: SUSE:19990927 Security hole in mutt
Buffer overflow in mutt mail client allows remote attackers to execute
commands via malformed MIME messages.
Modifications:
ADDREF SUSE:19990927 Security hole in mutt
INFERRED VOTE: CAN-1999-0940 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Cole, Blake
MODIFY(1) Stracener
COMMENTS:
Stracener> Add Ref: SUSE: Security hole in mutt 27.09.1999: