[INTERIM] ACCEPT 17 candidates from UNIX-VEN (Final 1/3/2000)

To: cve-editorial-board-list@lists.mitre.org
Subject: [INTERIM] ACCEPT 17 candidates from UNIX-VEN (Final 1/3/2000)
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Wed, 29 Dec 1999 01:53:18 -0500 (EST)
Delivery-Date: Wed Dec 29 01:55:53 1999
Sender: owner-cve-editorial-board-list@lists.mitre.org
I have made an Interim Decision to ACCEPT the following 17 candidates
from the UNIX-VEN cluster.  I will make a Final Decision on January 3,
2000.

Voters:
  Frech ACCEPT(8) MODIFY(9)
  Christey NOOP(2)
  Cole ACCEPT(12) MODIFY(1) NOOP(4)
  Prosser ACCEPT(15) MODIFY(2)
  Stracener ACCEPT(13) MODIFY(4)
  Blake ACCEPT(17)


- Steve


=================================
Candidate: CAN-1999-0674
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: NetBSD:1999-011
Reference: OPENBSD:Aug 9,1999
Reference: FREEBSD:FreeBSD-SA-99:02
Reference: BUGTRAQ:19990809 profil(2) bug, a simple test program
Reference: BID:570
Reference: CIAC:J-067
Reference: XF:netbsd-profil

The BSD profil system call allows a local user to modify the internal
data space of a program via profiling and execve.

Modifications:
  ADDREF FREEBSD:FreeBSD-SA-99:02
  ADDREF CIAC:J-067

INFERRED VOTE: CAN-1999-0674 ACCEPT (5 accept, 0 review)

VOTES:
   ACCEPT(4) Cole, Blake, Frech, Prosser
   MODIFY(1) Stracener

COMMENTS:
 Stracener> Add Ref: FreeBSD-SA-99:02
 Stracener> Add Ref: CIAC: J-067


=================================
Candidate: CAN-1999-0686
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990514 TGAD DoS
Reference: BUGTRAQ:19990610 Re: VVOS/Netscape Bug
Reference: HP:HPSBUX9906-098
Reference: CIAC:J-046
Reference: XF:hp-tgad-dos

Denial of service in Netscape Enterprise Server (NES) in HP Virtual
Vault (VVOS) via a long URL.

Modifications:
  ADDREF BUGTRAQ:19990514 TGAD DoS
  ADDREF BUGTRAQ:19990610 Re: VVOS/Netscape Bug
  CHANGEREF HP:00098 HP:HPSBUX9906-098
  ADDREF CIAC:J-046
  ADDREF XF:hp-tgad-dos
  DESC modify details based on Bugtraq postings

INFERRED VOTE: CAN-1999-0686 ACCEPT (5 accept, 0 review)

VOTES:
   ACCEPT(2) Blake, Prosser
   MODIFY(3) Cole, Stracener, Frech
   NOOP(1) Christey

COMMENTS:
 Cole> I would be a little more specific.
 Stracener> The full document ID for the reference above is HPSBUX9906-098.  Also, Add
 Stracener> Ref: CIAC: J-046
 Frech> XF:hp-tgad-dos
 Christey> I dug up a Bugtraq reference that provides some more details
 Christey> than the HP advisory.


=================================
Candidate: CAN-1999-0688
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: HP:HPSBUX9907-101
Reference: XF:hp-sd-bo

Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.

Modifications:
  ADDREF XF:hp-sd-bo

INFERRED VOTE: CAN-1999-0688 ACCEPT (5 accept, 0 review)

VOTES:
   ACCEPT(4) Cole, Blake, Stracener, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:hp-sd-bo


=================================
Candidate: CAN-1999-0690
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: HP:HPSBUX9907-100
Reference: CIAC:J-053
Reference: XF:hp-cde-directory

HP CDE program includes the current directory in root's PATH variable.

Modifications:
  ADDREF XF:hp-cde-directory

INFERRED VOTE: CAN-1999-0690 ACCEPT (5 accept, 0 review)

VOTES:
   ACCEPT(4) Cole, Blake, Stracener, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:hp-cde-directory


=================================
Candidate: CAN-1999-0703
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990805 4.4 BSD issue -- chflags
Reference: OPENBSD:Jul30,1999
Reference: FREEBSD:FreeBSD-SA-99:01
Reference: CIAC:J-066
Reference: XF:openbsd-chflags-fchflags-permitted

OpenBSD, BSDI, and other Unix operating systems allow users to set
chflags and fchflags on character and block devices.

Modifications:
  ADDREF CIAC:J-066
  ADDREF XF:openbsd-chflags-fchflags-permitted

INFERRED VOTE: CAN-1999-0703 ACCEPT (5 accept, 0 review)

VOTES:
   ACCEPT(3) Cole, Blake, Prosser
   MODIFY(2) Stracener, Frech

COMMENTS:
 Stracener> Add Ref: CIAC: J-066
 Frech> XF:openbsd-chflags-fchflags-permitted


=================================
Candidate: CAN-1999-0707
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: CF
Reference: HP:HPSBUX9906-099
Reference: XF:hp-visualize-conference-ftp
Reference: CIAC:J-050

The default FTP configuration in HP Visualize Conference allows
conference users to send a file to other participants without
authorization.

INFERRED VOTE: CAN-1999-0707 ACCEPT (5 accept, 0 review)

VOTES:
   ACCEPT(5) Cole, Blake, Stracener, Frech, Prosser


=================================
Candidate: CAN-1999-0713
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990404 Digital Unix 4.0E /var permission
Reference: CIAC:J-044
Reference: XF:cde-dtlogin
Reference: COMPAQ:SSRT0600U

The dtlogin program in Compaq Tru64 UNIX allows local users to gain
root privileges.

Modifications:
  ADDREF CIAC:J-044
  ADDREF BUGTRAQ:19990404 Digital Unix 4.0E /var permission

INFERRED VOTE: CAN-1999-0713 ACCEPT (4 accept, 0 review)

VOTES:
   ACCEPT(2) Blake, Frech
   MODIFY(2) Stracener, Prosser
   NOOP(2) Cole, Christey

COMMENTS:
 Stracener> Add Ref: CIAC: J-044
 Prosser> reference:  Bugtraq archives "Digital Unix 4.0E /var permissions "Harhalakis
 Prosser> Stefanos"
 Christey> Can't seem to find XF:cde-dtlogin


=================================
Candidate: CAN-1999-0714
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: COMPAQ:SSRT0588U
Reference: XF:du-edauth

Vulnerability in Compaq Tru64 UNIX edauth command.

Modifications:
  CHANGEREF COMPAQ:SSRT0600U COMPAQ:SSRT0588U
  ADDREF XF:du-edauth

INFERRED VOTE: CAN-1999-0714 ACCEPT (4 accept, 0 review)

VOTES:
   ACCEPT(2) Blake, Stracener
   MODIFY(2) Frech, Prosser
   NOOP(1) Cole

COMMENTS:
 Frech> XF:du-edauth
 Frech> The COMPAQ reference does not reference edauth, and may be a paste artifact
 Frech> from CAN-1999-0713 above. Correct or remove.
 Prosser> The Compaq advisory reference for this vulnerability is SSRT0588U vice 0600U


=================================
Candidate: CAN-1999-0724
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: OPENBSD:Aug12,1999
Reference: XF:openbsd-uio_offset-bo

Buffer overflow in OpenBSD procfs and fdescfs file systems via
uio_offset in the readdir() function.

Modifications:
  ADDREF XF:openbsd-uio_offset-bo

INFERRED VOTE: CAN-1999-0724 ACCEPT (5 accept, 0 review)

VOTES:
   ACCEPT(4) Cole, Blake, Stracener, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:openbsd-uio_offset-bo


=================================
Candidate: CAN-1999-0745
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: IBM:ERS-SVA-E01-1999:003.1
Reference: CIAC:J-059
Reference: BID:590
Reference: XF:aix-pdnsd-bo

Buffer overflow in Source Code Browser Program Database Name Server
Daemon (pdnsd) for the IBM AIX C Set ++ compiler.

Modifications:
  CHANGEREF IBM:ERS-SVA-E01-1999:0031 IBM:ERS-SVA-E01-1999:003.1

INFERRED VOTE: CAN-1999-0745 ACCEPT (5 accept, 0 review)

VOTES:
   ACCEPT(4) Cole, Blake, Stracener, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> IBM reference should be IBM:ERS-SVA-E01-1999:003.1


=================================
Candidate: CAN-1999-0761
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: FREEBSD:FreeBSD-SA-99:05
Reference: XF:freebsd-fts-lib-bo
Reference: BID:644

Buffer overflow in FreeBSD fts library routines allows local user to
modify arbitrary files via the periodic program.

Modifications:
  ADDREF XF:freebsd-fts-lib-bo

INFERRED VOTE: CAN-1999-0761 ACCEPT (5 accept, 0 review)

VOTES:
   ACCEPT(4) Cole, Blake, Stracener, Prosser
   MODIFY(1) Frech

COMMENTS:
 Frech> XF:freebsd-fts-lib-bo


=================================
Candidate: CAN-1999-0763
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: NETBSD:1999-010
Reference: XF:netbsd-arp

NetBSD on a multi-homed host allows ARP packets on one network to
modify ARP entries on another connected network.

INFERRED VOTE: CAN-1999-0763 ACCEPT (5 accept, 0 review)

VOTES:
   ACCEPT(5) Cole, Blake, Stracener, Frech, Prosser


=================================
Candidate: CAN-1999-0764
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: NETBSD:1999-010
Reference: XF:netbsd-arp

NetBSD allows ARP packets to overwrite static ARP entries.

INFERRED VOTE: CAN-1999-0764 ACCEPT (5 accept, 0 review)

VOTES:
   ACCEPT(5) Cole, Blake, Stracener, Frech, Prosser


=================================
Candidate: CAN-1999-0765
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990619 IRIX midikeys root exploit.
Reference: SGI:19990501-01-A
Reference: XF:irix-midikeys

SGI IRIX midikeys program allows local users to modify arbitrary files
via a text editor.

INFERRED VOTE: CAN-1999-0765 ACCEPT (4 accept, 0 review)

VOTES:
   ACCEPT(4) Blake, Stracener, Frech, Prosser
   NOOP(1) Cole


=================================
Candidate: CAN-1999-0771
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990526 Infosec.19990526.compaq-im.a
Reference: COMPAQ:SSRT0612U
Reference: XF:management-agent-file-read

The web components of Compaq Management Agents and the Compaq Survey
Utility allow a remote attacker to read arbitrary files via a .. (dot
dot) attack.

INFERRED VOTE: CAN-1999-0771 ACCEPT (5 accept, 0 review)

VOTES:
   ACCEPT(5) Cole, Blake, Stracener, Frech, Prosser


=================================
Candidate: CAN-1999-0772
Published:
Final-Decision:
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990527 Re: Infosec.19990526.compaq-im.a (New DoS and correction to my previous post)
Reference: COMPAQ:SSRT0612U
Reference: XF:management-agent-dos

Denial of service in Compaq Management Agents and the Compaq Survey
Utility via a long string sent to port 2301.

INFERRED VOTE: CAN-1999-0772 ACCEPT (5 accept, 0 review)

VOTES:
   ACCEPT(5) Cole, Blake, Stracener, Frech, Prosser


=================================
Candidate: CAN-1999-0779
Published:
Final-Decision:
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: HP:HPSBUX9810-086
Reference: XF:hp-sharedx

Denial of service in HP-UX SharedX recserv program.

Modifications:
  ADDREF XF:hp-sharedx

INFERRED VOTE: CAN-1999-0779 ACCEPT (4 accept, 0 review)

VOTES:
   ACCEPT(3) Blake, Stracener, Prosser
   MODIFY(1) Frech
   NOOP(1) Cole

COMMENTS:
 Frech> XF:hp-sharedx
Prev by Date: [INTERIM] ACCEPT 22 candidates from LINUX (Final 1/3/2000)
Next by Date: [INTERIM] ACCEPT 26 candidates from WEB (Final 1/3/2000)
Prev by thread: [INTERIM] ACCEPT 22 candidates from LINUX (Final 1/3/2000)
Next by thread: [INTERIM] ACCEPT 26 candidates from WEB (Final 1/3/2000)
Index(es):
- Date
- Thread