[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FINAL] ACCEPT 30 candidates from various clusters



I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  The
resulting CVE entries will be published in the near future in a new
version of CVE.  Voting details and comments are provided at the end
of this report.

These 30 entries will allow us to reach the goal of 500 entries in
CVE; version 20000118 will contain 503 entries.

- Steve


Candidate	CVE Name
---------	----------
CAN-1999-0101	CVE-1999-0101
CAN-1999-0233	CVE-1999-0233
CAN-1999-0259	CVE-1999-0259
CAN-1999-0270	CVE-1999-0270
CAN-1999-0683	CVE-1999-0683
CAN-1999-0694	CVE-1999-0694
CAN-1999-0708	CVE-1999-0708
CAN-1999-0734	CVE-1999-0734
CAN-1999-0742	CVE-1999-0742
CAN-1999-0743	CVE-1999-0743
CAN-1999-0753	CVE-1999-0753
CAN-1999-0768	CVE-1999-0768
CAN-1999-0770	CVE-1999-0770
CAN-1999-0775	CVE-1999-0775
CAN-1999-0811	CVE-1999-0811
CAN-1999-0831	CVE-1999-0831
CAN-1999-0834	CVE-1999-0834
CAN-1999-0847	CVE-1999-0847
CAN-1999-0853	CVE-1999-0853
CAN-1999-0875	CVE-1999-0875
CAN-1999-0881	CVE-1999-0881
CAN-1999-0898	CVE-1999-0898
CAN-1999-0899	CVE-1999-0899
CAN-1999-0905	CVE-1999-0905
CAN-1999-0955	CVE-1999-0955
CAN-1999-0992	CVE-1999-0992
CAN-1999-0994	CVE-1999-0994
CAN-1999-0995	CVE-1999-0995
CAN-1999-0999	CVE-1999-0999
CAN-1999-1001	CVE-1999-1001



=================================
Candidate: CAN-1999-0101
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000105-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: ERS:ERS-SVA-E01-1997:001.1
Reference: ERS:ERS-SVA-E01-1996:007.1
Reference: SUN:00137a
Reference: CIAC:H-13
Reference: NAI:NAI-1
Reference: XF:ghbn-bo

Buffer overflow in AIX and Solaris "gethostbyname" library call allows
root access through corrupt DNS host names.

Modifications:
  ADDREF CIAC:H-13
  CHANGEREF SUN:00137 SUN:00137a
  ADDREF XF:ghbn-bo

CONTENT-DECISIONS: SF-CODEBASE

INFERRED ACTION: CAN-1999-0101 MOREVOTES (0 accept, 3 ack, 0 review) HAS_CDS

Current Votes:

Comments:
 Frech> XF:ghbn-bo
 Frech> in addition to ERS:1997:001.1, also include 1996:007.1
 Frech> Sun's bulletin is 137a, not 137.
 Prosser> concur wtih Andre, sun bul is 137a
 Christey> The NAI advisory discusses a problem with programs trusting
 Christey> the length field that is returned from gethostbyname().
 Christey> The ERS and SUN advisories implicitly refer to
 Christey> BUGTRAQ:19961118 Serious hole in Solaris 2.5[.1]
 Christey> gethostbyname() (exploit included)
 Christey> which allows local users to gain access by providing
 Christey> arguments *to* gethostbyname().
 Christey> As both Andre and Mike's comments relate to the advisories,
 Christey> NAI-1 will be deleted as a reference for this candidate, and
 Christey> a new candidate will be proposed later on.


=================================
Candidate: CAN-1999-0233
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: MSKB:Q148188
Reference: MSKB:Q155056
Reference: XF:http-iis-cmd

IIS allows users to execute arbitrary commands using .bat or .cmd
files.

Modifications:
  ADDREF MSKB:Q148188
  DESC Remove WebSite reference.

INFERRED ACTION: CAN-1999-0233 MOREVOTES (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Frech> XF reference is correct, but cannot find supporting reference for WebSite
 Frech> vulnerability.
 Frech> No further action to be taken unless more information forthcoming.
 Christey> Can't find the WebSite mention now, so I will remove it.
 Prosser> If you need an additional ref for this use: MSKB Q155056 - IIS
 Prosser> Security Concern Using Batch Files for CGI


=================================
Candidate: CAN-1999-0259
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000106-01
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19970523 cfingerd vulnerability
Reference: XF:cfinger-user-enumeration

cfingerd lists all users on a system via search.**@target.

Modifications:
  ADDREF BUGTRAQ:19970523 cfingerd vulnerability
  ADDREF XF:cfinger-user-enumeration

INFERRED ACTION: CAN-1999-0259 MOREVOTES (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:cfinger-user-enumeration
 Prosser> Good summary of vulnerability on
 Prosser> http://oliver.efri.hr/~crv/security/bugs/mUNIXes/cfinger.html


=================================
Candidate: CAN-1999-0270
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000113-01
Proposed: 19990623
Assigned: 19990607
Category: SF
Reference: SGI:19980401-01-P
Reference: CIAC:I-041
Reference: XF:sgi-pfdispaly

pfdispaly CGI program for SGI's Performer API Search Tool allows read
access to files.

Modifications:
  ADDREF CIAC:I-041
  ADDREF XF:sgi-pfdispaly
  ADDREF SGI:19980401-01-P

INFERRED ACTION: CAN-1999-0270 MOREVOTES (0 accept, 2 ack, 0 review)

Current Votes:

Comments:
 Prosser> additional source
 Prosser> CIAC Security Bulletin I-041
 Prosser> http://www.ciac.org
 Prosser> The original SGI advisory on this one is 19980401-01-P3018
 Frech> XF:sgi-pfdispaly
 Frech> XF:sgi-dispaly-patch-vuln
 Christey> There are two bugs here, as described in Bugtraq.  The first one
 Christey> allowed read access to files outside of a document root (a dot dot
 Christey> problem).  The second one was a shell metacharacter problem.
 Christey> Reference: BUGTRAQ:19980407: perfomer_tools again
 Christey> CAN-1999-0270 refers to the first problem only.


=================================
Candidate: CAN-1999-0683
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: XF:gauntlet-dos
Reference: BUGTRAQ:19990729 Remotely Lock Up Gauntlet 5.0
Reference: BID:556

Denial of service in Gauntlet Firewall via a malformed ICMP packet.

INFERRED ACTION: CAN-1999-0683 MOREVOTES (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Cole> The BUGTRAQ number is 19990730 and the BID is 556.  This also occurs when an
 Cole> ICMP Protocol Problem packet's (ICMP_PARAMPROB) encapsulated IP packet has a
 Cole> random protocol field and certain IP options set.


=================================
Candidate: CAN-1999-0694
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: CIAC:J-055
Reference: IBM:ERS-SVA-E01-1999:002.1
Reference: XF:aix-ptrace-halt

Denial of service in AIX ptrace system call allows local users to
crash the system.

Modifications:
  ADDREF XF:aix-ptrace-halt
  DELREF BUGTRAQ:19990713

INFERRED ACTION: CAN-1999-0694 MOREVOTES (0 accept, 2 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:aix-ptrace-halt
 Frech> Please add title to the BugTraq reference, since it was not evident to which
 Frech> message you were referring.
 Christey> I couldn't find the Bugtraq reference either, which is
 Christey> especially odd because the IBM advisory says that the
 Christey> problem was discussed in Bugtraq.  Bugtraq reference deleted.


=================================
Candidate: CAN-1999-0708
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000106-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990921 BP9909-00: cfingerd local buffer overflow
Reference: BID:651

Buffer overflow in cfingerd allows local users to gain root privileges
via a long GECOS field.

Modifications:
  DELREF DEBIAN:19990806
  CHANGEREF BUGTRAQ BUGTRAQ:19990921 BP9909-00: cfingerd local buffer overflow
  DESC Add GECOS qualifier

INFERRED ACTION: CAN-1999-0708 MOREVOTES (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Cole> This is to general.  I would add:  By setting a carefully designed GECOS
 Cole> field it is possible to execute arbitrary code with root (or nobody )
 Cole> privileges
 Christey> There is no associated DEBIAN reference here, as
 Christey> DEBIAN:19990806 refers to an older remote-only buffer overflow
 Christey> in the username, not GECOS.  (BID:512 also discusses that
 Christey> remote problem, though it may not be exploitable).
 Prosser> Bugtraq ref above now is BID 651


=================================
Candidate: CAN-1999-0734
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified:
Proposed: 19991222
Assigned: 19991125
Category: CF
Reference: CISCO: CiscoSecure Access Control Server for UNIX Remote Administration Vulnerability
Reference: XF:ciscosecure-read-write

A default configuration of CiscoSecure Access Control Server (ACS)
allows remote users to modify the server database without
authentication.

INFERRED ACTION: CAN-1999-0734 MOREVOTES (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-1999-0742
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: DEBIAN:19990623
Reference: BID:480

The Debian mailman package uses weak authentication, which allows
attackers to gain privileges.

Modifications:
  ADDREF BID:480

INFERRED ACTION: CAN-1999-0742 MOREVOTES (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-1999-0743
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: XF:trn-symlinks
Reference: DEBIAN:19990823c
Reference: SUSE:19990824 Security hole in trn

Trn allows local users to overwrite other users' files via symlinks.

Modifications:
  ADDREF SUSE:19990824 Security hole in trn

INFERRED ACTION: CAN-1999-0743 MOREVOTES (0 accept, 2 ack, 0 review)

Current Votes:

Comments:
 Stracener> Add Ref: SUSE: Security hole in trn 24.08.99


=================================
Candidate: CAN-1999-0753
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991214
Assigned: 19991125
Category: unknown
Reference: BUGTRAQ:19990817 Stupid bug in W3-msql
Reference: XF:mini-sql-w3-msql-cgi
Reference: BID:591

The w3-msql CGI script provided with Mini SQL allows remote attackers
to view restricted directories.

Modifications:
  ADDREF XF:mini-sql-w3-msql-cgi

INFERRED ACTION: CAN-1999-0753 MOREVOTES (0 accept, 0 ack, 0 review)

Current Votes:

Comments:
 Christey> May be a configuration error and not a software flaw.  See
 Christey> BUGTRAQ:19990820 Re: Stupid bug in W3-msql (David J. Hughes)


=================================
Candidate: CAN-1999-0768
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BID:602
Reference: REDHAT:RHSA-1999:030-02
Reference: SUSE:19990829 Security hole in cron

Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO
environmental variable.

INFERRED ACTION: CAN-1999-0768 MOREVOTES (0 accept, 2 ack, 0 review)

Current Votes:

Comments:
 Cole> I would be a little clear, By utilizing the MAILTO environment variable, a
 Cole> buffer can be overflown in the cron_popen() function, allowing an attacker
 Cole> to execute arbitrary code.
 Christey> CAN-1999-0872 will be rejected as it is a duplicate of
 Christey> this one.
 Stracener> Add Ref: SUSE: Security hole in cron  29.08.1999:
 Prosser> Add refs:  YellowDog Linux August 27, 1999: vixie-cron


=================================
Candidate: CAN-1999-0770
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990729 Simple DOS attack on FW-1
Reference: BID:549
Reference: CHECKPOINT:ACK DOS ATTACK

Firewall-1 sets a long timeout for connections that begin with ACK or
other packets except SYN, allowing an attacker to conduct a denial of
service via a large number of connection attempts to unresponsive
systems.

INFERRED ACTION: CAN-1999-0770 MOREVOTES (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-1999-0775
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: CISCO:19990610 Cisco IOS Software established Access List Keyword Error
Reference: XF:cisco-gigaswitch

Cisco Gigabit Switch routers running IOS allow remote attackers to
forward unauthorized packets due to improper handling of the
"established" keyword in an access list.

Modifications:
  ADDREF XF:cisco-gigaswitch

INFERRED ACTION: CAN-1999-0775 MOREVOTES (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-1999-0811
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Reference: REDHAT:RHSA-1999:022-02
Reference: CALDERA:CSSA-1999:018.0
Reference: SUSE:19990816 Security hole in Samba
Reference: DEBIAN:19990731 Samba
Reference: XF:samba-message-bo
Reference: BID:536

Buffer overflow in Samba smbd program via a malformed message
command.

Modifications:
  DESC add details
  ADDREF CALDERA:CSSA-1999:018.0
  ADDREF SUSE:19990816 Security hole in Samba
  ADDREF DEBIAN:19990731 Samba
  ADDREF XF:samba-message-bo
  ADDREF BID:536

INFERRED ACTION: CAN-1999-0811 MOREVOTES (0 accept, 4 ack, 0 review)

Current Votes:

Comments:
 Stracener> Add Ref: CALDERA: CSSA-1999:018.0
 Stracener> Add Ref: DEBIAN: Samba [31-Jul-1999]
 Stracener> Add Ref: SUSE: Security hole in Samba 16.08.1999


=================================
Candidate: CAN-1999-0831
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: CALDERA:CSSA-1999-035.0
Reference: REDHAT:RHSA1999055-01
Reference: SUSE:19991118 syslogd-1.3.33 (a1)
Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available]
Reference: BID:809
Reference: XF:slackware-syslogd-dos

Denial of service in Linux syslogd via a large number of connections.

Modifications:
  ADDREF CALDERA:CSSA-1999-035.0
  ADDREF REDHAT:RHSA1999055-01
  ADDREF SUSE:19991118 syslogd-1.3.33 (a1)
  DESC Change description to apply to all Linux
  ADDREF XF:slackware-syslogd-dos
  ADDREF BID:809

INFERRED ACTION: CAN-1999-0831 MOREVOTES (0 accept, 3 ack, 0 review)

Current Votes:

Comments:
 Christey> ADDREF CALDERA:CSSA-1999-035.0
 Christey> ADDREF REDHAT:RHSA1999055-01
 Christey> ADDREF SUSE:19991118 syslogd-1.3.33 (a1)
 Christey> Change description to apply to all Linux
 Stracener> Given that this issue is not slackware-specific, the description should
 Stracener> be made more generic, possibly: "Denial of service in syslogd via a
 Stracener> large number of connections"
 Stracener> Add Ref: CSSA-1999-035.0
 Stracener> Add Ref: RHSA1999055-01
 Stracener> Add Ref: SuSE Security Announcement - syslogd (a1)
 Stracener> Add Ref: Cobalt Networks -- Security Advisory -- 11.20.1999 (syslog)
 Frech> XF:slackware-syslogd-dos


=================================
Candidate: CAN-1999-0834
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: BUGTRAQ:19991201 Security Advisory: Buffer overflow in RSAREF2
Reference: BUGTRAQ:19991202 OpenBSD sslUSA26 advisory (Re: CORE-SDI: Buffer overflow in RSAREF2)
Reference: CERT:CA-99-15
Reference: BID:843
Reference: XF:rsaref-bo

Buffer overflow in RSAREF2 via the encryption and decryption functions
in the RSAREF library.

Modifications:
  ADDREF XF:rsaref-bo

INFERRED ACTION: CAN-1999-0834 MOREVOTES (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Prosser> Ref:  CERT Ca-99-15, Buffer Overflows in SSH Daemon and RSAREF2 Library
 Prosser> SecuriTeam.com, SSH1.2.27 is vulnerable to a remote buffer overflow (RSAREF)
 Frech> XF:rsaref-bo


=================================
Candidate: CAN-1999-0847
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: BUGTRAQ:19991129 FICS buffer overflow
Reference: XF:fics-board-bo

Buffer overflow in free internet chess server (FICS) program, xboard.

Modifications:
  ADDREF XF:fics-board-bo

INFERRED ACTION: CAN-1999-0847 MOREVOTES (0 accept, 0 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:fics-board-bo


=================================
Candidate: CAN-1999-0853
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: BID:847
Reference: ISS:19991201 Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure
Reference: XF:netscape-fasttrack-auth-bo

Buffer overflow in Netscape Enterprise Server and Netscape
FastTrack Server allows remote attackers to gain privileges via the
HTTP Basic Authentication procedure.

Modifications:
  ADDREF XF:netscape-fasttrack-auth-bo

INFERRED ACTION: CAN-1999-0853 MOREVOTES (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Cole> I would add that this is a remote buffer overflow...
 Frech> XF:netscape-fasttrack-auth-bo


=================================
Candidate: CAN-1999-0875
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991222
Assigned: 19991208
Category: CF
Reference: L0PHT:19990811
Reference: MSKB:Q216141
Reference: BID:578
Reference: XF:irdp-gateway-spoof

DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow
remote attackers to modify their default routes.

Modifications:
  ADDREF XF:irdp-gateway-spoof

INFERRED ACTION: CAN-1999-0875 MOREVOTES (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-1999-0881
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991025 Falcon Web Server
Reference: BINDVIEW:Falcon Web Server
Reference: BID:743
Reference: XF:falcon-path-parsing

Falcon web server allows remote attackers to read arbitrary files via
a .. (dot dot) attack.

Modifications:
  ADDREF XF:falcon-path-parsing
  ADDREF BID:743

INFERRED ACTION: CAN-1999-0881 MOREVOTES (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-1999-0898
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: MS:MS99-047
Reference: MSKB:Q243649
Reference: XF:nt-printer-spooler-bo
Reference: BID:768

Buffer overflows in Windows NT 4.0 print spooler allow remote
attackers to gain privileges or cause a denial of service via a
malformed spooler request.

Modifications:
  ADDREF XF:nt-printer-spooler-bo
  ADDREF BID:768

INFERRED ACTION: CAN-1999-0898 MOREVOTES (0 accept, 2 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:nt-printer-spooler-bo
 Prosser> (Modify)
 Prosser> This maybe should be seperated into two entries.  One for the DoS which is
 Prosser> just done with random data and one for the more experienced attack of
 Prosser> gaining privileges on the host.
 Christey> While the advisory is not entirely explicit, the difference
 Christey> between the DoS and the command execution is only in effect,
 Christey> and appears to be in the same line of code, so the SF-LOC
 Christey> content decision applies here.


=================================
Candidate: CAN-1999-0899
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: MS:MS99-047
Reference: MSKB:Q243649
Reference: BID:769
Reference: XF:nt-printer-spooler-bo

The Windows NT 4.0 print spooler allows a local user to execute
arbitrary commands due to inappropriate permissions that allow the
user to specify an alternate print provider.

Modifications:
  ADDREF XF:nt-printer-spooler-bo
  ADDREF BID:769

INFERRED ACTION: CAN-1999-0899 MOREVOTES (0 accept, 2 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:nt-printer-spooler-bo
 Cole>
 Cole> [Originally rejected; vote changed to ACCEPT based on feedback]
 Cole> This should be combined with the previous one to state it can cause
 Cole> a denial of service
 Cole> or allow commands to ve executed.  Just because a vulnerability can
 Cole> be exploited in different ways
 Cole> does not mean there should be separate entries since the underlying
 Cole> exploit is the same.
 Christey> This is different than CAN-1999-0898 because 898 is a buffer
 Christey> overflow, while this one is incorrect permissions.  They
 Christey> are different bugs, so should have separate entries.  Note
 Christey> that MS99-047 also discriminates between these two candidates,
 Christey> i.e. it contains the phrase "A second vulnerability exists..."
 Christey> and goes on to describe CAN-1999-0899.


=================================
Candidate: CAN-1999-0905
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991020 Remote DoS in Axent's Raptor 6.0
Reference: BID:736
Reference: XF:raptor-ipoptions-dos

Denial of service in Axent Raptor firewall via malformed zero-length
IP options.

Modifications:
  ADDREF BID:736
  ADDREF XF:raptor-ipoptions-dos

INFERRED ACTION: CAN-1999-0905 MOREVOTES (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Cole> This occurs when the SECURITY and TIMESTAMP IP options length is set to 0


=================================
Candidate: CAN-1999-0955
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991208
Assigned: 19991208
Category: SF
Reference: CERT:CA-94.08
Reference: CIAC:E-17
Reference: XF:ftp-exec

Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain
root access via the SITE EXEC command.

Modifications:
  ADDREF XF:ftp-exec

INFERRED ACTION: CAN-1999-0955 MOREVOTES (0 accept, 2 ack, 0 review)

Current Votes:

Comments:
 Cole> There are actually two vulnerabilities listed in this CERT.  I am assuming
 Cole> that the other one is listed in a different CVE.
 Frech> XF:ftp-exec


=================================
Candidate: CAN-1999-0992
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: HP:HPSBUX9912-107

HP VirtualVault with the PHSS_17692 patch allows unprivileged
processes to bypass access restrictions via the Trusted Gateway Proxy
(TGP).

INFERRED ACTION: CAN-1999-0992 MOREVOTES (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-1999-0994
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BINDVIEW:19991216 Windows NT's SYSKEY feature
Reference: MS:MS99-056
Reference: MSKB:Q248183
Reference: BID:873

Windows NT with SYSKEY reuses the keystream that is used for
encrypting SAM password hashes, allowing an attacker to crack
passwords.

INFERRED ACTION: CAN-1999-0994 MOREVOTES (0 accept, 3 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-1999-0995
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: NAI:19991216 Windows NT LSA Remote Denial of Service
Reference: MS:MS99-057
Reference: MSKB:Q248185
Reference: BID:875

Windows NT Local Security Authority (LSA) allows remote attackers to
cause a denial of service via malformed arguments to the LsaLookupSids
function which looks up the SID, aka "Malformed Security Identifier
Request."

Modifications:
  ADDREF BID:875

INFERRED ACTION: CAN-1999-0995 MOREVOTES (0 accept, 3 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-1999-0999
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified: 20000111-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: MS:MS99-059
Reference: MSKB:Q248749
Reference: BID:817

Microsoft SQL 7.0 server allows a remote attacker to cause a denial of
service via a malformed TDS packet.

Modifications:
  DESC Add version
  ADDREF BID:817

INFERRED ACTION: CAN-1999-0999 MOREVOTES (0 accept, 2 ack, 0 review)

Current Votes:

Comments:
 Wall> Microsoft SQL 7.0 server allows a remote attacker to cause a denial of
 Wall> service via a malformed TDS packet.


=================================
Candidate: CAN-1999-1001
Published:
Final-Decision: 20000118
Interim-Decision: 20000111
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities

Cisco Cache Engine allows a remote attacker to gain access via a null
username and password.

INFERRED ACTION: CAN-1999-1001 MOREVOTES (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Cole> The references are not that clear.
 Christey> While vendor-supplied advisories sometimes aren't clear, they
 Christey> have acknowledged the problem and provided enough information
 Christey> to attach a CVE name to them.
 Prosser> Agree with Steve.  This is one of those vendor-specific
 Prosser> vulnerabilities that was discovered early, fixed and limited
 Prosser> knowledge allowed out concerning the problem other than there
 Prosser> is one.  But from a security vendor viewpoint, if a client is
 Prosser> running this product with the vulnerability, they really just
 Prosser> need to know that it has a security problem and here is the
 Prosser> fix!  Additional information is great when it is available but
 Prosser> replacing or upgrading the vulnerable component is the
 Prosser> important issue.  (my opinion only, and we all got one!)

Page Last Updated or Reviewed: May 22, 2007