Re: [PROPOSAL] Cluster RECENT-17 - 15 candidates

To: "Steven M. Christey" <coley@linus.mitre.org>
Subject: Re: [PROPOSAL] Cluster RECENT-17 - 15 candidates
From: Casper Dik <Casper.Dik@holland.sun.com>
Date: Thu, 18 May 2000 13:30:30 +0200
cc: cve-editorial-board-list@lists.mitre.org
Delivery-Date: Thu May 18 07:30:43 2000
In-reply-to: Your message of "Wed, 17 May 2000 20:49:04 EDT." <200005180049.UAA14613@basie.mitre.org>


>=================================
>Candidate: CAN-2000-0317
>Published:
>Final-Decision:
>Interim-Decision:
>Modified:
>Proposed: 20000518
>Assigned: 20000511
>Category: SF
>Reference: BUGTRAQ:20000424 Solaris 7 x86 lpset exploit.
>Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0192.html
>Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html
>Reference: BUGTRAQ:20000427 Re: Solaris/SPARC 2.7 lpset exploit (well not likely !)
>Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95729763119559&w=2
>Reference: SUNBUG:4334568
>Reference: BID:1138
>Reference: URL:http://www.securityfocus.com/bid/1138
>
>Buffer overflow in Solaris 7 lpset allows local users to gain root
>privileges via a long -r option.
>
>
>ED_PRI CAN-2000-0317 2
>

RECAST: there's a lot of confusion in this one. 

These point to buffer overflows:

>Reference: BUGTRAQ:20000424 Solaris 7 x86 lpset exploit.
>Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0192.html
>Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html

But these point to dlopen() in libprint that doesnt' check pathnames:
>Reference: BUGTRAQ:20000427 Re: Solaris/SPARC 2.7 lpset exploit (well not likely !)
>Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95729763119559&w=2
>Reference: SUNBUG:4334568

And this is a bufferoverflow again:
>Reference: BID:1138
>Reference: URL:http://www.securityfocus.com/bid/1138



>
>=================================
>Candidate: CAN-2000-0316
>Published:
>Final-Decision:
>Interim-Decision:
>Modified:
>Proposed: 20000518
>Assigned: 20000511
>Category: SF
>Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit
>Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html
>Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html
>Reference: BID:1143
>Reference: URL:http://www.securityfocus.com/bid/1143
>
>Buffer overflow in Solaris 7 lp allows local users to gain root
>privileges via a long -d option.
>
>
>ED_PRI CAN-2000-0316 3
>
>
>VOTE: MODIFY, this is one of many buffer overflows in libprint.so.2;
Reference: SUNBUG 4314312
>
>=================================
>Candidate: CAN-2000-0337
>Published:
>Final-Decision:
>Interim-Decision:
>Modified:
>Proposed: 20000518
>Assigned: 20000511
>Category: SF
>Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow.
>Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html
>Reference: BID:1140
>Reference: URL:http://www.securityfocus.com/bid/1140
>
>Buffer overflow in Xsun X server in Solaris 7 allows local users to
>gain root privileges via a long -dev parameter.
>
>
>ED_PRI CAN-2000-0337 3
>
>
>VOTE:  MODIFY: Reference: SUNBUG: 4335411
>

References:
- [PROPOSAL] Cluster RECENT-17 - 15 candidates
  - From: "Steven M. Christey" <coley@linus.mitre.org>

Prev by Date: Re: Current list of signers for CyberCrime Treaty Statement
Next by Date: Re: FINAL version of CyberCrime Treaty statement - ready for signatures
Prev by thread: [PROPOSAL] Cluster RECENT-17 - 15 candidates
Next by thread: Re: [PROPOSAL] Cluster RECENT-17 - 15 candidates
Index(es):
- Date
- Thread