[VOTEPRI] 13 high priority candidates as of 5/24/2000

To: cve-editorial-board-list@lists.mitre.org
Subject: [VOTEPRI] 13 high priority candidates as of 5/24/2000
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Wed, 24 May 2000 22:53:15 -0400 (EDT)
Delivery-Date: Wed May 24 22:53:32 2000
Sender: owner-cve-editorial-board-list@lists.mitre.org
The following 13 candidates are all confirmed by the vendor.  They
need just one more vote to be accepted.

- Steve


=================================
Candidate: CAN-1999-0118
Published:
Final-Decision:
Interim-Decision:
Modified: 20000106-02
Proposed: 19990714
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19981119 RSI.0011.11-09-98.AIX.INFOD
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91158980826979&w=2
Reference: XF:aix-infod

AIX infod allows local users to gain root access through an X display.

Modifications:
  ADDREF XF:aix-infod
  ADDREF BUGTRAQ:19981119 RSI.0011.11-09-98.AIX.INFOD

INFERRED ACTION: CAN-1999-0118 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   MODIFY(1) Frech
   NOOP(4) Northcutt, Shostack, Wall, Christey

Comments:
 Frech> XF:aix-infod
 Christey> See BUGTRAQ:19981119 RSI.0011.11-09-98.AIX.INFOD
 Christey> AIX APAR's confirm this problem: IX84642, IX89281, and IX84642


=================================
Candidate: CAN-1999-0225
Published:
Final-Decision:
Interim-Decision:
Modified: 20000524-02
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: NAI:19980214 Windows NT Logon Denial of Service
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/25_windows_nt_dos_adv.asp
Reference: MSKB:Q180963
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=180963

Windows NT 4.0 allows remote attackers to cause a denial of service
via a malformed SMB logon request in which the actual data size does
not match the specified size.

Modifications:
  ADDREF MSKB:Q180963
  reword description
  Canonicalize NAI advisory

INFERRED ACTION: CAN-1999-0225 MOREVOTES-1 (1 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(1) Hill
   MODIFY(1) Frech
   NOOP(1) Wall

Comments:
 Frech> XF:nt-logondos


=================================
Candidate: CAN-1999-0323
Published:
Final-Decision:
Interim-Decision:
Modified: 20000524-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: FreeBSD:FreeBSD-SA-98:04
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-98:04.mmap.asc
Reference: NETBSD:1998-003
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-003.txt.asc

FreeBSD mmap function allows users to modify append-only or immutable
files.

Modifications:
  ADDREF NETBSD:1998-003

INFERRED ACTION: CAN-1999-0323 MOREVOTES-1 (1 accept, 2 ack, 1 review)

Current Votes:
   ACCEPT(2) Hill, Northcutt
   REVIEWING(1) Frech

Comments:
 Frech> probably XF:bsd-mmap


=================================
Candidate: CAN-1999-0407
Published:
Final-Decision:
Interim-Decision:
Modified: 19991203-01
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91983486431506&w=2
Reference: BUGTRAQ:19990209 Re: IIS4 allows proxied password attacks over NetBIOS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92000623021036&w=2
Reference: MSKB:Q184619
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=184619
Reference: XF:iis-iisadmpwd

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains
files that can be used as proxies for brute force password attacks, or
to identify valid users on the system.

Modifications:
  Modified Bugtraq ref, added KB article and ISS ref

INFERRED ACTION: CAN-1999-0407 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Frech> ADDREF XF:iis-iisadmpwd
 Christey> Q184619 doesn't appear to describe this problem.  However,
 Christey> Russ Cooper confirms it in a followup email.


=================================
Candidate: CAN-1999-0464
Published:
Final-Decision:
Interim-Decision:
Modified: 19991205-01
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19990104 Tripwire mess..
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91553066310826&w=2
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=91592136122066&w=2

Local users can perform a denial of service in Tripwire 1.2 and
earlier using long filenames.

Modifications:
  ADDREF BUGTRAQ:19990104 Tripwire mess..

INFERRED ACTION: CAN-1999-0464 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Frech> XF:tripwire-long-filename-dos
 Christey> XF:tripwire-long-filename-dos doesn't exist.


=================================
Candidate: CAN-2000-0233
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000412
Assigned: 20000412
Category: SF
Reference: SUSE:20000327 Security hole in SuSE Linux IMAP Server
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q1/0035.html

SuSE Linux IMAP server allows remote attackers to bypass IMAP
authentication and gain privileges.

INFERRED ACTION: CAN-2000-0233 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   MODIFY(1) Frech
   NOOP(1) Cole

Comments:
 Frech> XF:linux-imap-remote-unauthorized-access


=================================
Candidate: CAN-2000-0234
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000412
Assigned: 20000412
Category: CF
Reference: BUGTRAQ:20000330 Cobalt apache configuration exposes .htaccess
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000330220757.28456.qmail@securityfocus.com
Reference: CONFIRM:http://www.securityfocus.com/templates/advisory.html?id=2150
Reference: BID:1083
Reference: URL:http://www.securityfocus.com/bid/1083

The default configuration of Cobalt RaQ2 and RaQ3 as specified in
access.conf allows remote attackers to view sensitive contents of a
.htaccess file.

INFERRED ACTION: CAN-2000-0234 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   MODIFY(1) Frech
   NOOP(1) Cole

Comments:
 Frech> XF:cobalt-raq-remote-access


=================================
Candidate: CAN-2000-0235
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000412
Assigned: 20000412
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:10
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc
Reference: BID:1070
Reference: URL:http://www.securityfocus.com/bid/1070

Buffer overflow in the huh program in the orville-write package allows
local users to gain root privileges.

INFERRED ACTION: CAN-2000-0235 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   MODIFY(1) Frech
   NOOP(1) Cole

Comments:
 Frech> XF:freebsd-orvillewrite-bo


=================================
Candidate: CAN-2000-0267
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: CISCO:20000419 Cisco Catalyst Enable Password Bypass Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml
Reference: BID:1122
Reference: URL:http://www.securityfocus.com/bid/1122

Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode
without a password.

INFERRED ACTION: CAN-2000-0267 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   NOOP(1) Wall


=================================
Candidate: CAN-2000-0268
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: CISCO:20000420 Cisco IOS Software TELNET Option Handling Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml
Reference: BID:1123
Reference: URL:http://www.securityfocus.com/bid/1123

Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of
service by sending the ENVIRON option to the Telnet daemon before it
is ready to accept it, which causes the system to reboot.

INFERRED ACTION: CAN-2000-0268 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   NOOP(1) Wall


=================================
Candidate: CAN-2000-0274
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000410 linux trustees 1.5 long path name vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html
Reference: CONFIRM:http://www.braysystems.com/linux/trustees.html
Reference: BID:1096
Reference: URL:http://www.securityfocus.com/bid/1096

The Linux trustees kernel patch allows attackers to cause a denial of
service by accessing a file or directory with a long name.

INFERRED ACTION: CAN-2000-0274 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   NOOP(2) Wall, Christey

Comments:
 Christey> This problem is confirmed in the News section for Mar 31,2000,
 Christey> which mentions "a fix for the 'extra long directory name' problem."


=================================
Candidate: CAN-2000-0294
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:12
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2162
Reference: BID:1107
Reference: URL:http://www.securityfocus.com/bid/1107

Buffer overflow in healthd for FreeBSD allows local users to gain root
privileges.

INFERRED ACTION: CAN-2000-0294 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   NOOP(1) Wall
Prev by Date: [PROPOSAL] Cluster LINUX-99 - 26 legacy candidates
Next by Date: [BOARD] Ken Williams has joined the Editorial Board
Prev by thread: [PROPOSAL] Cluster LINUX-99 - 26 legacy candidates
Next by thread: [BOARD] Ken Williams has joined the Editorial Board
Index(es):
- Date
- Thread