[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[VOTEPRI] 17 high priority candidates as of 7/5/2000
The following candidates have vendor acknowledgement and require one
more vote to be accepted.
- Steve
Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------
ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.
1) Please write your vote on the line that starts with "VOTE: ". If
you want to add comments or details, add them to lines after the
VOTE: line.
2) If you see any missing references, please mention them so that they
can be included. References help greatly during mapping.
3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
So if you don't have sufficient information for a candidate but you
don't want to NOOP, use a REVIEWING.
********** NOTE ********** NOTE ********** NOTE ********** NOTE **********
Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.
KEY FOR INFERRED ACTIONS
------------------------
Inferred actions capture the voting status of a candidate. They may
be used by the Editor to determine whether or not a candidate is added
to CVE. Where there is disagreement, the Editor must resolve the
issue and achieve consensus, or make the final decision if consensus
cannot be reached.
- ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT
- ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement
- MOREVOTES = needs more votes
- ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING
- SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright
- SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's
- REVIEWING = at least one member is REVIEWING
- REJECT = at least one member REJECTed
- REVOTE = members should review their vote on this candidate
=================================
Candidate: CAN-1999-0247
Published:
Final-Decision:
Interim-Decision:
Modified: 19991130-01
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: NAI:17
Buffer overflow in nnrpd program in INN up to version 1.6 allows
remote users to execute arbitrary commands.
Modifications:
ADDREF NAI:17
add version number
INFERRED ACTION: CAN-1999-0247 MOREVOTES-1 (1 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
NOOP(1) Northcutt
VOTE:
=================================
Candidate: CAN-1999-0298
Published:
Final-Decision:
Interim-Decision:
Modified: 20000524-01
Proposed: 19990714
Assigned: 19990607
Category: SF
Reference: NAI:19970205 Vulnerabilities in Ypbind when run with -ypset/-ypsetme
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/06_ypbindsetme_adv.asp
ypbind with -ypset and -ypsetme options activated in Linux Slackware
and SunOS allows local and remote attackers to overwrite files via a
.. (dot dot) attack.
Modifications:
CHANGEREF NAI:NAI-6
Add details to description.
INFERRED ACTION: CAN-1999-0298 MOREVOTES-1 (1 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(1) Northcutt
NOOP(1) Shostack
REVIEWING(1) Frech
VOTE:
=================================
Candidate: CAN-2000-0045
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000111 Serious bug in MySQL password handling.
Reference: BUGTRAQ:20000113 New MySQL Available
Reference: BID:926
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=926
MySQL allows local users to modify passwords for arbitrary MySQL users
via the GRANT privilege.
INFERRED ACTION: CAN-2000-0045 MOREVOTES-1 (1 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
VOTE:
=================================
Candidate: CAN-2000-0063
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
Reference: BID:938
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=938
cgiproc CGI script in Nortel Contivity HTTP server allows remote
attackers to read arbitrary files by specifying the filename in a
parameter to the script.
INFERRED ACTION: CAN-2000-0063 MOREVOTES-1 (1 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
VOTE:
=================================
Candidate: CAN-2000-0064
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
Reference: BID:938
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=938
cgiproc CGI script in Nortel Contivity HTTP server allows remote
attackers to cause a denial of service via a malformed URL that
includes shell metacharacters.
INFERRED ACTION: CAN-2000-0064 MOREVOTES-1 (1 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
VOTE:
=================================
Candidate: CAN-2000-0076
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:19991230 vibackup.sh
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94709988232618&w=2
Reference: DEBIAN:20000109 nvi: incorrect file removal in boot script
Reference: URL:http://www.debian.org/security/2000/20000108
nviboot boot script in the Debian nvi package allows local users to
delete files via malformed entries in vi.recover.
INFERRED ACTION: CAN-2000-0076 MOREVOTES-1 (1 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
NOOP(3) Levy, Wall, Cole
VOTE:
=================================
Candidate: CAN-2000-0094
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: BUGTRAQ:20000121 *BSD procfs vulnerability
Reference: FREEBSD:FreeBSD-SA-00:02
Reference: BID:940
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=940
procfs in BSD systems allows local users to gain root privileges by
modifying the /proc/pid/mem interface via a modified file descriptor
for stderr.
INFERRED ACTION: CAN-2000-0094 MOREVOTES-1 (1 accept, 1 ack, 1 review)
Current Votes:
MODIFY(1) Frech
NOOP(2) Wall, Christey
REVIEWING(1) Cole
Comments:
Christey> BID:987 and NETBSD:2000-001 refer to a NetBSD procfs mem
problem that's probably the same problem as this one.
Frech> XF:netbsd-procfs
Christey> BID:987 has since been deleted, so I guess they agree ;-)
VOTE:
=================================
Candidate: CAN-2000-0117
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000127 Cobalt RaQ2 - a user of mine changed my admin password..
Reference: BUGTRAQ:20000131 [ Cobalt ] Security Advisory -- 01.31.2000
The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site
Administrator to modify passwords for other users, site
administrators, and possibly admin (root).
INFERRED ACTION: CAN-2000-0117 MOREVOTES-1 (1 accept, 1 ack, 1 review)
Current Votes:
MODIFY(1) Frech
NOOP(1) Wall
REVIEWING(1) Cole
Comments:
Frech> XF:http-cgi-cobalt-passwords
VOTE:
=================================
Candidate: CAN-2000-0120
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: ALLAIRE:ASB00-04
Reference: BID:955
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=955
The Remote Access Service invoke.cfm template in Allaire Spectra 1.0
allows users to bypass authentication via the bAuthenticated
parameter.
INFERRED ACTION: CAN-2000-0120 MOREVOTES-1 (1 accept, 1 ack, 2 review)
Current Votes:
MODIFY(1) Frech
REVIEWING(2) Wall, Cole
Comments:
Frech> XF:allaire-spectra-ras-access
VOTE:
=================================
Candidate: CAN-2000-0264
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
Reference: BID:1119
Reference: URL:http://www.securityfocus.com/bid/1119
Panda Security 3.0 with registry editing disabled allows users to edit
the registry and gain privileges by directly executing a .reg file or
using other methods.
INFERRED ACTION: CAN-2000-0264 MOREVOTES-1 (1 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
NOOP(3) Wall, Cole, Christey
Comments:
Christey> CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
VOTE:
=================================
Candidate: CAN-2000-0265
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
Reference: BID:1119
Reference: URL:http://www.securityfocus.com/bid/1119
Panda Security 3.0 allows users to uninstall the Panda software via
its Add/Remove Programs applet.
INFERRED ACTION: CAN-2000-0265 MOREVOTES-1 (1 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
NOOP(3) Wall, Cole, Christey
Comments:
Christey> CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
VOTE:
=================================
Candidate: CAN-2000-0353
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html
Reference: SUSE:19990628 Execution of commands in Pine 4.x
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_6.txt
Reference: SUSE:19990911 Update for Pine (fixed IMAP support)
Reference: URL:http://www.suse.de/de/support/security/pine_update_announcement.txt
Pine 4.x allows a remote attacker to execute arbitrary commands via an
index.html file which executes lynx and obtains a uudecoded file from
a malicious web server, which is then executed by Pine.
INFERRED ACTION: CAN-2000-0353 MOREVOTES-1 (1 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(1) Stracener
NOOP(1) Christey
REVIEWING(1) Frech
Comments:
Christey> ADDREF BID:1247
VOTE:
=================================
Candidate: CAN-2000-0359
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1626.html
Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_30.txt
Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to
cause a denial of service or execute arbitrary commands via a long
If-Modified-Since header.
INFERRED ACTION: CAN-2000-0359 MOREVOTES-1 (1 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(1) Stracener
NOOP(1) Christey
REVIEWING(1) Frech
Comments:
Christey> ADDREF BID:1248
Frech> (not thttpd-file-read)
VOTE:
=================================
Candidate: CAN-2000-0366
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: DEBIAN:19991202 problem restoring symlinks
Reference: URL:http://www.debian.org/security/1999/19991202
dump in Debian Linux 2.1 does not properly restore symlinks, which
allows a local user to modify the ownership of arbitrary files.
INFERRED ACTION: CAN-2000-0366 MOREVOTES-1 (1 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(1) Stracener
REVIEWING(1) Frech
VOTE:
=================================
Candidate: CAN-2000-0369
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-029.1
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-029.1.txt
The IDENT server in Caldera Linux 2.3 creates multiple threads for
each IDENT request, which allows remote attackers to cause a denial of
service.
INFERRED ACTION: CAN-2000-0369 MOREVOTES-1 (1 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(1) Stracener
NOOP(1) Christey
REVIEWING(1) Frech
Comments:
Christey> ADDREF BID:1266
Christey> ADDREF BID:1266
VOTE:
=================================
Candidate: CAN-2000-0370
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-001.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-001.0.txt
The debug option in Caldera Linux smail allows remote attackers to
execute commands via shell metacharacters in the -D option for the
rmail command.
INFERRED ACTION: CAN-2000-0370 MOREVOTES-1 (1 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(1) Stracener
NOOP(1) Christey
REVIEWING(1) Frech
Comments:
Christey> ADDREF BID:1268
Christey> ADDREF BID:1268
URL:http://www.securityfocus.com/bid/1268
VOTE:
=================================
Candidate: CAN-2000-0374
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-021.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt
The default configuration of kdm in Caldera Linux allows XDMCP
connections from any host, which allows remote attackers to obtain
sensitive information or bypass additional access restrictions.
INFERRED ACTION: CAN-2000-0374 MOREVOTES-1 (1 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(1) Stracener
REVIEWING(1) Frech
Comments:
Frech> (not xdm-xdmcp-remote-bo)
VOTE: